Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.12.2014, 12:45   #1
Farmer2013
 
Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html - Standard

Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html



Habe bei meinem PC eine Datei aus dem Internet runtergeladen um Hörbücher auf mp3 umzuwandeln.Bei der Dabei hat
Antivir eine Malwere entdeckt und in Quarantäne verschoben, Habe dann nicht mehr meine Startseite Mozilla/Firefox mit Goggle zusammen hochladen können. Es wurde immer wieder geblockt mit dem Text:

resource://firefox.abs.avira.com/html/blocked.html

Habe Avira und Firefox mehrmals gelöscht und wieder aufgespielt. Kein Ervolg. Habe Adawere
und Spybot rüber lasufen lassen. Spybot hat 1 x Trojaner und 5 x Malwere entdeckt. Habe ich alles gelöscht. TRotz mehrmaligem rauf unf runter fahren keine Verbesserung. Weiß nicht mehr weiter. Habe auch versucht Google als Startsuchmaschine einzutragen. Nicht möglich.
Rogramm nimmt das Wort Google an, jedoch kommt obige Fehlermeldung

Hilfe

Alt 27.12.2014, 13:10   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html - Standard

Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 27.12.2014, 18:54   #3
Farmer2013
 
Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html - Standard

Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html



Habe null Ahnung, habe aber alles gemacht, was Du brauchst.
Viele Grüße
Farmer


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2014
Ran by Farmer (administrator) on FARMER-PC on 27-12-2014 18:48:37
Running from C:\Users\Farmer\Downloads
Loaded Profile: Farmer (Available profiles: Farmer)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Egis Technology Inc.) C:\Program Files\EgisTec\VITAKEY\CompPtcVUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
() C:\ProgramData\DatacardService\HWDeviceService.exe
() C:\Program Files\EgisTec\VITAKEY\BASVC.exe
() C:\Program Files\WInterEnhance\WInterEnhance Internet Enhancer\InternetEnhancerService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
() C:\Program Files\WInterEnhance\WInterEnhance Internet Enhancer\InternetEnhancer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(EgisTec Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\wercon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 7.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Farbar) C:\Users\Farmer\Downloads\FRST(1).exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [7700288 2014-12-18] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1407152699-662640812-3050536513-1001\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-1407152699-662640812-3050536513-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1407152699-662640812-3050536513-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1407152699-662640812-3050536513-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1367360 2014-12-16] (Lavasoft)
HKU\S-1-5-21-1407152699-662640812-3050536513-1001\...\MountPoints2: {0bc8b4e1-a69a-11dd-b609-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-1407152699-662640812-3050536513-1001\...\MountPoints2: {3eabebe2-c7be-11e2-8fd4-001e101fb681} - G:\AutoRun.exe
HKU\S-1-5-21-1407152699-662640812-3050536513-1001\...\MountPoints2: {52fd50d5-c1e0-11e2-9b2e-001e101f9843} - G:\AutoRun.exe
HKU\S-1-5-21-1407152699-662640812-3050536513-1001\...\MountPoints2: {9e7d8b57-b15b-11e2-9eea-001f16096d18} - G:\AutoRun.exe
HKU\S-1-5-21-1407152699-662640812-3050536513-1001\...\MountPoints2: {9e7d8b61-b15b-11e2-9eea-001e101fe5e1} - G:\AutoRun.exe
HKU\S-1-5-21-1407152699-662640812-3050536513-1001\...\MountPoints2: {b2e131ad-9d18-11e1-ae3b-001f16096d18} - G:\NokiaPCIA_Autorun.exe
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (EgisTec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1407152699-662640812-3050536513-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50260;https=127.0.0.1:50260
ProxyEnable: [S-1-5-21-1407152699-662640812-3050536513-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1407152699-662640812-3050536513-1001] => http=127.0.0.1:50260;https=127.0.0.1:50260
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1407152699-662640812-3050536513-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1407152699-662640812-3050536513-1001 -> DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_test01_141226&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1407152699-662640812-3050536513-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_test01_141226&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files\avira\Internet Explorer\avira32.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1407152699-662640812-3050536513-1001 -> EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1407152699-662640812-3050536513-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.de/ips-opdata/objects/jordan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: WEB.DE Suche
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/?gfe_rd=ctrl&ei=U00HU9mWBuul8weUq4H4AQ&gws_rd=cr
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @innoplus.de/ino3DViewer -> C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin: @videolan.org/vlc,version=1.1.9 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1407152699-662640812-3050536513-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\searchplugins\securesearch.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-05-12]
FF Extension: Avira Browser Safety - C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Avira Savings Advisor - C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\Extensions\ciuvo-extension@avira.de [2014-03-04]
FF Extension: WEB.DE MailCheck - C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\Extensions\toolbar@web.de [2014-12-17]
FF Extension: Web Security - C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\Extensions\zz@JDkfjdK [2014-12-18]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-30]
FF Extension: DownloadHelper - C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: preisspion.de - C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\Extensions\finder@meingutscheincode.de.xpi [2011-06-28]
FF Extension: Adblock Plus - C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-19]
FF Extension: BetterPrivacy - C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011-05-03]
FF Extension: DownThemAll! - C:\Users\Farmer\AppData\Roaming\Mozilla\Firefox\Profiles\nd3ztnjk.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-05-03]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-09]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-09]
FF Extension: UITBAutoInstaller - C:\Program Files\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-12-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2008-11-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-23]

