Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: internet verselbstständigt!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.07.2014, 10:41   #1
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!



Hallo,
ich bin Windows 8 Nutzer und gehe über Mozilla Firefox ins Internet. Seit ca. 1 Woche, werden ohne meine zutun ständig neue Tabs geöffnet. Alle mit dem Hinweis, dass mein Video Player veraltet ist. Selbst wenn ich im Internet surfe werden im Hintergrund weitere Tabs mit Werbung und Spielen geöffnet, die lediglich in der unteren Startleiste angezeigt werden.
Als Virenschutz habe ich Avira installiert. Was kann ich dagegen tun?

Manfred Pfau

Alt 30.07.2014, 10:45   #2
M-K-D-B
/// TB-Ausbilder
 
internet verselbstständigt! - Standard

internet verselbstständigt!






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 30.07.2014, 11:19   #3
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!



Hallo Matthias,
danke für Deine Hilfe. Habe das FRST heruntergeladen und den Scan durchgeführt. Was ich nicht sehe ist die von Dir angesprochene Txt Datei. Um einen Bericht anzusehen, müsse laut Programm die Vollversion gekauft werden. Habe auf dem Desktop keine Logdatei oder ich erkenne sie nicht.
Was tun??
__________________

Alt 30.07.2014, 11:22   #4
M-K-D-B
/// TB-Ausbilder
 
internet verselbstständigt! - Standard

internet verselbstständigt!



Zitat:
Zitat von pfaumanfred Beitrag anzeigen
Hallo Matthias,
danke für Deine Hilfe. Habe das FRST heruntergeladen und den Scan durchgeführt. Was ich nicht sehe ist die von Dir angesprochene Txt Datei. Um einen Bericht anzusehen, müsse laut Programm die Vollversion gekauft werden. Habe auf dem Desktop keine Logdatei oder ich erkenne sie nicht.
Was tun??


Du hast dir was anderes heruntergeladen, aber auf jeden Fall nicht FRST.
Ich tippe mal, dass du auf den Werbebanner darunter geklickt hast und nicht auf den Downloadbutton von FRST...

Nochmal probieren...
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 30.07.2014, 12:24   #5
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!



Hallo Matthias,
habe den richtigen Downloadbanner gedrückt und das Programm installiert. Habe trotzdem keine Datei auf dem Desktop. Für einen Bericht wird die Vollversion verlangt.
Komme nicht weiter.
Gruß
Manfred

Nennt sich das Programm Infigo??


Alt 30.07.2014, 13:08   #6
M-K-D-B
/// TB-Ausbilder
 
internet verselbstständigt! - Standard

internet verselbstständigt!



Zitat:
Zitat von pfaumanfred Beitrag anzeigen
Nennt sich das Programm Infigo??
Keinen "Downloadbanner" drücken, das ist ein schwarzer Link, sonst nichts...

Wie kommst du auf "Infigo"??? Liest du schon meine Anleitung? In meinem 1. Post steht doch ausführlich, was zu tun ist und wie das Programm heißt...

Das Programm heißt FRST (Farbar's Recovery Scan Tool) und muss nicht installiert werden...

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






wie gesagt, du lädst das falsche Programm... Alternativer Download
__________________
--> internet verselbstständigt!

Alt 30.07.2014, 14:07   #7
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!



FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-07-2014
Ran by Manfred at 2014-07-30 15:01:55
Running from C:\Users\Manfred\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-4300-A758B70C0F01}) (Version: 12.15.1.462 - APN, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC) <==== ATTENTION
Content Manager 2 (HKLM\...\Content Manager 2) (Version: 3.10.0.52790 - NNG Llc.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.2602 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow (Version: 5.0.1410a - CyberLink Corp.) Hidden
CyberLink MediaShow Espresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021 - CyberLink Corp.)
CyberLink MediaShow Espresso (Version: 5.5.1412_24021 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2718 - CyberLink Corp.)
CyberLink PowerDirector (Version: 8.0.2718 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2925.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (Version: 9.0.2925.52 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.2.2326 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.2626 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Free Audio Converter version 5.0.23.320 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{8A7CB3D4-0C49-4A19-8504-CF250CE1F5E8}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Infigo (HKLM\...\Infigo) (Version: 1.21.0.34 - MAVIN LOG, S.L.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe (x86) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NetCrawl (HKLM\...\NetCrawl) (Version: 2014.07.09.080524 - NetCrawl) <==== ATTENTION
RegClean-Pro (HKLM\...\RegClean-Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Right Backup (HKLM\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.07.73 - Akademische Arbeitsgemeinschaft)
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{FC16C025-71D3-430F-BE61-B7E713E5B582}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
WEB.DE Club SmartFax (HKLM\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2440249-1944230807-1698688370-1001_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2440249-1944230807-1698688370-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points  =========================

24-06-2014 10:36:31 Windows Update
12-07-2014 09:44:19 Windows Update
30-07-2014 10:12:24 RCP Mi, Jul 30, 14  12:12

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0064A4EB-6388-4C48-81C6-99746DEA4A8E} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {01BCC00A-C6A8-474C-BA2D-3076F3CE544D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {02B97B27-29F3-4F0D-B9D9-1A218C58AD6F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {03DE1924-3FE1-4D64-9AFA-83BE2B67843E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {03F00483-DFF0-469F-88A0-E7C9E3D9F4A7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {0A0D5A5F-1340-4F41-888E-CA97DB477A2A} - System32\Tasks\Right Backup_startup => C:\Program Files\Right Backup\RightBackup.exe [2014-07-11] (Systweak)
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {197B71A3-52A6-4814-B4EC-386CB7E0316F} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files\RCP\RegCleanPro.exe [2014-07-16] (RCP)
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {2E5E8DAF-5F7B-4DD0-B6D9-6154B1A6CA1D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4B7A9ABD-F457-460F-8BBB-DA21FBAD78AF} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files\RCP\RegCleanPro.exe [2014-07-16] (RCP)
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {678555FD-A992-4622-BCCB-A89F836C2CAE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7276DEEA-6ED2-4091-AF19-079E9B8C56C7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {77903254-14EA-4556-8912-C3B7AE604510} - System32\Tasks\RegClean Pro => C:\Program Files\RCP\RegCleanPro.exe [2014-07-16] (RCP)
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {7CCE08F4-EC9E-4612-99CC-D857CD214A0A} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28] (Nuance Communications, Inc.)
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {B6DFC327-E4D4-468C-A071-D458EC30ADBF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {D6A010E0-28C2-4360-B06D-6DB72C548BFD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {DC624EAE-9AB6-4758-B6B9-7112C5340C97} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E6A82C08-8490-4083-9271-DEB458C010CF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {EF3CB7C8-BE78-4F7D-90D1-123882E38108} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {F7217E62-6F97-491F-A19B-413BDD5879FF} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files\RCP\RegCleanPro.exe
Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files\RCP\RegCleanPro.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-06 12:24 - 2010-06-29 23:14 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2014-07-09 10:05 - 2014-07-30 09:43 - 00323360 _____ () C:\Program Files\NetCrawl\updateNetCrawl.exe
2014-07-12 11:46 - 2014-07-30 09:46 - 00323360 _____ () C:\Program Files\NetCrawl\bin\utilNetCrawl.exe
2014-06-26 12:34 - 2014-06-26 12:34 - 00019768 _____ () C:\Program Files\Infigo\InfigoOperator.exe
2014-06-26 12:34 - 2014-06-26 12:34 - 00098304 _____ () C:\Program Files\Infigo\InfigoSkin.dll
2014-07-30 12:08 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files\Right Backup\System.Data.SQLite.dll
2014-07-29 14:14 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-09 10:49 - 2014-07-09 10:49 - 17029808 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manfred\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Adobe ARM"
HKLM\...\StartupApproved\Run: => "SSBkgdUpdate"
HKLM\...\StartupApproved\Run: => "OpwareSE4"
HKLM\...\StartupApproved\Run: => "CLMLServer"
HKLM\...\StartupApproved\Run: => "YouCam Mirror Tray icon"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "HP Software Update"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2014 00:12:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7227b3d2-bfc2-4c0b-b08c-d95f02cbeb44}

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13594

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13594

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13937

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13937

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/19/2014 04:23:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14360

Error: (07/19/2014 04:23:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14360

Error: (07/19/2014 04:23:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/29/2014 06:28:54 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (07/29/2014 03:28:34 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/29/2014 03:17:16 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (07/29/2014 02:42:32 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (07/29/2014 11:59:56 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/28/2014 07:10:42 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (07/28/2014 04:10:27 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/28/2014 00:10:25 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (07/26/2014 05:26:38 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (07/26/2014 03:23:32 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5


Microsoft Office Sessions:
=========================
Error: (07/30/2014 00:12:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7227b3d2-bfc2-4c0b-b08c-d95f02cbeb44}

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13594

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13594

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13937

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13937

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/19/2014 04:23:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14360

Error: (07/19/2014 04:23:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14360

Error: (07/19/2014 04:23:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 2934.6 MB
Available physical RAM: 1342.09 MB
Total Pagefile: 3446.6 MB
Available Pagefile: 1519.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1863.14 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:391 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:21.5 GB) NTFS
Drive i: (Elements) (Fixed) (Total:931.28 GB) (Free:702.21 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 884D7A8E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================
         
