Win 7/32 bit - Avira findet adware/multiplug.gen4 + Firefox stürzt immer ab

anna12345 · 16.01.2015, 15:30

Guten Tag liebes Trojaner-Team,

ein Freund hat mir irgendeinen Download-Link geschickt, den ich ausversehen geöffnet habe. Ich weiß auch nicht, wo ich mit meinen Gedanken war, sowas passiert mir sonst nicht. Das war auch noch von so einer öminösen Filesharing-Seite (irgendwas mit "torrents").

Jedenfalls schlug dann gleich Avira an und meldete "adware/multiplug.gen4" gefunden zu haben. Ich habe es gleich in Quarantäne verschoben und dann gelöscht.

Jetzt habe ich Angst, dass da jetzt irgendwas auf meinem Computer ist.

Mein 2. Problem, dass ich aber schon ewig habe, ist, dass mein Firefox ständig abstürzt, woran könnte das liegen? Ich habe immer sehr viele Tabs gleichzeitig offen.

Könnt ihr mir bitte mit der Adware helfen und vielleicht einen Tipp bezüglich Firefox geben?

Vielen lieben Dank im Voraus!!

Ich hoffe, ich bekomme alles so hin, denn ich habe leider gar keine Ahnung von Computerdingen.

deeprybka · 16.01.2015, 15:34

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

anna12345 · 16.01.2015, 17:43

Lieber Jürgen,

vielen lieben Dank für deine Hilfe!

Hier die Berichte:

