Win 8.1, Browser-Werbefester-"Gewitter" und Trojaner(?)-Meldung von Avira

sfgff · 25.12.2014, 22:32

Hallo,
nachdem mir hier vor vielen, vielen Jahren einmall sehr geholfen wurde, geht es nun um das Laptop meines Vaters. Einfach die Frage, ob ich mich länger mit der Bereinigung des Rechners aufhalten soll, oder besser gleich alles platt machen und neu aufsetzen.

Windows 8.1 64-Bit mit allen Updates, nur ist er bei der Installation von irgendwelchen Programmen nicht immer bereit sich immer alles durchzulesen, so bekommt er z.B. regelmäßig die Ask-Toolbar mit in den Browser.

Nun ist es aber schlimmer. T-Online-Browser funktioniert noch, alle anderen, besonders Chrome überschütten einen mit Werbepopups und neuen Fenstern, Werbeanzeigen. Besonders geht es los, wenn man auf eine Seite geht, auf der man sich anmelden muss, also z.B. Webmail oder Shops. Sobald man den Username eingeben will (mache ich natürlich nicht), geht es los. Immer angeblich irgendwelche Sicherheitssoftware, Windows-Berichtigungen, etc.

Leider habe ich erst jetzt gelesen, was man heute als Logfiles hier will, ich habe nämlich ganz brav ein Logfile wie früher mit HijackThis erstellt.

Deshalb erst einmal das Logfile von Avira:

Code:

ATTFilter

 Exportierte Ereignisse:

25.12.2014 21:41 [System-Scanner] Malware gefunden
      Die Datei 'E:\download\Festplatte sonsige 
      Dateien\HDDRIVE2GO\Allgemein\downloads\PocketPC\erfolg.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Agent.kma.3' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '508de6b4.qua' 
      verschoben!

25.12.2014 21:40 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'E:\dateien\Allgemein\downloads\PocketPC\erfolg.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Agent.kma.3' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

25.12.2014 21:37 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'E:\download\Festplatte sonsige 
      Dateien\HDDRIVE2GO\Allgemein\downloads\PocketPC\erfolg.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Agent.kma.3' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

Irgendwie finde ich zu der Meldung nicht was das für ein Trojaner ist.

Mein Wunsch wäre einfach eine Einschätzung ob Desinfektion oder doch besser neu Aufsetzen
und vielleicht hilft dabei das Hijackthis-Logfile, auch wenn ich nun weíß, dass es heute nicht mehr genau genug für euch ist.
Wenn ich die Rückmeldung bekomme es lohnt sich die Desinfektion, werde ich die anderen Sachen ausführen, um die heute gewünschten Logfiles zu bekommen.

Danke im Voraus

Hier nun das HijackThis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:08:17, on 25.12.2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)


Boot mode: Normal

Running processes:
C:\WINDOWS\SysWOW64\Rundll32.exe
C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\herbert\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ie_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ce1985dbeff74c29bd3cb9becc3f7032_39_1006_20130904_DE_ie_sp_
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: BrowseToolE0191 - {40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: MimalaAmazonToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)
O2 - BHO: NCH DE - {b106b661-3e1b-4015-af5c-195e909f35c6} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll
O2 - BHO: AlxHelper - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll
O3 - Toolbar: Mimala Amazon Toolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [EPGServiceTool] C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TRAYSE~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [phonostar-PlayerTimer] "C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BackgroundContainer] "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\herbert\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
O4 - HKCU\..\Run: [lollipop_03061728] lollipop_03061728
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files (x86)\WinTV\Ir.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll c:\program files (x86)\optimizer pro\optprocrash.dll
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
O23 - Service: Browser 7 Maintenance Service (Browser7Maintenance) - Deutsche Telekom AG - C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: EPGService - Hauppauge Computer Works - C:\Program Files (x86)\WinTV\EPG Services\System\EPGService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - Unknown owner - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service for AMZN - Unknown owner - C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16996 bytes

deeprybka · 25.12.2014, 22:46

Zitat:

Zitat von sfgff

oder besser gleich alles platt machen und neu aufsetzen.

Nö

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

sfgff · 26.12.2014, 07:57

Hallo Jürgen,
herzlichen Dank, dass du mit helfen willst. Hier wie von dir beschrieben die Logfiles nach Schritt 1 - übrigens wenn ich hier auf dem Laptop meines Vaters auf das Code-Icon im Textfeld gehe, passiert gar nichts - nur falls das auch ein Hinweis sein könnte:

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2014
Ran by herbert (administrator) on HERBERT-PC on 26-12-2014 07:41:13
Running from C:\Users\herbert\Desktop
Loaded Profile: herbert (Available profiles: herbert & DefaultAppPool)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\EPG Services\System\EPGService.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Activeris) C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
(Hauppauge Inc.) C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(fun communications GmbH, hxxp://www.fun.de) C:\Program Files (x86)\T-Online\T-Online_Software_6\Notifier\Notifier.exe
(Deutsche Telekom AG) C:\Program Files (x86)\T-Online\T-Online_Software_6\Browser\browser.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Power Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [HCWemmon] => C:\WINDOWS\HCWemmon.exe [61440 2007-03-29] (eMPIA Technology, Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe [295744 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [EPGServiceTool] => C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe [675840 2007-08-01] (Hauppauge Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-06-25] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_2008_PLUS\Trayserver.exe [90112 2007-03-29] (MAGIX AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Run: [phonostar-PlayerTimer] => C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2012-10-13] ()
HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Run: [BackgroundContainer] => "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\herbert\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Run: [lollipop_03061728] => lollipop_03061728
HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135112 2014-05-15] (PC Utilities Software Limited)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245056 2014-12-10] (Client Connect LTD)
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2720144 2014-05-19] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215360 2014-12-10] (Client Connect LTD)
AppInit_DLLs-x32:  c:\program files (x86)\optimizer pro\optprocrash.dll => "c:\program files (x86)\optimizer pro\optprocrash.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\herbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\herbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms}
HKU\S-1-5-21-3195340951-745995918-4157368257-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7
HKU\S-1-5-21-3195340951-745995918-4157368257-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013
HKU\S-1-5-21-3195340951-745995918-4157368257-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ie_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ce1985dbeff74c29bd3cb9becc3f7032_39_1006_20130904_DE_ie_sp_
HKU\S-1-5-21-3195340951-745995918-4157368257-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013
URLSearchHook: HKLM-x32 - (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
URLSearchHook: HKLM-x32 - (No Name) - {b106b661-3e1b-4015-af5c-195e909f35c6} - No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms}
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M004816A0-C0AE-429D-AE90-AEA27E408AEB&SearchSource=58&CUI=&UM=2&UP=SP9664C388-2041-428E-B9AA-DD72667F1EDA&q={searchTerms}&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=
SearchScopes: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013
SearchScopes: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M004816A0-C0AE-429D-AE90-AEA27E408AEB&SearchSource=58&CUI=&UM=2&UP=SP9664C388-2041-428E-B9AA-DD72667F1EDA&q={searchTerms}&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=
SearchScopes: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms}
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name -> {40c3cc16-7269-4b32-9531-17f2950fb06f} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: MimalaAmazonToolbar.ShowToolbarBHO -> {86a3cdaa-9b25-480e-b73f-c2d359b87966} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: No Name -> {b106b661-3e1b-4015-af5c-195e909f35c6} ->  No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Softonic Helper Object -> {E87806B5-E908-45FD-AF5E-957D83E58E68} -> C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
BHO-x32: AlxHelper Class -> {F443A627-5009-4323-9C1D-7FD598D0D712} -> C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - Mimala Amazon Toolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
Toolbar: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> No Name - {B106B661-3E1B-4015-AF5C-195E909F35C6} -  No File
Toolbar: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M004816A0-C0AE-429D-AE90-AEA27E408AEB&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP9664C388-2041-428E-B9AA-DD72667F1EDA&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=
FF DefaultSearchEngine: Trovi search
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ce1985dbeff74c29bd3cb9becc3f7032_39_1006_20130904_DE_ff_sp_
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195340951-745995918-4157368257-1000: @phonostar.de/phonostar -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll No File
FF user.js: detected! => C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\searchplugins\Web Search.xml
FF Extension: Widget context - C:\Users\herbert\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-15]
FF Extension: MediaPlayerplus - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-07-27]
FF Extension: Amazon Browser Bar - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\abb@amazon.com [2013-09-04]
FF Extension: Cliqz Beta - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\cliqz@cliqz.com [2014-10-12]
FF Extension: enterprise 1.1 - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com [2014-09-21]
FF Extension: Feven Pro 1.2 - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\e49d3f99-7c89-4eb4-99f3-ff903e2189b2@5288754a-7a48-41a0-a10f-e98c9ac12040.com [2014-07-27]
FF Extension: Value Apps - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2014-03-15]
FF Extension: Zula Games - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\zulagames@ZulaGames.com.xpi [2014-01-04]
FF Extension: Address Bar Search - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-27]
FF Extension: BonanzaDeals - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2013-12-19]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ce1985dbeff74c29bd3cb9becc3f7032_39_1006_20130904_DE_cr_sp_
CHR StartupUrls: Default -> "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ce1985dbeff74c29bd3cb9becc3f7032_39_1006_20130904_DE_cr_sp_"
CHR DefaultSearchKeyword: Default -> trovi.com
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M004816A0-C0AE-429D-AE90-AEA27E408AEB&SearchSource=58&CUI=&UM=2&UP=SP9664C388-2041-428E-B9AA-DD72667F1EDA&q={searchTerms}&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=2&UP=SP9664C388-2041-428E-B9AA-DD72667F1EDA&SAT=CNTS
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (Zula Games) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflandjopdloblmlcoiidmncpinmmacn [2013-10-13]
CHR Extension: (Domain Error Assistant) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-01-03]
CHR Extension: (Lightning Newtab) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-10-05]
CHR Extension: (MPlayerplus_01) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-07-01]
CHR Extension: (Slick Savings) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-01-03]
CHR Extension: (Google Wallet) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]
CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2013-12-21]
CHR HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx [2013-03-21]
CHR HKLM-x32\...\Chrome\Extension: [aipfmkinhleccnodemkoofnnofpbbpac] - C:\Users\herbert\AppData\Roaming\BabSolution\CR\searchgol.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fagpjgjmoaccgkkpjeoinehnoaimnbla] - C:\Users\herbert\AppData\Roaming\BabSolution\CR\hola.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gflandjopdloblmlcoiidmncpinmmacn] - C:\Users\herbert\AppData\Roaming\zulagames\zulagames.crx [2013-10-03]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2013-11-06]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-10-05]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\herbert\AppData\Local\Temp\tbch.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-21] (Avira Operations GmbH & Co. KG)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [112128 2014-08-20] (Deutsche Telekom AG) [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3320640 2014-12-10] (Client Connect LTD)
R2 EPGService; C:\Program Files (x86)\WinTV\EPG Services\System\EPGService.exe [374272 2007-09-05] (Hauppauge Computer Works) [File not signed]
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [873064 2011-02-22] (Acer Incorporated)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-11-11] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-05-23] (Sony Corporation) [File not signed]
R2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-11] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-11-11] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-11-11] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
S3 synusb64; C:\Windows\System32\drivers\synusb64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U3 idsvc; No ImagePath
R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 07:41 - 2014-12-26 07:41 - 00034017 _____ () C:\Users\herbert\Desktop\FRST.txt
2014-12-26 07:40 - 2014-12-26 07:41 - 00000000 ____D () C:\FRST
2014-12-26 07:39 - 2014-12-26 07:39 - 02122240 _____ (Farbar) C:\Users\herbert\Desktop\FRST64.exe
2014-12-25 21:55 - 2014-12-25 21:55 - 00002028 _____ () C:\Users\herbert\Downloads\Ereignisse.txt
2014-12-25 21:54 - 2014-12-25 21:54 - 00000000 ____D () C:\Users\herbert\Documents\Neuer Ordner (3)
2014-12-25 21:53 - 2014-12-25 21:53 - 00000000 ____D () C:\Users\herbert\Documents\Neuer Ordner (2)
2014-12-25 19:08 - 2014-12-25 19:08 - 00016998 _____ () C:\Users\herbert\Downloads\hijackthis.log
2014-12-25 19:03 - 2014-12-25 19:03 - 00388608 _____ (Trend Micro Inc.) C:\Users\herbert\Downloads\HijackThis.exe
2014-12-25 19:00 - 2014-12-25 19:01 - 42184784 _____ (Google Inc.) C:\Users\herbert\Downloads\chromestandalonesetup.exe
2014-12-25 05:57 - 2014-12-25 05:57 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 05:56 - 2014-12-26 05:56 - 00000000 ____D () C:\Users\herbert\AppData\Local\{B881C34B-041A-44A8-A222-5FE741D45734}