--- --- ---



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Manfred (administrator) on MANFREDPC on 30-07-2014 15:01:09
Running from C:\Users\Manfred\Downloads
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\NetCrawl\updateNetCrawl.exe
() C:\Program Files\NetCrawl\bin\utilNetCrawl.exe
() C:\Program Files\Infigo\InfigoOperator.exe
(MAVIN LOG, S.L.) C:\Program Files\Infigo\Infigo.exe
(Systweak) C:\Program Files\Right Backup\RBClientService.exe
(Systweak) C:\Program Files\Right Backup\RightBackup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(RCP) C:\Program Files\RCP\RegCleanPro.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [Infigo] => C:\Program Files\Infigo\Infigo.exe [607032 2014-06-26] (MAVIN LOG, S.L.)
IFEO\effectextractor.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\omnipage.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\power2go.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\scannerwizard.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=f05b912d-8d4e-4702-8296-799c540767c6&searchtype=hp&installDate=07/03/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
SearchScopes: HKCU - {BAA731FA-283E-4F16-8F5B-905AD08C43E0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=aa17b148-a3f7-420e-a994-f698ca4849c5&apn_sauid=A2076782-DCD3-4FF4-9E32-40CABBD000B1
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: NetCrawl -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files\NetCrawl\NetCrawlbho.dll (NetCrawl)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\user.js
FF SearchPlugin: C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\searchplugins\askcom.xml
FF Extension: WEB.DE MailCheck - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\toolbar@web.de [2014-07-12]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2013-12-20]
FF Extension: NetCrawl - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\{6fcd6092-9615-4f7f-8898-8df53980e5d2}.xpi [2014-07-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-26] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 InfigoOperator; C:\Program Files\Infigo\InfigoOperator.exe [19768 2014-06-26] ()
R2 RBClientService; C:\Program Files\Right Backup\RBClientService.exe [48240 2014-07-11] (Systweak)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-06-29] () [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
R2 Update NetCrawl; C:\Program Files\NetCrawl\updateNetCrawl.exe [323360 2014-07-30] ()
R2 Util NetCrawl; C:\Program Files\NetCrawl\bin\utilNetCrawl.exe [323360 2014-07-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-06-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-06-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-06-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [136216 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37352 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [35848 2014-07-26] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 L1C; C:\WINDOWS\system32\DRIVERS\L1C63x86.sys [110792 2013-06-18] (Qualcomm Atheros Co., Ltd.)
R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-06-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-06-22] (Microsoft Corporation)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw; C:\WINDOWS\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys [52920 2014-07-10] (StdLib)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 15:01 - 2014-07-30 15:01 - 00012015 _____ () C:\Users\Manfred\Downloads\FRST.txt
2014-07-30 15:00 - 2014-07-30 15:01 - 00000000 ____D () C:\FRST
2014-07-30 14:59 - 2014-07-30 14:59 - 01084416 _____ (Farbar) C:\Users\Manfred\Downloads\FRST.exe
2014-07-30 14:54 - 2014-07-30 14:54 - 00775112 _____ (Elex do Brasil Participações Ltda) C:\Users\Manfred\Downloads\yet_another_cleaner_kwo.exe
2014-07-30 13:11 - 2014-07-30 13:11 - 07501568 _____ () C:\Users\Manfred\Downloads\Infigo_setup(1).exe
2014-07-30 12:08 - 2014-07-30 12:08 - 00001020 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\rbtemp
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\Program Files\Right Backup
2014-07-30 12:07 - 2014-07-30 15:01 - 00000270 _____ () C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
2014-07-30 12:07 - 2014-07-30 12:07 - 00000951 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-07-30 12:07 - 2014-07-30 12:07 - 00000278 _____ () C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
2014-07-30 12:07 - 2014-07-30 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-07-30 12:07 - 2014-07-30 12:07 - 00000000 ____D () C:\Program Files\RCP
2014-07-30 12:07 - 2014-07-16 17:49 - 00018280 _____ () C:\WINDOWS\system32\roboot.exe
2014-07-30 12:06 - 2014-07-30 12:08 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\systweak
2014-07-30 12:06 - 2014-07-30 12:06 - 04330352 _____ (Systweak Inc ) C:\Users\Manfred\Downloads\rcp_300710062649096190.exe
2014-07-30 12:02 - 2014-07-30 12:04 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Infigo
2014-07-30 12:02 - 2014-07-30 12:02 - 00000957 _____ () C:\Users\Manfred\Desktop\Infigo.lnk
2014-07-30 12:02 - 2014-07-30 12:02 - 00000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-07-30 12:02 - 2014-07-30 12:02 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infigo
2014-07-30 12:01 - 2014-07-30 12:02 - 00000000 ____D () C:\Program Files\Infigo
2014-07-30 12:01 - 2014-07-30 12:01 - 07501568 _____ () C:\Users\Manfred\Downloads\Infigo_setup.exe
2014-07-29 14:14 - 2014-07-29 14:14 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 11:09 - 2014-07-29 11:10 - 04420856 _____ (Systweak Inc ) C:\Users\Manfred\Downloads\rcpa_29070909433874754.exe
2014-07-28 11:37 - 2014-07-28 11:38 - 32047680 _____ () C:\Users\Manfred\Downloads\Firefox_Setup_de31.0.exe
2014-07-15 10:12 - 2014-07-15 10:12 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe
2014-07-12 12:34 - 2014-07-12 12:34 - 00093529 _____ () C:\Users\Manfred\Desktop\HP Installationsfehler beheben – Netzwerk.hta
2014-07-12 11:48 - 2014-07-12 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 11:48 - 2014-07-10 17:03 - 00052920 _____ (StdLib) C:\WINDOWS\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
2014-07-12 11:46 - 2014-04-14 04:37 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-12 11:45 - 2014-07-12 11:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-12 06:55 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-12 06:54 - 2014-07-01 00:46 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-12 06:54 - 2014-06-28 08:57 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-12 06:54 - 2014-06-28 08:27 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-12 06:54 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-12 06:54 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-12 06:54 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-12 06:54 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-12 06:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-12 06:54 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-12 06:54 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-12 06:54 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-12 06:54 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-12 06:54 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-12 06:54 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-12 06:54 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-12 06:54 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-12 06:54 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-12 06:54 - 2014-06-06 15:20 - 03497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-12 06:54 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-12 06:54 - 2014-05-31 10:38 - 00049552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-12 06:54 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-12 06:54 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-12 06:54 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-12 06:54 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-12 06:54 - 2014-05-31 04:39 - 02818048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-12 06:54 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-12 06:54 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-12 06:54 - 2014-05-30 05:05 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-12 06:54 - 2014-05-29 11:30 - 00481400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-12 06:54 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-12 06:54 - 2014-05-29 06:38 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 11:04 - 2014-07-09 11:04 - 01010424 _____ () C:\Users\Manfred\Downloads\setup.exe
2014-07-09 10:59 - 2014-07-15 10:54 - 00000000 ____D () C:\Program Files\NetCrawl
2014-07-09 10:59 - 2014-07-09 10:59 - 25842736 _____ (Microsoft Corporation) C:\Users\Manfred\Downloads\Media-Player [1].exe
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieUserList
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieSiteList
2014-07-09 10:44 - 2014-07-09 10:45 - 01258080 _____ () C:\Users\Manfred\Downloads\Player.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 15:01 - 2014-07-30 15:01 - 00012015 _____ () C:\Users\Manfred\Downloads\FRST.txt
2014-07-30 15:01 - 2014-07-30 15:00 - 00000000 ____D () C:\FRST
2014-07-30 15:01 - 2014-07-30 12:07 - 00000270 _____ () C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
2014-07-30 14:59 - 2014-07-30 14:59 - 01084416 _____ (Farbar) C:\Users\Manfred\Downloads\FRST.exe
2014-07-30 14:54 - 2014-07-30 14:54 - 00775112 _____ (Elex do Brasil Participações Ltda) C:\Users\Manfred\Downloads\yet_another_cleaner_kwo.exe
2014-07-30 14:48 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-30 14:47 - 2012-07-26 06:17 - 00000269 _____ () C:\WINDOWS\win.ini
2014-07-30 14:43 - 2014-06-22 15:30 - 01132619 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-30 14:36 - 2013-03-25 10:29 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-30 14:02 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-30 13:11 - 2014-07-30 13:11 - 07501568 _____ () C:\Users\Manfred\Downloads\Infigo_setup(1).exe
2014-07-30 12:08 - 2014-07-30 12:08 - 00001020 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\rbtemp
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\Program Files\Right Backup
2014-07-30 12:08 - 2014-07-30 12:06 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\systweak
2014-07-30 12:07 - 2014-07-30 12:07 - 00000951 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-07-30 12:07 - 2014-07-30 12:07 - 00000278 _____ () C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
2014-07-30 12:07 - 2014-07-30 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-07-30 12:07 - 2014-07-30 12:07 - 00000000 ____D () C:\Program Files\RCP
2014-07-30 12:06 - 2014-07-30 12:06 - 04330352 _____ (Systweak Inc ) C:\Users\Manfred\Downloads\rcp_300710062649096190.exe
2014-07-30 12:04 - 2014-07-30 12:02 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Infigo
2014-07-30 12:02 - 2014-07-30 12:02 - 00000957 _____ () C:\Users\Manfred\Desktop\Infigo.lnk
2014-07-30 12:02 - 2014-07-30 12:02 - 00000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-07-30 12:02 - 2014-07-30 12:02 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infigo
2014-07-30 12:02 - 2014-07-30 12:01 - 00000000 ____D () C:\Program Files\Infigo
2014-07-30 12:01 - 2014-07-30 12:01 - 07501568 _____ () C:\Users\Manfred\Downloads\Infigo_setup.exe
2014-07-30 10:43 - 2014-05-06 12:29 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\HpUpdate
2014-07-29 15:18 - 2014-06-23 09:03 - 00000000 __RDO () C:\Users\Manfred\OneDrive
2014-07-29 14:14 - 2014-07-29 14:14 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 14:14 - 2014-06-19 10:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 11:10 - 2014-07-29 11:09 - 04420856 _____ (Systweak Inc ) C:\Users\Manfred\Downloads\rcpa_29070909433874754.exe
2014-07-28 11:38 - 2014-07-28 11:37 - 32047680 _____ () C:\Users\Manfred\Downloads\Firefox_Setup_de31.0.exe
2014-07-26 11:52 - 2013-09-07 12:41 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-07-26 11:21 - 2013-05-10 08:50 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-16 17:49 - 2014-07-30 12:07 - 00018280 _____ () C:\WINDOWS\system32\roboot.exe
2014-07-16 10:24 - 2013-09-10 17:30 - 00036152 _____ (TuneUp Software) C:\WINDOWS\system32\uxtuneup.dll
2014-07-16 10:24 - 2013-09-07 12:42 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2014-07-16 10:24 - 2013-09-07 12:42 - 00025400 _____ (TuneUp Software) C:\WINDOWS\system32\authuitu.dll
2014-07-15 10:54 - 2014-07-09 10:59 - 00000000 ____D () C:\Program Files\NetCrawl
2014-07-15 10:12 - 2014-07-15 10:12 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe
2014-07-15 06:45 - 2013-03-25 18:15 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-13 11:43 - 2014-06-22 16:05 - 00000000 ___DC () C:\WINDOWS\Panther
2014-07-13 09:01 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-13 08:59 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-13 08:58 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-07-13 08:43 - 2014-03-18 10:04 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-13 08:38 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-13 08:37 - 2013-08-22 09:22 - 00485264 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 12:46 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2014-07-12 12:34 - 2014-07-12 12:34 - 00093529 _____ () C:\Users\Manfred\Desktop\HP Installationsfehler beheben – Netzwerk.hta
2014-07-12 12:34 - 2014-05-06 12:28 - 00000000 ____D () C:\Program Files\HP
2014-07-12 12:33 - 2013-01-22 09:36 - 00000000 ____D () C:\Users\Manfred\Documents\Beihilfe
2014-07-12 11:51 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-12 11:50 - 2013-03-25 18:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 11:48 - 2014-07-12 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 11:48 - 2013-08-17 13:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-12 11:47 - 2013-03-27 17:25 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-12 11:46 - 2014-03-18 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 11:45 - 2014-07-12 11:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-10 17:03 - 2014-07-12 11:48 - 00052920 _____ (StdLib) C:\WINDOWS\system32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
2014-07-09 11:04 - 2014-07-09 11:04 - 01010424 _____ () C:\Users\Manfred\Downloads\setup.exe
2014-07-09 10:59 - 2014-07-09 10:59 - 25842736 _____ (Microsoft Corporation) C:\Users\Manfred\Downloads\Media-Player [1].exe
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieUserList
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieSiteList
2014-07-09 10:52 - 2014-06-22 16:04 - 00000000 ____D () C:\Windows.old
2014-07-09 10:45 - 2014-07-09 10:44 - 01258080 _____ () C:\Users\Manfred\Downloads\Player.exe
2014-07-01 00:46 - 2014-07-12 06:54 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

