Win 7: Safefinder Smartbar, Sweet-Page, ... Wie bekommt man sie runter?

icrieevrytim · 24.10.2014, 13:38

Hallo liebes Trojaner-Board Team!

eine gute Freundin von mir hatte mich vor einigen Wochen darum gebeten, mir ihren Laptop anzuschauen.
Grund:

ständig lief Audio im Hintergrund, welche von ihr nicht geöffnet wurde
ins Internet konnte sie erst recht nicht, weil sich etliche Fenster mit Werbungen und pornografischen Inhalten geöffnet haben
ihr Akku würde schon nach knapp einer Viertelstunde den Geist aufgeben (wahrscheinlich wegen den Anwendungen?)

also dachte ich mir "na gut, vielleicht hat sie ein paar Dinge drauf, die runter können."
aber ich hab das Problem nicht ganz ernst genommen.

denn: ich bekomme einige Programme einfach nicht vom Laptop geschmissen!
Programme wie safefinder smartbar, sweet-page, windows manger protect, ... haben sich wohl fest eingefressen oder ich bin nicht schlau genug, diese wirklich zu eliminieren.
ich habe ihr damals Avira Antivir - Free Antivirus heruntergeladen, in der Hoffnung, dass dieser alles beseitigen würde. (denn ihr Norton Internet Security hatte mich verwirrt...)
aber dieser (Antivir) hat beim letzten, vollständigen Systemcheck (vor einer Stunde ungefähr) keine Viren gefunden!
und das, obwohl diese "Programme" noch drauf sind!
nur wenn ich versuche, diese zu deinstallieren, werden sie mir angezeigt.

jetzt bin auch ich ein wenig verzweifelt, vorallem aber überfordert und weiß nicht ganz, was ich machen soll.
ihren Laptop habe ich bei mir zu Hause noch nicht ans WLAN geschlossen; weil ich Panik hatte, dass die Viren so unsere Computer infizieren könnten.

über das Audio-Problem habe ich hier hergefunden und diesen Thread aufmerksam verfolgt:
"Win 7: Mehrere Adware-Programme gefunden"
ich wollte aber nicht voreilig sein und lieber auf eine geeignete Antwort für mein bzw. ihr Problem warten.

ungerne möchten ich ihren Computer und all ihre Daten formatieren, ohne irgendetwas versucht zu haben.
ich freue mich auf Hilfe! und auf kommende Anleitungen!

Liebe Grüße,
Nina aka. icrieevrytim

Aneri · 24.10.2014, 13:44

Mein Name ist Heiko, ich werde dir bei deinem Problem helfen.
Die Bereinigung deines Systems ist individuell auf dich zugeschnitten und mitunter mit viel Arbeit für uns beide verbunden.[/CENTER]

Bitte Lesen:
Regeln für die Bereinigung

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schließn von Sicherheitslücken und sollte gründlich durchgeführt werden.
Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du mit der abarbeitung der Schritte beginnst.

Beim ersten Anzeichen illegal genutzter Software (Cracks, Patches und Co) wird der Support unterbrochen . Bis die illegale Software deinstalliert ist.
Falls es sich bei dem Rechner um einen Firmenrechner handelt teile es mir bitte mit.

Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt die angeforderte Rückmeldung (Logfile oder Antwort)
und zwar gesammelt, wenn du alles erledigt hast, in einer Antwort.
Bitte führe nur Scanns durch zu denen Du aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu von mir oder einem anderen Teammitglied aufgefordert.
Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Nicht anhängen oder zippen, außer ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss (erleichtert uns die Arbeit).
Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Dann fangen wir mal mit Schritt 1 an:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

icrieevrytim · 24.10.2014, 14:05

dankeschön für die schnelle Antwort!

vorab ich das Programm "Farbar's Recovery Scan Tool" auf den infizierten Laptop installiere, wollte ich nur fragen, ob ich ohne Angst den Laptop an unser WLAN anschließen kann.
klingt zwar komisch, ich weiß, aber man kann ja nie wissen.

ansonsten werde ich gleich der Anleitung weiter folgen.

Aneri · 24.10.2014, 14:46

wenn du dir hier unsicher bist, nimm einen USB stick und kopier es rüber

Ich kann dir nicht sagen ob es gefährlich ist, da ich nicht weis was auf der Kiste alles ist.

EDIT : die von dir beschrieben Programme sind alles nur lästige Adware...