2014-12-24 06:52 - 2014-12-24 06:52 - 00000000 ____D () C:\Users\herbert\AppData\Local\{068CFA4F-791E-4E36-A2B0-7B630074705E}
2014-12-23 10:38 - 2014-12-23 10:38 - 00000000 ____D () C:\Users\herbert\AppData\Local\{7AA42C53-0B99-465F-AAA2-6C60471EBC86}
2014-12-21 19:40 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-21 19:40 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-21 19:36 - 2014-12-21 19:36 - 00775968 _____ (Reimage®) C:\Users\herbert\Downloads\ReimageRepair (2).exe
2014-12-21 19:24 - 2014-12-21 19:24 - 00000000 __SHD () C:\Users\herbert\AppData\Local\EmieBrowserModeList
2014-12-21 19:20 - 2014-12-25 05:57 - 00003106 _____ () C:\WINDOWS\System32\Tasks\Activeris AntiMalware_startup
2014-12-21 19:18 - 2014-12-21 19:18 - 00000000 ____D () C:\Users\herbert\AppData\Local\{A1E58E48-33EF-48C5-8C44-348E8496EE52}
2014-12-14 09:57 - 2014-12-14 09:57 - 00000921 _____ () C:\Users\herbert\Desktop\Bilder - Verknüpfung.lnk
2014-12-14 09:44 - 2014-12-14 09:44 - 00000000 ____D () C:\Users\herbert\AppData\Local\{95BABF5B-03DE-4A5A-923D-6454A6DD1FDB}
2014-12-13 17:25 - 2014-12-13 17:25 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-13 15:15 - 2014-12-13 15:16 - 00000000 ____D () C:\Users\herbert\Documents\schapprechnung
2014-12-13 15:11 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-13 15:11 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-13 15:11 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-13 15:11 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-13 14:56 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-13 14:56 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-13 14:55 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-13 14:55 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-13 14:55 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-13 14:55 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-13 14:55 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-13 14:55 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-13 14:55 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-13 14:55 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-13 14:55 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-13 14:55 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-13 14:55 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-13 14:55 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-13 14:55 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-13 14:55 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-13 14:55 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-13 14:55 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-13 14:55 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-13 14:55 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-13 14:55 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-13 14:55 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-13 14:55 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-13 14:55 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-13 14:55 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-13 14:55 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-13 14:55 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-13 14:55 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-13 14:55 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-13 14:55 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-13 14:55 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-13 14:55 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-13 14:55 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-13 14:55 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-13 14:55 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-13 14:55 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-13 14:55 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-13 14:55 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-13 14:55 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-13 14:55 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-13 14:55 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-13 14:55 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-13 14:55 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-13 14:55 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-13 14:55 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-13 14:55 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-13 14:55 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-13 14:55 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-13 14:55 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-13 14:55 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-13 14:55 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-13 14:55 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-13 14:55 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-13 14:55 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-13 14:28 - 2014-12-13 14:28 - 00000000 ____D () C:\Users\herbert\AppData\Local\{E8F526FE-FF48-4A33-8F60-F82617D024E5}
2014-11-28 11:43 - 2014-11-28 11:43 - 00000000 ____D () C:\Users\herbert\AppData\Local\{3E6A1AA4-617C-4AE7-A768-EF8A79B08873}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 07:39 - 2011-10-16 17:15 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-26 07:32 - 2014-05-19 17:32 - 00001404 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-7.job
2014-12-26 07:32 - 2014-04-14 18:32 - 00000304 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job
2014-12-26 07:02 - 2014-09-21 19:02 - 00003482 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-6.job
2014-12-26 07:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-26 06:51 - 2012-04-01 08:06 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-26 06:41 - 2013-11-12 17:16 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2014-12-26 06:33 - 2014-05-19 17:33 - 00002230 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-4.job
2014-12-26 06:33 - 2014-05-19 17:33 - 00001548 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-5.job
2014-12-26 06:33 - 2014-05-19 17:33 - 00001466 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-1.job
2014-12-26 06:33 - 2014-05-19 17:33 - 00001446 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-2.job
2014-12-26 06:32 - 2014-05-19 17:32 - 00003822 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-3.job
2014-12-26 06:32 - 2014-05-19 17:32 - 00001476 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-6.job
2014-12-26 05:55 - 2013-11-11 17:43 - 01984983 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-26 05:45 - 2013-09-30 05:14 - 02091098 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-26 05:45 - 2013-09-30 04:58 - 00888252 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-26 05:45 - 2013-09-30 04:58 - 00205708 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-26 05:42 - 2012-10-29 15:01 - 00050688 ___SH () C:\Users\herbert\Desktop\Thumbs.db
2014-12-25 20:03 - 2014-09-21 19:03 - 00002458 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5_user.job
2014-12-25 20:03 - 2014-09-21 19:03 - 00002458 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5.job
2014-12-25 20:03 - 2014-09-21 19:03 - 00002122 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-2.job
2014-12-25 20:02 - 2014-09-21 19:02 - 00004508 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-11.job
2014-12-25 20:02 - 2014-09-21 19:02 - 00003826 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-4.job
2014-12-25 20:02 - 2014-09-21 19:02 - 00003482 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-7.job
2014-12-25 20:02 - 2014-09-21 19:02 - 00002784 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-1.job
2014-12-25 16:39 - 2011-10-16 17:15 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-25 05:55 - 2014-05-06 17:50 - 00000000 ___RD () C:\Users\herbert\OneDrive
2014-12-25 05:55 - 2014-04-14 18:32 - 00000318 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job
2014-12-25 05:55 - 2013-01-14 18:38 - 00000384 _____ () C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
2014-12-25 05:55 - 2011-09-22 17:31 - 00000000 ____D () C:\Users\herbert\Tracing
2014-12-25 05:54 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-24 07:17 - 2012-10-29 15:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3195340951-745995918-4157368257-1000
2014-12-24 06:49 - 2013-09-29 20:05 - 00302704 _____ () C:\WINDOWS\PFRO.log
2014-12-23 11:17 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-21 21:33 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-21 20:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-21 20:40 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-21 20:13 - 2014-08-13 17:52 - 00144695 _____ () C:\WINDOWS\system32\ScanResults.xml
2014-12-21 19:37 - 2014-08-03 18:00 - 00000165 _____ () C:\WINDOWS\Reimage.ini
2014-12-21 19:22 - 2014-05-20 17:44 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-12-21 19:16 - 2014-08-12 13:50 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings
2014-12-14 10:19 - 2013-11-11 17:22 - 00000000 ____D () C:\Users\herbert
2014-12-14 10:03 - 2013-11-12 19:00 - 00188928 ___SH () C:\Users\herbert\Downloads\Thumbs.db
2014-12-13 17:25 - 2014-07-20 14:07 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-13 17:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-13 17:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-13 17:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-13 17:13 - 2011-09-22 13:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 17:12 - 2013-08-16 15:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 17:03 - 2011-11-03 07:00 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-13 16:19 - 2012-08-16 14:53 - 00000000 ____D () C:\Users\herbert\Documents\krankenkasse
2014-12-13 16:00 - 2014-05-19 17:32 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-12-13 15:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-12-13 15:18 - 2013-08-22 15:46 - 00351419 _____ () C:\WINDOWS\setupact.log
2014-12-13 15:08 - 2013-01-16 14:44 - 00000000 ____D () C:\Users\herbert\Documents\Abrechnung 2013
2014-12-13 14:51 - 2012-04-01 08:06 - 00003796 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-13 14:43 - 2011-10-16 17:15 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-13 14:33 - 2014-10-13 15:26 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-26 22:10 - 2014-10-20 18:56 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-10-20 18:56 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.3824.dll