Some content of TEMP:
====================
C:\Users\Manfred\AppData\Local\Temp\avgnt.exe
C:\Users\Manfred\AppData\Local\Temp\de_ww_Package.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-13 08:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Hallo Matthias,

konnte erst mit dem alternativen Download auf die richtige Seite kommen. Tut mir leid. Habe Dir die zwei Dateien gesendet.

Gruß Manfred

Alt 31.07.2014, 10:55   #8
M-K-D-B
/// TB-Ausbilder
 
internet verselbstständigt! - Standard

internet verselbstständigt!



Servus,



kein Problem, jetzt habe ich ja die Logdateien, die ich für die Analyse benötige.




Deinstalliere als Erstes über die Systemsteuerung das Programm Infigo!




Dann geht es so weiter:





Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 31.07.2014, 11:50   #9
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!



Hallo Matthias,
hier die Log-Dateien
Code:
ATTFilter
AdwCleaner v3.302 - Bericht erstellt am 31/07/2014 um 12:11:14
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro  (32 bits)
# Benutzername : Manfred - MANFREDPC
# Gestartet von : C:\Users\Manfred\Downloads\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : RBClientService
[#] Dienst Gelöscht : Update NetCrawl
[#] Dienst Gelöscht : Util NetCrawl
Dienst Gelöscht : {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
Ordner Gelöscht : C:\Program Files\NetCrawl
Ordner Gelöscht : C:\Program Files\Right Backup
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Manfred\AppData\Local\Temp\NetCrawl
Ordner Gelöscht : C:\Users\Manfred\AppData\Roaming\Systweak
Datei Gelöscht : C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\{6fcd6092-9615-4f7f-8898-8df53980e5d2}.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\Right Backup.lnk
Datei Gelöscht : C:\WINDOWS\system32\roboot.exe
Datei Gelöscht : C:\WINDOWS\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw.sys
Datei Gelöscht : C:\Users\Manfred\Desktop\Search The Web.url
Datei Gelöscht : C:\Users\Manfred\Desktop\sweetpcfix.url
Datei Gelöscht : C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Right Backup_startup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{769A91DA-209F-47FE-88B9-B0321B0982C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{15f1ee5b-4c16-415d-a4b9-e7e00753d0cf}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769A91DA-209F-47FE-88B9-B0321B0982C8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{769A91DA-209F-47FE-88B9-B0321B0982C8}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\ClickConnect
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\NetCrawl
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\NetCrawl
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetCrawl

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4919 octets] - [31/07/2014 12:10:14]
AdwCleaner[S0].txt - [3818 octets] - [31/07/2014 12:11:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3878 octets] ##########
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 31.07.2014
Suchlauf-Zeit: 12:21:25
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.31.03
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x86
Dateisystem: NTFS
Benutzer: Manfred

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 294190
Verstrichene Zeit: 12 Min, 10 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.NetCrawl.A, HKLM\SOFTWARE\NetCrawl, In Quarantäne, [818e40668cef013541a634a107fb8a76], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 3
PUP.Optional.Iminent.A, C:\Users\Manfred\Desktop\bootstrapper.exe, In Quarantäne, [1df23670fd7ef145ad3855e153ae5ca4], 
PUP.Optional.Downloader, C:\Users\Manfred\Downloads\Player.exe, In Quarantäne, [ad62b5f1dba0ba7c12fe04a7f50fc43c], 
PUP.Optional.OutBrowse, C:\Users\Manfred\Downloads\setup.exe, In Quarantäne, [64ab9313d6a5d363789217829f62847c], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01
Ran by Manfred (administrator) on MANFREDPC on 31-07-2014 12:42:13
Running from C:\Users\Manfred\Downloads
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [Infigo] => C:\Program Files\Infigo\Infigo.exe onrun
IFEO\effectextractor.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\omnipage.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\power2go.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\scannerwizard.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
SearchScopes: HKCU - {BAA731FA-283E-4F16-8F5B-905AD08C43E0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=aa17b148-a3f7-420e-a994-f698ca4849c5&apn_sauid=A2076782-DCD3-4FF4-9E32-40CABBD000B1
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\toolbar@web.de [2014-07-12]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2013-12-20]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-26] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-06-29] () [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-06-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-06-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-06-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [136216 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37352 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [35848 2014-07-26] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 L1C; C:\WINDOWS\system32\DRIVERS\L1C63x86.sys [110792 2013-06-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-06-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-06-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 12:42 - 2014-07-31 12:42 - 00000000 ____D () C:\Users\Manfred\Downloads\FRST-OlderVersion
2014-07-31 12:41 - 2014-07-31 12:41 - 00001538 _____ () C:\Users\Manfred\Desktop\mbam.txt
2014-07-31 12:20 - 2014-07-31 12:38 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 12:20 - 2014-07-31 12:20 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-31 12:20 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-31 12:20 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-31 12:20 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-31 12:19 - 2014-07-31 12:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 12:14 - 2014-07-31 12:35 - 00007474 _____ () C:\WINDOWS\PFRO.log
2014-07-31 12:10 - 2014-07-31 12:11 - 00000000 ____D () C:\AdwCleaner
2014-07-31 12:09 - 2014-07-31 12:09 - 01361309 _____ () C:\Users\Manfred\Downloads\adwcleaner_3.302.exe
2014-07-30 15:01 - 2014-07-31 12:42 - 00010638 _____ () C:\Users\Manfred\Downloads\FRST.txt
2014-07-30 15:01 - 2014-07-30 15:02 - 00032486 _____ () C:\Users\Manfred\Downloads\Addition.txt
2014-07-30 15:00 - 2014-07-31 12:42 - 00000000 ____D () C:\FRST
2014-07-30 14:59 - 2014-07-31 12:42 - 01084928 _____ (Farbar) C:\Users\Manfred\Downloads\FRST.exe
2014-07-30 13:11 - 2014-07-30 13:11 - 07501568 _____ () C:\Users\Manfred\Downloads\Infigo_setup(1).exe
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\rbtemp
2014-07-30 12:06 - 2014-07-30 12:06 - 04330352 _____ (Systweak Inc ) C:\Users\Manfred\Downloads\rcp_300710062649096190.exe
2014-07-30 12:02 - 2014-07-30 12:04 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Infigo
2014-07-30 12:02 - 2014-07-30 12:02 - 00000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-07-30 12:01 - 2014-07-30 12:01 - 07501568 _____ () C:\Users\Manfred\Downloads\Infigo_setup.exe
2014-07-29 14:14 - 2014-07-29 14:14 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 11:09 - 2014-07-29 11:10 - 04420856 _____ (Systweak Inc ) C:\Users\Manfred\Downloads\rcpa_29070909433874754.exe
2014-07-28 11:37 - 2014-07-28 11:38 - 32047680 _____ () C:\Users\Manfred\Downloads\Firefox_Setup_de31.0.exe
2014-07-15 10:12 - 2014-07-15 10:12 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe
2014-07-12 12:34 - 2014-07-12 12:34 - 00093529 _____ () C:\Users\Manfred\Desktop\HP Installationsfehler beheben – Netzwerk.hta
2014-07-12 11:48 - 2014-07-12 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 11:46 - 2014-04-14 04:37 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-12 11:45 - 2014-07-12 11:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-12 06:55 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-12 06:54 - 2014-07-01 00:46 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-12 06:54 - 2014-06-28 08:57 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-12 06:54 - 2014-06-28 08:27 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-12 06:54 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-12 06:54 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-12 06:54 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-12 06:54 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-12 06:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-12 06:54 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-12 06:54 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-12 06:54 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-12 06:54 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-12 06:54 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-12 06:54 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-12 06:54 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-12 06:54 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-12 06:54 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-12 06:54 - 2014-06-06 15:20 - 03497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-12 06:54 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-12 06:54 - 2014-05-31 10:38 - 00049552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-12 06:54 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-12 06:54 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-12 06:54 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-12 06:54 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-12 06:54 - 2014-05-31 04:39 - 02818048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-12 06:54 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-12 06:54 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-12 06:54 - 2014-05-30 05:05 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-12 06:54 - 2014-05-29 11:30 - 00481400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-12 06:54 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-12 06:54 - 2014-05-29 06:38 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 10:59 - 2014-07-09 10:59 - 25842736 _____ (Microsoft Corporation) C:\Users\Manfred\Downloads\Media-Player [1].exe
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieUserList
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 12:42 - 2014-07-31 12:42 - 00000000 ____D () C:\Users\Manfred\Downloads\FRST-OlderVersion
2014-07-31 12:42 - 2014-07-30 15:01 - 00010638 _____ () C:\Users\Manfred\Downloads\FRST.txt
2014-07-31 12:42 - 2014-07-30 15:00 - 00000000 ____D () C:\FRST
2014-07-31 12:42 - 2014-07-30 14:59 - 01084928 _____ (Farbar) C:\Users\Manfred\Downloads\FRST.exe
2014-07-31 12:41 - 2014-07-31 12:41 - 00001538 _____ () C:\Users\Manfred\Desktop\mbam.txt
2014-07-31 12:38 - 2014-07-31 12:20 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 12:38 - 2014-06-23 09:03 - 00000000 __RDO () C:\Users\Manfred\OneDrive
2014-07-31 12:36 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-31 12:35 - 2014-07-31 12:14 - 00007474 _____ () C:\WINDOWS\PFRO.log
2014-07-31 12:35 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\IME
2014-07-31 12:35 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-31 12:27 - 2014-06-22 15:30 - 01204198 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-31 12:20 - 2014-07-31 12:20 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-31 12:19 - 2014-07-31 12:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 12:14 - 2014-01-26 12:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-31 12:11 - 2014-07-31 12:10 - 00000000 ____D () C:\AdwCleaner
2014-07-31 12:09 - 2014-07-31 12:09 - 01361309 _____ () C:\Users\Manfred\Downloads\adwcleaner_3.302.exe
2014-07-31 12:00 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-31 11:47 - 2012-07-26 06:17 - 00000269 _____ () C:\WINDOWS\win.ini
2014-07-31 11:36 - 2013-03-25 10:29 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-31 10:52 - 2014-01-26 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-31 10:52 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-30 15:02 - 2014-07-30 15:01 - 00032486 _____ () C:\Users\Manfred\Downloads\Addition.txt
2014-07-30 13:11 - 2014-07-30 13:11 - 07501568 _____ () C:\Users\Manfred\Downloads\Infigo_setup(1).exe
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\rbtemp
2014-07-30 12:06 - 2014-07-30 12:06 - 04330352 _____ (Systweak Inc ) C:\Users\Manfred\Downloads\rcp_300710062649096190.exe
2014-07-30 12:04 - 2014-07-30 12:02 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Infigo
2014-07-30 12:02 - 2014-07-30 12:02 - 00000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-07-30 12:01 - 2014-07-30 12:01 - 07501568 _____ () C:\Users\Manfred\Downloads\Infigo_setup.exe
2014-07-30 10:43 - 2014-05-06 12:29 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\HpUpdate
2014-07-29 14:14 - 2014-07-29 14:14 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 14:14 - 2014-06-19 10:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 11:10 - 2014-07-29 11:09 - 04420856 _____ (Systweak Inc ) C:\Users\Manfred\Downloads\rcpa_29070909433874754.exe
2014-07-28 11:38 - 2014-07-28 11:37 - 32047680 _____ () C:\Users\Manfred\Downloads\Firefox_Setup_de31.0.exe
2014-07-26 11:52 - 2013-09-07 12:41 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-07-26 11:21 - 2013-05-10 08:50 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-16 10:24 - 2013-09-10 17:30 - 00036152 _____ (TuneUp Software) C:\WINDOWS\system32\uxtuneup.dll
2014-07-16 10:24 - 2013-09-07 12:42 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2014-07-16 10:24 - 2013-09-07 12:42 - 00025400 _____ (TuneUp Software) C:\WINDOWS\system32\authuitu.dll
2014-07-15 10:12 - 2014-07-15 10:12 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe
2014-07-15 06:45 - 2013-03-25 18:15 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-13 11:43 - 2014-06-22 16:05 - 00000000 ___DC () C:\WINDOWS\Panther
2014-07-13 09:01 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-13 08:59 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-13 08:58 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-07-13 08:43 - 2014-03-18 10:04 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-13 08:37 - 2013-08-22 09:22 - 00485264 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2014-07-12 12:34 - 2014-07-12 12:34 - 00093529 _____ () C:\Users\Manfred\Desktop\HP Installationsfehler beheben – Netzwerk.hta
2014-07-12 12:34 - 2014-05-06 12:28 - 00000000 ____D () C:\Program Files\HP
2014-07-12 12:33 - 2013-01-22 09:36 - 00000000 ____D () C:\Users\Manfred\Documents\Beihilfe
2014-07-12 11:51 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-12 11:50 - 2013-03-25 18:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 11:48 - 2014-07-12 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 11:48 - 2013-08-17 13:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-12 11:47 - 2013-03-27 17:25 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-12 11:46 - 2014-03-18 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 11:45 - 2014-07-12 11:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 10:59 - 2014-07-09 10:59 - 25842736 _____ (Microsoft Corporation) C:\Users\Manfred\Downloads\Media-Player [1].exe
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieUserList
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieSiteList
2014-07-09 10:52 - 2014-06-22 16:04 - 00000000 ____D () C:\Windows.old
2014-07-01 00:46 - 2014-07-12 06:54 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