icrieevrytim · 24.10.2014, 15:14

habe es jetzt über CD gemacht und werde wie folgt die Logdateien posten:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by Malwina (administrator) on MALWINA-VAIO on 24-10-2014 16:06:18
Running from F:\
Loaded Profile: Malwina (Available profiles: Malwina)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Simplygen) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Term Tutor) C:\Program Files (x86)\TermTutor\Service\ttsvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Acute Angle Solutions) C:\ProgramData\PSetTGSMDI\oBGmKFsIMwj.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [538472 2009-06-17] (Symantec Corporation)
HKLM-x32\...\Run: [MarketingTools] => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2009-09-06] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-12-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165624 2014-09-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\Run: [EPSON Stylus DX9400F Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICFE.EXE [213504 2007-03-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\Run: [NTRedirect] => C:\Windows\SysWOW64\rundll32.exe  "C:\Users\Malwina\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run                       
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\Run: [clicup-Agent] => C:\Users\Malwina\AppData\Local\Temp\clicup\clicup.exe <===== ATTENTION
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {06a923e9-9b02-11e2-890c-0024d601ebea} - G:\pushinst.exe
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {2276695d-e6d7-11e1-ba71-0024d601ebea} - G:\pushinst.exe
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {40c9cbe1-b900-11e3-bc7f-0024be43762c} - G:\LGAutoRun.exe
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {91b7193b-c89a-11de-996b-0024d601ebea} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {91b7194e-c89a-11de-996b-0024be43762c} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {91b7195b-c89a-11de-996b-0024be43762c} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {d644a65e-5615-11e0-a9f7-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {d644a693-5615-11e0-a9f7-0024d601ebea} - G:\AutoRun.exe
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {d644a698-5615-11e0-a9f7-0024d601ebea} - G:\AutoRun.exe
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {d644a6a1-5615-11e0-a9f7-0024d601ebea} - G:\AutoRun.exe
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {f8b5436b-3575-11e1-a655-0024d601ebea} - G:\AutoRun.exe
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {f8b54377-3575-11e1-a655-0024d601ebea} - G:\AutoRun.exe
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {f8b5438b-3575-11e1-a655-0024d601ebea} - G:\AutoRun.exe
HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\MountPoints2: {f8b54394-3575-11e1-a655-0024d601ebea} - G:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Malwina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Malwina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HyVyH6p1JbGaI6t35RuaYvyzWYyzhh1szZxdGrf0Lmxz3eOBlb7LpR5UiBD-EFHpm3PSqWfI4bwlE3vdR3CTID8akfnWuDav2MoGRaukZDgpzpm9cuAzLttiET4-7AqRuXdp2H7aJbXvRUb6IBofA,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.holasearch.com/?babsrc=HP_ss&mntrId=6A990024D601EBEA&affID=121963&tsp=4988
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=4.5&ts=1377705614515&tguid=43169-3580-1377705614515-D3439F3D13BB12E1568B0380583781C3&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HyVyH6p1JbGaI6t35RuaYvyzWYyzhh1szZxdGrf0Lmxz3eOBlb7LpR5UiBD-EFHpm3PSqWfI4bwlE3vdR3CTID8akfnWuDav2MoGRaukZDgpzpm9cuAzLttiET4-7AqRuXdp2H7aJbXvRUb6IBofA,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ver=4.5&ts=1377705614515&tguid=43169-3580-1377705614515-D3439F3D13BB12E1568B0380583781C3&st=chrome&q=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1411235762&from=cor&uid=SAMSUNGXHM500JI_S208JD0S933525
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=159&itype=n&ver=13892&tm=479&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HyVyH6p1JbGaI6t35RuaYvyzWYyzhh1szZxdGrf0Lmxz3eOBlb7LpR5UiBD-EFHpm3PSqWfI4bwlE3vdR3CTID8akfnWuDav2MoGRaukZDgpzpm9cuAzLttiET4-7AqRuXdp2H7aJbXvRUb6IBofA,,&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=159&itype=n&ver=13892&tm=479&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=4.5&ts=1377705614515&tguid=43169-3580-1377705614515-D3439F3D13BB12E1568B0380583781C3&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=159&itype=n&ver=13892&tm=479&src=ds&p={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HyVyH6p1JbGaI6t35RuaYvyzWYyzhh1szZxdGrf0Lmxz3eOBlb7LpR5UiBD-EFHpm3PSqWfI4bwlE3vdR3CTID8akfnWuDav2MoGRaukZDgpzpm9cuAzLttiET4-7AqRuXdp2H7aJbXvRUb6IBofA,,&q={searchTerms}
SearchScopes: HKCU - {83ADBC25-3C4B-4410-8FE9-938D3AD890F7} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={CA9666EF-CE44-43A8-9C86-8021C491DA5E}&mid=b328f588327147d3a34cd16df8a79fdf-553385582d6f6d15cb63375969bc0db43449c068&lang=en&ds=sc011&coid=avgtbdissc&cmpid=&pr=sa&d=2014-08-20 19:35:17&v=18.1.9.786&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=159&itype=n&ver=13892&tm=479&src=ds&p={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&rlz=1I7SVEA_deDE352
SearchScopes: HKCU - {C21F6FB7-18BF-4D1C-A774-9C9DC61CF14A} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&rlz=1I7SVEA_deDE352
SearchScopes: HKCU - {E5C0877E-5CFF-43DC-A242-675FEE710CC5} URL = hxxp://services.zinio.com/search?s={selection}&rf=sonyslices
BHO: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files\TermTutor\IE\TermTutorClientIE.dll (Term Tutor)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: BlockAndSurf -> {EB6C5B5E-05D8-AB4C-E2DF-C0128CD41C2D} -> C:\Program Files (x86)\ver7BlockAndSurf\177_x64.dll ()
BHO: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Plus-HD-3.8 -> {11111111-1111-1111-1111-110311901130} -> C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bho.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files (x86)\TermTutor\IE\TermTutorClientIE.dll (Term Tutor)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: HomeTab -> {96edaac7-6183-4cb5-8823-b8b12d94f967} -> C:\Users\Malwina\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.)
BHO-x32: No Name -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} ->  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - HomeTab - {96edaac7-6183-4cb5-8823-b8b12d94f967} - C:\Users\Malwina\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper -> C:\Users\Malwina\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF HKLM-x32\...\Firefox\Extensions: [SeeSimilar@SeeSimilar.com] - C:\Users\Malwina\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\Malwina\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com [2013-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-10-09]
FF HKCU\...\Firefox\Extensions: [SeeSimilar@SeeSimilar.com] - C:\Users\Malwina\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com
FF HKCU\...\Firefox\Extensions: [{08045AC8-B362-1ACB-4E23-6989E59B83F8}] - C:\Program Files (x86)\ver7BlockAndSurf\177.xpi