Chrome: 
=======
CHR Profile: C:\Users\Farmer\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [654640 2009-04-15] (REINER SCT)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IGBASVC; C:\Program Files\EgisTec\VITAKEY\BASVC.exe [2180392 2008-08-29] ()
R2 Internet Enhancer Service; C:\Program Files\WInterEnhance\WInterEnhance Internet Enhancer\InternetEnhancerService.exe [312320 2014-12-23] () [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [662544 2014-12-18] ()
R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [218624 2013-04-30] () [File not signed]
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [304688 2008-08-04] (EgisTec Inc.)
S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-15] (Nero AG) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3791872 2010-10-19] (Native Instruments GmbH) [File not signed]
S3 NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-29] () [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1801216 2008-02-28] (Buhl Data Service GmbH) [File not signed]
R2 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1774904 2014-04-15] (TuneUp Software)
S4 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2djavs; C:\Windows\System32\Drivers\a2djavs.sys [346192 2011-04-11] (Native Instruments GmbH)
S3 a2djusb; C:\Windows\System32\Drivers\a2djusb.sys [93776 2011-04-11] (Native Instruments GmbH)
R3 a2djusb_svc; C:\Windows\System32\Drivers\a2djusb.sys [93776 2011-04-11] (Native Instruments GmbH)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-12-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-12-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [23040 2007-05-31] (REINER SCT)
R3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [27136 2009-10-06] ( )
S2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [26920 2008-08-28] (LTT)
R0 FPWinIo; C:\Windows\System32\DRIVERS\FPWinIo.sys [66856 2008-08-28] ()
S3 GigasetGenericUSB; C:\Windows\System32\DRIVERS\GigasetGenericUSB.sys [44032 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 GrabsterSeries.X86; C:\Windows\System32\DRIVERS\GrabsterSeries.X86.SYS [310016 2007-11-28] ()
R2 hwpsgt; C:\Windows\System32\DRIVERS\hwpsgt.sys [137344 2009-01-10] () [File not signed]
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [886912 2009-08-05] (Creative Technology Ltd.) [File not signed]
R2 lemsgt; C:\Windows\System32\DRIVERS\lemsgt.sys [9472 2009-01-10] () [File not signed]
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH) [File not signed]
R2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-08-04] (Egis Incorporated.)
R2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-08-04] (Egis Incorporated.)
R2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-08-04] (Egis Incorporated.)
S3 NUServer32; C:\Windows\System32\DRIVERS\NUServer32.sys [247808 2012-07-24] (Elite Silicon Technology Inc.)
R3 NUS_Bus32; C:\Windows\System32\DRIVERS\NUS_Bus32.sys [31744 2012-05-16] (Elite Silicon Technology Inc.)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
S3 smsbda; C:\Windows\System32\drivers\smsbda.sys [45440 2011-03-06] (Siano)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1753984 2008-07-10] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-18] (Avira GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2009-11-26] (RapidSolution Software AG)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-10-09] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-02-10] (TuneUp Software)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S3 cpuz134; \??\C:\Users\Farmer\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ta2avs; System32\Drivers\ta2avs.sys [X]
S3 ta2usb_svc; System32\Drivers\ta2usb.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 18:48 - 2014-12-27 18:48 - 00044340 _____ () C:\Users\Farmer\Desktop\FRST.txt
2014-12-27 18:40 - 2014-12-27 18:40 - 01114624 _____ (Farbar) C:\Users\Farmer\Downloads\FRST(1).exe
2014-12-27 18:36 - 2014-12-27 18:36 - 00000000 ____D () C:\Users\Farmer\Downloads\FRST-OlderVersion
2014-12-27 13:30 - 2014-12-27 13:30 - 02173952 _____ () C:\Users\Farmer\Downloads\adwcleaner_4.106.exe
2014-12-27 13:30 - 2014-12-27 13:30 - 02173952 _____ () C:\Users\Farmer\Downloads\adwcleaner_4.106(1).exe
2014-12-27 13:11 - 2014-12-27 13:11 - 00775968 _____ (Reimage®) C:\Users\Farmer\Downloads\ReimageRepair.exe
2014-12-26 20:47 - 2014-12-26 20:47 - 00004648 _____ () C:\Windows\system32\LavasoftTcpService.ini
2014-12-26 20:47 - 2014-12-26 20:47 - 00002480 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-26 20:47 - 2014-12-26 20:47 - 00000000 ____D () C:\Users\Farmer\AppData\Roaming\LavasoftStatistics
2014-12-26 20:47 - 2014-12-26 20:47 - 00000000 ____D () C:\Users\Farmer\AppData\Local\Lavasoft
2014-12-26 20:47 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2014-12-26 20:45 - 2014-12-27 13:51 - 00002184 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-12-26 20:45 - 2014-12-26 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-12-26 20:45 - 2014-12-26 20:46 - 00000000 ____D () C:\Program Files\Lavasoft
2014-12-26 20:44 - 2014-12-26 20:46 - 00000000 ____D () C:\Users\Farmer\AppData\Roaming\Lavasoft
2014-12-26 20:43 - 2014-12-26 20:46 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-12-26 20:43 - 2014-12-26 20:43 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-12-26 20:42 - 2014-12-26 20:42 - 01937320 _____ () C:\Users\Farmer\Downloads\AdAware115WebInstaller.exe
2014-12-26 20:33 - 2014-12-26 20:33 - 00000000 ____D () C:\Users\Farmer\AppData\Roaming\dlg
2014-12-26 20:32 - 2014-12-26 20:32 - 00000000 ____D () C:\Users\Farmer\AppData\Roaming\Avira
2014-12-26 20:30 - 2014-12-26 20:30 - 00001811 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-12-26 20:30 - 2014-12-26 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-26 20:29 - 2014-12-27 12:08 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-26 20:29 - 2014-12-27 12:08 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-26 20:29 - 2013-12-18 09:32 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-26 20:29 - 2013-12-18 09:32 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-12-26 20:27 - 2014-12-26 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WInterEnhance