Some content of TEMP:
====================
C:\Users\Manfred\AppData\Local\Temp\avgnt.exe
C:\Users\Manfred\AppData\Local\Temp\de_ww_Package.exe
C:\Users\Manfred\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-13 08:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01
Ran by Manfred at 2014-07-31 12:42:59
Running from C:\Users\Manfred\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-4300-A758B70C0F01}) (Version: 12.15.1.462 - APN, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC) <==== ATTENTION
Content Manager 2 (HKLM\...\Content Manager 2) (Version: 3.10.0.52790 - NNG Llc.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.2602 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow (Version: 5.0.1410a - CyberLink Corp.) Hidden
CyberLink MediaShow Espresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021 - CyberLink Corp.)
CyberLink MediaShow Espresso (Version: 5.5.1412_24021 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2718 - CyberLink Corp.)
CyberLink PowerDirector (Version: 8.0.2718 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2925.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (Version: 9.0.2925.52 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.2.2326 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.2626 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Free Audio Converter version 5.0.23.320 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{8A7CB3D4-0C49-4A19-8504-CF250CE1F5E8}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe (x86) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Right Backup (HKLM\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.07.73 - Akademische Arbeitsgemeinschaft)
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{FC16C025-71D3-430F-BE61-B7E713E5B582}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
WEB.DE Club SmartFax (HKLM\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2440249-1944230807-1698688370-1001_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2440249-1944230807-1698688370-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points  =========================

24-06-2014 10:36:31 Windows Update
12-07-2014 09:44:19 Windows Update
30-07-2014 10:12:24 RCP Mi, Jul 30, 14  12:12

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0064A4EB-6388-4C48-81C6-99746DEA4A8E} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {01BCC00A-C6A8-474C-BA2D-3076F3CE544D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {02B97B27-29F3-4F0D-B9D9-1A218C58AD6F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {03DE1924-3FE1-4D64-9AFA-83BE2B67843E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {03F00483-DFF0-469F-88A0-E7C9E3D9F4A7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {2E5E8DAF-5F7B-4DD0-B6D9-6154B1A6CA1D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {678555FD-A992-4622-BCCB-A89F836C2CAE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7276DEEA-6ED2-4091-AF19-079E9B8C56C7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {7CCE08F4-EC9E-4612-99CC-D857CD214A0A} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28] (Nuance Communications, Inc.)
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {B6DFC327-E4D4-468C-A071-D458EC30ADBF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {D6A010E0-28C2-4360-B06D-6DB72C548BFD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {DC624EAE-9AB6-4758-B6B9-7112C5340C97} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E6A82C08-8490-4083-9271-DEB458C010CF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {EF3CB7C8-BE78-4F7D-90D1-123882E38108} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {F7217E62-6F97-491F-A19B-413BDD5879FF} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-06 12:24 - 2010-06-29 23:14 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manfred\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Adobe ARM"
HKLM\...\StartupApproved\Run: => "SSBkgdUpdate"
HKLM\...\StartupApproved\Run: => "OpwareSE4"
HKLM\...\StartupApproved\Run: => "CLMLServer"
HKLM\...\StartupApproved\Run: => "YouCam Mirror Tray icon"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "HP Software Update"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2014 00:12:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7227b3d2-bfc2-4c0b-b08c-d95f02cbeb44}

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13594

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13594

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13937

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13937

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/19/2014 04:23:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14360

Error: (07/19/2014 04:23:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14360

Error: (07/19/2014 04:23:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/29/2014 06:28:54 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (07/29/2014 03:28:34 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/29/2014 03:17:16 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (07/29/2014 02:42:32 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (07/29/2014 11:59:56 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/28/2014 07:10:42 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (07/28/2014 04:10:27 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/28/2014 00:10:25 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (07/26/2014 05:26:38 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (07/26/2014 03:23:32 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5


Microsoft Office Sessions:
=========================
Error: (07/30/2014 00:12:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7227b3d2-bfc2-4c0b-b08c-d95f02cbeb44}

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13594

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13594

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13937

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13937

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/19/2014 04:23:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14360

Error: (07/19/2014 04:23:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14360

Error: (07/19/2014 04:23:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 2934.6 MB
Available physical RAM: 2004.84 MB
Total Pagefile: 3446.6 MB
Available Pagefile: 2326.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.72 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:391.02 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:21.5 GB) NTFS
Drive i: (Elements) (Fixed) (Total:931.28 GB) (Free:702.21 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 884D7A8E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================
         

Alt 31.07.2014, 17:58   #10
M-K-D-B
/// TB-Ausbilder
 
internet verselbstständigt! - Standard

internet verselbstständigt!



