Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Sanduhr bei Win7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.10.2014, 22:32   #1
haithabu
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



Mein DELL Vostro mit Windows 7 Prof. zeigt nach dem extrem langsamen Start auf dem Desktop fortwährend die Sanduhr. Programme lassen sich nicht starten/abbrechen.

Kann das an einem Schädling liegen?

Alt 02.10.2014, 00:15   #2
Bootsektor
/// TB-Ausbilder
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7





Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Bekommst du FRST zum laufen? Dann mache bitte folgendes
Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 02.10.2014, 21:19   #3
haithabu
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-10-2014 01
Ran by ANNIKA KEMMER (ATTENTION: The logged in user is not administrator) on ANNIKA-PC on 02-10-2014 21:11:56
Running from C:\Users\ANNIKA KEMMER\Downloads
Loaded Profile: ANNIKA KEMMER (Available profiles: ANNIKA & ANNIKA KEMMER & Gast)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-04-06] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3873648 2010-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-12-28] (Dell Inc.)
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-20] (Creative Technology Ltd)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] ()
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1099088 2010-06-25] (Trend Micro Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\\Lexmark Fax Solutions\fm3032.exe [312240 2007-05-07] ()
HKLM\...\Run: [MobileConnect] => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x233F1B8700DDCF01
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {509C6F60-0F14-4BEE-9DF2-49ACED9FBBDD} URL = 
SearchScopes: HKCU - {509C6F60-0F14-4BEE-9DF2-49ACED9FBBDD} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Plus-HD-8.1 -> {11111111-1111-1111-1111-110511111108} -> C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-bho.dll (Plus HD)
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Winsock: Catalog9 01 bmnet.dll File Not found ()
Winsock: Catalog9 02 bmnet.dll File Not found ()
Winsock: Catalog9 03 bmnet.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ANNIKA KEMMER\AppData\Roaming\Mozilla\Firefox\Profiles\44wrhps3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-8.1 - C:\Users\ANNIKA KEMMER\AppData\Roaming\Mozilla\Firefox\Profiles\44wrhps3.default\Extensions\8ef36653-7dcd-4c5f-81f5-7870fda4b7b7@67e486b0-922d-4a2d-9e3f-77394107f67c.com [2014-07-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-28]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2010-12-28]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon [2011-08-05]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR CustomProfile: C:\Users\ANNIKA KEMMER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ANNIKA KEMMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-09]
CHR Extension: (Google Drive) - C:\Users\ANNIKA KEMMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ANNIKA KEMMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-30]
CHR Extension: (YouTube) - C:\Users\ANNIKA KEMMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-09]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\ANNIKA KEMMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-20]
CHR Extension: (Google Search) - C:\Users\ANNIKA KEMMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-09]
CHR Extension: (Skype Click to Call) - C:\Users\ANNIKA KEMMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-09]
CHR Extension: (Google Wallet) - C:\Users\ANNIKA KEMMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-09]
CHR Extension: (Gmail) - C:\Users\ANNIKA KEMMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-09]
CHR Extension: (Plus-HD-8.1) - C:\Users\ANNIKA KEMMER\AppData\Local\Google\Chrome\User Data\Default\Extensions\poohjpljfecljomfhhimjhddddlidhdd [2014-06-10]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 lxdd_device; C:\Windows\system32\lxddcoms.exe [537520 2007-05-25] ( )
S2 lxdi_device; C:\Windows\system32\lxdicoms.exe [517040 2007-04-26] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1323912 2010-06-22] (Trend Micro Inc.)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
S2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-07-05] (Trend Micro Inc.) [File not signed]
S3 TMBMServer; c:\Program Files\Trend Micro\BM\TMBMSRV.exe [345352 2009-12-01] (Trend Micro Inc.)
S2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1358160 2010-06-22] (Trend Micro Inc.)
S3 TmPfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-07-16] (Trend Micro Inc.)
S3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-16] (Trend Micro Inc.)
S2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed]
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-12-28] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-09-29] (ST Microelectronics)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-12-28] (Broadcom Corporation)
U0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [22528 2008-10-09] (Bytemobile, Inc.) [File not signed]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [100600 2010-05-26] (ITE                      )
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
S1 tcpipBM; C:\Windows\system32\Drivers\tcpipBM.sys [18816 2008-10-09] (Bytemobile, Inc.) [File not signed]
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59472 2010-07-19] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163408 2010-07-19] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [51792 2010-07-19] (Trend Micro Inc.)
S2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-11] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146448 2009-07-16] (Trend Micro Inc.)
S2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-11] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-16] (Trend Micro Inc.)
S2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2009-07-16] (Trend Micro Inc.)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [144896 2011-11-21] (1&1 Internet AG) [File not signed]
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-10] (Trend Micro Inc.)
R1 wStLib; C:\Windows\System32\drivers\wStLib.sys [52928 2014-03-22] (StdLib)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-02 21:11 - 2014-10-02 21:12 - 00018079 _____ () C:\Users\ANNIKA KEMMER\Downloads\FRST.txt
2014-10-02 21:11 - 2014-10-02 21:11 - 01100288 _____ (Farbar) C:\Users\ANNIKA KEMMER\Downloads\FRST.exe
2014-10-02 21:11 - 2014-10-02 21:11 - 00000000 ____D () C:\FRST
2014-10-01 22:15 - 2014-10-01 22:15 - 02515504 _____ (Reason Company Software Inc.) C:\Users\ANNIKA KEMMER\Downloads\herdProtectScan_Setup (2).exe
2014-10-01 22:14 - 2014-10-01 22:14 - 02515504 _____ (Reason Company Software Inc.) C:\Users\ANNIKA KEMMER\Downloads\herdProtectScan_Setup (1).exe
2014-10-01 21:50 - 2014-10-01 21:50 - 02515504 _____ (Reason Company Software Inc.) C:\Users\ANNIKA KEMMER\Downloads\herdProtectScan_Setup(3).exe
2014-10-01 21:48 - 2014-10-01 21:48 - 02515504 _____ (Reason Company Software Inc.) C:\Users\ANNIKA KEMMER\Downloads\herdProtectScan_Setup(2).exe
2014-10-01 21:48 - 2014-10-01 21:48 - 02515504 _____ (Reason Company Software Inc.) C:\Users\ANNIKA KEMMER\Downloads\herdProtectScan_Setup(1).exe
2014-10-01 21:14 - 2014-10-01 21:14 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-10-01 16:28 - 2014-10-01 16:28 - 00001106 _____ () C:\Windows\PFRO.log
2014-10-01 16:23 - 2014-10-01 16:23 - 00000000 ____D () C:\32f0e5522e11cc7a3d0c40
2014-10-01 16:21 - 2014-10-01 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2014-10-01 01:59 - 2014-10-01 01:59 - 00000000 ____D () C:\aa16d095d04110ec823b95
2014-09-30 23:29 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-30 23:29 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-30 23:29 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-30 23:28 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-30 23:17 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-30 23:17 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-30 23:17 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-30 23:17 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-30 23:16 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-30 23:16 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-02 20:54 - 2014-02-18 21:47 - 00002382 _____ () C:\Windows\Tasks\Plus-HD-8.1-validator.job
2014-10-02 20:54 - 2014-02-18 21:47 - 00002304 _____ () C:\Windows\Tasks\Plus-HD-8.1-firefoxinstaller.job
2014-10-02 20:54 - 2014-02-18 21:47 - 00001498 _____ () C:\Windows\Tasks\Plus-HD-8.1-updater.job
2014-10-02 20:54 - 2014-02-18 21:47 - 00001454 _____ () C:\Windows\Tasks\Plus-HD-8.1-codedownloader.job
2014-10-02 20:54 - 2014-02-18 21:47 - 00001352 _____ () C:\Windows\Tasks\Plus-HD-8.1-enabler.job
2014-10-02 20:54 - 2011-08-14 02:18 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-02 20:53 - 2014-05-30 19:17 - 00017512 _____ () C:\Windows\setupact.log
2014-10-02 20:53 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 21:58 - 2010-12-28 03:26 - 00000000 ____D () C:\ProgramData\Sonic
2014-10-01 20:12 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-01 19:25 - 2010-12-28 03:36 - 00000031 _____ () C:\tmuninst.ini
2014-10-01 16:26 - 2009-07-14 06:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-01 16:26 - 2009-07-14 06:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-01 16:24 - 2011-08-14 02:18 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-01 16:24 - 2011-04-30 18:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-01 16:24 - 2009-07-14 06:55 - 01763879 _____ () C:\Windows\WindowsUpdate.log
2014-10-01 16:22 - 2010-12-28 03:20 - 01686750 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-01 16:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-01 16:18 - 2014-06-09 11:51 - 00000000 ___RD () C:\Users\ANNIKA KEMMER\Virtual Machines
2014-10-01 16:16 - 2013-03-30 19:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-01 16:15 - 2014-05-07 18:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-01 01:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-01 01:10 - 2013-03-30 19:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-01 01:10 - 2011-11-23 19:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-30 23:15 - 2011-02-10 19:08 - 00000000 ___RD () C:\Program Files\Skype