Some content of TEMP:
====================
C:\Users\herbert\AppData\Local\Temp\AF1.exe
C:\Users\herbert\AppData\Local\Temp\amsetup_activeris_default_010414_installer.exe
C:\Users\herbert\AppData\Local\Temp\avgnt.exe
C:\Users\herbert\AppData\Local\Temp\BackupSetup.exe
C:\Users\herbert\AppData\Local\Temp\cloud_backup_setup.exe
C:\Users\herbert\AppData\Local\Temp\dlLogic.exe
C:\Users\herbert\AppData\Local\Temp\dltr.exe
C:\Users\herbert\AppData\Local\Temp\GCVerifier.dll
C:\Users\herbert\AppData\Local\Temp\newvideoplayersetup.exe
C:\Users\herbert\AppData\Local\Temp\nsc1FCD.exe
C:\Users\herbert\AppData\Local\Temp\nsg1C42.exe
C:\Users\herbert\AppData\Local\Temp\nssC91B.exe
C:\Users\herbert\AppData\Local\Temp\nst2339.exe
C:\Users\herbert\AppData\Local\Temp\nsuCC2A.exe
C:\Users\herbert\AppData\Local\Temp\nswC5DE.exe
C:\Users\herbert\AppData\Local\Temp\ReimagePackage.exe
C:\Users\herbert\AppData\Local\Temp\Runner.exe
C:\Users\herbert\AppData\Local\Temp\Setup.exe
C:\Users\herbert\AppData\Local\Temp\spidentifierimpl.exe
C:\Users\herbert\AppData\Local\Temp\SPSetup.exe
C:\Users\herbert\AppData\Local\Temp\sqlite3.exe
C:\Users\herbert\AppData\Local\Temp\Update_Simplitec_PowerSuite_1.5.2.2de_DE.exe
C:\Users\herbert\AppData\Local\Temp\verifier.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 08:12