2014-12-26 20:26 - 2014-12-26 20:27 - 00000000 ____D () C:\Program Files\WInterEnhance
2014-12-26 20:26 - 2014-12-26 20:26 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck
2014-12-26 20:26 - 2014-12-26 20:26 - 00000000 ____D () C:\Program Files\SparPilot
2014-12-26 20:25 - 2014-12-26 20:25 - 00596416 _____ () C:\Users\Farmer\Downloads\avira-free-antivir.exe
2014-12-26 19:02 - 2006-09-18 22:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20141226-190250.backup
2014-12-26 18:22 - 2014-12-26 18:22 - 00000000 ____D () C:\Users\Farmer\Documents\ProcAlyzer Dumps
2014-12-26 17:25 - 2014-12-26 17:25 - 00000365 _____ () C:\Windows\wininit.ini
2014-12-26 14:52 - 2014-12-26 14:52 - 00001935 _____ () C:\Users\Farmer\Desktop\SpyBot - Search & Destroy - CHIP Downloader.lnk
2014-12-26 14:44 - 2014-12-27 13:47 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-12-26 14:44 - 2014-12-26 18:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-26 14:44 - 2014-12-26 18:26 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-12-26 14:44 - 2014-12-26 18:26 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-12-26 14:44 - 2014-12-26 14:46 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-26 14:44 - 2014-12-26 14:44 - 00001934 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-26 14:44 - 2014-12-26 14:44 - 00001922 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-26 14:44 - 2014-12-26 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-26 14:44 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-12-26 09:49 - 2014-12-26 09:49 - 00000822 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-26 09:49 - 2014-12-26 09:49 - 00000810 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-26 09:49 - 2014-12-26 09:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-26 09:43 - 2014-12-27 13:12 - 00000000 ____D () C:\rei
2014-12-26 09:43 - 2014-12-26 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-12-26 09:18 - 2014-12-27 13:10 - 00001428 _____ () C:\Users\Farmer\Desktop\amazon.de.lnk
2014-12-26 09:18 - 2014-12-27 13:10 - 00000000 ____D () C:\Users\Farmer\AppData\Roaming\DesktopIconAmazon
2014-12-26 09:18 - 2014-12-26 09:18 - 00000000 ____D () C:\Users\Farmer\AppData\Roaming\DesktopIconGoodgame
2014-12-25 20:00 - 2014-12-25 20:00 - 00039371 _____ () C:\Users\Farmer\Downloads\Addition.txt
2014-12-25 19:59 - 2014-12-27 18:48 - 00026246 _____ () C:\Users\Farmer\Downloads\FRST.txt
2014-12-25 19:55 - 2014-12-25 19:55 - 00050477 _____ () C:\Users\Farmer\Downloads\Defogger.exe
2014-12-25 18:31 - 2014-12-25 18:31 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Farmer\Downloads\avira_de_av_5739536227__ws.exe
2014-12-25 18:31 - 2014-12-25 18:31 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Farmer\Downloads\avira_de_av_5739536227__ws(1).exe
2014-12-25 18:24 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-12-25 18:24 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-12-18 18:57 - 2014-12-18 18:57 - 00000000 ____D () C:\Users\Farmer\AppData\Roaming\Windows Open Service
2014-12-18 18:56 - 2014-12-18 18:56 - 00593344 _____ () C:\Users\Farmer\Downloads\google-sketchup.exe
2014-12-17 12:41 - 2014-12-17 12:41 - 02077616 _____ () C:\Users\Farmer\Desktop\SCGRD129.PV0
2014-12-16 09:24 - 2014-04-15 14:59 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-12-16 09:24 - 2014-04-15 14:59 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-12-16 09:22 - 2014-12-23 18:00 - 00000000 ____D () C:\Users\Farmer\AppData\Roaming\FileAdvisor
2014-12-15 17:29 - 2014-12-15 17:29 - 00001841 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2014-12-15 17:29 - 2014-12-15 17:29 - 00001833 _____ () C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
2014-12-15 17:29 - 2014-12-15 17:29 - 00001829 _____ () C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2014-12-15 17:29 - 2014-12-15 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-12-15 17:29 - 2014-04-15 14:59 - 00036664 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-12-15 17:28 - 2014-12-15 17:28 - 00000000 ____D () C:\Users\Farmer\AppData\Local\TuneUp Software
2014-12-15 17:26 - 2014-12-16 09:24 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-12-15 17:22 - 2014-12-15 17:22 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-12-15 17:21 - 2014-12-15 17:22 - 00000000 ____D () C:\Users\Farmer\AppData\Roaming\IHlpr
2014-12-15 17:19 - 2014-12-15 17:19 - 11354176 _____ (ManiacTools.com ) C:\Users\Farmer\Downloads\m4a-to-mp3-83converter.exe
2014-12-15 17:15 - 2014-12-15 17:25 - 00000000 ____D () C:\Users\Farmer\Desktop\Neuer Ordner (2)
2014-12-15 17:05 - 2014-12-15 17:05 - 01730272 _____ (Audible Inc.) C:\Users\Farmer\Downloads\ActiveSetupN(3).exe
2014-12-15 17:04 - 2014-12-15 17:05 - 01730272 _____ (Audible Inc.) C:\Users\Farmer\Downloads\ActiveSetupN(2).exe
2014-12-15 17:00 - 2014-12-15 17:00 - 01730272 _____ (Audible Inc.) C:\Users\Farmer\Downloads\ActiveSetupN(1).exe
2014-12-15 16:37 - 2014-12-15 17:15 - 00000000 ____D () C:\Users\Farmer\AppData\Local\Audible
2014-12-15 16:37 - 2014-12-15 17:05 - 00001710 _____ () C:\Users\Farmer\Desktop\Audible Manager.lnk
2014-12-15 16:37 - 2014-12-15 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2014-12-15 16:37 - 2014-12-15 16:37 - 00255352 _____ (Audible, Inc.) C:\Windows\system32\awrdscdc.ax
2014-12-15 16:36 - 2014-12-15 17:05 - 00000000 ____D () C:\Program Files\Audible
2014-12-15 16:36 - 2014-12-15 16:37 - 00000000 ____D () C:\Users\Farmer\Documents\Audible
2014-12-15 16:36 - 2014-12-15 16:36 - 01730272 _____ (Audible Inc.) C:\Users\Farmer\Downloads\ActiveSetupN.exe
2014-12-15 16:36 - 2014-12-15 16:36 - 00000000 ____D () C:\Users\Public\Documents\Audible