FF Extension: BlockAndSurf - C:\Program Files (x86)\ver7BlockAndSurf\177.xpi [2014-08-20]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3329032&octid=EB_ORIGINAL_CTID&ISID=MB0E46774-2DA1-4429-8800-3DC843A24714&SearchSource=55&CUI=&UM=6&UP=SPD7494A4E-2658-4924-B90F-9AF5D9DC6761&SSPV=&SSPV=&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3329032&octid=EB_ORIGINAL_CTID&ISID=MB0E46774-2DA1-4429-8800-3DC843A24714&SearchSource=55&CUI=&UM=6&UP=SPD7494A4E-2658-4924-B90F-9AF5D9DC6761&SSPV=&SSPV=&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3329032&octid=EB_ORIGINAL_CTID&ISID=MB0E46774-2DA1-4429-8800-3DC843A24714&SearchSource=58&CUI=&UM=6&UP=SPD7494A4E-2658-4924-B90F-9AF5D9DC6761&q={searchTerms}&SSPV=&SSPV=&SSPV=
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-03]
CHR Extension: (Google Drive) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-20]
CHR Extension: (YouTube) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-03]
CHR Extension: (Google-Suche) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-03]
CHR Extension: (HomeTab) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf [2013-08-28]
CHR Extension: (Linkey) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah [2014-09-23]
CHR Extension: (Iminent) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl [2014-09-20]
CHR Extension: (Norton Identity Safe) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-23]
CHR Extension: (Norton Security Toolbar) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-04]
CHR Extension: (DVDVideoSoft) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-04]
CHR Extension: (Google Wallet) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Plus-HD-3.8) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh [2013-08-28]
CHR Extension: (Google Mail) - C:\Users\Malwina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-03]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-08-03]
CHR HKLM-x32\...\Chrome\Extension: [djbdlklldbflagkkpaljamjfbpefcbpf] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [fagpjgjmoaccgkkpjeoinehnoaimnbla] - C:\Users\Malwina\AppData\Roaming\BabSolution\CR\hola.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\Malwina\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2014-09-23]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-15] (Avira Operations GmbH & Co. KG)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG) [File not signed]
S2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32888 2014-08-13] () <==== ATTENTION
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 oBGmKFsIMwj; C:\ProgramData\PSetTGSMDI\oBGmKFsIMwj.exe [2318720 2014-08-20] (Acute Angle Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation)
R2 ttsvc; C:\Program Files (x86)\TermTutor\Service\ttsvc.exe [276048 2014-09-04] (Term Tutor)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [522240 2009-08-12] (Sony Corporation) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-20] (AVG Secure Search)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-09-20] (Fuyu LIMITED) [File not signed]
S2 AllDaySavingsService64; C:\Program Files (x86)\C13DB9D9-D8B8-4E8F-B4ED-BCFCC8C284E7\etmajyzoqm64.exe [X]
S2 Update App Bud; "C:\Program Files (x86)\App Bud\updateAppBud.exe" [X]
S2 Util App Bud; "C:\Program Files (x86)\App Bud\bin\utilAppBud.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-20] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-30] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141010.001\IDSvia64.sys [633560 2014-09-30] (Symantec Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7345632 2009-08-05] (Intel Corporation) [File not signed]
S3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [139264 2009-08-05] (Intel(R) Corporation) [File not signed]
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141010.009\ENG64.SYS [129752 2014-09-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141010.009\EX64.SYS [2137304 2014-09-30] (Symantec Corporation)
R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-08-26] (Symantec Corporation)
R1 ttnfd; C:\Windows\System32\drivers\ttnfd.sys [58232 2014-09-04] (Term Tutor)
R2 webinstr; C:\Windows\system32\Drivers\webinstr.sys [57528 2014-07-16] (Corsica)
R1 {e6ca9971-30ed-444a-9489-82fca50b2062}w64; C:\Windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}w64.sys [48776 2014-09-23] (StdLib)
S3 ApfiltrService; \SystemRoot\system32\DRIVERS\Apfiltr.sys [X]
S3 EraserUtilDrv11410; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S1 netfilter64; system32\drivers\netfilter64.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 16:06 - 2014-10-24 16:06 - 00000000 ____D () C:\FRST
2014-10-16 20:46 - 2014-10-16 20:46 - 00001059 _____ () C:\Users\Malwina\Desktop\Continue Live Installation.lnk
2014-10-16 03:10 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 03:10 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 03:10 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 03:10 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 03:10 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 03:10 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 03:10 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 03:10 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 03:10 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 03:10 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 03:10 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 03:10 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 03:10 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 03:10 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 03:10 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 03:10 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 03:10 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 03:10 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 03:10 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 03:10 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 03:10 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 03:10 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 03:10 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 03:10 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 03:10 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 03:10 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 03:10 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 03:10 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 03:10 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 03:10 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 03:10 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 03:10 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 03:10 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 03:10 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 03:10 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 03:10 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 03:10 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 03:10 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 03:10 