==================== End Of Log ============================

--- --- ---

Addition.txt

Code:

ATTFilter

 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2014
Ran by herbert at 2014-12-26 07:42:38
Running from C:\Users\herbert\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activeris AntiMalware (HKLM-x32\...\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1) (Version: 1.0.0.1 - Activeris) <==== ATTENTION
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Browser Bar (HKLM\...\Amazon Browser Bar) (Version: 3.0.2012.0802 - Amazon) <==== ATTENTION
Amazon Browser Settings (HKLM-x32\...\Amazon Browser Settings) (Version: 3.0 - Amazon)
Amazon Kindle (HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle For PC v1.0 (HKLM-x32\...\Amazon Kindle For PC) (Version:  - )
Amazon Kindle For PC v1.0 (HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Amazon Kindle For PC) (Version:  - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.36191 - Ask.com) <==== ATTENTION
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{580B9989-C624-2415-D922-56D856165564}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Browser 7 der Telekom 31.0.19 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 31.0.19 (x86 de)) (Version: 31.0.19 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 31.0.19 - Deutsche Telekom AG)
calibre (HKLM-x32\...\{1BFDD064-4C67-4156-A6C6-6E8D63563B3B}) (Version: 1.20.0 - Kovid Goyal)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Celestia 1.3.2 (HKLM-x32\...\Celestia_is1) (Version:  - Shatters Software)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.33 - Abelssoft)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1421_35790 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desktopicon Trends auf OTTO.de (HKLM\...\DesktopIconotto) (Version: 1.0.1 - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.13345 - Landesfinanzdirektion Thüringen)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.8 - MAGIX AG)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hauppauge German Help Files and Resources (HKLM-x32\...\Hauppauge German Help Files and Resources) (Version:  - )
Hauppauge MCE XP/Vista Software Encoder (2.0.25180) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25180 - Hauppauge Computer Works, Inc.)
Hauppauge WinTV (HKLM-x32\...\Hauppauge WinTV) (Version:  - )
Hauppauge WinTV DVB-T EPG Service (HKLM-x32\...\Hauppauge WinTV DVB-T EPG Service) (Version:  - )
Hauppauge WinTV Infrared Remote (HKLM-x32\...\Hauppauge WinTV Infrared Remote) (Version:  - )
Hauppauge WinTV Scheduler (HKLM-x32\...\Hauppauge WinTV Scheduler) (Version:  - )
Hauppauge WinTV Soft PVR (HKLM-x32\...\Hauppauge WinTV Soft PVR) (Version:  - )
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
iClone SE (HKLM-x32\...\{580EC579-E476-469F-9EBF-F82D696FC67A}) (Version: 2.1 - Reallusion Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Packard Bell)
ImageConverter Plus 8.0 (HKLM-x32\...\ImageConverter Plus_is1) (Version:  - fCoder Group, Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
InterVideo FilterSDK for Hauppauge (HKLM-x32\...\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}) (Version:  - InterVideo Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Packard Bell)
Lollipop (HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\lollipop_03061728) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
MAGIX Foto Manager 2008 5.0.0.255 (D) (HKLM-x32\...\MAGIX Foto Manager 2008 D) (Version: 5.0.0.255 - MAGIX AG)
MAGIX Fotobuch 3.2 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.2 - MAGIX AG)
MAGIX Online Druck Service 2.3.2.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
MAGIX PC Visit (HKLM-x32\...\MAGIX PC Visit D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{1FF63306-EBC2-413D-927E-FA1323180AB1}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2008 PLUS 7.5.0.20 (D) (HKLM-x32\...\MAGIX Video deluxe 2008 PLUS D) (Version: 7.5.0.20 - MAGIX AG)
MAGIX Video deluxe 2015 Plus (HKLM\...\MX.{0797C499-48E8-46E2-9C97-90034F46F5E6}) (Version: 14.0.0.140 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 Plus (Version: 14.0.0.140 - MAGIX Software GmbH) Hidden
MAGIX Video easy SE (HKLM-x32\...\MAGIX_{015B4C6B-BE3F-430F-B9EE-24505EDD16F1}) (Version: 3.0.1.46 - MAGIX AG)
MAGIX Video easy SE (Version: 3.0.1.46 - MAGIX AG) Hidden
MAGIX Xtreme Foto Designer 6 6.0.22.0 (D) (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.22.0 - MAGIX AG)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU  (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition - DEU (HKLM-x32\...\Microsoft Visual C++ 2008 Express Edition - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{53C900F7-0CB1-3EDE-B9F3-76EDE6F0C253}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
minimal arts - Toolbar für amazon.de (HKLM-x32\...\{37D290AF-6602-4C22-9AF8-66CB7231C729}) (Version: 1.0.0 - minimal arts UG (haftungsbeschränkt))
MPlayerplus_01 (HKLM-x32\...\MPlayerplus_01) (Version: 1.34.5.12 - Freeven) <==== ATTENTION
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3004 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.1025.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 2.0.2211 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 2.0.2211 - CyberLink Corp.) Hidden
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Packard Bell)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Reader for PC (HKLM-x32\...\{7FAEB610-D6B1-42CE-9EEA-6A5001C2E732}) (Version: 2.1.00.06250 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Schoener Fernsehen 0.0.0.2c (HKLM-x32\...\Schoener Fernsehen) (Version: 0.0.0.2c - © schoener-fernsehen.com)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.10.160 - Client Connect LTD) <==== ATTENTION
Search-Gol Chrome Toolbar (HKLM-x32\...\Search-Gol Chrome Toolbar) (Version:  - Search-Gol) <==== ATTENTION
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Softonic toolbar  on IE (HKLM-x32\...\Softonic) (Version:  - Softonic) <==== ATTENTION
Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
TV-Browser 3.0.2 (HKLM-x32\...\tvbrowser) (Version: 3.0.2 - TV-Browser Team)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.0.1523 - CyberLink Corp.) Hidden
VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 3.33 - NCH Software)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\VisualBee for Microsoft PowerPoint) (Version: V4.1 - VisualBee.com)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
VTPlus32 für WinTV (German) (HKLM-x32\...\VTPlus32 für WinTV (German)) (Version:  - )
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3102 - Packard Bell)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Zattoo Live TV (HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\6d7aa3e3bf931c56) (Version: 1.0.0.44 - Zattoo Europa AG)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-11-2014 11:41:14 Windows Update
13-12-2014 16:57:43 Windows Update
21-12-2014 20:32:00 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03A2394B-0C32-411E-AA47-C7D366566DAE} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: {08A62D71-8B47-482D-BD0A-3A7EBDDD4976} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-09-19] (CHIP)
Task: {0A404381-5FD6-401F-B8D9-0CF4798ED86F} - System32\Tasks\{753FF5B1-8011-47A7-AF5B-94B52530CDEC} => D:\RUNME.EXE
Task: {14FCAC6C-6470-41A7-B26C-651A8061D519} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5 => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5.exe <==== ATTENTION
Task: {1D13B308-C746-4CA5-A5D8-042059950727} - System32\Tasks\{2F7F2EA3-C045-41B3-80BD-3917B6F2F86B} => C:\Users\herbert\AppData\Local\Amazon\Kindle\application\Kindle.exe [2011-12-14] (Amazon.com)
Task: {3052F74B-7ED8-490D-85CB-B92745CC2FBC} - System32\Tasks\{532AF74E-B7EB-4FE7-B38E-F6C9A493B358} => D:\RUNME.EXE
Task: {38CE96E5-6B37-48C6-9AC9-09B1CF19C1C1} - System32\Tasks\{57F689A4-83C4-44EF-8E47-E9980C059929} => D:\RUNME.EXE
Task: {3971BD60-36B7-466D-883E-DC11B03EDF86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
Task: {43E0C29C-0256-4B9D-9880-F0EB12CE78B5} - System32\Tasks\{50AF5F82-1998-4926-A5BA-576E1B357F1F} => C:\Users\herbert\Downloads\lide20lide30n670un676un1240uvst7031a_xpde(1).exe
Task: {44209798-C70E-4CCA-ACA2-646264E2CBB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {4744C9C1-AB2B-4F2F-8FBB-D848FF34648D} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-5 => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-5.exe <==== ATTENTION
Task: {4BAEBE6C-FF7F-4446-A714-63BAE4D9F369} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\herbert\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {4D381888-D20E-4BC0-B6F1-64D6A35B3EC9} - System32\Tasks\{71AB71B0-1476-4EF0-A809-AF14FDD1F27F} => pcalua.exe -a "C:\Users\herbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MKAXGF8\DriverInstaller.exe" -d C:\Users\herbert\Desktop
Task: {4F7625E8-4F38-496A-A2CD-F104DC6D267A} - System32\Tasks\{87D1E967-91D2-4128-A02C-8D59E7705472} => C:\Users\herbert\AppData\Local\Amazon\Kindle\application\Kindle.exe [2011-12-14] (Amazon.com)
Task: {542AD80B-2959-4973-9E1E-44758F1592B3} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-4 => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-4.exe <==== ATTENTION
Task: {61BD9B9A-C6DD-4C08-A415-558AF3E54579} - System32\Tasks\AdobeAAMUpdater-1.0-herbert-PC-herbert => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {689618D9-6D10-462B-9002-026E0A435352} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-02-21] (CyberLink)
Task: {6BC50602-778D-42A8-90C7-111C2F4C50E9} - System32\Tasks\{AFF7A02E-778C-4B22-9424-01CDC634456F} => D:\RUNME.EXE