2014-12-15 08:24 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-15 08:23 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-15 08:15 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 11:20 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 11:20 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 11:20 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 11:20 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 11:20 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 11:20 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 11:20 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 11:20 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 11:20 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 11:20 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 11:20 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 11:20 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 11:20 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 11:20 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 11:20 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 11:20 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 11:20 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 11:20 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 11:20 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 11:20 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 11:20 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 11:20 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 21:02 - 2014-12-26 20:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 18:48 - 2013-09-08 12:14 - 00000000 ____D () C:\FRST
2014-12-27 18:45 - 2008-08-28 06:26 - 00000438 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
2014-12-27 18:36 - 2013-09-08 12:05 - 01114624 _____ (Farbar) C:\Users\Farmer\Downloads\FRST.exe
2014-12-27 18:36 - 2008-12-25 17:32 - 00002695 _____ () C:\Users\Farmer\Desktop\Microsoft Office Outlook 2007.lnk
2014-12-27 18:27 - 2013-01-10 18:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 18:00 - 2008-10-30 17:54 - 01776785 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 17:47 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 17:47 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 13:48 - 2008-08-28 05:28 - 00259230 _____ () C:\ProgramData\nvModes.001
2014-12-27 13:47 - 2008-08-28 05:22 - 00259230 _____ () C:\ProgramData\nvModes.dat
2014-12-27 13:47 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-27 13:46 - 2008-01-21 03:47 - 02617334 _____ () C:\Windows\PFRO.log
2014-12-27 13:45 - 2006-11-02 14:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-27 13:44 - 2009-11-20 11:37 - 00000000 ____D () C:\ProgramData\Creative
2014-12-27 13:44 - 2009-11-20 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-12-27 13:44 - 2009-11-20 11:26 - 00000000 ____D () C:\Program Files\Creative
2014-12-27 13:35 - 2013-09-08 12:54 - 00000000 ____D () C:\AdwCleaner
2014-12-27 13:35 - 2008-10-30 17:59 - 00000941 _____ () C:\Users\Farmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-27 13:21 - 2011-07-17 19:25 - 00000000 ____D () C:\Users\Farmer\AppData\Local\CrashDumps
2014-12-27 13:13 - 2011-05-07 11:25 - 00006311 _____ () C:\Windows\IE9_main.log
2014-12-26 20:29 - 2014-03-04 21:06 - 00000000 ____D () C:\Program Files\Avira
2014-12-26 20:29 - 2012-05-16 16:28 - 00000000 ____D () C:\ProgramData\Avira
2014-12-26 19:18 - 2013-09-02 11:00 - 00000000 ____D () C:\Program Files\StarMoney 9.0 Commerzbank-Edition
2014-12-26 09:22 - 2006-11-02 11:33 - 00006846 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 09:15 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-26 09:06 - 2009-11-20 11:30 - 00000090 ___RH () C:\Windows\ctfile.rfc
2014-12-25 18:29 - 2010-06-10 21:38 - 00000000 ____D () C:\Users\Farmer\dwhelper
2014-12-25 18:12 - 2008-10-30 17:58 - 00000000 ____D () C:\Users\Farmer
2014-12-23 18:18 - 2008-08-28 05:25 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-23 18:16 - 2008-08-28 11:26 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-12-23 18:14 - 2013-10-22 18:22 - 00000000 ____D () C:\Program Files\Adobe
2014-12-18 19:27 - 2014-09-05 10:37 - 00000000 ____D () C:\Users\Farmer\Desktop\Haus Husum
2014-12-17 12:41 - 2009-10-23 15:05 - 00000000 ____D () C:\Users\Farmer\AppData\Roaming\XnView
2014-12-17 12:19 - 2014-08-31 18:44 - 00014312 _____ () C:\Users\Farmer\Documents\Strom Zählerstand Stromio 2014-2015.xlsx
2014-12-16 09:44 - 2013-06-16 08:53 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-12-15 17:28 - 2013-06-16 08:57 - 00000000 ____D () C:\Users\Farmer\AppData\Roaming\TuneUp Software
2014-12-15 15:08 - 2013-10-10 12:46 - 00000000 ____D () C:\Users\Farmer\Desktop\Berufsunfähigkeit
2014-12-15 09:04 - 2014-08-18 15:00 - 00014369 _____ () C:\Users\Farmer\Desktop\Gesamtbudget Haus Husum.xlsx
2014-12-15 09:00 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-12-15 08:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-15 08:25 - 2008-08-28 09:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-15 08:22 - 2013-08-16 19:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-15 08:18 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-13 19:46 - 2014-04-24 12:32 - 00000000 ____D () C:\Users\Farmer\Desktop\Bauer Krank
2014-12-13 12:50 - 2014-07-07 18:32 - 00000973 _____ () C:\Users\Farmer\Desktop\Amazon Music.lnk
2014-12-11 11:13 - 2008-10-30 19:50 - 00000000 ____D () C:\Users\Farmer\AppData\Local\Adobe
2014-12-11 11:12 - 2012-08-16 19:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-11 11:12 - 2012-08-16 19:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Farmer\AppData\Local\Temp\avgnt.exe
C:\Users\Farmer\AppData\Local\Temp\e90aa3d2-90f2-4ebe-b433-1dfb3ea6eb0b.exe
C:\Users\Farmer\AppData\Local\Temp\Quarantine.exe
C:\Users\Farmer\AppData\Local\Temp\SpOrder.dll
C:\Users\Farmer\AppData\Local\Temp\sqlite3.dll
C:\Users\Farmer\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-27 13:55