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-10-2014 01
Ran by ANNIKA KEMMER at 2014-10-02 21:12:41
Running from C:\Users\ANNIKA KEMMER\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall (Enabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Upload-Manager (HKLM\...\1&1 Upload-Manager) (Version: 2.0.676 - 1&1 Internet AG)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.17 - STMicroelectronics)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AudibleManager (HKLM\...\AudibleManager) (Version: 2010208880.48.56.10423530 - Audible, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cinergy T Stick Mini V10.02.03.02 (HKLM\...\Cinergy T Stick Mini) (Version: 10.02.03.02 - )
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
Free Audio CD Burner version 1.4.7 (HKLM\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 4.1.4.2 (HKLM\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyScript Notes Lite (HKLM\...\{A82E3AFE-0BD9-4A17-9A58-9112B5C679C5}) (Version: 2.2.0.0 - Vision Objects)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PhotoShowExpress (Version: 2.0.028 - Sonic Solutions) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Plus-HD-8.1 (HKLM\...\Plus-HD-8.1) (Version: 1.34.1.29 - Plus HD) <==== ATTENTION
QuickSet32 (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 1.3.3 - Dell Inc.)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (Version: 1.3.3 - Roxio) Hidden
Roxio Burn (Version: 1.6 - Roxio) Hidden
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio Creator Starter (Version: 1.0.311 - Roxio) Hidden
Roxio Creator Starter (Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Scribus 1.4.3 (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
Trend Micro Client/Server Security Agent (HKLM\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 3.0.3152 - Trend Micro)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
VIS (HKLM\...\VIS) (Version:  - ) <==== ATTENTION
Vodafone Mobile Connect Lite (HKLM\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.900 - Broadcom Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\Plus-HD-8.1-codedownloader.job => ?
Task: C:\Windows\Tasks\Plus-HD-8.1-enabler.job => ?
Task: C:\Windows\Tasks\Plus-HD-8.1-firefoxinstaller.job => ?
Task: C:\Windows\Tasks\Plus-HD-8.1-updater.job => ?
Task: C:\Windows\Tasks\Plus-HD-8.1-validator.job => ?

==================== Loaded Modules (whitelisted) =============

2014-10-01 21:47 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\ANNIKA KEMMER\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-10-01 21:47 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\ANNIKA KEMMER\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-09-30 23:38 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-30 23:38 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-30 23:38 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-30 23:38 - 2014-09-23 06:07 - 14891848 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2498816643-2501844397-4049684781-500 - Administrator - Disabled)
ANNIKA (S-1-5-21-2498816643-2501844397-4049684781-1001 - Administrator - Enabled) => C:\Users\TEMP.ANNIKA-PC.003
ANNIKA KEMMER (S-1-5-21-2498816643-2501844397-4049684781-1003 - Limited - Enabled) => C:\Users\ANNIKA KEMMER
Gast (S-1-5-21-2498816643-2501844397-4049684781-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2498816643-2501844397-4049684781-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/02/2014 08:55:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet. 

 Details - Zugriff verweigert

Error: (10/02/2014 08:54:53 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (10/01/2014 10:42:49 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet. 

 Details - Zugriff verweigert

Error: (10/01/2014 10:41:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet. 

 Details - Zugriff verweigert

Error: (10/01/2014 10:38:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet. 

 Details - Zugriff verweigert

Error: (10/01/2014 10:38:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet. 

 Details - Zugriff verweigert

Error: (10/01/2014 10:29:33 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=1440}
Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 24604E0A-40000194).

Error: (10/01/2014 10:29:33 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=1440}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.5136.5001.sft' herstellen (Rückgabecode 24604E0A-40000194, ursprünglicher Rückgabecode 24604E0A-40000194).

Error: (10/01/2014 10:29:14 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (10/01/2014 10:24:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet. 

 Details - Zugriff verweigert


System errors:
=============
Error: (10/02/2014 09:04:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/02/2014 09:04:25 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/02/2014 09:04:24 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/02/2014 09:04:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/02/2014 09:04:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/02/2014 09:04:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/02/2014 09:04:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/02/2014 09:04:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/02/2014 09:04:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/02/2014 09:04:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (10/02/2014 08:55:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Zugriff verweigert

Error: (10/02/2014 08:54:53 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (10/01/2014 10:42:49 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Zugriff verweigert

Error: (10/01/2014 10:41:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Zugriff verweigert

Error: (10/01/2014 10:38:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Zugriff verweigert

Error: (10/01/2014 10:38:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Zugriff verweigert

Error: (10/01/2014 10:29:33 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=1440}
24604E0A-40000194

Error: (10/01/2014 10:29:33 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=1440}
hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.5136.5001.sft24604E0A-4000019424604E0A-40000194

Error: (10/01/2014 10:29:14 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (10/01/2014 10:24:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Zugriff verweigert


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 32%
Total physical RAM: 2934.68 MB
Available physical RAM: 1991.81 MB
Total Pagefile: 5867.66 MB
Available Pagefile: 4893.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1872.06 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:147.72 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
__________________

Alt 02.10.2014, 23:50   #4
Bootsektor
/// TB-Ausbilder
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



Hallo,

bitte nicht mit dem CCleaner an der Registry rumwerkeln.

Schritt 1
Bitte deinstalliere folgende Programme (falls vorhanden) :

Java 7 Update 17
Plus-HD-8.1
VIS

Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 2
Bitte unsere Tools immer als Administrator ausführen lassen, mache das jetzt nochmal für FRST und hake die addition.txt an, danke.