Task: {7151086C-6291-48F8-8E65-A45AD81C46CE} - System32\Tasks\simplitec Power Suite => C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe
Task: {797CE307-F441-4E8C-8819-F287BA9D2B66} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-3 => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-3.exe <==== ATTENTION
Task: {7AC84241-1422-4A64-957D-452A014D9090} - System32\Tasks\{DFED496E-7EB1-4971-8DFB-E4B5978C95DC} => D:\RUNME.EXE
Task: {7C0BB730-9D03-4DEE-9B8E-BA33A100BDD8} - System32\Tasks\{16FC39DC-8DC9-4A39-A641-2C14DA850DA7} => C:\Users\herbert\Downloads\lide20lide30n670un676un1240uvst7031a_xpde(1).exe
Task: {80730CB7-A528-4EEE-94EA-BED250195383} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8CF9A25A-CB47-4BA1-ACB7-67C715C61BF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {968F0803-4A8E-4251-899D-F5C88AF5D134} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {97261265-0111-476D-AAFA-44031B4B62D4} - System32\Tasks\{2CC85AEA-4F32-4778-BFC6-81C9AE422F3A} => D:\RUNME.EXE
Task: {978D1AAD-5275-4206-96C5-EA2BD15401D3} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-fiedler-herbert@t-online.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {99A02C9F-8F0F-4F40-A00F-349898F7FC60} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: {A520C125-4AC1-42FA-9764-AF0F5EBC24FD} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-7 => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-7.exe <==== ATTENTION
Task: {AC111FC5-B97F-4402-98EE-7DE6B16EDA1F} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5_user => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5.exe <==== ATTENTION
Task: {ADD65C9E-3428-4BCC-854E-967B310C92F5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-13] (Microsoft Corporation)
Task: {B9807DED-DCB9-45F0-9357-C1ADC8205A01} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-1 => C:\Program Files (x86)\MPlayerplus_01\MPlayerplus_01-codedownloader.exe <==== ATTENTION
Task: {BF8005EC-35AB-48FA-A106-7E4327E849CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C2E99D63-6709-4D97-88CA-79F495617018} - System32\Tasks\{FB318930-6340-4274-982F-3C314E4F323F} => D:\RUNME.EXE
Task: {C532A2F0-2858-47DF-BDCD-B471B033CC09} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-6 => C:\Program Files (x86)\MPlayerplus_01\MPlayerplus_01-novainstaller.exe <==== ATTENTION
Task: {C6A307B7-4EE3-4234-94CD-5B120D6C51EE} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-1 => C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-codedownloader.exe <==== ATTENTION
Task: {C9B350A4-8245-4573-9723-AAFD6A21F204} - System32\Tasks\{E54B4202-79A3-4462-AF19-DE022726CD50} => pcalua.exe -a D:\setup.exe -d D:\
Task: {CD72B493-831E-4D1D-8720-52ECCF7332DF} - System32\Tasks\{63B80696-D49C-49E1-A07D-72EE9C22B0C2} => D:\RUNME.EXE
Task: {CDE3BEFB-8129-4E7E-B366-4419109B09A4} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-7 => C:\Program Files (x86)\MPlayerplus_01\MPlayerplus_01-nova.exe <==== ATTENTION
Task: {D293B07C-9F3A-44CF-A2E2-26DE05086C07} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-4 => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-4.exe <==== ATTENTION
Task: {D4571CED-11B1-4529-9ED8-0F3DAAC85891} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-2 => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-2.exe <==== ATTENTION
Task: {D5182EFC-1271-49B8-A847-156D1445F462} - System32\Tasks\{2BC0E3B4-CA33-4C46-8018-9DBF6E6E8247} => pcalua.exe -a C:\Users\herbert\Downloads\lide20lide30n670un676un1240uvst7031a_xpde\SetupSG.exe -d C:\Users\herbert\Downloads\lide20lide30n670un676un1240uvst7031a_xpde
Task: {D5D0AB6F-C93F-4331-8C9B-9FEFE2D35A82} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-2 => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-2.exe <==== ATTENTION
Task: {D94BBE7C-A5E2-4A44-A46B-4BE284695190} - System32\Tasks\{D8C2A99C-6C0C-4064-94C4-3F9F31B66C87} => D:\RUNME.EXE
Task: {DE467FCE-8FBB-404C-B489-0DFEA11A62C2} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-6 => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-6.exe <==== ATTENTION
Task: {DECBFB91-7ADB-4653-9BE4-A5F74C84E0DE} - System32\Tasks\Activeris AntiMalware_startup => C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe [2014-01-23] (Activeris) <==== ATTENTION
Task: {E913F6BA-304D-496F-A5BC-ECEBE9FD5292} - System32\Tasks\{83D253BA-DC0C-4BE3-9235-3BB6DA664BA3} => D:\RUNME.EXE
Task: {EB85D009-50C3-4FAD-A3FA-CF0F26E8F1EA} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-11 => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-11.exe <==== ATTENTION
Task: {EEBEF4F6-DAE1-4B8A-BD93-8CDAFAB61B12} - System32\Tasks\APSnotifierCA => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F1F20FB5-7435-4D43-8775-BA011607BD4E} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-1.job => C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-11.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-11.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-2.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-4.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5_user.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-6.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-7.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-1.job => C:\Program Files (x86)\MPlayerplus_01\MPlayerplus_01-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-2.job => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-3.job => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-4.job => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-5.job => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-6.job => C:\Program Files (x86)\MPlayerplus_01\MPlayerplus_01-novainstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-7.job => C:\Program Files (x86)\MPlayerplus_01\MPlayerplus_01-nova.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\WINDOWS\Tasks\simplitec Power Suite.job => C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-10-30 07:17 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2011-09-23 14:09 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-03-21 19:24 - 2013-03-21 19:24 - 00222368 _____ () C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-22 19:58 - 2012-10-13 16:05 - 00042496 _____ () C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
2014-11-13 10:59 - 2014-11-13 10:57 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-11-13 10:59 - 2014-11-13 10:57 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll
2014-11-13 10:59 - 2014-11-13 10:58 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-11-13 10:59 - 2014-11-13 10:57 - 00065536 _____ () C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll
2011-02-15 19:37 - 2011-02-15 19:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll
2011-02-15 19:37 - 2011-02-15 19:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Packard Bell MyBackup\MailConverter32.dll
2011-02-15 19:36 - 2011-02-15 19:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Packard Bell MyBackup\ACE.dll
2014-05-19 17:32 - 2012-09-26 14:31 - 00886272 _____ () C:\Program Files (x86)\Activeris AntiMalware\System.Data.SQLite.dll
2014-05-19 17:32 - 2014-01-23 18:04 - 01718264 _____ () C:\Program Files (x86)\Activeris AntiMalware\acrissys.dll
2014-05-19 17:32 - 2012-09-26 14:31 - 00168448 _____ () C:\Program Files (x86)\Activeris AntiMalware\UNRAR.DLL
2013-06-25 17:23 - 2013-06-25 17:23 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2013-06-25 17:24 - 2013-06-25 17:24 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2013-06-25 17:24 - 2013-06-25 17:24 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2013-06-25 17:24 - 2013-06-25 17:24 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2013-05-23 18:54 - 2013-05-23 18:54 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2013-06-25 17:24 - 2013-06-25 17:24 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2013-06-25 17:24 - 2013-06-25 17:24 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2013-06-25 17:24 - 2013-06-25 17:24 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2013-06-25 17:24 - 2013-06-25 17:24 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2013-06-25 17:24 - 2013-06-25 17:24 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2013-06-25 17:24 - 2013-06-25 17:24 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2013-06-25 17:24 - 2013-06-25 17:24 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2013-06-25 17:24 - 2013-06-25 17:24 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2013-06-25 17:24 - 2013-06-25 17:24 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2013-06-25 17:24 - 2013-06-25 17:24 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2014-10-22 15:30 - 2014-10-22 15:30 - 00169984 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\888ab4533ab915a9451bdae14d9c783e\IsdiInterop.ni.dll
2011-04-06 12:02 - 2011-01-13 01:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-09-23 06:30 - 2005-07-20 12:34 - 00700497 ____N () C:\Program Files (x86)\T-Online\T-Online_Software_6\Notifier\libcurl.dll
2011-09-23 06:30 - 2004-04-16 15:45 - 00143360 ____N () C:\Program Files (x86)\T-Online\T-Online_Software_6\Notifier\libexpat.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\herbert\OneDrive:ms-properties
AlternateDataStreams: C:\Users\herbert\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "fst_de_19"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LManager"
HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\StartupApproved\Run: => "lollipop_03061728"
HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\StartupApproved\Run: => "Optimizer Pro"