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-12-2014
Ran by Farmer at 2014-12-27 18:49:15
Running from C:\Users\Farmer\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
3D-Viewer-innoplus (HKLM\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 14.00.302 - INNOVA-engineering GmbH)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Ad-Aware Antivirus (HKLM\...\{69489131-0E91-491B-9E15-1987CDAD95C6}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware Web Companion (Version: 1.1.844.1586 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Connect Add-in (HKU\S-1-5-21-1407152699-662640812-3050536513-1001\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1407152699-662640812-3050536513-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 13695170.-2.1999007926.1999006940 - Audible, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira Savings Advisor (HKLM\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{2F92229B-8CE2-4482-8047-9DBF49CA5F58}) (Version: 2.0.0.0 - )
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.00.0000 - Corel Corporation)
CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version:  - )
Creative Systeminformationen (HKLM\...\SysInfo) (Version:  - )
CVE-2012-4969 (HKLM\...\{777afb2a-98e5-4f14-b455-378a925cae15}.sdb) (Version:  - )
cyberJack Base Components (HKLM\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.8.0 - REINER SCT)
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.2014 - CyberLink Corp.)
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5203 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1916 - CyberLink Corp.)
DE (Version: 3.0 - Corel Corporation) Hidden
Desktop Media Player by Wishlistradio.com v2.0.9 (HKLM\...\Desktop Media Player by Wishlistradio.com_is1) (Version:  - )
EPSON Print CD (HKLM\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.50.000 - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
ESPR265_270 Benutzerhandbuch (HKLM\...\ESPR265_270 Benutzerhandbuch) (Version:  - )
e-Wörterbücher (HKLM\...\{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}) (Version:  - )
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.1 - Nikon)
freedb database (HKLM\...\freedb database) (Version:  - )
Gigaset QuickSync (HKLM\...\{b49e8cfb-f094-4467-925a-97c23972cb50}) (Version: 8.3.0868.3 - Gigaset Communications GmbH)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle)
Java(TM) 6 Update 35 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
Kabel Deutschland Installations-Software (Version: 3.6.0.0 - Kabel Deutschland Vertrieb und Services GmbH) Hidden
LavasoftTcpService (Version: 2.2.9.5 - Lavasoft) Hidden
Letstrade (HKLM\...\{E0091C29-DEE8-4B24-BF65-8C35B5940D77}) (Version: 1.00.0000 - Buhl Data Service)
LetsTrade Komponenten (HKLM\...\LetsTrade) (Version:  - )
MakeDisc (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.0.2601 - CyberLink Corp.)
MD86351 driver install (HKLM\...\InstallShield_{0CE5D71A-15AE-477A-BD1F-5347562CB0BC}) (Version: 6.3.6.1 - Ihr Firmenname)
MD86351 driver install (Version: 6.3.6.1 - Ihr Firmenname) Hidden
Micrografx Instant 3D 1.2 (HKLM\...\Micrografx Instant 3D 1.2) (Version:  - )
Micrografx PhotoMagic 6 (HKLM\...\Micrografx PhotoMagic 6) (Version:  - )
Micrografx Windows Draw 6 (HKLM\...\WindowsDraw6) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 21.005.11.01.858 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker 3 (HKLM\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.20.0 - EgisTec)
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version:  - )