Alt 03.10.2014, 18:49   #5
haithabu
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by Administrator (administrator) on ANNIKA-PC on 03-10-2014 11:12:50
Running from C:\Users\Administrator\Downloads
Loaded Profile: Administrator (Available profiles: ANNIKA & ANNIKA KEMMER & Administrator & Gast)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-04-06] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3873648 2010-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-12-28] (Dell Inc.)
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-20] (Creative Technology Ltd)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] ()
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1099088 2010-06-25] (Trend Micro Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\\Lexmark Fax Solutions\fm3032.exe [312240 2007-05-07] ()
HKLM\...\Run: [MobileConnect] => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x99CD75C5E4DECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {509C6F60-0F14-4BEE-9DF2-49ACED9FBBDD} URL = 
SearchScopes: HKCU - {509C6F60-0F14-4BEE-9DF2-49ACED9FBBDD} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Winsock: Catalog9 01 bmnet.dll File Not found ()
Winsock: Catalog9 02 bmnet.dll File Not found ()
Winsock: Catalog9 03 bmnet.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ckpauupo.default
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-28]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2010-12-28]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon [2011-08-05]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 lxdd_device; C:\Windows\system32\lxddcoms.exe [537520 2007-05-25] ( )
S2 lxdi_device; C:\Windows\system32\lxdicoms.exe [517040 2007-04-26] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1323912 2010-06-22] (Trend Micro Inc.)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
S2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-07-05] (Trend Micro Inc.) [File not signed]
S3 TMBMServer; c:\Program Files\Trend Micro\BM\TMBMSRV.exe [345352 2009-12-01] (Trend Micro Inc.)
S2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1358160 2010-06-22] (Trend Micro Inc.)
S3 TmPfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-07-16] (Trend Micro Inc.)
S3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-16] (Trend Micro Inc.)
S2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed]
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-12-28] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-09-29] (ST Microelectronics)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-12-28] (Broadcom Corporation)
U0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [22528 2008-10-09] (Bytemobile, Inc.) [File not signed]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [100600 2010-05-26] (ITE                      )
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
S1 tcpipBM; C:\Windows\system32\Drivers\tcpipBM.sys [18816 2008-10-09] (Bytemobile, Inc.) [File not signed]
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59472 2010-07-19] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163408 2010-07-19] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [51792 2010-07-19] (Trend Micro Inc.)
S2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-11] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146448 2009-07-16] (Trend Micro Inc.)
S2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-11] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-16] (Trend Micro Inc.)
S2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2009-07-16] (Trend Micro Inc.)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [144896 2011-11-21] (1&1 Internet AG) [File not signed]
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-10] (Trend Micro Inc.)
R1 wStLib; C:\Windows\System32\drivers\wStLib.sys [52928 2014-03-22] (StdLib)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 11:10 - 2014-10-03 11:12 - 00014682 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-10-03 11:10 - 2014-10-03 11:10 - 01100800 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-10-03 10:53 - 2014-10-03 10:53 - 00001224 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-10-03 10:53 - 2014-10-03 10:53 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-03 10:52 - 2014-10-03 10:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-10-03 10:48 - 2014-10-03 10:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-10-03 10:48 - 2014-10-03 10:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2014-10-03 10:36 - 2014-10-03 10:36 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-03 10:34 - 2014-10-03 10:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-10-03 10:33 - 2014-10-03 10:33 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-10-03 10:33 - 2014-10-03 10:33 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-10-03 10:31 - 2014-10-03 10:31 - 00088456 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-03 09:54 - 2014-10-03 09:54 - 00001423 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-03 09:54 - 2014-10-03 09:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-10-03 09:53 - 2014-10-03 10:25 - 00000000 ____D () C:\Users\Administrator
2014-10-03 09:53 - 2014-10-03 09:53 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-10-03 09:53 - 2014-02-03 19:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Bytemobile
2014-10-03 09:53 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-03 09:53 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-02 21:12 - 2014-10-02 21:12 - 00024704 _____ () C:\Users\ANNIKA KEMMER\Downloads\Addition.txt
2014-10-02 21:11 - 2014-10-03 11:12 - 00000000 ____D () C:\FRST
2014-10-02 21:11 - 2014-10-02 21:12 - 00024200 _____ () C:\Users\ANNIKA KEMMER\Downloads\FRST.txt
2014-10-02 21:11 - 2014-10-02 21:11 - 01100288 _____ (Farbar) C:\Users\ANNIKA KEMMER\Downloads\FRST.exe
2014-10-01 22:15 - 2014-10-01 22:15 - 02515504 _____ (Reason Company Software Inc.) C:\Users\ANNIKA KEMMER\Downloads\herdProtectScan_Setup (2).exe
2014-10-01 22:14 - 2014-10-01 22:14 - 02515504 _____ (Reason Company Software Inc.) C:\Users\ANNIKA KEMMER\Downloads\herdProtectScan_Setup (1).exe
2014-10-01 21:50 - 2014-10-01 21:50 - 02515504 _____ (Reason Company Software Inc.) C:\Users\ANNIKA KEMMER\Downloads\herdProtectScan_Setup(3).exe
2014-10-01 21:48 - 2014-10-01 21:48 - 02515504 _____ (Reason Company Software Inc.) C:\Users\ANNIKA KEMMER\Downloads\herdProtectScan_Setup(2).exe
2014-10-01 21:48 - 2014-10-01 21:48 - 02515504 _____ (Reason Company Software Inc.) C:\Users\ANNIKA KEMMER\Downloads\herdProtectScan_Setup(1).exe
2014-10-01 21:14 - 2014-10-01 21:14 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-10-01 16:28 - 2014-10-03 10:42 - 00001492 _____ () C:\Windows\PFRO.log
2014-10-01 16:23 - 2014-10-01 16:23 - 00000000 ____D () C:\32f0e5522e11cc7a3d0c40
2014-10-01 16:21 - 2014-10-01 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2014-10-01 01:59 - 2014-10-01 01:59 - 00000000 ____D () C:\aa16d095d04110ec823b95
2014-09-30 23:29 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-30 23:29 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-30 23:29 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-30 23:28 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-30 23:17 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-30 23:17 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-30 23:17 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-30 23:17 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-30 23:16 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-30 23:16 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 11:01 - 2014-05-30 19:17 - 00017792 _____ () C:\Windows\setupact.log
2014-10-03 11:01 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 10:59 - 2010-12-28 03:12 - 00000000 ____D () C:\Program Files\Java
2014-10-03 10:58 - 2009-07-14 06:55 - 01769271 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 10:38 - 2014-06-21 15:38 - 00000000 ____D () C:\Users\TEMP.ANNIKA-PC.003
2014-10-03 10:38 - 2011-02-10 22:33 - 00000000 ____D () C:\Program Files\Google
2014-10-03 10:26 - 2010-12-28 03:36 - 00000031 _____ () C:\tmuninst.ini
2014-10-02 22:31 - 2010-12-28 03:26 - 00000000 ____D () C:\ProgramData\Sonic
2014-10-01 20:12 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-01 16:51 - 2013-03-30 19:19 - 00000000 ___RD () C:\Users\Gast\Virtual Machines
2014-10-01 16:26 - 2009-07-14 06:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-01 16:26 - 2009-07-14 06:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-01 16:24 - 2011-04-30 18:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-01 16:22 - 2010-12-28 03:20 - 01686750 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-01 16:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-01 16:18 - 2014-06-09 11:51 - 00000000 ___RD () C:\Users\ANNIKA KEMMER\Virtual Machines
2014-10-01 16:15 - 2014-05-07 18:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-01 01:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-30 23:15 - 2011-02-10 19:08 - 00000000 ___RD () C:\Program Files\Skype

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-09 21:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-10-2014
Ran by Administrator at 2014-10-03 11:13:32
Running from C:\Users\Administrator\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall (Enabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Upload-Manager (HKLM\...\1&1 Upload-Manager) (Version: 2.0.676 - 1&1 Internet AG)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.17 - STMicroelectronics)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AudibleManager (HKLM\...\AudibleManager) (Version: 2010208880.48.56.10423530 - Audible, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cinergy T Stick Mini V10.02.03.02 (HKLM\...\Cinergy T Stick Mini) (Version: 10.02.03.02 - )
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
Free Audio CD Burner version 1.4.7 (HKLM\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 4.1.4.2 (HKLM\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyScript Notes Lite (HKLM\...\{A82E3AFE-0BD9-4A17-9A58-9112B5C679C5}) (Version: 2.2.0.0 - Vision Objects)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PhotoShowExpress (Version: 2.0.028 - Sonic Solutions) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickSet32 (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 1.3.3 - Dell Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (Version: 1.3.3 - Roxio) Hidden
Roxio Burn (Version: 1.6 - Roxio) Hidden
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio Creator Starter (Version: 1.0.311 - Roxio) Hidden
Roxio Creator Starter (Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Scribus 1.4.3 (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
Trend Micro Client/Server Security Agent (HKLM\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 3.0.3152 - Trend Micro)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Vodafone Mobile Connect Lite (HKLM\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.900 - Broadcom Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-07-2014 08:24:11 Windows Update
16-07-2014 12:26:44 Windows Update
19-07-2014 20:01:00 Windows Update
23-07-2014 11:16:17 Windows Update
24-07-2014 09:42:37 Windows Update
27-07-2014 21:10:36 Windows Update
31-07-2014 10:38:48 Windows Update
30-09-2014 21:16:34 Windows Update
30-09-2014 23:49:17 Windows Update
01-10-2014 14:23:27 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {139C9559-AD0B-4576-8BFC-29CF1D2148EF} - System32\Tasks\Plus-HD-8.1-codedownloader => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-codedownloader.exe
Task: {15B31BEF-4232-4782-A8EF-934ADD465F21} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {27F34B7F-05F1-4EBC-9681-803FA01F16B3} - System32\Tasks\Plus-HD-8.1-enabler => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-enabler.exe
Task: {3DD54316-A5F4-46D4-8028-DD95973B177A} - System32\Tasks\Plus-HD-8.1-firefoxinstaller => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-firefoxinstaller.exe
Task: {45983A07-4CB8-4138-B4FA-992CB111FB12} - System32\Tasks\Plus-HD-8.1-validator => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-validator.exe
Task: {5CBA8377-1484-4413-9998-D86316BFA066} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {6336B307-5D28-40C2-9736-BDAABF1BDE38} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {7B26E6B0-808B-4361-AA10-FFE210C402C5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {7B3256C1-D82F-4D80-B993-D5F60FDE892E} - System32\Tasks\{26B07C46-9151-43BA-ACD2-5EBA1783A750} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsMain
Task: {95904B17-5DA8-4481-B691-27137B8520AE} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B00AB65F-9DAF-4541-A6DA-C3127989EA22} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {C21B1C70-3E34-4396-9724-833ACDC151FA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {DD79F48C-49F4-4DAF-882D-B81214FC576E} - System32\Tasks\{7AB441E2-3A17-40BE-85BB-7623ED53BEC8} => C:\Program Files\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {F000AE00-E810-4FDE-B929-E58DBA45AC9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {FDBDABE0-258C-4F99-B60A-AD998ED7D8E3} - System32\Tasks\Plus-HD-8.1-updater => C:\Program Files\Plus-HD-8.1\Plus-HD-8.1-updater.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-06-10 19:52 - 2014-06-10 19:52 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2498816643-2501844397-4049684781-500 - Administrator - Enabled) => C:\Users\Administrator
ANNIKA (S-1-5-21-2498816643-2501844397-4049684781-1001 - Administrator - Enabled) => C:\Users\TEMP.ANNIKA-PC.003
ANNIKA KEMMER (S-1-5-21-2498816643-2501844397-4049684781-1003 - Limited - Enabled) => C:\Users\ANNIKA KEMMER
Gast (S-1-5-21-2498816643-2501844397-4049684781-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2498816643-2501844397-4049684781-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2014 11:01:39 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (10/03/2014 11:01:34 AM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=858}
Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 24604E0A-40000194).