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01
Ran by ****** (administrator) on ******* on 16-01-2015 17:25:24
Running from C:\Users\******\Desktop
Loaded Profiles: ****** (Available profiles: ******)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Windows\System32\Rezip.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Ulead Systems, Inc.) C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Pokki) C:\Users\******\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Spotify Ltd) C:\Users\******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(Pokki) C:\Users\******\AppData\Local\Pokki\Engine\HostAppService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Program Files\10-Sekunden-Haushaltsbuch\10hh.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-01] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [Ulead AutoDetector] => C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [45056 2003-11-19] (Ulead Systems, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SearchSettings] => C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [1250112 2013-01-10] (Spigot, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2015-01-16] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-16] (Google Inc.)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [] => [X]
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [Spotify Web Helper] => C:\Users\******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-04] (Spotify Ltd)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\MountPoints2: {4eb7635b-6923-11e0-ab26-002454196649} - F:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\MountPoints2: {94d6983d-8ed2-11e2-961b-002454196649} - H:\LGAutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1016556084-3091970497-507946437-1000] => http=127.0.0.1:59333
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {A70E5BAE-0A3E-4CA7-B622-68C0A9E93046} URL = hxxp://de.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=302398&ilc=12&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: No Name -> {B922D405-6D13-4A2B-AE89-08A030DA4402} ->  No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1016556084-3091970497-507946437-1000: @citrixonline.com/appdetectorplugin -> C:\Users\******\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1016556084-3091970497-507946437-1000: pokki.com/PokkiDownloadHelper -> C:\Users\******\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\webde-suche.xml
FF Extension: Avira Browser Safety - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Facebook Translate - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\facebook-translate@oliver.schloebe.de [2014-04-07]
FF Extension: WEB.DE MailCheck - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\toolbar@web.de [2014-12-15]
FF Extension: Evernote Web Clipper - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-03-18]
FF Extension: feedly - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\feedly@devhd.xpi [2013-06-17]
FF Extension: Google Translator for Firefox - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\translator@zoli.bod.xpi [2013-06-24]
FF Extension: ImTranslator - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-06-17]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-11-10]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-02-10]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-09-22]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2015-01-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2015-01-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2015-01-16] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 yksvc; C:\windows\System32\yk62x86.dll [282624 2009-06-15] (Marvell)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-03-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-03-06] (LG Electronics Inc.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\windows\System32\DRIVERS\cmderd.sys [17088 2014-12-09] (COMODO)
R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [617536 2014-12-09] (COMODO)
R1 cmdHlp; C:\windows\System32\DRIVERS\cmdhlp.sys [41248 2014-12-09] (COMODO)
R1 HMD; C:\windows\System32\DRIVERS\hmd.sys [15400 2014-06-26] ()
R1 inspect; C:\windows\System32\DRIVERS\inspect.sys [91200 2014-12-09] (COMODO)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-29] (Avira GmbH)
R3 VMC326; C:\windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 17:25 - 2015-01-16 17:26 - 00023135 _____ () C:\Users\******\Desktop\FRST.txt
2015-01-16 17:24 - 2015-01-16 17:25 - 00000000 ____D () C:\FRST
2015-01-16 17:24 - 2015-01-16 17:24 - 01116672 _____ (Farbar) C:\Users\******\Desktop\FRST.exe
2015-01-16 14:09 - 2015-01-16 14:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-16 14:09 - 2015-01-16 14:12 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-16 14:09 - 2015-01-16 14:09 - 00018968 _____ (Safer Networking Limited) C:\windows\system32\sdnclean.exe