Native Instruments Service Center (HKU\S-1-5-21-1407152699-662640812-3050536513-1001\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Traktor 3 LE (HKLM\...\Native Instruments Traktor 3 LE) (Version:  - )
Nero 7 Premium (HKLM\...\{1CDFA6DE-FD15-4821-AB48-2832D6FA1031}) (Version: 7.02.5043 - Nero AG)
Networking USB Server (HKLM\...\InstallShield_{2D553EB7-756F-4CB5-A09E-0ABA72EA8A4E}) (Version: 0.12.0724.1205 - Ihr Firmenname)
Networking USB Server (Version: 0.12.0724.1205 - Ihr Firmenname) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{4216D328-0FE8-48B8-85B8-BD300E6F080F}) (Version: 7.1.36.0 - Nokia)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
PC Connectivity Solution (HKLM\...\{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}) (Version: 10.50.2.0 - Nokia)
proDAD Heroglyph 2.5 (HKLM\...\proDAD-Heroglyph-2.5) (Version:  - )
proDAD Vitascene 1.0 (HKLM\...\proDAD-Vitascene-1.0) (Version:  - )
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5672 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
ScanSnap Manager (HKLM\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V4.0L20 - PFU)
Sceneo AbsolutTV (HKLM\...\{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}) (Version:  - )
Service Center Setup (Version: 1.0 - InstallAware Software Corporation) Hidden
Spesoft Audio Converter 2.20 (HKLM\...\Spesoft Audio Converter_is1) (Version:  - Spesoft)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StarMoney (Version: 2.0 - StarFinanz) Hidden
StarMoney (Version: 4.0.1.51 - StarFinanz) Hidden
StarMoney 7.0 Commerzbank-Edition (HKLM\...\{58F8BB38-E404-46BA-B8E1-A3E6DB51E5BD}) (Version: 7.0 - StarFinanz GmbH)
StarMoney 9.0 Commerzbank-Edition (HKLM\...\{04663869-471C-4C5E-B8CD-B5D54705676F}) (Version: 9.0 - Star Finanz GmbH)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
Total Immersion D'Fusion @Home Web Plug-In (HKLM\...\D'Fusion @Home Web Plug-In) (Version:  - Total Immersion)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.4000.260 - TuneUp Software) Hidden
TV IR (HKLM\...\{C1FD1627-2EAF-48CB-A333-42D39BCB096D}) (Version: 2.1 - MEDION)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VITAKEY (HKLM\...\InstallShield_{9428A68A-9B43-473D-9771-FDA1D15B4C0D}) (Version: 6.0.1.41 - EgisTec)
VITAKEY (Version: 6.0.1.41 - EgisTec) Hidden
VLC media player 1.1.9 (HKLM\...\VLC media player) (Version: 1.1.9 - VideoLAN)
Wajam (HKLM\...\WInterEnhance) (Version: 2.21.2.26 (i2.6) - WInterEnhance) <==== ATTENTION
Wärmepumpen-Navigator (HKLM\...\de.mbc-agentur.wpnavigator) (Version: 3.1.0 - UNKNOWN)
Wärmepumpen-Navigator (Version: 3.1.0 - UNKNOWN) Hidden
Web Companion (HKLM\...\{D5116390-5C95-4FEA-A719-78C3C8B5DFB5}_WebCompanion) (Version: 1.1.844.1586 - Lavasoft)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\A5C76F143DE85710B0FDBABC39480EC492EE05CF) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live installer (HKLM\...\{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia Modem  (08/03/2007 6.84.0.2) (HKLM\...\819D45A9F73817F5B6D7C71A33ADAB88C5DA1765) (Version: 08/03/2007 6.84.0.2 - Nokia)
Windows-Treiberpaket - Nokia Modem  (10/12/2007 3.6) (HKLM\...\6A630DCEC5EEC912115F2FF59D8C2C769798D930) (Version: 10/12/2007 3.6 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
XnView 1.96.5 (HKLM\...\XnView_is1) (Version: 1.96.5 - Gougelet Pierre-e)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1407152699-662640812-3050536513-1001_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1407152699-662640812-3050536513-1001_Classes\CLSID\{494EAEDB-8445-4476-9950-6F9FEFF501C6}\InprocServer32 -> C:\Users\Farmer\AppData\Desktop Media Player\wishradioband1.dll ()