Error: (10/03/2014 11:01:34 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=858}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.5136.5001.sft' herstellen (Rückgabecode 24604E0A-40000194, ursprünglicher Rückgabecode 24604E0A-40000194).

Error: (10/03/2014 10:58:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Beschreibung = Revo Uninstaller's restore point - Java 7 Update 17; Fehler = 0x8007043c).

Error: (10/03/2014 10:56:35 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"; Beschreibung = Revo Uninstaller's restore point - Java 7 Update 17; Fehler = 0x8007043c).

Error: (10/03/2014 10:54:15 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"; Beschreibung = Revo Uninstaller's restore point - Java 7 Update 17; Fehler = 0x8007043c).

Error: (10/03/2014 10:43:00 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (10/03/2014 10:42:57 AM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=FD0}
Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 24604E0A-40000194).

Error: (10/03/2014 10:42:57 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=FD0}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.5136.5001.sft' herstellen (Rückgabecode 24604E0A-40000194, ursprünglicher Rückgabecode 24604E0A-40000194).

Error: (10/03/2014 10:25:27 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue


System errors:
=============
Error: (10/03/2014 11:06:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/03/2014 11:06:52 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/03/2014 11:06:51 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/03/2014 11:06:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/03/2014 11:06:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/03/2014 11:06:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/03/2014 11:06:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/03/2014 11:06:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/03/2014 11:06:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/03/2014 11:06:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (10/03/2014 11:01:39 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (10/03/2014 11:01:34 AM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=858}
24604E0A-40000194

Error: (10/03/2014 11:01:34 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=858}
hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.5136.5001.sft24604E0A-4000019424604E0A-40000194

Error: (10/03/2014 10:58:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" Revo Uninstaller's restore point - Java 7 Update 170x8007043c

Error: (10/03/2014 10:56:35 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"Revo Uninstaller's restore point - Java 7 Update 170x8007043c

Error: (10/03/2014 10:54:15 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe"Revo Uninstaller's restore point - Java 7 Update 170x8007043c

Error: (10/03/2014 10:43:00 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (10/03/2014 10:42:57 AM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=FD0}
24604E0A-40000194

Error: (10/03/2014 10:42:57 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=12:app=OfficeVirt 9014006604070000:tid=FD0}
hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.5136.5001.sft24604E0A-4000019424604E0A-40000194

Error: (10/03/2014 10:25:27 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 27%
Total physical RAM: 2934.68 MB
Available physical RAM: 2126.71 MB
Total Pagefile: 5867.66 MB
Available Pagefile: 5057.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:147.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 97ED6B9E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Schon mal herzlichen Dank, für die "Begleitung". Es ist weiterhin so, dass sich alles nur im abgesicherten Modus durchführen läßt.

Nachtrag... bei Firefox wird etwas "umgeleitet" , da taucht immer die Adresse
hxxp://vas.gaslitlactealwowser.com/sd/dw32..... auf


Alt 04.10.2014, 00:38   #6
Bootsektor
/// TB-Ausbilder
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



Hallo,

bitte schön, hast du in beiden Userprofilen das Problem, oder ist nur eins betroffen?

Ich seh da nur Adware, konntest du den Herdprotectscanner laufen lassen? Gibt es dazu ein Log?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R1 wStLib; C:\Windows\System32\drivers\wStLib.sys [52928 2014-03-22] (StdLib)
C:\Windows\System32\drivers\wStLib.sys
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
--> Sanduhr bei Win7

Alt 04.10.2014, 13:22   #7
haithabu
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-10-2014
Ran by Administrator at 2014-10-04 13:12:54 Run:2
Running from C:\Users\Administrator\Downloads
Loaded Profiles: ANNIKA KEMMER & Administrator (Available profiles: ANNIKA & ANNIKA KEMMER & Administrator & Gast)
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R1 wStLib; C:\Windows\System32\drivers\wStLib.sys [52928 2014-03-22] (StdLib)
C:\Windows\System32\drivers\wStLib.sys
         


*****************

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key not found.
"HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key not found.
wStLib => Service not found.
"C:\Windows\System32\drivers\wStLib.sys" => File/Directory not found.

==== End of Fixlog ====
         
Danke, das Problem besteht bei allen Benutzerkonten

Nachtrag.... Herdprotect hängt sich während des Scans auf

Alt 05.10.2014, 00:06   #8
Bootsektor
/// TB-Ausbilder
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



Hallo,

das hat leider überhaupt nicht funktioniert.

Hast du bevor das Problem auftrat etwas am System verändert, installiert oder ausgeführt?

Probiere das Tool mal im abgesicherten Modus aus und berichte mir, ob es geholfen hat
Schritt 1
  • Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
  • Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
  • Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.
[/QUOTE]

Alt 05.10.2014, 18:49   #9
haithabu
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



Es sieht erheblich besser aus :-) auch im Standardmodus laufen alle Anwendungen, dafür schon mal ein HURRA ...aber

vis; Plus-HD-8.1 und Java 7 update 17 tauchen immer wieder auf, Deinstallation klappt nur im abgesicherten Modus und im Internetexplorer tummelt sich weiterhin Hxxp://vas.gaslitlactealwowser.com