2015-01-16 14:09 - 2015-01-16 14:09 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-16 14:09 - 2015-01-16 14:09 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-16 14:09 - 2015-01-16 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-16 14:02 - 2015-01-16 14:02 - 01179936 _____ () C:\Users\******\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-01-14 07:52 - 2015-01-14 07:52 - 03971512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-01-14 07:52 - 2015-01-14 07:52 - 03916728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 07:52 - 2015-01-14 07:52 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 07:52 - 2015-01-14 07:52 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 07:52 - 2015-01-14 07:52 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 07:52 - 2015-01-14 07:52 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-12 15:08 - 2015-01-12 15:09 - 00000000 ____D () C:\Users\******\AppData\Local\EvernoteNW
2015-01-04 10:25 - 2015-01-05 07:55 - 00000000 ____D () C:\Users\******\AppData\Local\Spotify
2015-01-04 10:25 - 2015-01-04 11:20 - 00002054 _____ () C:\Users\******\Desktop\Spotify.lnk
2015-01-04 10:25 - 2015-01-04 10:25 - 00001823 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-01-04 10:23 - 2015-01-06 13:26 - 00000000 ____D () C:\Users\******\AppData\Roaming\Spotify
2015-01-04 10:22 - 2015-01-04 10:22 - 00137888 _____ (Spotify Ltd) C:\Users\******\Downloads\SpotifySetup.exe
2015-01-02 15:22 - 2015-01-02 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-01-01 21:51 - 2015-01-01 21:51 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieBrowserModeList
2015-01-01 17:45 - 2015-01-01 17:45 - 00083264 _____ (Amazon.com, Inc.) C:\windows\system32\stkMonitor.dll
2015-01-01 17:45 - 2015-01-01 17:45 - 00000000 ____D () C:\Program Files\Amazon
2015-01-01 17:20 - 2015-01-01 17:20 - 00000000 ____D () C:\Users\******\AppData\Local\calibre-cache
2015-01-01 17:17 - 2015-01-01 18:37 - 00000000 ____D () C:\Users\******\Documents\Calibre-Bibliothek
2015-01-01 17:17 - 2015-01-01 17:20 - 00000000 ____D () C:\Users\******\AppData\Roaming\calibre
2015-01-01 17:16 - 2015-01-01 17:16 - 00000930 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-01-01 17:15 - 2015-01-01 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-01-01 17:15 - 2015-01-01 17:16 - 00000000 ____D () C:\Program Files\Calibre2
2014-12-26 17:58 - 2015-01-16 16:40 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-26 17:58 - 2015-01-13 20:40 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-12-21 07:57 - 2014-12-26 17:49 - 00002115 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2014-12-18 06:22 - 2014-12-18 06:22 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 17:20 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 17:20 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 17:12 - 2009-09-16 22:52 - 01050608 _____ () C:\windows\WindowsUpdate.log
2015-01-16 16:48 - 2010-04-05 09:47 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 16:48 - 2010-04-05 09:47 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 15:06 - 2009-12-26 13:18 - 00000000 ____D () C:\Users\******\AppData\Roaming\UseNeXT
2015-01-16 15:06 - 2009-12-26 13:18 - 00000000 ____D () C:\Program Files\UseNeXT
2015-01-16 13:24 - 2014-04-14 17:44 - 00000000 ____D () C:\Users\******\AppData\Local\Pokki
2015-01-16 07:24 - 2009-12-24 16:12 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-01-16 07:23 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-16 07:23 - 2009-07-14 05:39 - 00180216 _____ () C:\windows\setupact.log
2015-01-15 19:13 - 2014-04-14 17:46 - 00002413 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pixsta.lnk
2015-01-14 22:42 - 2013-08-15 20:17 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 22:42 - 2009-12-25 12:55 - 110348472 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 22:26 - 2009-12-25 14:02 - 00000000 ____D () C:\Users\******\Documents\Sonstiges
2015-01-14 21:39 - 2014-11-10 16:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 21:39 - 2013-01-29 09:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 20:40 - 2013-06-17 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 14:05 - 2009-07-26 21:06 - 02058380 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-06 21:16 - 2014-01-04 19:42 - 00000000 ____D () C:\Users\******\Documents\Ebooks
2015-01-02 08:01 - 2014-04-14 17:46 - 00002286 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-01-02 07:57 - 2009-09-16 23:44 - 01230566 _____ () C:\windows\PFRO.log
2015-01-01 22:45 - 2011-02-12 13:14 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-01 22:34 - 2013-06-07 14:42 - 00000000 ____D () C:\ProgramData\tmp
2015-01-01 21:57 - 2013-06-07 14:42 - 00001230 _____ () C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
2015-01-01 21:57 - 2013-06-07 14:42 - 00001210 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2015-01-01 17:46 - 2013-10-17 19:42 - 00000000 ____D () C:\Users\******\AppData\Local\Amazon
2014-12-19 14:39 - 2011-02-12 17:40 - 00000000 ____D () C:\ProgramData\CanonIJ