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 03:10 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 03:10 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 03:10 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 03:10 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 03:10 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 03:10 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 03:10 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 03:10 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 03:10 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 03:10 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 03:10 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 03:10 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 03:10 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 03:10 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 03:10 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 03:10 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 03:10 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 03:10 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 03:10 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 03:10 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 03:10 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 03:10 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 03:10 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 03:10 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 03:10 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 03:10 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 03:10 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 03:09 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 03:09 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 03:09 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 03:09 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 03:08 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 03:08 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 03:08 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 03:08 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 03:08 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 03:08 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 03:08 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 03:08 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 03:08 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 03:08 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 03:08 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 03:08 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 03:08 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 03:08 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 03:08 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 03:08 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 03:08 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 03:08 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 20:35 - 2014-10-14 20:34 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-12 15:34 - 2014-10-12 15:34 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-12 15:32 - 2014-10-12 15:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-12 00:09 - 2014-10-12 00:09 - 00000181 _____ () C:\Windows\WININIT.INI
2014-10-12 00:06 - 2014-10-12 00:06 - 00000000 ____D () C:\Users\Malwina\AppData\Roaming\Roxio Log Files
2014-10-12 00:01 - 2014-10-12 00:10 - 00002369 _____ () C:\Users\Malwina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-11 23:56 - 2014-10-11 23:56 - 00003162 _____ () C:\Windows\System32\Tasks\{335CD02C-9E63-4B29-9DFF-7B1A42CAFAFC}
2014-10-11 23:50 - 2014-10-11 23:50 - 00003304 _____ () C:\Windows\System32\Tasks\{48E0B7C8-0BCA-4243-9AB4-6CEEFD9B9D45}
2014-10-11 23:48 - 2014-10-11 23:48 - 00003114 _____ () C:\Windows\System32\Tasks\{9E31914F-82E1-47E9-BF37-3411D07FF24B}
2014-10-11 23:45 - 2014-10-11 23:45 - 00003102 _____ () C:\Windows\System32\Tasks\{34010CCA-5569-494F-AC6F-C4F3DB1F3663}
2014-10-11 23:21 - 2014-10-24 15:58 - 00000336 _____ () C:\Windows\setupact.log
2014-10-11 23:21 - 2014-10-11 23:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-11 23:20 - 2014-10-12 16:26 - 00174658 _____ () C:\Windows\PFRO.log
2014-10-11 23:06 - 2014-10-11 23:06 - 00000000 ____D () C:\Users\Malwina\AppData\Roaming\Avira
2014-10-11 23:03 - 2014-10-11 23:03 - 00002030 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-10-11 23:02 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-11 23:02 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-11 23:02 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-11 22:56 - 2014-10-11 23:00 - 150010760 _____ () C:\Users\Malwina\Downloads\avira07_free_antivirus_de.exe
2014-10-11 22:16 - 2014-10-11 22:16 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-11 22:16 - 2014-10-11 22:16 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-11 22:16 - 2014-10-11 22:16 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-11 22:14 - 2014-10-11 22:14 - 03836936 _____ (Piriform Ltd) C:\Users\Malwina\Downloads\ccsetup418_slim.exe
2014-10-09 18:19 - 2014-10-09 18:19 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-10-06 16:42 - 2014-10-12 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-06 16:42 - 2014-10-12 15:34 - 00000000 ____D () C:\ProgramData\Avira
2014-10-06 16:42 - 2014-10-12 15:34 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-06 16:40 - 2014-10-06 16:40 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\Malwina\Downloads\avira_de_av___ws.exe
2014-10-03 16:26 - 2014-10-03 16:26 - 00272384 _____ () C:\Users\Malwina\Downloads\2014-10-15_Verhalten bei Vattenfall_Debowy-VO2.ppt
2014-10-01 17:12 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 17:12 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 18:39 - 2014-09-30 19:27 - 00000000 ____D () C:\Users\Malwina\Documents\Matheus_Debowy Bewerbungen
2014-09-30 18:09 - 2014-10-09 18:10 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-30 18:09 - 2014-10-09 18:10 - 00002461 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-09-30 18:09 - 2014-09-30 18:09 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-09-30 18:09 - 2014-09-30 18:09 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-09-30 18:09 - 2014-09-30 18:09 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-09-30 18:05 - 2014-10-09 18:14 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-09-30 18:05 - 2014-10-09 18:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-30 18:05 - 2014-09-30 18:05 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-09-30 16:50 - 2014-09-30 16:50 - 00000000 _____ () C:\Users\Malwina\AppData\Local\{6AAD1415-600B-4618-B3C2-C091B079B3C1}
2014-09-30 14:48 - 2014-09-30 14:48 - 00000000 ____D () C:\ProgramData\PCSettings
2014-09-27 21:13 - 2014-09-27 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-09-24 21:23 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 21:23 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-24 10:09 - 2014-09-24 10:09 - 00139488 ____N () C:\Windows\SysWOW64\XMLOperations.xml