Ich habe jetzt nochmal alle logfiles neu laufen lassen


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-10-2014
Ran by ANNIKA (administrator) on ANNIKA-PC on 05-10-2014 18:16:09
Running from C:\Windows\System32\config\systemprofile\Desktop
Loaded Profiles:  (Available profiles: ANNIKA & ANNIKA KEMMER & Gast)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-04-06] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3873648 2010-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-12-28] (Dell Inc.)
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-20] (Creative Technology Ltd)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] ()
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1099088 2010-06-25] (Trend Micro Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\\Lexmark Fax Solutions\fm3032.exe [312240 2007-05-07] ()
HKLM\...\Run: [MobileConnect] => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {509C6F60-0F14-4BEE-9DF2-49ACED9FBBDD} URL = 
SearchScopes: HKCU - {509C6F60-0F14-4BEE-9DF2-49ACED9FBBDD} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Winsock: Catalog9 01 bmnet.dll File Not found ()
Winsock: Catalog9 02 bmnet.dll File Not found ()
Winsock: Catalog9 03 bmnet.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\joq9rsxy.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-28]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2010-12-28]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon [2011-08-05]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR CustomProfile: C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-15]
CHR Extension: (Google Search) - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-15]
CHR Extension: (Gmail) - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-15]
CHR Extension: (Plus-HD-8.1) - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\poohjpljfecljomfhhimjhddddlidhdd [2014-02-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 lxdd_device; C:\Windows\system32\lxddcoms.exe [537520 2007-05-25] ( )
S2 lxdi_device; C:\Windows\system32\lxdicoms.exe [517040 2007-04-26] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1323912 2010-06-22] (Trend Micro Inc.)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
S2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-07-05] (Trend Micro Inc.) [File not signed]
S3 TMBMServer; c:\Program Files\Trend Micro\BM\TMBMSRV.exe [345352 2009-12-01] (Trend Micro Inc.)
S2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1358160 2010-06-22] (Trend Micro Inc.)
S3 TmPfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-07-16] (Trend Micro Inc.)
S3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-16] (Trend Micro Inc.)
S2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed]
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-12-28] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-09-29] (ST Microelectronics)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-12-28] (Broadcom Corporation)
U0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [22528 2008-10-09] (Bytemobile, Inc.) [File not signed]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [100600 2010-05-26] (ITE                      )
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
S1 tcpipBM; C:\Windows\system32\Drivers\tcpipBM.sys [18816 2008-10-09] (Bytemobile, Inc.) [File not signed]
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59472 2010-07-19] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163408 2010-07-19] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [51792 2010-07-19] (Trend Micro Inc.)
S2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-11] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146448 2009-07-16] (Trend Micro Inc.)
S2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-11] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-16] (Trend Micro Inc.)
S2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2009-07-16] (Trend Micro Inc.)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [144896 2011-11-21] (1&1 Internet AG) [File not signed]
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-10] (Trend Micro Inc.)
R1 wStLib; C:\Windows\System32\drivers\wStLib.sys [52928 2014-03-22] (StdLib)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 17:56 - 2014-10-05 17:56 - 00140416 _____ () C:\Windows\Minidump\100514-26176-01.dmp
2014-10-05 17:07 - 2014-10-05 17:07 - 00000000 ____D () C:\RegBackup
2014-10-05 16:17 - 2014-10-05 16:17 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-10-05 16:03 - 2014-10-05 18:55 - 00000000 ___RD () C:\Users\ANNIKA KEMMER\Downloads\Public
2014-10-05 15:57 - 2014-10-05 16:09 - 00000575 _____ () C:\Users\Public\Downloads\fixlist.txt
2014-10-05 15:51 - 2014-10-05 15:51 - 00000000 __SHD () C:\Users\TEMP.ANNIKA-PC.003\AppData\Local\EmieUserList
2014-10-05 15:51 - 2014-10-05 15:51 - 00000000 __SHD () C:\Users\TEMP.ANNIKA-PC.003\AppData\Local\EmieSiteList
2014-10-05 15:51 - 2014-10-05 15:51 - 00000000 ____D () C:\Users\TEMP.ANNIKA-PC.003\AppData\Roaming\Adobe
2014-10-05 15:45 - 2014-10-05 15:45 - 00027502 _____ () C:\Users\Public\Downloads\Addition.txt
2014-10-05 15:43 - 2014-10-05 16:01 - 00000575 _____ () C:\Users\Public\Downloads\FRST.txt
2014-10-05 13:55 - 2014-10-05 18:55 - 00000000 ____D () C:\5e54cdcc160b23935b8e639dd94b4a
2014-10-05 12:28 - 2014-10-05 12:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ANNIKA KEMMER\Downloads\revosetup95.exe
2014-10-05 11:25 - 2014-10-05 11:26 - 09850208 _____ () C:\Users\ANNIKA KEMMER\Downloads\tweaking.com_windows_repair_aio_setup(2).exe
2014-10-05 11:20 - 2014-10-05 11:20 - 01100800 _____ (Farbar) C:\Users\ANNIKA KEMMER\Downloads\FRST.exe
2014-10-05 11:16 - 2014-10-05 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2014-10-05 10:45 - 2014-10-05 10:45 - 09850208 _____ () C:\Users\ANNIKA KEMMER\Downloads\tweaking.com_windows_repair_aio_setup(1).exe
2014-10-05 10:41 - 2014-10-05 10:42 - 09850208 _____ () C:\Users\ANNIKA KEMMER\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-10-05 08:59 - 2014-10-05 08:59 - 00003344 ____N () C:\bootsqm.dat
2014-10-05 08:05 - 2014-10-05 11:34 - 00000000 ____D () C:\67dd1373ab342f860fc77760a5027654
2014-10-05 08:04 - 2014-10-05 08:05 - 02515504 _____ (Reason Company Software Inc.) C:\Users\ANNIKA KEMMER\Downloads\herdProtectScan_Setup(1).exe
2014-10-05 08:03 - 2014-10-05 08:03 - 00000000 ____D () C:\Users\ANNIKA KEMMER\AppData\Roaming\OpenOffice.org
2014-10-03 11:13 - 2014-10-03 11:13 - 00026705 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-10-03 11:10 - 2014-10-03 11:13 - 00023123 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-10-03 10:53 - 2014-10-03 10:53 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-03 10:48 - 2014-10-03 10:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-10-03 10:48 - 2014-10-03 10:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2014-10-03 10:34 - 2014-10-03 10:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-10-03 10:33 - 2014-10-03 10:33 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-10-03 10:33 - 2014-10-03 10:33 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-10-03 10:31 - 2014-10-03 10:31 - 00088456 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-03 09:54 - 2014-10-03 09:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-10-03 09:53 - 2014-10-05 08:57 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-03 09:53 - 2014-10-05 08:57 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-10-03 09:53 - 2014-02-03 19:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Bytemobile
2014-10-02 21:12 - 2014-10-02 21:12 - 00024704 _____ () C:\Users\ANNIKA KEMMER\Downloads\Addition.txt
2014-10-02 21:11 - 2014-10-05 18:16 - 00000000 ____D () C:\FRST
2014-10-02 21:11 - 2014-10-05 17:45 - 00029977 _____ () C:\Users\ANNIKA KEMMER\Downloads\FRST.txt
2014-10-01 21:14 - 2014-10-01 21:14 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-10-01 16:28 - 2014-10-04 09:10 - 00002108 _____ () C:\Windows\PFRO.log
2014-10-01 16:28 - 2014-10-04 09:10 - 00002108 _____ () C:\Windows\PFRO.log
2014-10-01 16:23 - 2014-10-05 08:57 - 00000000 ____D () C:\32f0e5522e11cc7a3d0c40
2014-10-01 01:59 - 2014-10-01 01:59 - 00000000 ____D () C:\aa16d095d04110ec823b95
2014-09-30 23:29 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-30 23:29 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-30 23:29 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-30 23:28 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-30 23:17 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-30 23:17 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-30 23:17 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-30 23:17 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-30 23:17 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-30 23:17 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-30 23:17 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-30 23:16 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-30 23:16 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 18:55 - 2014-06-09 13:39 - 00000000 ____D () C:\Users\ANNIKA KEMMER\AppData\Roaming\Skype
2014-10-05 18:55 - 2013-03-30 19:19 - 00000000 ___RD () C:\Users\Gast\Virtual Machines
2014-10-05 18:55 - 2011-11-23 19:12 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-05 18:55 - 2011-04-30 18:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-05 18:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-05 18:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-10-05 18:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-10-05 18:06 - 2011-02-10 22:33 - 00000000 ____D () C:\Program Files\Google
2014-10-05 18:05 - 2010-12-28 03:12 - 00000000 ____D () C:\Program Files\Java
2014-10-05 17:59 - 2009-07-14 06:55 - 01950173 _____ () C:\Windows\WindowsUpdate.log
2014-10-05 17:59 - 2009-07-14 06:55 - 01950173 _____ () C:\Windows\WindowsUpdate.log
2014-10-05 17:59 - 2009-07-14 06:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 17:59 - 2009-07-14 06:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-05 17:57 - 2014-06-09 11:52 - 00088456 _____ () C:\Users\ANNIKA KEMMER\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-05 17:57 - 2014-02-18 21:47 - 00002382 _____ () C:\Windows\Tasks\Plus-HD-8.1-validator.job
2014-10-05 17:57 - 2014-02-18 21:47 - 00002304 _____ () C:\Windows\Tasks\Plus-HD-8.1-firefoxinstaller.job
2014-10-05 17:57 - 2014-02-18 21:47 - 00001498 _____ () C:\Windows\Tasks\Plus-HD-8.1-updater.job
2014-10-05 17:57 - 2014-02-18 21:47 - 00001454 _____ () C:\Windows\Tasks\Plus-HD-8.1-codedownloader.job
2014-10-05 17:57 - 2014-02-18 21:47 - 00001352 _____ () C:\Windows\Tasks\Plus-HD-8.1-enabler.job
2014-10-05 17:57 - 2010-12-28 03:36 - 00000031 _____ () C:\tmuninst.ini
2014-10-05 17:56 - 2014-07-25 13:01 - 184108162 _____ () C:\Windows\MEMORY.DMP
2014-10-05 17:56 - 2014-07-25 13:01 - 184108162 _____ () C:\Windows\MEMORY.DMP
2014-10-05 17:56 - 2014-05-30 19:17 - 00016952 _____ () C:\Windows\setupact.log
2014-10-05 17:56 - 2014-05-30 19:17 - 00016952 _____ () C:\Windows\setupact.log
2014-10-05 17:56 - 2012-02-22 00:02 - 00000000 ____D () C:\Windows\Minidump
2014-10-05 17:56 - 2012-02-22 00:02 - 00000000 ____D () C:\Windows\Minidump
2014-10-05 17:56 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-05 17:28 - 2010-12-28 03:26 - 00000000 ____D () C:\ProgramData\Sonic
2014-10-05 17:20 - 2009-07-14 10:57 - 00000000 ____D () C:\Windows\CSC
2014-10-05 17:20 - 2009-07-14 10:57 - 00000000 ____D () C:\Windows\CSC
2014-10-05 13:39 - 2013-03-30 19:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-05 12:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-05 12:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-05 12:20 - 2011-02-10 19:08 - 00000000 ___RD () C:\Program Files\Skype
2014-10-05 11:34 - 2014-06-10 19:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-05 11:34 - 2014-06-09 15:17 - 00000000 ____D () C:\Users\ANNIKA KEMMER\AppData\Local\Mozilla
2014-10-05 11:34 - 2011-02-10 19:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-10-05 11:21 - 2010-12-28 03:20 - 01686750 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-05 10:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-05 08:57 - 2014-06-02 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-05 08:57 - 2014-03-20 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-05 08:57 - 2014-01-18 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.1
2014-10-05 08:57 - 2013-11-18 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.3
2014-10-05 08:57 - 2012-10-26 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2014-10-05 08:57 - 2012-05-04 00:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-05 08:57 - 2012-03-18 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-05 08:57 - 2011-08-05 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-10-05 08:57 - 2011-05-07 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
2014-10-05 08:57 - 2011-04-04 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vision Objects
2014-10-05 08:57 - 2011-02-11 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
2014-10-05 08:57 - 2011-02-10 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1
2014-10-05 08:57 - 2011-02-10 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-05 08:57 - 2011-02-10 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-10-05 08:57 - 2010-12-28 04:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2014-10-05 08:57 - 2010-12-28 03:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-10-05 08:57 - 2010-12-28 03:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-10-05 08:57 - 2010-12-28 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-05 08:57 - 2010-12-28 03:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter
2014-10-05 08:57 - 2010-12-28 03:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN
2014-10-05 08:57 - 2010-12-28 03:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-10-05 08:57 - 2010-12-28 03:11 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-05 08:57 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-05 08:57 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-05 08:57 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-01 16:18 - 2014-06-09 11:51 - 00000000 ___RD () C:\Users\ANNIKA KEMMER\Virtual Machines
2014-10-01 16:15 - 2014-05-07 18:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-01 01:10 - 2013-03-30 19:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-01 01:10 - 2011-11-23 19:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 08:41 - 2011-02-10 19:06 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-09 21:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-10-2014
Ran by ANNIKA (administrator) on ANNIKA-PC on 05-10-2014 18:46:03
Running from C:\Windows\System32\config\systemprofile\Desktop