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\_is2EBE.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 08:17

==================== End Of Log ============================

--- --- ---

Addition.text:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015 01
Ran by ***** at 2015-01-16 17:26:57
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

10-Sekunden-Haushaltsbuch 5 5.05  (HKLM\...\10-Sekunden-Haushaltsbuch 5) (Version: 5.05 - easy softway)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Send to Kindle (HKLM\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.12 - Doctorsoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{6848704E-C8D4-4F4F-9181-5926D4A11E98}) (Version: 3.0.741.0 - ATI Technologies, Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 1994873568.48.56.10161386 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Audiograbber Lame-MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BatteryLifeExtender (HKLM\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung)
Buchungssatzpauker-B IKR 2.50 (Shareware) (HKLM\...\{141A7ECB-AA8E-4C16-85FE-6FFF804799CF}) (Version: 2.50 - Dumproff Adolf)
Buchungssatzpauker-K IKR 2.50 (Shareware) (HKLM\...\{3909CBC3-ECC5-43FF-A963-CD6E031B9217}) (Version: 2.50 - Dumproff Adolf)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
calibre (HKLM\...\{C727544A-23E0-41A8-9901-2353CE3FE62A}) (Version: 2.14.0 - Kovid Goyal)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Benutzerregistrierung (HKLM\...\Canon MP550 series Benutzerregistrierung) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (Version: 2009.0901.2227.38495 - ATI) Hidden
ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
COMODO Internet Security (HKLM\...\{4EAB2511-0135-48CA-A47B-CE1E6836793A}) (Version: 5.8.15089.2124 - COMODO Security Solutions Inc.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}) (Version: 4.2.4 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.13587 - Landesfinanzdirektion Thüringen)
Evernote v. 5.8.1 (HKLM\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube Download version 3.2.11.812 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.11.812 - DVDVideoSoft Ltd.)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
GeekBuddy (HKLM\...\{87A5B227-81F8-4E51-86CA-39E89CB33B16}) (Version: 4.18.121 - Comodo Security Solutions Inc)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LG United Mobile Drivers (HKLM\...\{0C1879C1-B74A-4C6D-8880-E3F54B78E816}) (Version: 3.7.1.0 - LG Electronics)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.70.3.3 - Marvell)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (Version: 3.7.22.0 - Nokia) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 5.9.2 - )
PC Connectivity Solution (HKLM\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
PDF Architect (HKLM\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
pdfforge Toolbar v6.7 (HKLM\...\{6D783694-73D1-4122-BC59-B2A84ED85AAD}) (Version: 6.7 - Spigot, Inc.) <==== ATTENTION
Pixsta (HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Pokki_83453a3d886e527a470b5bb8291dd338de4b1e44) (Version: 2.5.3.3 - Pokki)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
Pokki (HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Pokki) (Version: 0.269.5.367 - Pokki) <==== ATTENTION!
Pokki Download Helper (HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.)
Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.1.14 - Samsung)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Ulead Photo Explorer 8.0 SE Basic (HKLM\...\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}) (Version: 8.0 - Ulead Systems, Inc.)
Ulead PhotoImpact XL (HKLM\...\{0DDDE141-9696-4E33-AB82-EF398169D7E5}) (Version: 8.5 - Ulead System)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\InprocServer32 -> C:\Users\*****\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\*****\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