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 16:01 - 2012-08-09 21:30 - 00000000 ____D () C:\Users\Malwina\AppData\Roaming\Skype
2014-10-24 16:00 - 2009-11-03 20:08 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{15D5FACB-B34C-4715-9C09-9AB6344581C5}
2014-10-24 15:58 - 2011-08-16 20:12 - 00000000 ____D () C:\ProgramData\Kodak
2014-10-24 15:58 - 2011-02-25 16:20 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-24 15:58 - 2009-09-06 10:06 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 15:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 15:43 - 2009-11-03 20:06 - 01062276 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 14:50 - 2009-09-06 10:06 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 12:18 - 2014-08-20 19:31 - 00000000 ____D () C:\Users\Malwina\AppData\Roaming\VOPackage
2014-10-22 22:18 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 22:18 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 03:31 - 2009-07-14 06:45 - 00378280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 03:28 - 2014-05-06 22:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 03:05 - 2013-07-27 13:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 03:00 - 2010-01-15 17:37 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 16:15 - 2014-08-20 19:46 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-10-12 15:54 - 2014-08-20 19:44 - 00000000 ____D () C:\Users\Malwina\AppData\Local\LPT
2014-10-12 00:18 - 2014-08-20 19:46 - 00002348 _____ () C:\Users\Malwina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-12 00:14 - 2013-08-28 13:40 - 00000000 ____D () C:\Users\Malwina\AppData\Roaming\CCPublisher
2014-10-12 00:14 - 2013-08-28 13:40 - 00000000 ____D () C:\Users\Malwina\AppData\Roaming\Byngo
2014-10-12 00:14 - 2013-08-28 13:40 - 00000000 ____D () C:\ProgramData\CodedColor
2014-10-12 00:10 - 2014-09-23 17:49 - 00000000 ____D () C:\Users\Malwina\AppData\Roaming\Opera Software
2014-10-12 00:10 - 2014-09-23 17:49 - 00000000 ____D () C:\Users\Malwina\AppData\Local\Opera Software
2014-10-12 00:10 - 2014-09-23 17:48 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-12 00:09 - 2014-09-20 19:56 - 00000000 ____D () C:\Users\Malwina\AppData\Roaming\Systweak
2014-10-12 00:01 - 2009-09-06 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-12 00:01 - 2009-09-06 10:04 - 00002122 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
2014-10-12 00:01 - 2009-09-06 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility
2014-10-11 23:58 - 2010-12-10 19:27 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-10-11 23:57 - 2009-08-17 13:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-11 23:51 - 2010-12-10 19:28 - 00000136 _____ () C:\GPEapSim.log
2014-10-11 23:49 - 2014-08-20 19:30 - 00000000 ____D () C:\ProgramData\Meteoroids
2014-10-11 23:39 - 2014-09-20 19:57 - 00000000 ____D () C:\Users\Malwina\AppData\Local\Gameo
2014-10-11 23:20 - 2009-09-06 10:06 - 00000000 ____D () C:\Program Files\Google
2014-10-11 23:20 - 2009-09-06 10:06 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-11 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-10-11 22:22 - 2009-11-05 18:31 - 00000000 ____D () C:\Users\Malwina\Tracing
2014-10-11 22:22 - 2009-08-17 22:10 - 00000000 ____D () C:\Windows\Panther
2014-10-11 22:21 - 2013-08-07 20:09 - 00000000 ____D () C:\Users\Malwina\AppData\Local\CrashDumps
2014-10-11 22:21 - 2010-12-24 16:14 - 00000000 ____D () C:\Windows\Minidump
2014-10-11 22:05 - 2014-08-20 19:31 - 00000000 ____D () C:\ProgramData\PSetTGSMDI
2014-10-11 21:27 - 2009-11-03 20:52 - 00000000 ____D () C:\Users\Malwina\AppData\Local\Google
2014-10-11 21:26 - 2014-08-20 19:44 - 00000000 ____D () C:\Program Files (x86)\ver7BlockAndSurf
2014-10-11 21:19 - 2009-09-06 10:06 - 00000000 ____D () C:\ProgramData\Google
2014-10-02 16:08 - 2014-09-23 17:23 - 00000000 ____D () C:\Users\Malwina\AppData\Local\Linkey
2014-10-02 15:23 - 2009-07-14 19:58 - 00704520 _____ () C:\Windows\system32\perfh007.dat
2014-10-02 15:23 - 2009-07-14 19:58 - 00152326 _____ () C:\Windows\system32\perfc007.dat
2014-10-02 15:23 - 2009-07-14 07:13 - 01634360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-02 14:13 - 2009-11-03 20:06 - 00000000 ____D () C:\Users\Malwina
2014-10-01 21:17 - 2014-09-20 20:00 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-10-01 21:17 - 2013-08-28 14:01 - 00000000 ____D () C:\Program Files (x86)\Protected Search
2014-10-01 21:00 - 2014-08-20 19:34 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-10-01 20:59 - 2014-09-23 17:22 - 00000000 ____D () C:\ProgramData\smdmf
2014-10-01 18:45 - 2014-08-20 19:43 - 00000000 ____D () C:\Users\Malwina\AppData\Local\fst_de_148
2014-10-01 18:11 - 2014-08-20 19:30 - 00000000 ____D () C:\Program Files (x86)\FLVM Player
2014-10-01 16:59 - 2014-08-20 19:35 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-09-30 18:13 - 2013-08-03 21:15 - 00000000 ____D () C:\Users\Malwina\Documents\Symantec
2014-09-30 18:05 - 2013-08-03 20:50 - 00000000 ____D () C:\ProgramData\Norton
2014-09-29 19:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-29 18:16 - 2009-07-14 04:34 - 00000521 _____ () C:\Windows\win.ini
2014-09-27 21:28 - 2014-08-20 19:44 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-09-24 10:09 - 2014-08-20 19:35 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-09-24 03:09 - 2014-03-17 16:42 - 01608640 ____N () C:\Windows\SysWOW64\PerfStringBackup.INI