Loaded Profiles:  (Available profiles: ANNIKA & ANNIKA KEMMER & Gast)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-04-06] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3873648 2010-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2010-12-28] (Dell Inc.)
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-20] (Creative Technology Ltd)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] ()
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1099088 2010-06-25] (Trend Micro Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\\Lexmark Fax Solutions\fm3032.exe [312240 2007-05-07] ()
HKLM\...\Run: [MobileConnect] => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {509C6F60-0F14-4BEE-9DF2-49ACED9FBBDD} URL = 
SearchScopes: HKCU - {509C6F60-0F14-4BEE-9DF2-49ACED9FBBDD} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Winsock: Catalog9 01 bmnet.dll File Not found ()
Winsock: Catalog9 02 bmnet.dll File Not found ()
Winsock: Catalog9 03 bmnet.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\joq9rsxy.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-28]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2010-12-28]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon [2011-08-05]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR CustomProfile: C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-15]
CHR Extension: (Google Search) - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-15]
CHR Extension: (Gmail) - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-15]
CHR Extension: (Plus-HD-8.1) - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\poohjpljfecljomfhhimjhddddlidhdd [2014-02-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 lxdd_device; C:\Windows\system32\lxddcoms.exe [537520 2007-05-25] ( )
S2 lxdi_device; C:\Windows\system32\lxdicoms.exe [517040 2007-04-26] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1323912 2010-06-22] (Trend Micro Inc.)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
S2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-07-05] (Trend Micro Inc.) [File not signed]
S3 TMBMServer; c:\Program Files\Trend Micro\BM\TMBMSRV.exe [345352 2009-12-01] (Trend Micro Inc.)
S2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1358160 2010-06-22] (Trend Micro Inc.)
S3 TmPfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-07-16] (Trend Micro Inc.)
S3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-16] (Trend Micro Inc.)
S2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed]
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-12-28] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-09-29] (ST Microelectronics)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-12-28] (Broadcom Corporation)
U0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [22528 2008-10-09] (Bytemobile, Inc.) [File not signed]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [100600 2010-05-26] (ITE                      )
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
S1 tcpipBM; C:\Windows\system32\Drivers\tcpipBM.sys [18816 2008-10-09] (Bytemobile, Inc.) [File not signed]
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59472 2010-07-19] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163408 2010-07-19] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [51792 2010-07-19] (Trend Micro Inc.)
S2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-11] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146448 2009-07-16] (Trend Micro Inc.)
S2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-11] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-16] (Trend Micro Inc.)
S2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [283152 2009-07-16] (Trend Micro Inc.)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [144896 2011-11-21] (1&1 Internet AG) [File not signed]
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-10] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 17:56 - 2014-10-05 17:56 - 00140416 _____ () C:\Windows\Minidump\100514-26176-01.dmp
2014-10-05 17:07 - 2014-10-05 17:07 - 00000000 ____D () C:\RegBackup
2014-10-05 16:17 - 2014-10-05 16:17 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-10-05 16:03 - 2014-10-05 18:55 - 00000000 ___RD () C:\Users\ANNIKA KEMMER\Downloads\Public
2014-10-05 15:57 - 2014-10-05 16:09 - 00000575 _____ () C:\Users\Public\Downloads\fixlist.txt
2014-10-05 15:51 - 2014-10-05 15:51 - 00000000 __SHD () C:\Users\TEMP.ANNIKA-PC.003\AppData\Local\EmieUserList
2014-10-05 15:51 - 2014-10-05 15:51 - 00000000 __SHD () C:\Users\TEMP.ANNIKA-PC.003\AppData\Local\EmieSiteList
2014-10-05 15:51 - 2014-10-05 15:51 - 00000000 ____D () C:\Users\TEMP.ANNIKA-PC.003\AppData\Roaming\Adobe
2014-10-05 15:45 - 2014-10-05 15:45 - 00027502 _____ () C:\Users\Public\Downloads\Addition.txt
2014-10-05 15:43 - 2014-10-05 16:01 - 00000575 _____ () C:\Users\Public\Downloads\FRST.txt
2014-10-05 13:55 - 2014-10-05 18:55 - 00000000 ____D () C:\5e54cdcc160b23935b8e639dd94b4a
2014-10-05 12:28 - 2014-10-05 12:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ANNIKA KEMMER\Downloads\revosetup95.exe
2014-10-05 11:25 - 2014-10-05 11:26 - 09850208 _____ () C:\Users\ANNIKA KEMMER\Downloads\tweaking.com_windows_repair_aio_setup(2).exe
2014-10-05 11:20 - 2014-10-05 11:20 - 01100800 _____ (Farbar) C:\Users\ANNIKA KEMMER\Downloads\FRST.exe
2014-10-05 11:16 - 2014-10-05 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2014-10-05 10:45 - 2014-10-05 10:45 - 09850208 _____ () C:\Users\ANNIKA KEMMER\Downloads\tweaking.com_windows_repair_aio_setup(1).exe
2014-10-05 10:41 - 2014-10-05 10:42 - 09850208 _____ () C:\Users\ANNIKA KEMMER\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-10-05 08:59 - 2014-10-05 08:59 - 00003344 ____N () C:\bootsqm.dat
2014-10-05 08:05 - 2014-10-05 11:34 - 00000000 ____D () C:\67dd1373ab342f860fc77760a5027654
2014-10-05 08:04 - 2014-10-05 08:05 - 02515504 _____ (Reason Company Software Inc.) C:\Users\ANNIKA KEMMER\Downloads\herdProtectScan_Setup(1).exe
2014-10-05 08:03 - 2014-10-05 08:03 - 00000000 ____D () C:\Users\ANNIKA KEMMER\AppData\Roaming\OpenOffice.org
2014-10-03 11:13 - 2014-10-03 11:13 - 00026705 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-10-03 11:10 - 2014-10-03 11:13 - 00023123 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-10-03 10:53 - 2014-10-03 10:53 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-03 10:48 - 2014-10-03 10:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-10-03 10:48 - 2014-10-03 10:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2014-10-03 10:34 - 2014-10-03 10:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-10-03 10:33 - 2014-10-03 10:33 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-10-03 10:33 - 2014-10-03 10:33 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-10-03 10:31 - 2014-10-03 10:31 - 00088456 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-03 09:54 - 2014-10-03 09:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-10-03 09:53 - 2014-10-05 08:57 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-03 09:53 - 2014-10-05 08:57 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-03 09:53 - 2014-10-03 09:53 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-10-03 09:53 - 2014-02-03 19:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Bytemobile
2014-10-02 21:12 - 2014-10-02 21:12 - 00024704 _____ () C:\Users\ANNIKA KEMMER\Downloads\Addition.txt
2014-10-02 21:11 - 2014-10-05 18:46 - 00000000 ____D () C:\FRST
2014-10-02 21:11 - 2014-10-05 17:45 - 00029977 _____ () C:\Users\ANNIKA KEMMER\Downloads\FRST.txt
2014-10-01 21:14 - 2014-10-01 21:14 - 00000000 ____D () C:\Windows\system32\%LocalAppData%
2014-10-01 16:28 - 2014-10-04 09:10 - 00002108 _____ () C:\Windows\PFRO.log
2014-10-01 16:28 - 2014-10-04 09:10 - 00002108 _____ () C:\Windows\PFRO.log
2014-10-01 16:23 - 2014-10-05 08:57 - 00000000 ____D () C:\32f0e5522e11cc7a3d0c40
2014-10-01 01:59 - 2014-10-01 01:59 - 00000000 ____D () C:\aa16d095d04110ec823b95
2014-09-30 23:29 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-30 23:29 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-30 23:29 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-30 23:28 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-30 23:17 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-30 23:17 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-30 23:17 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-30 23:17 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-30 23:17 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-30 23:17 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-30 23:17 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-30 23:16 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-30 23:16 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 18:55 - 2014-06-09 13:39 - 00000000 ____D () C:\Users\ANNIKA KEMMER\AppData\Roaming\Skype
2014-10-05 18:55 - 2013-03-30 19:19 - 00000000 ___RD () C:\Users\Gast\Virtual Machines
2014-10-05 18:55 - 2011-11-23 19:12 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-05 18:55 - 2011-04-30 18:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-05 18:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-05 18:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-10-05 18:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-10-05 18:06 - 2011-02-10 22:33 - 00000000 ____D () C:\Program Files\Google
2014-10-05 18:05 - 2010-12-28 03:12 - 00000000 ____D () C:\Program Files\Java
2014-10-05 17:59 - 2009-07-14 06:55 - 01950173 _____ () C:\Windows\WindowsUpdate.log
2014-10-05 17:59 - 2009-07-14 06:55 - 01950173 _____ () C:\Windows\WindowsUpdate.log
2014-10-05 17:59 - 2009-07-14 06:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 17:59 - 2009-07-14 06:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-05 17:57 - 2014-06-09 11:52 - 00088456 _____ () C:\Users\ANNIKA KEMMER\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-05 17:57 - 2014-02-18 21:47 - 00002382 _____ () C:\Windows\Tasks\Plus-HD-8.1-validator.job
2014-10-05 17:57 - 2014-02-18 21:47 - 00002304 _____ () C:\Windows\Tasks\Plus-HD-8.1-firefoxinstaller.job
2014-10-05 17:57 - 2014-02-18 21:47 - 00001498 _____ () C:\Windows\Tasks\Plus-HD-8.1-updater.job
2014-10-05 17:57 - 2014-02-18 21:47 - 00001454 _____ () C:\Windows\Tasks\Plus-HD-8.1-codedownloader.job
2014-10-05 17:57 - 2014-02-18 21:47 - 00001352 _____ () C:\Windows\Tasks\Plus-HD-8.1-enabler.job
2014-10-05 17:57 - 2010-12-28 03:36 - 00000031 _____ () C:\tmuninst.ini
2014-10-05 17:56 - 2014-07-25 13:01 - 184108162 _____ () C:\Windows\MEMORY.DMP
2014-10-05 17:56 - 2014-07-25 13:01 - 184108162 _____ () C:\Windows\MEMORY.DMP
2014-10-05 17:56 - 2014-05-30 19:17 - 00016952 _____ () C:\Windows\setupact.log
2014-10-05 17:56 - 2014-05-30 19:17 - 00016952 _____ () C:\Windows\setupact.log
2014-10-05 17:56 - 2012-02-22 00:02 - 00000000 ____D () C:\Windows\Minidump
2014-10-05 17:56 - 2012-02-22 00:02 - 00000000 ____D () C:\Windows\Minidump
2014-10-05 17:56 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-05 17:28 - 2010-12-28 03:26 - 00000000 ____D () C:\ProgramData\Sonic
2014-10-05 17:20 - 2009-07-14 10:57 - 00000000 ____D () C:\Windows\CSC
2014-10-05 17:20 - 2009-07-14 10:57 - 00000000 ____D () C:\Windows\CSC
2014-10-05 13:39 - 2013-03-30 19:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-05 12:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-05 12:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-05 12:20 - 2011-02-10 19:08 - 00000000 ___RD () C:\Program Files\Skype
2014-10-05 11:34 - 2014-06-10 19:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-05 11:34 - 2014-06-09 15:17 - 00000000 ____D () C:\Users\ANNIKA KEMMER\AppData\Local\Mozilla
2014-10-05 11:34 - 2011-02-10 19:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-10-05 11:21 - 2010-12-28 03:20 - 01686750 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-05 10:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-05 08:57 - 2014-06-02 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-05 08:57 - 2014-03-20 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-05 08:57 - 2014-01-18 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.1
2014-10-05 08:57 - 2013-11-18 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.3
2014-10-05 08:57 - 2012-10-26 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2014-10-05 08:57 - 2012-05-04 00:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-05 08:57 - 2012-03-18 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-05 08:57 - 2011-08-05 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
2014-10-05 08:57 - 2011-05-07 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
2014-10-05 08:57 - 2011-04-04 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vision Objects
2014-10-05 08:57 - 2011-02-11 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
2014-10-05 08:57 - 2011-02-10 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1
2014-10-05 08:57 - 2011-02-10 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-10-05 08:57 - 2011-02-10 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-10-05 08:57 - 2010-12-28 04:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2014-10-05 08:57 - 2010-12-28 03:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-10-05 08:57 - 2010-12-28 03:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-10-05 08:57 - 2010-12-28 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-05 08:57 - 2010-12-28 03:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter
2014-10-05 08:57 - 2010-12-28 03:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN
2014-10-05 08:57 - 2010-12-28 03:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-10-05 08:57 - 2010-12-28 03:11 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-05 08:57 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-05 08:57 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-05 08:57 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-01 16:18 - 2014-06-09 11:51 - 00000000 ___RD () C:\Users\ANNIKA KEMMER\Virtual Machines
2014-10-01 16:15 - 2014-05-07 18:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-01 01:10 - 2013-03-30 19:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-01 01:10 - 2011-11-23 19:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 08:41 - 2011-02-10 19:06 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-09 21:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-10-2014
Ran by ANNIKA at 2014-10-05 18:19:39 Run:4
Running from C:\Windows\System32\config\systemprofile\Desktop
Loaded Profiles:  (Available profiles: ANNIKA & ANNIKA KEMMER & Gast)
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R1 wStLib; C:\Windows\System32\drivers\wStLib.sys [52928 2014-03-22] (StdLib)
C:\Windows\System32\drivers\wStLib.sys
         