11-01-2015 18:01:35 Windows-Sicherung
14-01-2015 22:41:06 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1411DECF-7C8F-433E-9086-2E38636CD4AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {1ADE930A-2B52-45AF-93D0-834293513949} - System32\Tasks\{F5935191-8A12-43D6-82EE-0FADBBAA99D3} => C:\Users\*****\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {2305DEF5-962C-43C2-B137-6BA272EB80A9} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {3BEA1269-71AA-491F-B309-219AE332725E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {3BEE5C8F-1014-427A-ADE8-A59EF034ACBD} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {4EE2A8A1-9346-423F-8EC2-1760E5073B97} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {65CAA3FC-6411-4E38-A61B-05EDDDD07C53} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {66C99EB8-B2D3-4F35-8B73-34DCDC018D0E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {6962625C-7903-41FF-8AD0-051472BA0016} - System32\Tasks\{9FFF92E5-413D-4BF7-9C9E-D7F94F4812CD} => C:\Program Files\10-Sekunden-Haushaltsbuch\10hh.exe [2009-12-22] ()
Task: {7366B38C-B7CB-49A5-AE9B-DC9EF847FB55} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.)
Task: {771EB0D6-0380-4D6E-9272-6418D128F8EF} - System32\Tasks\{7D96276C-A156-4DBF-8676-6C44EBE1180E} => C:\Program Files\10-Sekunden-Haushaltsbuch\10hh.exe [2009-12-22] ()
Task: {7A732BC1-5A1E-4D0C-B47C-CB9BAD16307D} - System32\Tasks\{BC233059-9719-4CC2-988C-2199E7E56CD5} => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
Task: {7F6F719F-E583-41BA-AC94-D014BD17E0C0} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {841761CE-10BE-4CAD-B7B0-65E2E5402CC0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {86AABC58-8DA0-4A1A-90C8-7AE51DC464DB} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {89198E57-3A74-4378-BC6B-78DA4258E0B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {8A29FF2D-80A1-4DAC-8007-66FDEA4D5BE9} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-12] (Samsung Electronics Co., Ltd.)
Task: {A17B5FC0-AFE5-4DBD-8A17-920D275E4610} - System32\Tasks\{BFE436B3-7139-45D2-AC4E-D8F8AAD3A425} => pcalua.exe -a "C:\Users\*****\Downloads\sw_uninstaller.exe" -d "C:\Users\*****\Downloads"
Task: {CD61B4F2-7F57-48DF-962A-A46642725FF6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {DE3C1843-6933-4DB6-BBF9-46DF66C0A9E2} - System32\Tasks\{258CABA4-C6F6-497E-BED3-E85E071F5053} => pcalua.exe -a "C:\Users\*****\Downloads\install_flash_player.exe" -d "C:\Users\*****\Downloads"
Task: {E9ED053E-9795-446B-8E23-287E75864848} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {F07F43DE-7137-4B50-BC6C-8C87A03B9607} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {FD41B263-ACFD-4FA6-A90A-D12884107BA0} - System32\Tasks\{A93FC1A1-B973-48A8-A31E-9579AE3722D6} => pcalua.exe -a E:\Data\setup.exe -d E:\ -c TI