Files to move or delete:
====================
C:\ProgramData\Setup.exe


Some content of TEMP:
====================
C:\Users\Malwina\AppData\Local\Temp\avgnt.exe
C:\Users\Malwina\AppData\Local\Temp\nsm5CC.tmp.exe
C:\Users\Malwina\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 00:34

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014
Ran by Malwina at 2014-10-24 16:08:11
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.193 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{A4BC24CB-F8C7-27FB-41D5-47A405031A41}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{deb50ae5-d3c4-4eae-a7a8-3dce2a7325b1}) (Version: 1.1.21.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0710.1127.18698 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help English (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help French (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help German (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0720.2144.37243 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0710.1127.18698 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.0710.1127.18698 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Click to Disc (HKLM-x32\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.70.06160 - Sony Corporation)
Click to Disc (x32 Version: 1.2.70.06160 - Sony Corporation) Hidden
Click to Disc Editor (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 2.0.02 - Sony Corporation)
Click to Disc Editor (x32 Version: 2.0.02 - Sony Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
DATA BECKER BewerbungsGenie 7 (HKLM-x32\...\BewerbungsGenie 7_is1) (Version: 6.0.10.49 - DATA BECKER GmbH & Co. KG)
Einstellungen für VAIO-Inhaltsüberwachung (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.4.0.06120 - Sony Corporation)
EPSON Attach To Email (HKLM-x32\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (x32 Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Easy Photo Print (HKLM-x32\...\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}) (Version: 1.5.0.0 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM-x32\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Stylus CX9300F_DX9400F Handbuch (HKLM-x32\...\EPSON Stylus CX9300F_DX9400F Benutzerhandbuch) (Version:  - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
FLV Player (remove only) (HKLM-x32\...\FLVM Player) (Version:  - )
FOTOParadies (HKLM-x32\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.0.3 - Foto Online Service GmbH)
Free YouTube to MP3 Converter version 3.12.9.725 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.9.725 - DVDVideoSoft Ltd.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HomeTab 4.5 (HKLM-x32\...\{c5eac06d-16a7-4836-866d-ebf3ecfdcdaa}_is1) (Version: 4.5 - HomeTab) <==== ATTENTION
Iminent (x32 Version: 6.34.21.0 - Iminent) Hidden <==== ATTENTION
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java(TM) 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
LPT System Updater Service (HKLM-x32\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) <==== ATTENTION
Meteoroids (HKLM-x32\...\Meteoroids) (Version: 2.7.22 - Acute Angle Solutions)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Transfer (HKLM-x32\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.3.01.13160 - Sony Corporation)
MusicStation (HKLM-x32\...\{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}) (Version: 1.2.2.180 - Omnifone)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenOffice.org 3.1 (HKLM-x32\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
Plus-HD-3.8 (HKLM-x32\...\Plus-HD-3.8) (Version: 1.27.153.11 - Plus HD) <==== ATTENTION
Portrait Professional 11.3 Test (HKLM-x32\...\PortraitProfessional11Trial_is1) (Version: 11.3 - Anthropics Technology Ltd.)
PowerTeacher Version 23.04.020 (HKLM-x32\...\PowerTeacher_is1) (Version: 23.04.020 - admigro media GmbH)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Protect Disc License Helper 1.0.125 (IE) (HKCU\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Protected Search 1.1 (HKLM-x32\...\Protected Search_is1) (Version:  - Protected Search) <==== ATTENTION
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5897 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden
SafeFinder Smartbar (HKLM-x32\...\{08CA50B1-98F0-4470-BB6C-B5D0B8C28EFC}) (Version: 11.106.72.18963 - Linkury Ltd.) <==== ATTENTION
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.0.0.07300 - Sony Corporation)
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.13892 - Aztec Media Inc) <==== ATTENTION
Shape Collage (HKLM-x32\...\ShapeCollage) (Version:  - Shape Collage Inc.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Sony Home Network Library (HKLM-x32\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 2.0.0.07280 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.0.0.07280 - Sony Corporation) Hidden
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.12.16210 - Sony Corporation)
Term Tutor (HKLM-x32\...\TermTutor) (Version: 1.9.0.8 - Term Tutor) <==== ATTENTION