*****************

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully.
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
"HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
wStLib => Service stopped successfully.
wStLib => Service deleted successfully.
C:\Windows\System32\drivers\wStLib.sys => Moved successfully.

==== End of Fixlog ====
         

Alt 05.10.2014, 22:41   #10
Bootsektor
/// TB-Ausbilder
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



Hallo

Läuft FRST auch im Normalmodus? Dann bitte dort FRST starten, Haken bei addition.txt rein scannen und Logs posten.

Alt 05.10.2014, 23:32   #11
haithabu
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



FRST läuft aber ich kann das nicht als ADMIN ausführen

Code:
ATTFilter
Ran by ANNIKA KEMMER at 2014-10-05 23:24:00
Running from C:\Users\ANNIKA KEMMER\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Trend Micro Personal Firewall (Enabled) {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Upload-Manager (HKLM\...\1&1 Upload-Manager) (Version: 2.0.676 - 1&1 Internet AG)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.17 - STMicroelectronics)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AudibleManager (HKLM\...\AudibleManager) (Version: 2010208880.48.56.10423530 - Audible, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cinergy T Stick Mini V10.02.03.02 (HKLM\...\Cinergy T Stick Mini) (Version: 10.02.03.02 - )
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
Free Audio CD Burner version 1.4.7 (HKLM\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibreOffice 4.1.4.2 (HKLM\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyScript Notes Lite (HKLM\...\{A82E3AFE-0BD9-4A17-9A58-9112B5C679C5}) (Version: 2.2.0.0 - Vision Objects)
PhotoShowExpress (Version: 2.0.028 - Sonic Solutions) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickSet32 (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 1.3.3 - Dell Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (Version: 1.3.3 - Roxio) Hidden
Roxio Burn (Version: 1.6 - Roxio) Hidden
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio Creator Starter (Version: 1.0.311 - Roxio) Hidden
Roxio Creator Starter (Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Scribus 1.4.3 (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
Trend Micro Client/Server Security Agent (HKLM\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 3.0.3152 - Trend Micro)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Vodafone Mobile Connect Lite (HKLM\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.900 - Broadcom Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\Plus-HD-8.1-codedownloader.job => ?
Task: C:\Windows\Tasks\Plus-HD-8.1-enabler.job => ?
Task: C:\Windows\Tasks\Plus-HD-8.1-firefoxinstaller.job => ?
Task: C:\Windows\Tasks\Plus-HD-8.1-updater.job => ?
Task: C:\Windows\Tasks\Plus-HD-8.1-validator.job => ?