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-02-12 13:14 - 2009-02-10 16:01 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2009-09-16 22:57 - 2009-03-05 10:54 - 00311296 _____ () C:\windows\SYSTEM32\Rezip.exe
2011-02-09 01:56 - 2011-02-09 01:56 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll
2011-09-05 18:04 - 2011-09-05 18:04 - 00301056 _____ () C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU
2012-12-21 17:57 - 2012-12-21 17:57 - 08507384 _____ () C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 02354168 _____ () C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 01014776 _____ () C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00364536 _____ () C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 02481144 _____ () C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 01347064 _____ () C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00206328 _____ () C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 02653176 _____ () C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00033272 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00035832 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00207352 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 11166712 _____ () C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00276984 _____ () C:\Program Files\Nokia\Nokia Suite\phonon4.dll
2012-12-21 15:29 - 2012-12-21 15:29 - 00391600 _____ () C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
2012-12-21 15:29 - 2012-12-21 15:29 - 00059280 _____ () C:\Program Files\Nokia\Nokia Suite\securestorage.dll
2012-12-21 17:56 - 2012-12-21 17:56 - 00438264 _____ () C:\Program Files\Nokia\Nokia Suite\NService.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00446456 _____ () C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00520696 _____ () C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00720888 _____ () C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
2012-12-21 17:56 - 2012-12-21 17:56 - 00606200 _____ () C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00093176 _____ () C:\Program Files\Nokia\Nokia Suite\qjson.dll
2012-12-21 15:29 - 2012-12-21 15:29 - 00110080 _____ () C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 00439304 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 00321032 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2014-09-25 06:04 - 2014-09-25 06:04 - 00976080 _____ () C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
2014-09-25 06:04 - 2014-09-25 06:04 - 02254544 _____ () C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
2014-09-25 06:04 - 2014-09-25 06:04 - 08024784 _____ () C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
2014-09-25 06:04 - 2014-09-25 06:04 - 01299664 _____ () C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
2009-02-12 06:32 - 2009-02-12 06:32 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-09-16 22:52 - 2009-09-16 22:52 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-09-16 23:06 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2009-07-20 18:00 - 2009-12-22 08:31 - 03542016 _____ () C:\Program Files\10-Sekunden-Haushaltsbuch\10hh.exe
2014-11-10 16:33 - 2015-01-14 21:39 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-16 14:09 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-16 14:09 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-16 14:09 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-16 14:09 - 2015-01-16 14:09 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-16 14:09 - 2015-01-16 14:09 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-13 20:40 - 2015-01-13 20:40 - 16844464 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\sdnclean.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:A42A9F39
AlternateDataStreams: C:\Users\*****\Desktop\FRST.exe:$CmdTcID
AlternateDataStreams: C:\Users\*****\Desktop\FRST.exe:$CmdZnID
AlternateDataStreams: C:\Users\*****\Downloads\SpotifySetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\*****\Downloads\SpotifySetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\*****\Downloads\SpyBot Search Destroy - CHIP-Installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\*****\Downloads\SpyBot Search Destroy - CHIP-Installer.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1016556084-3091970497-507946437-500 - Administrator - Disabled)
***** (S-1-5-21-1016556084-3091970497-507946437-1000 - Administrator - Enabled) => C:\Users\*****
Gast (S-1-5-21-1016556084-3091970497-507946437-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 00:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1f20
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/16/2015 10:09:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PDF Architect.exe, Version 1.0.52.8917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1064

Startzeit: 01d0316be4026c6a

Endzeit: 67

Anwendungspfad: C:\Program Files\PDF Architect\PDF Architect.exe

Berichts-ID: 46c632fc-9d5f-11e4-a642-002454196649

Error: (01/16/2015 07:54:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/16/2015 07:54:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/16/2015 07:54:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/16/2015 07:54:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/16/2015 07:24:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchSettings.exe, Version: 6.7.0.4, Zeitstempel: 0x50eed4e3
Name des fehlerhaften Moduls: SearchSettings.exe, Version: 6.7.0.4, Zeitstempel: 0x50eed4e3
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008a976
ID des fehlerhaften Prozesses: 0xe2c
Startzeit der fehlerhaften Anwendung: 0xSearchSettings.exe0
Pfad der fehlerhaften Anwendung: SearchSettings.exe1
Pfad des fehlerhaften Moduls: SearchSettings.exe2
Berichtskennung: SearchSettings.exe3

Error: (01/15/2015 05:32:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1a2c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/15/2015 07:36:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/15/2015 07:36:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (01/16/2015 07:23:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.