Unterstützung für VAIO-Präsentation (HKLM-x32\...\{2018C019-30D9-4240-8C01-0865C10DCF5A}) (Version: 2.0.0.05270 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM-x32\...\{0A5F02E5-1A52-4F85-892C-A35227641C75}) (Version: 3.5.0.06261 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.5.0.06261 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Network Service Manager (HKLM-x32\...\{3B1168DE-1F8C-471C-AC49-0CA52F096170}) (Version: 3.5.0.06260 - Sony Corporation)
VAIO Content Metadata Intelligent Network Service Manager (x32 Version: 3.5.0.06260 - Sony Corporation) Hidden
VAIO Content Metadata Manager Settings (HKLM-x32\...\{7395DD51-0D1A-47A7-9993-742073ECF4CE}) (Version: 3.5.0.06260 - Sony Corporation)
VAIO Content Metadata Manager Settings (x32 Version: 3.5.0.06260 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM-x32\...\{949419DF-F4AF-4693-B60A-522B24F233C6}) (Version: 3.5.0.06180 - Sony Corporation)
VAIO Content Metadata XML Interface Library (x32 Version: 3.5.0.06180 - Sony Corporation) Hidden
VAIO Content Monitoring Settings (x32 Version: 2.4.0.06120 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.0.0.06120 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.1.01.06290 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Energie Verwaltung (HKLM-x32\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 4.0.0.07160 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.5.0.07230 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.5.0.07230 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.0.0.07010 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 1.0.0.08050 - Sony Corporation)
VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version:  - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.0.07280 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)
VAIO Movie Story (HKLM-x32\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.5.00.06191 - Sony Corporation)
VAIO Movie Story (x32 Version: 1.5.00.06191 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM-x32\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.5.00.06010 - Sony Corporation)
VAIO NW screensaver (HKLM-x32\...\VAIO NW screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Original Function Settings (x32 Version: 2.0.0.07010 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.0.0.07010 - Sony Corporation)
VAIO Premium Partners 1.00 (HKLM-x32\...\VAIO Premium Partners 1.00) (Version:  - )
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.1.2.4 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.1.2.4 - Sony Corporation) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.0.0.08120 - Sony Corporation)
VAIO Update 4 (HKLM-x32\...\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}) (Version: 4.2.0.07300 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.0.0.07290 - Sony Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM-x32\...\{B5BCBD49-202F-4238-8398-D83D423A48B4}) (Version: 5.000.817.1 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WindowsMangerProtect20.0.0.722 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-10-2014 14:06:41 Windows-Sicherung
11-10-2014 21:32:53 Removed ABBYY FineReader 6.0 Sprint
11-10-2014 21:35:18 Removed ABBYY FineReader 6.0 Sprint
11-10-2014 21:57:27 Entfernt Mobile Partner Manager
14-10-2014 18:35:19 Windows-Sicherung
17-10-2014 01:00:22 Windows Update
22-10-2014 19:48:44 Windows-Sicherung
24-10-2014 10:16:34 Avira Free Antivirus - 24.10.2014 12:16
24-10-2014 11:53:28 TuneUp Utilities 2013 wird entfernt
24-10-2014 11:55:30 TuneUp Utilities Language Pack (de-DE) wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C468EC7-A6C9-4A1F-BA4D-4D6940F987A8} - System32\Tasks\Open Chrome => Chrome.exe --new-window hxxp://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=en
Task: {0DC496B9-D1A2-4D5B-8C46-4CD5AC505455} - \RegClean Pro No Task File <==== ATTENTION
Task: {19B381D4-8CD6-42EA-B803-C0759448A39A} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe [2013-03-19] (Simplygen) <==== ATTENTION
Task: {1F0AC2CA-9145-4758-82A9-80D20FAB9DA2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {28AAED47-90C3-40EF-91A6-12B125AD161F} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2009-07-30] (Sony Corporation)
Task: {3B25B288-DC4D-4475-B93A-E21298B8137A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-06] (Google Inc.)
Task: {52A3E795-71DB-42CA-AA91-3ACDB928217A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {839D7D0F-4126-4525-8E55-663BC08641AD} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {85E8892F-E7FE-42C3-85AD-E9C00E7A6C9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-06] (Google Inc.)
Task: {9C8A3D68-9040-4CE7-99AA-8B043F845C2F} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2009-08-05] (Sony Corporation)
Task: {A622B405-62B1-4D95-8F93-AC253EB0CDA0} - System32\Tasks\EPUpdater => C:\Users\Malwina\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {ACE9E4C4-BA8A-4D49-B6E0-005E1A0799C6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {BC5679B5-8A62-4718-98F2-666DE3514A0C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe

==================== Loaded Modules (whitelisted) =============

2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2008-08-26 11:41 - 2008-08-26 11:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-09-06 10:02 - 2009-09-06 10:02 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-08-20 19:44 - 2014-08-20 19:44 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2013-08-29 11:24 - 2013-08-22 12:02 - 00187888 ____N () C:\Users\Malwina\AppData\Roaming\BabSolution\Shared\enhancedNT.dll
2009-08-18 16:54 - 2009-08-18 16:54 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-10-11 23:04 - 2014-09-15 11:56 - 00051504 _____ () C:\Users\Malwina\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-15 11:56 - 2014-09-15 11:56 - 00140024 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2009-09-06 10:28 - 2009-07-01 11:49 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2009-09-06 10:28 - 2009-07-01 11:49 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2014-09-15 11:56 - 2014-09-15 11:56 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3731066323-2774923044-2993673355-500 - Administrator - Disabled)
Gast (S-1-5-21-3731066323-2774923044-2993673355-501 - Limited - Disabled)
Malwina (S-1-5-21-3731066323-2774923044-2993673355-1000 - Administrator - Enabled) => C:\Users\Malwina

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2014 04:01:32 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)

Error: (10/24/2014 04:01:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/24/2014 01:54:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/24/2014 00:17:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service VO Service component since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (10/22/2014 09:53:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service VO Service component since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (10/17/2014 03:32:35 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)

Error: (10/17/2014 03:31:55 AM) (Source: ProtectorToolService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileNotFoundException: Die Datei oder Assembly "Smartbar.Communication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340" oder eine Abhängigkeit davon wurde nicht gefunden. Das System kann die angegebene Datei nicht finden.
Dateiname: "Smartbar.Communication, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340"
   bei  .OnStart(String[] )
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

WRN: Protokollierung der Assemblybindung ist AUS.
Sie können die Protokollierung der Assemblybindungsfehler aktivieren, indem Sie den Registrierungswert [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) auf 1 festlegen.
Hinweis: Die Protokollierung der Assemblybindungsfehler führt zu einer gewissen Leistungseinbuße.
Sie können dieses Feature deaktivieren, indem Sie den Registrierungswert [HKLM\Software\Microsoft\Fusion!EnableLog] entfernen.

Error: (10/14/2014 08:36:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 14.0.7.266 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 171c

Startzeit: 01cfe62963dceb93

Endzeit: 60000

Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

Berichts-ID: d2297b91-53d0-11e4-a900-0024be43762c

Error: (10/12/2014 04:30:50 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)

Error: (10/12/2014 04:30:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (10/24/2014 04:01:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
netfilter64

Error: (10/24/2014 04:00:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util App Bud" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/24/2014 04:00:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update App Bud" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/24/2014 04:00:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Norton Internet Security" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/24/2014 04:00:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Norton Internet Security erreicht.

Error: (10/24/2014 03:59:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LPT System Updater Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/24/2014 03:59:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LPT System Updater Service erreicht.

Error: (10/24/2014 03:58:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AllDaySavingsService64" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/24/2014 03:58:10 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (10/24/2014 03:58:10 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 51%
Total physical RAM: 4063.03 MB
Available physical RAM: 1971.07 MB
Total Pagefile: 8124.23 MB
Available Pagefile: 5772.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:456.28 GB) (Free:361.64 GB) NTFS
Drive f: (24 Okt 2014) (CDROM) (Total:0.69 GB) (Free:0.63 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F9B5C2C5)
Partition 1: (Not Active) - (Size=9.4 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Aneri · 24.10.2014, 15:30

Wunderbar. Das Tool sollte zwar vom Desktop ausgeführt werden und nicht von f: aber gut ...

Schritt 1:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-3731066323-2774923044-2993673355-1000\...\Run: [clicup-Agent] => C:\Users\Malwina\AppData\Local\Temp\clicup\clicup.exe <===== ATTENTION
C:\Users\Malwina\AppData\Local\Temp\clicup\
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32888 2014-08-13] () <==== ATTENTION
Task: {0DC496B9-D1A2-4D5B-8C46-4CD5AC505455} - \RegClean Pro No Task File <==== ATTENTION
Task: {19B381D4-8CD6-42EA-B803-C0759448A39A} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe [2013-03-19] (Simplygen) <==== ATTENTION
Task: {A622B405-62B1-4D95-8F93-AC253EB0CDA0} - System32\Tasks\EPUpdater => C:\Users\Malwina\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2:
Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

HomeTab 4.5
Iminent
LPT System Updater Service
Plus-HD-3.8
Protected Search 1.1
Remote Desktop Access
SafeFinder Smartbar
Settings Manager
Term Tutor
WindowsMangerProtect20.0.0.722
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Sollte eines der Programme nicht in der Liste stehen, mach einfach weiter mit dem nächsten

Schritt 3:
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 4:

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 5:

erstelle ein neues FRST Logfile und poste es hier, teile mir mit, ob sich das verhalten des Notebooks bessert

Win 7: Safefinder Smartbar, Sweet-Page, ... Wie bekommt man sie runter?

Plagegeister aller Art und deren Bekämpfung: Win 7: Safefinder Smartbar, Sweet-Page, ... Wie bekommt man sie runter?