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2014-12-26 19:02 - 00450690 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13709D57-4CA9-4AE1-A924-9207448DB3D0} - System32\Tasks\{C7019381-090B-4785-B5FC-6884D1901C49} => pcalua.exe -a "E:\Service Center Setup.exe" -d E:\
Task: {18AE14B7-4A3C-45BA-A994-85A34FC71C36} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {1E0AA533-DB01-4316-B55B-7B6CBB726343} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Farmer => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {2D469861-7DE0-49EB-9BFF-AAA3EF1CB636} - System32\Tasks\{963301AF-F691-496B-A29C-C823B248C7B3} => pcalua.exe -a E:\Setup.exe -d E:\ -c -Autorun
Task: {32AC2628-119D-49DD-8043-F468BA9A8C53} - System32\Tasks\{A3BBDB9F-7649-4535-94F9-9F63C1E4DB71} => pcalua.exe -a "C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl" -c Nero BurnRights
Task: {6092D30B-E05A-4398-8871-8932CC46F2B6} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {6184271C-A7B0-42B7-A7E6-D4A5A09CF551} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {84B89711-56C7-4572-A775-D91F05E8611A} - System32\Tasks\{2DC39C73-5602-4E78-B1DC-B040E6E64F99} => pcalua.exe -a "C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c @0,0x63737064
Task: {A1C61A8C-B27E-44AA-BD77-01137B1647D2} - System32\Tasks\{C7EE7D8C-4D3E-4CE6-BFF2-77F72143510D} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {A75EB59E-8BBE-45D5-8DAB-5B11A7D98AD8} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {AF82A84D-0D33-4718-AF16-4E5F2A508A0E} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {B39A9807-5EFC-422A-A0FC-D7AFAF526605} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B8B2FB39-EF4C-445A-B187-017578B6DF3C} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Task: {BEC8C49E-8888-4F9F-AE0C-353A847C46DE} - System32\Tasks\{BDB75A88-DC12-4701-8E93-69A40E057297} => pcalua.exe -a "C:\Program Files\palmOne\QuickInstall.exe" -d C:\Users\Farmer\Desktop
Task: {BEE59394-2EB2-41B8-BF79-F84F3A69A1D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {E12995C9-E07B-4D97-A892-1AC7D8BCAA9B} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files\avira\Internet Explorer\swu.vbs"
Task: {E2DE7BD7-965C-409D-B9FA-C3184A6191F7} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-12-18 15:20 - 2014-12-18 15:20 - 02562896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareShellExtension.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 02423600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00110432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00022360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-26 14:44 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-26 14:44 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-12 15:39 - 2007-05-31 07:38 - 00167936 ____N () C:\Windows\system32\SerialXP.dll
2010-11-16 14:37 - 2010-11-16 14:37 - 00264704 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2008-08-29 19:11 - 2008-08-29 19:11 - 02180392 _____ () C:\Program Files\EgisTec\VITAKEY\BASVC.exe
2014-12-23 16:01 - 2014-12-23 16:01 - 00312320 _____ () C:\Program Files\WInterEnhance\WInterEnhance Internet Enhancer\InternetEnhancerService.exe
2014-12-18 14:45 - 2014-12-18 14:45 - 00662544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:20 - 2014-12-18 15:20 - 00090456 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00030040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00048480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 10552144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00635224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00580424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00409432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00640840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00087360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00104768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00760664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00691560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00865096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00207688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00796504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00174936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 01018176 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00030552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00768344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00857432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00190800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00705352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00671056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 02364240 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 02665296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00990032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00046944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00999256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00766272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00298824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 02123608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00969536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00766784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00759112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00923496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00121664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2014-12-23 16:01 - 2014-12-23 16:01 - 00083456 _____ () C:\Program Files\WInterEnhance\WInterEnhance Internet Enhancer\InternetEnhancer.exe
2014-12-26 14:44 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-18 15:20 - 2014-12-18 15:20 - 07700288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:20 - 2014-12-18 15:20 - 00405848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 01624896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00056632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00870224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00641856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2013-04-30 07:50 - 2013-04-30 07:48 - 00218624 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-04-30 07:50 - 2013-04-30 07:48 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-04-30 07:50 - 2013-04-30 07:48 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-04-30 07:50 - 2013-04-30 07:48 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-04-30 07:50 - 2013-04-30 07:48 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00070464 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00171368 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00089928 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00033136 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2014-12-16 12:10 - 2014-12-16 12:10 - 00041304 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00015696 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2007-06-05 12:20 - 2007-06-05 12:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2008-08-28 12:37 - 2008-06-29 22:10 - 00241734 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2014-12-26 14:44 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-26 14:44 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00015208 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2014-12-16 12:08 - 2014-12-16 12:08 - 00012144 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2014-12-16 12:08 - 2014-12-16 12:08 - 00032616 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2008-08-28 13:02 - 2007-05-16 21:48 - 00421955 _____ () C:\Program Files\Sceneo\AbsolutTV\Services\PVR\tvtvRemote.dll
2009-10-20 19:35 - 2009-04-11 07:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2011-11-11 06:19 - 2009-10-06 13:36 - 00205312 _____ () C:\Program Files\StarMoney 7.0 Commerzbank-Edition\ouservice\PATCHW32.dll
2014-08-12 09:16 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files\StarMoney 9.0 Commerzbank-Edition\ouservice\PATCHW32.dll
2014-04-15 14:59 - 2014-04-15 14:59 - 00568120 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-12-26 09:49 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Farmer\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: WLSetupSvc => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK => C:\Windows\pss\Hardcopy.LNK.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Farmer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.LNK => C:\Windows\pss\HotSync Manager.LNK.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Creative SB Monitoring Utility => RunDll32 sbavmon.dll,SBAVMonitor
MSCONFIG\startupreg: CreativeTaskScheduler => "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
MSCONFIG\startupreg: EPSON Stylus Photo R265 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\Windows\TEMP\E_S4AD5.tmp" /EF "HKCU"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: VolPanel => "C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1407152699-662640812-3050536513-500 - Administrator - Disabled)
Farmer (S-1-5-21-1407152699-662640812-3050536513-1001 - Administrator - Enabled) => C:\Users\Farmer
Gast (S-1-5-21-1407152699-662640812-3050536513-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Fingerprint Reader
Description: Fingerprint Reader
Class Guid: {a8e6a1b0-bce2-11dc-95ff-0800200c9a66}
Manufacturer: LTT
Service: FPSensor
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2014 06:49:19 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (12/27/2014 06:49:19 PM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter" 
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (12/27/2014 01:47:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 01:44:01 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Users\Farmer\AppData\Local\Temp\SET86AC.tmp -deleter -l0x7 /remove -your_launcherSETUP.EXE -clone_of"C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\"; Beschreibung = Entfernt Creative MediaSource 5; Hr = 0x8004230f).