Error: (01/15/2015 09:44:57 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/15/2015 07:02:56 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎14.‎01.‎2015 um 23:07:12 unerwartet heruntergefahren.

Error: (01/14/2015 09:38:13 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/13/2015 06:26:15 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/11/2015 07:41:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.

Error: (01/10/2015 09:45:47 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/10/2015 06:03:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.

Error: (01/09/2015 10:52:24 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/08/2015 03:01:45 PM) (Source: volsnap) (EventID: 14) (User: )
Description: Die Schattenkopien von Volume "G:" wurden aufgrund eines E/A-Fehlers auf Volume "G:" abgebrochen.


Microsoft Office Sessions:
=========================
Error: (03/20/2011 10:26:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/20/2011 00:05:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/22/2011 06:13:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/15/2011 03:52:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 711 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (02/15/2011 06:23:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 70%
Total physical RAM: 3036.61 MB
Available physical RAM: 896.2 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 2659.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:141.49 GB) (Free:41.71 GB) NTFS
Drive d: () (Fixed) (Total:141.5 GB) (Free:141.34 GB) NTFS
Drive g: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:108.04 GB) NTFS
Drive h: () (Removable) (Total:7.41 GB) (Free:5.35 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B4B6F23B)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=141.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 5284981F)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0B)

==================== End Of Log ============================

deeprybka · 16.01.2015, 18:39

Hi,

Schritt 1

Bitte deinstalliere folgende Programme:

pdfforge Toolbar v6.7
Pokki
Pokki Download Helper
Avira oder COMODO Internet Security
Spybot - Search & Destroy

Versuche es bei Windows 7

zunächst über Systemsteuerung/Programme deinstallieren.

Sollte das nicht gehen, lade Dir bitte Revo Uninstaller

hier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung

Starte die Revouninstaller.exe
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
Klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus:

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Download
Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 4

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Wie läuft der PC jetzt?

anna12345 · 16.01.2015, 20:45

Lieber Jürgen,

ich habe die genannten Programme deinstalliert. Da Comodo meine Firewall war, habe ich jetzt die Windows-Firewall aktiviert. Ich hoffe, das ist so in Ordnung?

Hier die Logs:

AdwareCleaner:

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 16/01/2015 um 19:28:45
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : ****** - ******
# Gestartet von : C:\Users\******\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Users\******\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\******\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\******\AppData\Roaming\pdfforge
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
Datei Gelöscht : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\icqplugin.xml

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKCU\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v35.0 (x86 de)

[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.engineVerified", false);
[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.installTime", "1278097809");
[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");
[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.2");
[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "127800590912780063111278097809709");
[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1278097814);
[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
[shqqcb6n.default\prefs.js] - Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");

*************************

AdwCleaner[R0].txt - [6152 octets] - [16/01/2015 19:21:21]
AdwCleaner[R1].txt - [6212 octets] - [16/01/2015 19:26:26]
AdwCleaner[S0].txt - [6199 octets] - [16/01/2015 19:28:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6259 octets] ##########

Malwarebytes Anti-Malware :

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.01.2015
Suchlauf-Zeit: 19:39:56
Logdatei: 
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.16.09
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: ******