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [Infigo] => C:\Program Files\Infigo\Infigo.exe onrun
C:\Program Files\Infigo
SearchScopes: HKCU - {BAA731FA-283E-4F16-8F5B-905AD08C43E0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=aa17b148-a3f7-420e-a994-f698ca4849c5&apn_sauid=A2076782-DCD3-4FF4-9E32-40CABBD000B1
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SearchEngineOrder.1: Ask.com
C:\Users\Manfred\Downloads\Infigo*.exe
C:\Users\Manfred\Downloads\rcp*.exe
C:\Users\Manfred\AppData\Roaming\Infigo
C:\Users\Manfred\Downloads\Media-Player [1].exe
C:\Users\Manfred\Downloads\Infigo_setup.exe
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Schritt 5
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
    *Buzzdock*
    *Infigo*
    
    :folderfind
    *Buzzdock*
    *Infigo*
    
    :regfind
    Buzzdock
    Infigo
    NetCrawl
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck,
  • die beiden neuen Logdateien von FRST,
  • die Logdatei von SystemLook.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 01.08.2014, 08:10   #11
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-07-2014 01
Ran by Manfred at 2014-07-31 19:52:44 Run:1
Running from C:\Users\Manfred\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [Infigo] => C:\Program Files\Infigo\Infigo.exe onrun
C:\Program Files\Infigo
SearchScopes: HKCU - {BAA731FA-283E-4F16-8F5B-905AD08C43E0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=aa17b148-a3f7-420e-a994-f698ca4849c5&apn_sauid=A2076782-DCD3-4FF4-9E32-40CABBD000B1
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SearchEngineOrder.1: Ask.com
C:\Users\Manfred\Downloads\Infigo*.exe
C:\Users\Manfred\Downloads\rcp*.exe
C:\Users\Manfred\AppData\Roaming\Infigo
C:\Users\Manfred\Downloads\Media-Player [1].exe
C:\Users\Manfred\Downloads\Infigo_setup.exe
Reboot:
end
*****************

HKU\S-1-5-21-2440249-1944230807-1698688370-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Infigo => value deleted successfully.
"C:\Program Files\Infigo" => File/Directory not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BAA731FA-283E-4F16-8F5B-905AD08C43E0}" => Key deleted successfully.
"HKCR\CLSID\{BAA731FA-283E-4F16-8F5B-905AD08C43E0}" => Key not found.
Firefox newtab deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\Manfred\Downloads\Infigo*.exe => Moved successfully.
C:\Users\Manfred\Downloads\rcp*.exe => Moved successfully.
C:\Users\Manfred\AppData\Roaming\Infigo => Moved successfully.
C:\Users\Manfred\Downloads\Media-Player [1].exe => Moved successfully.
"C:\Users\Manfred\Downloads\Infigo_setup.exe" => File/Directory not found.


The system needed a reboot. 