========================= Accounts: ==========================

Administrator (S-1-5-21-3195340951-745995918-4157368257-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3195340951-745995918-4157368257-1004 - Limited - Enabled)
Gast (S-1-5-21-3195340951-745995918-4157368257-501 - Limited - Disabled)
herbert (S-1-5-21-3195340951-745995918-4157368257-1000 - Administrator - Enabled) => C:\Users\herbert
HomeGroupUser$ (S-1-5-21-3195340951-745995918-4157368257-1008 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Unbekanntes USB-Gerät (Fehler beim Zurücksetzen des Ports.)
Description: Unbekanntes USB-Gerät (Fehler beim Zurücksetzen des Ports.)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2014 07:32:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: browser.exe, Version: 6.12.0.15, Zeitstempel: 0x4da6b0a0
Name des fehlerhaften Moduls: browser.exe, Version: 6.12.0.15, Zeitstempel: 0x4da6b0a0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00027bf9
ID des fehlerhaften Prozesses: 0x9e88
Startzeit der fehlerhaften Anwendung: 0xbrowser.exe0
Pfad der fehlerhaften Anwendung: browser.exe1
Pfad des fehlerhaften Moduls: browser.exe2
Berichtskennung: browser.exe3
Vollständiger Name des fehlerhaften Pakets: browser.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: browser.exe5