==================== Loaded Modules (whitelisted) =============

2010-12-28 03:14 - 2010-10-01 17:48 - 00727664 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2010-09-03 09:28 - 2010-09-03 09:28 - 00518640 _____ () C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-08-30 11:34 - 2010-08-30 11:34 - 00375280 _____ () c:\program files\common files\roxio shared\dllshared\SQLite352.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2009-10-20 09:12 - 2009-10-20 09:12 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-06-10 19:52 - 2014-06-10 19:52 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-10-01 01:10 - 2014-10-01 01:10 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2498816643-2501844397-4049684781-500 - Administrator - Disabled)
ANNIKA (S-1-5-21-2498816643-2501844397-4049684781-1001 - Administrator - Enabled) => C:\Users\TEMP.ANNIKA-PC.003
ANNIKA KEMMER (S-1-5-21-2498816643-2501844397-4049684781-1003 - Limited - Enabled) => C:\Users\ANNIKA KEMMER
Gast (S-1-5-21-2498816643-2501844397-4049684781-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2498816643-2501844397-4049684781-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/05/2014 11:18:25 PM) (Source: MsiInstaller) (EventID: 1024) (User: ANNIKA-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/05/2014 11:17:55 PM) (Source: VMCService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (10/05/2014 07:55:10 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (10/05/2014 07:48:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: Vault.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba1a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001344a
ID des fehlerhaften Prozesses: 0x6c4
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (10/05/2014 07:47:46 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet. 

 Details - Zugriff verweigert

Error: (10/05/2014 07:47:45 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet. 

 Details - Zugriff verweigert

Error: (10/05/2014 07:47:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet. 

 Details - Zugriff verweigert

Error: (10/05/2014 07:47:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet. 

 Details - Zugriff verweigert

Error: (10/05/2014 07:45:50 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet. 

 Details - Zugriff verweigert

Error: (10/05/2014 07:44:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Das Profil konnte nicht erfolgreich geladen werden, aber Sie wurden mit dem standardmäßigen Profil für das System angemeldet. 

 Details - Zugriff verweigert


System errors:
=============
Error: (10/05/2014 11:18:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (10/05/2014 11:18:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (10/05/2014 11:18:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (10/05/2014 11:18:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (10/05/2014 11:18:18 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (10/05/2014 11:18:18 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (10/05/2014 11:18:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (10/05/2014 11:18:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (10/05/2014 11:18:07 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (10/05/2014 07:55:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
tcpipBM


Microsoft Office Sessions:
=========================
Error: (10/05/2014 11:18:25 PM) (Source: MsiInstaller) (EventID: 1024) (User: ANNIKA-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (10/05/2014 11:17:55 PM) (Source: VMCService) (EventID: 0) (User: )
Description: GetLoggedOnUser

Error: (10/05/2014 07:55:10 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (10/05/2014 07:48:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7Vault.dll6.1.7601.175144ce7ba1ac00000050001344a6c401cfe0c3fa33db01C:\Windows\Explorer.EXEC:\Windows\system32\Vault.dllc2921358-4cb7-11e4-86ab-f04da2c61b46

Error: (10/05/2014 07:47:46 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Zugriff verweigert

Error: (10/05/2014 07:47:45 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Zugriff verweigert

Error: (10/05/2014 07:47:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Zugriff verweigert

Error: (10/05/2014 07:47:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Zugriff verweigert

Error: (10/05/2014 07:45:50 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Zugriff verweigert

Error: (10/05/2014 07:44:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: ANNIKA-PC)
Description: Zugriff verweigert


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 44%
Total physical RAM: 2934.68 MB
Available physical RAM: 1627.14 MB
Total Pagefile: 5867.66 MB
Available Pagefile: 4145.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.17 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:148.19 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
FRST selbst hat keinen Eintrag

Code:
ATTFilter
==================== End Of Log ============================
==================== End Of Log ============================
         

Alt 05.10.2014, 23:47   #12
Bootsektor
/// TB-Ausbilder
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



Hmm, was passiert denn, wenn du auf FRST rechtsklickst und als Administrator ausführen auswählst?

Lad dir FRST mal neu herunter und mach das nochmal.

Alt 06.10.2014, 00:07   #13
haithabu
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



es klappt nicht, es kommt nach Eingabe des Admin-Passworts der Fehlertext das er die Datei im Downloadpfad nicht finden kann ...obwohl Sie genau da steht ...Screeshot bekomme ich hier nicht eingefügt oder gibts dafür einen Trick




Alt 06.10.2014, 00:07   #14
Bootsektor
/// TB-Ausbilder
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



Und wenn du das auf den Desktop ziehst und von dort aus startest?

Alt 06.10.2014, 00:20   #15
haithabu
 
Sanduhr bei Win7 - Standard

Sanduhr bei Win7



vom Desktop aus passiert der gleiche Fehlerhinweis

ich glaube, dass das Admin Konto defekt ist ..ich komme das nicht drauf um das Passwort zu ändern ...vll liegt es an einem Umlaut der im Passwort enthalten ist ?

Antwort

Themen zu Sanduhr bei Win7
desktop, extrem, langsame, langsamen, programme, sanduhr, schädling, start, starte, win, win7, windows, windows 7, windows 7 prof.



Ähnliche Themen: Sanduhr bei Win7


  1. CPU-Auslastung 100% und blinkende Sanduhr und und und....
    Log-Analyse und Auswertung - 25.04.2015 (9)
  2. Windows 8.1 Malware B findet viele Enträge, Rechner langsam, Maus wechselt ständig in Sanduhr
    Log-Analyse und Auswertung - 03.03.2015 (9)
  3. Div. Bluescreens bei Win7 und Win7-Installation nach durchgeb. Netzteil
    Alles rund um Windows - 24.11.2013 (8)
  4. Win7 32 bit auf 64bit win7 updeaten
    Alles rund um Windows - 08.09.2013 (10)
  5. Gvu/bka 2.12 win7
    Log-Analyse und Auswertung - 30.07.2013 (1)
  6. GVU Win7 64 Bit
    Log-Analyse und Auswertung - 14.05.2013 (15)
  7. Win7 64-bit GVU 2.07
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (3)
  8. Mögliche Schadsoftware eingefangen - Computer langsam, Sanduhr blinkt
    Log-Analyse und Auswertung - 22.05.2012 (63)
  9. Browser nur Sanduhr - kein Zugriff möglich
    Plagegeister aller Art und deren Bekämpfung - 30.01.2012 (11)
  10. Ist Win7 Starter genau so sicher wie das normale Win7?
    Alles rund um Windows - 28.07.2011 (2)
  11. Sanduhr immer neben Zeiger (Botnetz?)
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (1)
  12. Sanduhr konstant neben zeiger
    Plagegeister aller Art und deren Bekämpfung - 29.05.2011 (1)
  13. Sanduhr erscheint neben dem Cursor: dann kann ich nicht mehr schreiben
    Log-Analyse und Auswertung - 28.07.2010 (1)
  14. Sanduhr neben der maus geht nicht mehr weg !
    Log-Analyse und Auswertung - 13.02.2010 (2)
  15. Sanduhr durchgehend bei Mauszeiger!
    Log-Analyse und Auswertung - 12.01.2010 (17)
  16. Sanduhr blinkt neben dem Cursor
    Log-Analyse und Auswertung - 16.06.2008 (9)
  17. Sanduhr blitzt immer neben Mauszeiger auf..
    Log-Analyse und Auswertung - 25.10.2007 (4)

Zum Thema Sanduhr bei Win7 - Mein DELL Vostro mit Windows 7 Prof. zeigt nach dem extrem langsamen Start auf dem Desktop fortwährend die Sanduhr. Programme lassen sich nicht starten/abbrechen. Kann das an einem Schädling liegen? - Sanduhr bei Win7...
Archiv
Du betrachtest: Sanduhr bei Win7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.