==== End of Fixlog ====
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.85  
   x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop      
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2014   
 TuneUp Utilities 2014 (de-DE)  
 TuneUp Utilities 2014   
 Adobe Flash Player 	14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C::  
````````````````````End of Log``````````````````````
         
[CODE]ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=128d87f9b6874e4a86fc8bb7b175fc3a
# engine=19443
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-31 07:15:00
# local_time=2014-07-31 09:15:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 4492 272257390 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3388321 31715414 0 0
# scanned=188870
# found=39
# cleaned=0
# scan_time=4120
sh=CF6185A9EDFBA0217C9D36D25CA9F6ADCC9F6BC8 ft=1 fh=f90d49fcbe154eac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=B92B5653151811A3D3E79ABF466B1BC45B6B0629 ft=1 fh=ea6b2f014c1c4c36 vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\NetCrawlBHO.dll.vir"
sh=DEB5731490F0FFF9E8B5DD10DAB02C9ACCEABE39 ft=1 fh=82381dedc50e8e91 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\NetCrawlUn.exe.vir"
sh=D2CCFE60F42725555B68A7384ABA09E0CCD66CA1 ft=1 fh=5727933fdb8273cc vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\NetCrawlUninstall.exe.vir"
sh=CCE2EBA400860CE9D351E68128A9EB32092A9BF9 ft=1 fh=97fefa04cf8d94ca vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\updateNetCrawl.exe.vir"
sh=2F90A4EECFFB0DEAF979481B19AA23D0FD43628C ft=1 fh=c7873f6e30550f25 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter.exe.vir"
sh=901F19E541B8A6984390B1AB67CAEEA67BA86C61 ft=1 fh=6b4cad971f9fa32a vn="Variante von Win32/BrowseFox.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\NetCrawl.PurBrowse.exe.vir"
sh=CCE2EBA400860CE9D351E68128A9EB32092A9BF9 ft=1 fh=97fefa04cf8d94ca vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\utilNetCrawl.exe.vir"
sh=92D997787E7F25D6C6BD39BE5823768D6DC20047 ft=1 fh=d9a31853698ec303 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.Bromon.dll.vir"
sh=683F11C8F3ED3F25D47DF2F82FE58F7C951078FE ft=1 fh=78f650e73d778dfb vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.BroStats.dll.vir"
sh=6D0D342F0248A068878A2E1F30538BEA20887A10 ft=1 fh=28a6bb23aba6ed0a vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.BrowserAdapterS.dll.vir"
sh=5EBC4F87F2604E53BE2ECA22BB13EE93C23CEFE9 ft=1 fh=9ac32ae49f864c2d vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.CompatibilityChecker.dll.vir"
sh=65B23FC870FEF1750CA45B94CE20BB56A1ECAFF8 ft=1 fh=ff0a359483b59740 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.FeSvc.dll.vir"
sh=B7687BBDA37F7B625404532BB53A59C913AB0A73 ft=1 fh=903102ccbf0a547c vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.FFUpdate.dll.vir"
sh=A712982FA115D4AE40A69D9552F6A84E54C24669 ft=1 fh=7e50f8b18fc79544 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.IEUpdate.dll.vir"
sh=7653369DF0B57FCE93C1E3B81A6F597580180118 ft=1 fh=51d742089e4f7175 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll.vir"
sh=D4CF6438AC6BB90F29586B4B416C180DA00D708D ft=1 fh=f5d0ab20ae181c4c vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.Repmon.dll.vir"
sh=39455565AD792A7D9AAB03CDE37A234AA04B4FBC ft=1 fh=a06366ad09d7b766 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Firefox\toolbar@ask.com\plugins\npAviraCallingID.dll"
sh=BD165479C4C6FE4FA308749C6549737F7C06061B ft=1 fh=fb9c0a330915096d vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Manfred\Downloads\rcprcpa_29070909433874754.exe.xBAD"
sh=16F34180D9E52FB302262DC36F321AA3AB96AAA9 ft=1 fh=3ba6a656f8b92853 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Manfred\Downloads\rcprcp_300710062649096190.exe.xBAD"
sh=B506B2465FD10608020D30ED9047B5E11DE63FA0 ft=1 fh=10102a51b62618f2 vn="Win32/Bundled.Toolbar.Ask.E potenziell unsichere Anwendung" ac=I fn="C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe"
sh=1D8EC6612F09B82BE7D61BB29C69D5E78DD9D677 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\AskToolbarInstaller-12.10.0_AVIRA-V7C.msi"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=02C6F30D4206AAA4DC9D5B67F9E42902BF0E5F0A ft=1 fh=011e7c44665e1436 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Desktop\avira_free_antivirus_de.exe"
sh=0B756802CDD8FCA064D7546EC920F16F3187448B ft=1 fh=75a4f95b51866dba vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Downloads\avira_free344_antivirus_de.exe"
sh=0D841594319DB3C80A51D3D017A913A3A063A28C ft=1 fh=54829ef673838be7 vn="Win32/DomaIQ.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\FlashPlayer_V.17311321b.exe"
sh=7D322813B33F6DD64AFFBB284E6BA42231F49605 ft=1 fh=f0a6ef37ed4c7612 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\FreeAudioConverter_5.0.23.320.exe"
sh=F74DEFC00820BA00880E018936AD16226C301A4E ft=1 fh=af16ef21883d2d4c vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\m4a-to-mp3-converter.exe"
sh=F74DEFC00820BA00880E018936AD16226C301A4E ft=1 fh=af16ef21883d2d4c vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\m4a-to-mp3-converter_7.2.exe"
sh=E88952A7C68BC64AD84A88AB73A4DAFBDAB80580 ft=1 fh=bc7fcb22b92a1d08 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\Manfred\AppData\Local\Temp\AskSLib.dll"
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo Anwendung" ac=I fn="I:\Manfred Pfau\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\7qifv2wb.default\extensions\plugin@yontoo.com\content\overlay.js"
sh=02C6F30D4206AAA4DC9D5B67F9E42902BF0E5F0A ft=1 fh=011e7c44665e1436 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\Desktop\avira_free_antivirus_de.exe"
sh=2B77B559DFE503F8FE0DDDD20DD1785CAC45C703 ft=1 fh=2171829263f01658 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\Desktop\cdbxp_setup_4.4.1.3099.exe"
sh=A9D9A1EA56810A35A352A96EAD8E461A93643DE0 ft=1 fh=398a74cd8659c3dc vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="I:\Sicherung gesamt\Sicher_052010\Downloads\FreeYouTubeToMp3Converter327.exe"
sh=4E8BC33C6DFBDD9727988EB0AA95AF115C08FA8F ft=1 fh=efa4d311e75fd867 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Sicherung gesamt\Sicherung 10092010\DVDVideoSoft\tbDVDV.dll"
[/CODE

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01
Ran by Manfred at 2014-07-31 21:38:48
Running from C:\Users\Manfred\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-4300-A758B70C0F01}) (Version: 12.15.1.462 - APN, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC) <==== ATTENTION
Content Manager 2 (HKLM\...\Content Manager 2) (Version: 3.10.0.52790 - NNG Llc.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.2602 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow (Version: 5.0.1410a - CyberLink Corp.) Hidden
CyberLink MediaShow Espresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021 - CyberLink Corp.)
CyberLink MediaShow Espresso (Version: 5.5.1412_24021 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2718 - CyberLink Corp.)
CyberLink PowerDirector (Version: 8.0.2718 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2925.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (Version: 9.0.2925.52 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.2.2326 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.2626 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Free Audio Converter version 5.0.23.320 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{8A7CB3D4-0C49-4A19-8504-CF250CE1F5E8}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe (x86) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Right Backup (HKLM\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.07.73 - Akademische Arbeitsgemeinschaft)
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{FC16C025-71D3-430F-BE61-B7E713E5B582}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
WEB.DE Club SmartFax (HKLM\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2440249-1944230807-1698688370-1001_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2440249-1944230807-1698688370-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points  =========================

12-07-2014 09:44:19 Windows Update
30-07-2014 10:12:24 RCP Mi, Jul 30, 14  12:12

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0064A4EB-6388-4C48-81C6-99746DEA4A8E} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {01BCC00A-C6A8-474C-BA2D-3076F3CE544D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {02B97B27-29F3-4F0D-B9D9-1A218C58AD6F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {03DE1924-3FE1-4D64-9AFA-83BE2B67843E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {03F00483-DFF0-469F-88A0-E7C9E3D9F4A7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {2E5E8DAF-5F7B-4DD0-B6D9-6154B1A6CA1D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {678555FD-A992-4622-BCCB-A89F836C2CAE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7276DEEA-6ED2-4091-AF19-079E9B8C56C7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {7CCE08F4-EC9E-4612-99CC-D857CD214A0A} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28] (Nuance Communications, Inc.)
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {95A93937-1782-4523-807E-50CC286C60E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {B6DFC327-E4D4-468C-A071-D458EC30ADBF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {D6A010E0-28C2-4360-B06D-6DB72C548BFD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E6A82C08-8490-4083-9271-DEB458C010CF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {EF3CB7C8-BE78-4F7D-90D1-123882E38108} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-06 12:24 - 2010-06-29 23:14 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-07-29 14:14 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manfred\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Adobe ARM"
HKLM\...\StartupApproved\Run: => "SSBkgdUpdate"
HKLM\...\StartupApproved\Run: => "OpwareSE4"
HKLM\...\StartupApproved\Run: => "CLMLServer"
HKLM\...\StartupApproved\Run: => "YouCam Mirror Tray icon"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "HP Software Update"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2014 06:52:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10811078

Error: (07/31/2014 06:52:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10811078

Error: (07/31/2014 06:52:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2014 00:58:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/30/2014 00:12:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7227b3d2-bfc2-4c0b-b08c-d95f02cbeb44}

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13594

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13594

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13937

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13937


System errors:
=============
Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (07/31/2014 06:52:27 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (07/31/2014 03:52:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/29/2014 06:28:54 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5


Microsoft Office Sessions:
=========================
Error: (07/31/2014 06:52:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10811078

Error: (07/31/2014 06:52:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10811078

Error: (07/31/2014 06:52:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2014 00:58:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2540 series\DriverStore\Yeti\V3\amd64\hpinkinsC211.exe

Error: (07/30/2014 00:12:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7227b3d2-bfc2-4c0b-b08c-d95f02cbeb44}

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13594

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13594

Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13937

Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13937


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 2934.6 MB
Available physical RAM: 1587.12 MB
Total Pagefile: 3446.6 MB
Available Pagefile: 1849.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.73 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:389.43 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:21.5 GB) NTFS
Drive i: (Elements) (Fixed) (Total:931.28 GB) (Free:702.21 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 884D7A8E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================
         
--- --- ---


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01
Ran by Manfred (administrator) on MANFREDPC on 31-07-2014 21:37:50
Running from C:\Users\Manfred\Downloads
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
IFEO\effectextractor.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\omnipage.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\power2go.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\scannerwizard.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\toolbar@web.de [2014-07-12]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2013-12-20]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-26] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-06-29] () [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-06-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-06-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-06-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [136216 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37352 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [35848 2014-07-26] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 L1C; C:\WINDOWS\system32\DRIVERS\L1C63x86.sys [110792 2013-06-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-06-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-06-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 21:31 - 2014-07-31 21:31 - 00854390 _____ () C:\Users\Manfred\Desktop\SecurityCheck.exe
2014-07-31 21:28 - 2014-07-31 21:28 - 00009457 _____ () C:\Users\Manfred\Downloads\Eset.txt
2014-07-31 20:03 - 2014-07-31 20:03 - 02347384 _____ (ESET) C:\Users\Manfred\Downloads\esetsmartinstaller_deu.exe
2014-07-31 12:42 - 2014-07-31 12:42 - 00000000 ____D () C:\Users\Manfred\Downloads\FRST-OlderVersion
2014-07-31 12:41 - 2014-07-31 12:41 - 00001538 _____ () C:\Users\Manfred\Desktop\mbam.txt
2014-07-31 12:20 - 2014-07-31 19:55 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 12:20 - 2014-07-31 12:20 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-31 12:20 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-31 12:20 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-31 12:20 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-31 12:19 - 2014-07-31 12:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 12:14 - 2014-07-31 19:53 - 00007828 _____ () C:\WINDOWS\PFRO.log
2014-07-31 12:10 - 2014-07-31 12:11 - 00000000 ____D () C:\AdwCleaner
2014-07-31 12:09 - 2014-07-31 12:09 - 01361309 _____ () C:\Users\Manfred\Downloads\adwcleaner_3.302.exe
2014-07-30 15:01 - 2014-07-31 21:38 - 00010385 _____ () C:\Users\Manfred\Downloads\FRST.txt
2014-07-30 15:01 - 2014-07-31 12:43 - 00030905 _____ () C:\Users\Manfred\Downloads\Addition.txt