Error: (12/25/2014 09:35:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: browser.exe, Version: 6.12.0.15, Zeitstempel: 0x4da6b0a0
Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.17031, Zeitstempel: 0x53086d7c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000499a8
ID des fehlerhaften Prozesses: 0xd1c8
Startzeit der fehlerhaften Anwendung: 0xbrowser.exe0
Pfad der fehlerhaften Anwendung: browser.exe1
Pfad des fehlerhaften Moduls: browser.exe2
Berichtskennung: browser.exe3
Vollständiger Name des fehlerhaften Pakets: browser.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: browser.exe5

Error: (12/25/2014 09:24:30 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (12/25/2014 07:04:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Notifier.exe, Version: 6.4.0.2, Zeitstempel: 0x45a38d1f
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xdac4
Startzeit der fehlerhaften Anwendung: 0xNotifier.exe0
Pfad der fehlerhaften Anwendung: Notifier.exe1
Pfad des fehlerhaften Moduls: Notifier.exe2
Berichtskennung: Notifier.exe3
Vollständiger Name des fehlerhaften Pakets: Notifier.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Notifier.exe5

Error: (12/25/2014 08:13:41 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: ASP.NET_1.1.43228

Error: (12/25/2014 07:18:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: browser.exe, Version: 6.12.0.15, Zeitstempel: 0x4da6b0a0
Name des fehlerhaften Moduls: browser.exe, Version: 6.12.0.15, Zeitstempel: 0x4da6b0a0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00027bf9
ID des fehlerhaften Prozesses: 0xd3c
Startzeit der fehlerhaften Anwendung: 0xbrowser.exe0
Pfad der fehlerhaften Anwendung: browser.exe1
Pfad des fehlerhaften Moduls: browser.exe2
Berichtskennung: browser.exe3
Vollständiger Name des fehlerhaften Pakets: browser.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: browser.exe5

Error: (12/24/2014 06:54:23 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: ASP.NET_1.1.43228

Error: (12/21/2014 07:21:58 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: ASP.NET_1.1.43228

Error: (12/21/2014 07:16:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000ffffffff
ID des fehlerhaften Prozesses: 0x948
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5

Error: (12/14/2014 10:16:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfc6
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.9600.16384, Zeitstempel: 0x5215f944
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001a79
ID des fehlerhaften Prozesses: 0xcd0
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3
Vollständiger Name des fehlerhaften Pakets: DllHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DllHost.exe5


System errors:
=============
Error: (12/26/2014 06:59:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (12/26/2014 06:42:20 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (12/26/2014 06:42:10 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (12/26/2014 06:41:56 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (12/26/2014 06:38:22 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (12/26/2014 06:38:09 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (12/26/2014 06:37:54 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (12/25/2014 05:54:22 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (12/25/2014 05:54:22 AM) (Source: W3SVC) (EventID: 1004) (User: )
Description: Der WWW-Publishingdienst (WWW-Dienst) konnte das URL-Präfix "hxxp://*:80/" für die Website "1" nicht registrieren. Die Website wurde deaktiviert. Das Datenfeld enthält die Fehlernummer.

Error: (12/24/2014 06:49:42 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80


Microsoft Office Sessions:
=========================
Error: (10/17/2011 01:44:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-11-28 12:36:48.340
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-11-28 12:36:48.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-11-28 12:36:47.965
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-11-28 12:36:47.590
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-11-28 12:36:47.465
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-11-28 12:36:47.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-11-28 12:36:40.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-11-28 12:36:33.498
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-11-28 12:16:49.297
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-11-28 12:07:28.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 44%
Total physical RAM: 3947.86 MB
Available physical RAM: 2188.93 MB
Total Pagefile: 4741.3 MB
Available Pagefile: 2533.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:445.66 GB) (Free:118.07 GB) NTFS
Drive e: (Volume) (Fixed) (Total:465.76 GB) (Free:178.79 GB) NTFS
Drive f: (HDDRIVE2GO) (Fixed) (Total:1862.56 GB) (Free:1803.95 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 96D5FD3A)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=445.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B377DBD9)
Partition 1: (Active) - (Size=1863 GB) - (Type=0C)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 5066EA98)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gruß Ulrike

sfgff · 26.12.2014, 11:30

Hallo Jürgen,

Kommando zurück. Du brauchst nicht weitermachen.

Mein Vater hat sich nun entschlossen, das System doch platt zu machen und neu aufzusetzen.

Aber trotzdem auch in seinem Namen ein ganz herzliches

Ich finde es wunderbar, dass es noch solche Seiten wie hier gibt, wie man das früher vor der Kommerzialisierung des Internets gemacht hat. Das Wissen austauschen und gegenseitig profitieren.

Noch schöne Weihnachten und einen guten Rutsch,
Gruß Ulrike

deeprybka · 26.12.2014, 14:31

OK.

26.12.2014, 14:31	#5
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Win 8.1, Browser-Werbefester-"Gewitter" und Trojaner(?)-Meldung von Avira OK. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Win 8.1, Browser-Werbefester-"Gewitter" und Trojaner(?)-Meldung von Avira

Plagegeister aller Art und deren Bekämpfung: Win 8.1, Browser-Werbefester-"Gewitter" und Trojaner(?)-Meldung von Avira