Error: (12/27/2014 01:44:01 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien löschen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 0
   Snapshotkontext: 0
   Ausführungskontext: Coordinator

Error: (12/27/2014 01:44:01 PM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter" 
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien löschen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 0
   Snapshotkontext: 0
   Ausführungskontext: Coordinator

Error: (12/27/2014 01:44:01 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen
   Schattenkopien löschen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 0
   Snapshotkontext: 0
   Ausführungskontext: Coordinator
   Ausführungskontext: Coordinator

Error: (12/27/2014 01:44:01 PM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter" 
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen
   Schattenkopien löschen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 0
   Snapshotkontext: 0
   Ausführungskontext: Coordinator
   Ausführungskontext: Coordinator

Error: (12/27/2014 01:44:01 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: 4194317
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0bc8b4db-a69a-11dd-b609-806e6f6e6963}\
   Ausführungskontext: Coordinator

Error: (12/27/2014 01:44:01 PM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter" 
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: 4194317
   Ausführungskontext: Coordinator
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Volumename: \\?\Volume{0bc8b4db-a69a-11dd-b609-806e6f6e6963}\
   Ausführungskontext: Coordinator


System errors:
=============
Error: (12/27/2014 06:48:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (12/27/2014 06:48:10 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (12/27/2014 06:47:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (12/27/2014 06:47:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (12/27/2014 06:44:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (12/27/2014 06:44:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (12/27/2014 06:44:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (12/27/2014 06:44:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (12/27/2014 06:44:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (12/27/2014 06:44:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-02-16 17:13:41.897
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-16 16:28:22.146
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-16 16:16:59.954
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-16 16:11:31.350
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-08 21:40:15.981
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 59%
Total physical RAM: 3065.96 MB
Available physical RAM: 1232.83 MB
Total Pagefile: 6342.88 MB
Available Pagefile: 4283.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.07 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:278.32 GB) (Free:42.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.76 GB) (Free:7 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 8E03B488)
Partition 1: (Active) - (Size=278.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19.8 GB) - (Type=0C)

==================== End Of Log ============================
         
__________________

Alt 28.12.2014, 17:04   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html - Standard

Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Wajam



  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html
antivir blockt startseite, datei, entdeck, entdeckt, entfernt, geblockt, gelöscht, goggle, google, hochladen, interne, internet, mp3, nicht mehr, quarantäne, resource, seite, spybot, startseite, suchmaschine, troja, trojaner, trotz, verschoben, versucht, zusammen



Ähnliche Themen: Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html


  1. Firefox Neue Tabs werden als resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html geöffnet
    Log-Analyse und Auswertung - 10.11.2015 (13)
  2. resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html entfernen aus Firefox geht nicht
    Plagegeister aller Art und deren Bekämpfung - 30.09.2015 (9)
  3. Win 7 chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html
    Log-Analyse und Auswertung - 09.04.2015 (21)
  4. chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html
    Log-Analyse und Auswertung - 14.02.2015 (25)
  5. Hilfe ich habe mir was gefangen:chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html
    Log-Analyse und Auswertung - 16.01.2015 (17)
  6. Windows 7: resource://firefox.abs.avira.com/html/blocked.html
    Log-Analyse und Auswertung - 16.12.2014 (9)
  7. HTML/ExpKit.Gen3 aber Avira zeigt mir das immer nur Abends an
    Plagegeister aller Art und deren Bekämpfung - 23.11.2014 (11)
  8. resource://firefox.abs.avira.com/html/blocked.html
    Log-Analyse und Auswertung - 10.11.2014 (10)
  9. resource://firefox.abs.avira.com/html/blocked.html
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (13)
  10. Bei Firefox start -> resource://firefox.abs.avira.com/html/blocked.html
    Log-Analyse und Auswertung - 21.09.2014 (9)
  11. resource://firefox.abs.avira.com/html/blocked.html
    Log-Analyse und Auswertung - 08.09.2014 (11)
  12. Avira findet immer wieder HTML/Crypted.Gen
    Plagegeister aller Art und deren Bekämpfung - 19.05.2014 (3)
  13. Win 7 32 Bit - Avira findet immer wieder diesen Virus "HTML/Malicious.Flash.Gen"
    Log-Analyse und Auswertung - 05.10.2013 (12)
  14. Neues Fenster kommt immer beim an- und abmelden, http://fla15.maxexp.com/tag1.html
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (10)
  15. Avira meldet HTML/IFrame.puas in Firefox Profile
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (2)
  16. Avira Fund: HTML/Infected.WebPage.Gen, Virus, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (6)
  17. Trojaner entdeckt & entfernt - trotzdem kommt Firefox nicht ins Internet
    Plagegeister aller Art und deren Bekämpfung - 12.05.2010 (6)

Zum Thema Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html - Habe bei meinem PC eine Datei aus dem Internet runtergeladen um Hörbücher auf mp3 umzuwandeln.Bei der Dabei hat Antivir eine Malwere entdeckt und in Quarantäne verschoben, Habe dann nicht mehr - Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html...
Archiv
Du betrachtest: Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.