2014-07-30 15:00 - 2014-07-31 21:37 - 00000000 ____D () C:\FRST
2014-07-30 14:59 - 2014-07-31 12:42 - 01084928 _____ (Farbar) C:\Users\Manfred\Downloads\FRST.exe
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\rbtemp
2014-07-30 12:02 - 2014-07-30 12:02 - 00000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-07-29 14:14 - 2014-07-29 14:14 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-28 11:37 - 2014-07-28 11:38 - 32047680 _____ () C:\Users\Manfred\Downloads\Firefox_Setup_de31.0.exe
2014-07-15 10:12 - 2014-07-15 10:12 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe
2014-07-12 12:34 - 2014-07-12 12:34 - 00093529 _____ () C:\Users\Manfred\Desktop\HP Installationsfehler beheben – Netzwerk.hta
2014-07-12 11:48 - 2014-07-12 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 11:46 - 2014-04-14 04:37 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-12 11:45 - 2014-07-12 11:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-12 06:55 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-12 06:54 - 2014-07-01 00:46 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-12 06:54 - 2014-06-28 08:57 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-12 06:54 - 2014-06-28 08:27 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-12 06:54 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-12 06:54 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-12 06:54 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-12 06:54 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-12 06:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-12 06:54 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-12 06:54 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-12 06:54 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-12 06:54 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-12 06:54 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-12 06:54 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-12 06:54 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-12 06:54 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-12 06:54 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-12 06:54 - 2014-06-06 15:20 - 03497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-12 06:54 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-12 06:54 - 2014-05-31 10:38 - 00049552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-12 06:54 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-12 06:54 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-12 06:54 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-12 06:54 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-12 06:54 - 2014-05-31 04:39 - 02818048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-12 06:54 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-12 06:54 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-12 06:54 - 2014-05-30 05:05 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-12 06:54 - 2014-05-29 11:30 - 00481400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-12 06:54 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-12 06:54 - 2014-05-29 06:38 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieUserList
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 21:38 - 2014-07-30 15:01 - 00010385 _____ () C:\Users\Manfred\Downloads\FRST.txt
2014-07-31 21:37 - 2014-07-30 15:00 - 00000000 ____D () C:\FRST
2014-07-31 21:36 - 2013-03-25 10:29 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-31 21:35 - 2014-06-22 15:30 - 01209182 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-31 21:31 - 2014-07-31 21:31 - 00854390 _____ () C:\Users\Manfred\Desktop\SecurityCheck.exe
2014-07-31 21:28 - 2014-07-31 21:28 - 00009457 _____ () C:\Users\Manfred\Downloads\Eset.txt
2014-07-31 21:00 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-31 20:03 - 2014-07-31 20:03 - 02347384 _____ (ESET) C:\Users\Manfred\Downloads\esetsmartinstaller_deu.exe
2014-07-31 19:55 - 2014-07-31 12:20 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 19:55 - 2014-06-23 09:03 - 00000000 __RDO () C:\Users\Manfred\OneDrive
2014-07-31 19:54 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-31 19:53 - 2014-07-31 12:14 - 00007828 _____ () C:\WINDOWS\PFRO.log
2014-07-31 12:56 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-07-31 12:43 - 2014-07-30 15:01 - 00030905 _____ () C:\Users\Manfred\Downloads\Addition.txt
2014-07-31 12:42 - 2014-07-31 12:42 - 00000000 ____D () C:\Users\Manfred\Downloads\FRST-OlderVersion
2014-07-31 12:42 - 2014-07-30 14:59 - 01084928 _____ (Farbar) C:\Users\Manfred\Downloads\FRST.exe
2014-07-31 12:41 - 2014-07-31 12:41 - 00001538 _____ () C:\Users\Manfred\Desktop\mbam.txt
2014-07-31 12:35 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\IME
2014-07-31 12:35 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-31 12:20 - 2014-07-31 12:20 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-07-31 12:19 - 2014-07-31 12:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 12:14 - 2014-01-26 12:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-31 12:11 - 2014-07-31 12:10 - 00000000 ____D () C:\AdwCleaner
2014-07-31 12:09 - 2014-07-31 12:09 - 01361309 _____ () C:\Users\Manfred\Downloads\adwcleaner_3.302.exe
2014-07-31 11:47 - 2012-07-26 06:17 - 00000269 _____ () C:\WINDOWS\win.ini
2014-07-31 10:52 - 2014-01-26 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-31 10:52 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\rbtemp
2014-07-30 12:02 - 2014-07-30 12:02 - 00000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-07-30 10:43 - 2014-05-06 12:29 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\HpUpdate
2014-07-29 14:14 - 2014-07-29 14:14 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 14:14 - 2014-06-19 10:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-28 11:38 - 2014-07-28 11:37 - 32047680 _____ () C:\Users\Manfred\Downloads\Firefox_Setup_de31.0.exe
2014-07-26 11:52 - 2013-09-07 12:41 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-07-26 11:21 - 2013-05-10 08:50 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-16 10:24 - 2013-09-10 17:30 - 00036152 _____ (TuneUp Software) C:\WINDOWS\system32\uxtuneup.dll
2014-07-16 10:24 - 2013-09-07 12:42 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2014-07-16 10:24 - 2013-09-07 12:42 - 00025400 _____ (TuneUp Software) C:\WINDOWS\system32\authuitu.dll
2014-07-15 10:12 - 2014-07-15 10:12 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe
2014-07-15 06:45 - 2013-03-25 18:15 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-13 11:43 - 2014-06-22 16:05 - 00000000 ___DC () C:\WINDOWS\Panther
2014-07-13 09:01 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-13 08:59 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-13 08:43 - 2014-03-18 10:04 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-13 08:37 - 2013-08-22 09:22 - 00485264 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2014-07-12 12:34 - 2014-07-12 12:34 - 00093529 _____ () C:\Users\Manfred\Desktop\HP Installationsfehler beheben – Netzwerk.hta
2014-07-12 12:34 - 2014-05-06 12:28 - 00000000 ____D () C:\Program Files\HP
2014-07-12 12:33 - 2013-01-22 09:36 - 00000000 ____D () C:\Users\Manfred\Documents\Beihilfe
2014-07-12 11:51 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-12 11:50 - 2013-03-25 18:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 11:48 - 2014-07-12 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 11:48 - 2013-08-17 13:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-12 11:47 - 2013-03-27 17:25 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-12 11:46 - 2014-03-18 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 11:45 - 2014-07-12 11:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieUserList
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieSiteList
2014-07-01 00:46 - 2014-07-12 06:54 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

Some content of TEMP:
====================
C:\Users\Manfred\AppData\Local\Temp\avgnt.exe
C:\Users\Manfred\AppData\Local\Temp\de_ww_Package.exe
C:\Users\Manfred\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 12:56

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 21:44 on 31/07/2014 by Manfred
Administrator - Elevation successful

========== filefind ==========

Searching for "*Buzzdock*"
No files found.

Searching for "*Infigo*"
C:\FRST\Quarantine\C\Users\Manfred\AppData\Roaming\Infigo\Infigo.sdf	--a---- 585728 bytes	[10:02 30/07/2014]	[11:04 30/07/2014] 71814EC61FAEC690AA01527B2A88CE77
C:\FRST\Quarantine\C\Users\Manfred\Downloads\InfigoInfigo_setup(1).exe.xBAD	--a---- 7501568 bytes	[11:11 30/07/2014]	[11:11 30/07/2014] F01590F6E79A9AD0404F24FDD734E4E9
C:\FRST\Quarantine\C\Users\Manfred\Downloads\InfigoInfigo_setup.exe.xBAD	--a---- 7501568 bytes	[10:01 30/07/2014]	[10:01 30/07/2014] 60215E8BCE7F11D72053C2386C87990A
C:\Users\Manfred\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Infigo.exe.log	--a---- 1213 bytes	[10:15 30/07/2014]	[10:15 30/07/2014] 48325F3BA82017203D93C7ABE44BBB99
C:\Windows\Prefetch\INFIGO_SETUP.EXE-310C7AF1.pf	--a---- 71854 bytes	[10:01 30/07/2014]	[10:01 30/07/2014] E3F46DFAE82ADB20C69B7A60DF973362
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\InfigoOperator.exe.log	--a---- 1316 bytes	[13:09 30/07/2014]	[13:09 30/07/2014] CCB101C72D9AC6191B1BDA4B6DF2CF07
C:\Windows\System32\config\systemprofile\AppData\Roaming\Infigo\Infigo.sdf	--a---- 520192 bytes	[10:02 30/07/2014]	[13:09 30/07/2014] 31C7D1E4C531BA7E139CFC29ED652A9D

========== folderfind ==========

Searching for "*Buzzdock*"
No folders found.

Searching for "*Infigo*"
C:\FRST\Quarantine\C\Users\Manfred\AppData\Roaming\Infigo	d------	[10:02 30/07/2014]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Infigo	d------	[10:02 30/07/2014]

========== regfind ==========

Searching for "Buzzdock"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"DisplayName"="Buzzdock"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"HelpLink"="mailto:support@buzzdock.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"URLInfoAbout"="hxxp://www.buzzdock.com/faq-support"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"URLUpdateInfo"="hxxp://www.buzzdock.com/"

Searching for "Infigo"
[HKEY_CURRENT_USER\Software\Infigo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"0"="C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infigo\Infigo.lnk C:\Program Files\Infigo\Infigo.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Infigo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Infigo_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Infigo_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\InfigoService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\InfigoService]
[HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\InfigoOperator.exe]
[HKEY_USERS\S-1-5-21-2440249-1944230807-1698688370-1001\Software\Infigo]
[HKEY_USERS\S-1-5-21-2440249-1944230807-1698688370-1001\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"0"="C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infigo\Infigo.lnk C:\Program Files\Infigo\Infigo.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\InfigoOperator.exe]

Searching for "NetCrawl"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2440249-1944230807-1698688370-1001\Software\NetCrawl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91C6335B-B94B-4CED-BCE3-BC33A09F5DB5}]
@="INetCrawlBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetCrawl_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetCrawl_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utilNetCrawl_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utilNetCrawl_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"QuietUninstallString"="C:\Program Files\NetCrawl\NetCrawlUn.exe REP_BD_"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"UninstallString"="C:\Program Files\NetCrawl\NetCrawlUn.exe REP_BD_"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Update NetCrawl]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Util NetCrawl]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update NetCrawl]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util NetCrawl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateNetCrawl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\utilNetCrawl.exe]
[HKEY_USERS\S-1-5-21-2440249-1944230807-1698688370-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2440249-1944230807-1698688370-1001\Software\NetCrawl]
[HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\updateNetCrawl.exe]
[HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\utilNetCrawl.exe]

Searching for "         "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="4.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Reso
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell.workflow" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" UseSharedProcess="true" ProcessIdleTimeoutSec="1209600" RunAsUser="" RunAsPassword="" AutoRestart="false"     Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="4.0"/>                     <Param Name="AssemblyName" Value="Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/>                     <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration"/>                     <Param Name="SessionConfigurationData"                          Value="                       

-= EOF =-
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=128d87f9b6874e4a86fc8bb7b175fc3a
# engine=19443
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-31 07:15:00
# local_time=2014-07-31 09:15:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 4492 272257390 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3388321 31715414 0 0
# scanned=188870
# found=39
# cleaned=0
# scan_time=4120
sh=CF6185A9EDFBA0217C9D36D25CA9F6ADCC9F6BC8 ft=1 fh=f90d49fcbe154eac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=B92B5653151811A3D3E79ABF466B1BC45B6B0629 ft=1 fh=ea6b2f014c1c4c36 vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\NetCrawlBHO.dll.vir"
sh=DEB5731490F0FFF9E8B5DD10DAB02C9ACCEABE39 ft=1 fh=82381dedc50e8e91 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\NetCrawlUn.exe.vir"
sh=D2CCFE60F42725555B68A7384ABA09E0CCD66CA1 ft=1 fh=5727933fdb8273cc vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\NetCrawlUninstall.exe.vir"
sh=CCE2EBA400860CE9D351E68128A9EB32092A9BF9 ft=1 fh=97fefa04cf8d94ca vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\updateNetCrawl.exe.vir"
sh=2F90A4EECFFB0DEAF979481B19AA23D0FD43628C ft=1 fh=c7873f6e30550f25 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter.exe.vir"
sh=901F19E541B8A6984390B1AB67CAEEA67BA86C61 ft=1 fh=6b4cad971f9fa32a vn="Variante von Win32/BrowseFox.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\NetCrawl.PurBrowse.exe.vir"
sh=CCE2EBA400860CE9D351E68128A9EB32092A9BF9 ft=1 fh=97fefa04cf8d94ca vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\utilNetCrawl.exe.vir"
sh=92D997787E7F25D6C6BD39BE5823768D6DC20047 ft=1 fh=d9a31853698ec303 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.Bromon.dll.vir"
sh=683F11C8F3ED3F25D47DF2F82FE58F7C951078FE ft=1 fh=78f650e73d778dfb vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.BroStats.dll.vir"
sh=6D0D342F0248A068878A2E1F30538BEA20887A10 ft=1 fh=28a6bb23aba6ed0a vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.BrowserAdapterS.dll.vir"
sh=5EBC4F87F2604E53BE2ECA22BB13EE93C23CEFE9 ft=1 fh=9ac32ae49f864c2d vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.CompatibilityChecker.dll.vir"
sh=65B23FC870FEF1750CA45B94CE20BB56A1ECAFF8 ft=1 fh=ff0a359483b59740 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.FeSvc.dll.vir"
sh=B7687BBDA37F7B625404532BB53A59C913AB0A73 ft=1 fh=903102ccbf0a547c vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.FFUpdate.dll.vir"
sh=A712982FA115D4AE40A69D9552F6A84E54C24669 ft=1 fh=7e50f8b18fc79544 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.IEUpdate.dll.vir"
sh=7653369DF0B57FCE93C1E3B81A6F597580180118 ft=1 fh=51d742089e4f7175 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll.vir"
sh=D4CF6438AC6BB90F29586B4B416C180DA00D708D ft=1 fh=f5d0ab20ae181c4c vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.Repmon.dll.vir"
sh=39455565AD792A7D9AAB03CDE37A234AA04B4FBC ft=1 fh=a06366ad09d7b766 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Firefox\toolbar@ask.com\plugins\npAviraCallingID.dll"
sh=BD165479C4C6FE4FA308749C6549737F7C06061B ft=1 fh=fb9c0a330915096d vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Manfred\Downloads\rcprcpa_29070909433874754.exe.xBAD"
sh=16F34180D9E52FB302262DC36F321AA3AB96AAA9 ft=1 fh=3ba6a656f8b92853 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Manfred\Downloads\rcprcp_300710062649096190.exe.xBAD"
sh=B506B2465FD10608020D30ED9047B5E11DE63FA0 ft=1 fh=10102a51b62618f2 vn="Win32/Bundled.Toolbar.Ask.E potenziell unsichere Anwendung" ac=I fn="C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe"
sh=1D8EC6612F09B82BE7D61BB29C69D5E78DD9D677 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\AskToolbarInstaller-12.10.0_AVIRA-V7C.msi"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=02C6F30D4206AAA4DC9D5B67F9E42902BF0E5F0A ft=1 fh=011e7c44665e1436 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Desktop\avira_free_antivirus_de.exe"
sh=0B756802CDD8FCA064D7546EC920F16F3187448B ft=1 fh=75a4f95b51866dba vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Downloads\avira_free344_antivirus_de.exe"
sh=0D841594319DB3C80A51D3D017A913A3A063A28C ft=1 fh=54829ef673838be7 vn="Win32/DomaIQ.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\FlashPlayer_V.17311321b.exe"
sh=7D322813B33F6DD64AFFBB284E6BA42231F49605 ft=1 fh=f0a6ef37ed4c7612 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\FreeAudioConverter_5.0.23.320.exe"
sh=F74DEFC00820BA00880E018936AD16226C301A4E ft=1 fh=af16ef21883d2d4c vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\m4a-to-mp3-converter.exe"
sh=F74DEFC00820BA00880E018936AD16226C301A4E ft=1 fh=af16ef21883d2d4c vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\m4a-to-mp3-converter_7.2.exe"
sh=E88952A7C68BC64AD84A88AB73A4DAFBDAB80580 ft=1 fh=bc7fcb22b92a1d08 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\Manfred\AppData\Local\Temp\AskSLib.dll"
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo Anwendung" ac=I fn="I:\Manfred Pfau\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\7qifv2wb.default\extensions\plugin@yontoo.com\content\overlay.js"
sh=02C6F30D4206AAA4DC9D5B67F9E42902BF0E5F0A ft=1 fh=011e7c44665e1436 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\Desktop\avira_free_antivirus_de.exe"
sh=2B77B559DFE503F8FE0DDDD20DD1785CAC45C703 ft=1 fh=2171829263f01658 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\Desktop\cdbxp_setup_4.4.1.3099.exe"
sh=A9D9A1EA56810A35A352A96EAD8E461A93643DE0 ft=1 fh=398a74cd8659c3dc vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="I:\Sicherung gesamt\Sicher_052010\Downloads\FreeYouTubeToMp3Converter327.exe"
sh=4E8BC33C6DFBDD9727988EB0AA95AF115C08FA8F ft=1 fh=efa4d311e75fd867 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Sicherung gesamt\Sicherung 10092010\DVDVideoSoft\tbDVDV.dll"
         
Hallo Matthias,
hoffe ich habe alles richtig gemacht.
Gruß Manfred

Guten Morgen,
werde jetzt die verwendeten Tools löschen.
Bis jetzt soweit alles in Ordnung. Schon mal richtig Danke.

Gruß
Manfred

Alt 01.08.2014, 08:36   #12
M-K-D-B
/// TB-Ausbilder
 
internet verselbstständigt! - Standard

internet verselbstständigt!



Zitat:
Zitat von pfaumanfred Beitrag anzeigen
werde jetzt die verwendeten Tools löschen.
Warum kannst du nicht warten, bis wir fertig sind?
Zudem entfernt DelFix (siehe weiter unten) sowieso alle Tools automatisch...




Schritt 1
  • Deaktiviere dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Lade die Quarantine.zip im Upload-Channel hoch.
  • Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
  • Klicke abschließend auf Hochladen.
  • Vielen Dank für deine Hilfe.
  • Aktiviere dein Anti-Viren-Programm wieder.





Schritt 2
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
C:\Users\Manfred\Downloads\bis November 2013\FlashPlayer_V.17311321b.exe
C:\Users\Manfred\Downloads\bis November 2013\FreeAudioConverter_5.0.23.320.exe
C:\Users\Manfred\Downloads\bis November 2013\m4a-to-mp3*.exe
C:\Windows\System32\config\systemprofile\AppData\Roaming\Infigo
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
DeleteKey: HKEY_CURRENT_USER\Software\Infigo
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Infigo
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Infigo_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Infigo_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\InfigoService
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\InfigoOperator.exe
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2440249-1944230807-1698688370-1001\Software\NetCrawl
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91C6335B-B94B-4CED-BCE3-BC33A09F5DB5}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetCrawl_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetCrawl_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utilNetCrawl_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utilNetCrawl_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update NetCrawl
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util NetCrawl
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateNetCrawl.exe
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\utilNetCrawl.exe
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.









Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.






Schritt 3
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 4
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 01.08.2014, 13:41   #13
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-07-2014 01
Ran by Manfred at 2014-08-01 14:02:40 Run:2
Running from C:\Users\Manfred\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Users\Manfred\Downloads\bis November 2013\FlashPlayer_V.17311321b.exe
C:\Users\Manfred\Downloads\bis November 2013\FreeAudioConverter_5.0.23.320.exe
C:\Users\Manfred\Downloads\bis November 2013\m4a-to-mp3*.exe
C:\Windows\System32\config\systemprofile\AppData\Roaming\Infigo
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
DeleteKey: HKEY_CURRENT_USER\Software\Infigo
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Infigo
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Infigo_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Infigo_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\InfigoService
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\InfigoOperator.exe
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2440249-1944230807-1698688370-1001\Software\NetCrawl
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91C6335B-B94B-4CED-BCE3-BC33A09F5DB5}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetCrawl_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetCrawl_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utilNetCrawl_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utilNetCrawl_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update NetCrawl
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util NetCrawl
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateNetCrawl.exe
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\utilNetCrawl.exe
Reboot:
end
         
*****************

C:\Users\Manfred\Downloads\bis November 2013\FlashPlayer_V.17311321b.exe => Moved successfully.
C:\Users\Manfred\Downloads\bis November 2013\FreeAudioConverter_5.0.23.320.exe => Moved successfully.
C:\Users\Manfred\Downloads\bis November 2013\m4a-to-mp3*.exe => Moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Infigo => Moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a} => Key deleted successfully.
HKEY_CURRENT_USER\Software\Infigo => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Infigo => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Infigo_RASAPI32 => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Infigo_RASMANCS => Key deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\InfigoService => Key deleted successfully.
HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\InfigoOperator.exe => Key deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2440249-1944230807-1698688370-1001\Software\NetCrawl => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91C6335B-B94B-4CED-BCE3-BC33A09F5DB5} => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetCrawl_RASAPI32 => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetCrawl_RASMANCS => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASAPI32 => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASMANCS => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utilNetCrawl_RASAPI32 => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utilNetCrawl_RASMANCS => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a} => Key not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update NetCrawl => Key deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util NetCrawl => Key deleted successfully.
HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateNetCrawl.exe => Key deleted successfully.
HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\utilNetCrawl.exe => Key deleted successfully.


The system needed a reboot. 

==== End of Fixlog ====
         
Hallo Matthias,

bis jetzt läuft alles wieder.
Nochmal Danke für die Hilfe.
LG Manfred

Hallo,
ich habe nur versucht Deine Ratschläge mit den zusätzlichen Programmen zu folgen.
Habe schon wieder das Problem das im Hintergrund Werbung mit Ton läuft, und ich aufgefordert werde den Video Player zu aktualisieren. Ausserdem wird immer der PC gescannt!!!

Alt 01.08.2014, 14:00   #14
M-K-D-B
/// TB-Ausbilder
 
internet verselbstständigt! - Standard

internet verselbstständigt!



Zitat:
Zitat von pfaumanfred Beitrag anzeigen
Habe schon wieder das Problem das im Hintergrund Werbung mit Ton läuft, und ich aufgefordert werde den Video Player zu aktualisieren. Ausserdem wird immer der PC gescannt!!!
Hast du DelFix (wie beschrieben) ausgeführt?
Wieso hast du die Quarantäne von FRST wie gepostet noch nicht hochgeladen?

Was du so beschreibst, hast du dir wieder irgendwelchen Mist auf den Rechner geholt... ehrlich gesagt weiß ich nicht, was du genau machst... auf jeden Fall nichts Gutes.... erst mal Fragen beantworten bitte.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 01.08.2014, 14:46   #15
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!



habe DelFix wie beschrieben durchgeführt. Habe Quarantine.zip im Upload Channel gesucht und hochgeladen. Hatte allerdings schwierigkeiten mit dem Link. Habe dann den Pfad
http://www.trojaner-board.de/157034-...aendigt-2.html
als Link eingegeben.
Habe als Programm den Advance System Protector gekauft

Antwort

Themen zu internet verselbstständigt!
msil/browsefox.e, msil/browsefox.g, pup.optional.appinstaller, pup.optional.downloader, pup.optional.iminent.a, pup.optional.netcrawl.a, pup.optional.outbrowse, pup.optional.regcleanerpro.a, pup.optional.systemspeedup, tabs mit werbung, win32/adware.yontoo, win32/browsefox.c, win32/browsefox.f, win32/browsefox.h, win32/browsefox.i, win32/browsefox.j, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.d, win32/bundled.toolbar.ask.e, win32/bundled.toolbar.ask.f, win32/bundled.toolbar.ask.g, win32/domaiq.c, win32/systweak.d, win32/toolbar.conduit, win32/toolbar.conduit.a, win32/toolbar.conduit.b



Ähnliche Themen: internet verselbstständigt!


  1. Windows updates sagen immer fehler beim instalieren, internet unterbrochen obwohl internet da ist ,
    Alles rund um Windows - 30.07.2015 (2)
  2. Cyber Crime - Blockierung im Internet, komme oft nicht ins Internet
    Diskussionsforum - 15.09.2014 (26)
  3. Hilfe Bitte. kein Internet über den Browser, obwohl eine Internet Verbindung besteht. ...
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (9)
  4. Internet Problem, 1 Pc zieht volle Internet Leistung!
    Log-Analyse und Auswertung - 14.11.2013 (10)
  5. Trojaner?Internet spackt rum (LoL,Skype,Internet-DC)
    Plagegeister aller Art und deren Bekämpfung - 26.12.2012 (3)
  6. Avast Web Schutz verhindert Internet-Zugang über Firefox/Internet Explorer
    Antiviren-, Firewall- und andere Schutzprogramme - 27.05.2011 (7)
  7. W-Lan und Lan finden internet, aber keine konnektivität zum Internet.
    Plagegeister aller Art und deren Bekämpfung - 17.01.2011 (22)
  8. Kann nur mit dem Internet Explorer ins Internet, Antivirenprogramm aktuallisiert sich nicht
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (11)
  9. Temporary Internet Files (Cache) füllt sich, ohne das ich im Internet etwas mache
    Log-Analyse und Auswertung - 06.07.2010 (21)
  10. Internet Explorer und Firefox kommen nicht ins Internet
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (71)
  11. Mausrad verselbstständigt sich wegen virus/trojan
    Netzwerk und Hardware - 14.11.2009 (1)
  12. Internet langsam und zu reagiert das Internet und Outlook nicht mehr
    Log-Analyse und Auswertung - 27.08.2009 (37)
  13. internet seitenaufbau total langsam,internet aktivität zu hoch.
    Plagegeister aller Art und deren Bekämpfung - 03.12.2008 (0)
  14. Internet Explorer hängt, Internet Probleme!
    Log-Analyse und Auswertung - 26.11.2008 (1)
  15. internet geht zäh, internet windows explorer spinnt
    Log-Analyse und Auswertung - 20.11.2008 (20)
  16. GData Internet Security 2007 und installiert und der Internet Explorer läuft nicht
    Antiviren-, Firewall- und andere Schutzprogramme - 25.01.2007 (1)
  17. iexplore.exe (NICHT Internet Explorer) versucht auf das Internet zuzugreifen!
    Plagegeister aller Art und deren Bekämpfung - 11.04.2006 (12)

Zum Thema internet verselbstständigt! - Hallo, ich bin Windows 8 Nutzer und gehe über Mozilla Firefox ins Internet. Seit ca. 1 Woche, werden ohne meine zutun ständig neue Tabs geöffnet. Alle mit dem Hinweis, dass - internet verselbstständigt!...
Archiv
Du betrachtest: internet verselbstständigt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.