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 339505
Verstrichene Zeit: 22 Min, 30 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 1
PUM.Bad.Proxy, HKU\S-1-5-21-1016556084-3091970497-507946437-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:59333, Löschen bei Neustart, [e76a3abd6a1fee48a0cddc86b4500af6]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01
Ran by ****** (administrator) on ****** on 16-01-2015 20:36:21
Running from C:\Users\******\Desktop
Loaded Profiles: ****** (Available profiles: ******)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Windows\System32\Rezip.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Ulead Systems, Inc.) C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Spotify Ltd) C:\Users\******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-01] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [Ulead AutoDetector] => C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [45056 2003-11-19] (Ulead Systems, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-16] (Google Inc.)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [] => [X]
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [Spotify Web Helper] => C:\Users\******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-04] (Spotify Ltd)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\MountPoints2: {4eb7635b-6923-11e0-ab26-002454196649} - F:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\MountPoints2: {94d6983d-8ed2-11e2-961b-002454196649} - H:\LGAutoRun.exe
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {A70E5BAE-0A3E-4CA7-B622-68C0A9E93046} URL = hxxp://de.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=302398&ilc=12&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1016556084-3091970497-507946437-1000: @citrixonline.com/appdetectorplugin -> C:\Users\******\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\webde-suche.xml
FF Extension: Avira Browser Safety - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Facebook Translate - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\facebook-translate@oliver.schloebe.de [2014-04-07]
FF Extension: WEB.DE MailCheck - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\toolbar@web.de [2014-12-15]
FF Extension: Evernote Web Clipper - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-03-18]
FF Extension: feedly - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\feedly@devhd.xpi [2013-06-17]
FF Extension: Google Translator for Firefox - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\translator@zoli.bod.xpi [2013-06-24]
FF Extension: ImTranslator - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-06-17]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-11-10]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-02-10]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 yksvc; C:\windows\System32\yk62x86.dll [282624 2009-06-15] (Marvell)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-03-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-03-06] (LG Electronics Inc.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 HMD; C:\windows\System32\DRIVERS\hmd.sys [15400 2014-06-26] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-29] (Avira GmbH)
R3 VMC326; C:\windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 19:35 - 2015-01-16 20:25 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 19:35 - 2015-01-16 19:35 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-16 19:35 - 2015-01-16 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-16 19:35 - 2015-01-16 19:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 19:35 - 2015-01-16 19:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-16 19:35 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-16 19:35 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-16 19:35 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-16 19:24 - 2015-01-16 19:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\******\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-16 19:21 - 2015-01-16 19:29 - 00000000 ____D () C:\AdwCleaner
2015-01-16 19:20 - 2015-01-16 19:20 - 02191360 _____ () C:\Users\******\Desktop\AdwCleaner_4.107.exe
2015-01-16 19:08 - 2015-01-16 19:08 - 00000079 _____ () C:\windows\wininit.ini
2015-01-16 17:26 - 2015-01-16 17:29 - 00039799 _____ () C:\Users\******\Desktop\Addition.txt
2015-01-16 17:25 - 2015-01-16 20:37 - 00019613 _____ () C:\Users\******\Desktop\FRST.txt
2015-01-16 17:24 - 2015-01-16 20:36 - 00000000 ____D () C:\FRST
2015-01-16 17:24 - 2015-01-16 17:24 - 01116672 _____ (Farbar) C:\Users\******\Desktop\FRST.exe
2015-01-16 14:09 - 2015-01-16 19:12 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-16 14:09 - 2015-01-16 19:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-16 14:02 - 2015-01-16 14:02 - 01179936 _____ () C:\Users\******\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-01-14 07:52 - 2015-01-14 07:52 - 03971512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-01-14 07:52 - 2015-01-14 07:52 - 03916728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 07:52 - 2015-01-14 07:52 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 07:52 - 2015-01-14 07:52 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 07:52 - 2015-01-14 07:52 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 07:52 - 2015-01-14 07:52 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-12 15:08 - 2015-01-12 15:09 - 00000000 ____D () C:\Users\******\AppData\Local\EvernoteNW
2015-01-04 10:25 - 2015-01-05 07:55 - 00000000 ____D () C:\Users\******\AppData\Local\Spotify
2015-01-04 10:25 - 2015-01-04 11:20 - 00002054 _____ () C:\Users\******\Desktop\Spotify.lnk
2015-01-04 10:25 - 2015-01-04 10:25 - 00001823 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-01-04 10:23 - 2015-01-06 13:26 - 00000000 ____D () C:\Users\******\AppData\Roaming\Spotify
2015-01-04 10:22 - 2015-01-04 10:22 - 00137888 _____ (Spotify Ltd) C:\Users\******\Downloads\SpotifySetup.exe
2015-01-02 15:22 - 2015-01-02 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-01-01 21:51 - 2015-01-01 21:51 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieBrowserModeList
2015-01-01 17:45 - 2015-01-01 17:45 - 00083264 _____ (Amazon.com, Inc.) C:\windows\system32\stkMonitor.dll
2015-01-01 17:45 - 2015-01-01 17:45 - 00000000 ____D () C:\Program Files\Amazon
2015-01-01 17:20 - 2015-01-01 17:20 - 00000000 ____D () C:\Users\******\AppData\Local\calibre-cache
2015-01-01 17:17 - 2015-01-01 18:37 - 00000000 ____D () C:\Users\******\Documents\Calibre-Bibliothek
2015-01-01 17:17 - 2015-01-01 17:20 - 00000000 ____D () C:\Users\******\AppData\Roaming\calibre
2015-01-01 17:16 - 2015-01-01 17:16 - 00000930 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-01-01 17:15 - 2015-01-01 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-01-01 17:15 - 2015-01-01 17:16 - 00000000 ____D () C:\Program Files\Calibre2
2014-12-26 17:58 - 2015-01-16 19:40 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-26 17:58 - 2015-01-13 20:40 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-12-18 06:22 - 2014-12-18 06:22 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 20:30 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 20:30 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 20:29 - 2009-09-16 22:52 - 01090177 _____ () C:\windows\WindowsUpdate.log
2015-01-16 20:23 - 2010-04-05 09:47 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 20:23 - 2009-12-24 16:12 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-01-16 20:22 - 2009-09-16 23:44 - 01234232 _____ () C:\windows\PFRO.log
2015-01-16 20:22 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-16 20:22 - 2009-07-14 05:39 - 00180384 _____ () C:\windows\setupact.log
2015-01-16 19:48 - 2010-04-05 09:47 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 19:29 - 2009-12-25 15:53 - 00000000 ____D () C:\ProgramData\ICQ
2015-01-16 19:17 - 2011-10-30 09:33 - 00000000 ____D () C:\ProgramData\Comodo
2015-01-16 19:17 - 2010-01-09 21:45 - 00000000 ____D () C:\Program Files\COMODO
2015-01-16 19:17 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-16 19:10 - 2011-10-30 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-01-16 15:06 - 2009-12-26 13:18 - 00000000 ____D () C:\Users\******\AppData\Roaming\UseNeXT
2015-01-16 15:06 - 2009-12-26 13:18 - 00000000 ____D () C:\Program Files\UseNeXT
2015-01-14 22:42 - 2013-08-15 20:17 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 22:42 - 2009-12-25 12:55 - 110348472 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 22:26 - 2009-12-25 14:02 - 00000000 ____D () C:\Users\******\Documents\Sonstiges
2015-01-14 21:39 - 2014-11-10 16:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 21:39 - 2013-01-29 09:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 20:40 - 2013-06-17 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 14:05 - 2009-07-26 21:06 - 02058380 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-06 21:16 - 2014-01-04 19:42 - 00000000 ____D () C:\Users\******\Documents\Ebooks
2015-01-01 22:45 - 2011-02-12 13:14 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-01 22:34 - 2013-06-07 14:42 - 00000000 ____D () C:\ProgramData\tmp
2015-01-01 21:57 - 2013-06-07 14:42 - 00001230 _____ () C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
2015-01-01 21:57 - 2013-06-07 14:42 - 00001210 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2015-01-01 17:46 - 2013-10-17 19:42 - 00000000 ____D () C:\Users\******\AppData\Local\Amazon
2014-12-19 14:39 - 2011-02-12 17:40 - 00000000 ____D () C:\ProgramData\CanonIJ

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\******\AppData\Local\Temp\Quarantine.exe
C:\Users\******\AppData\Local\Temp\sqlite3.dll
C:\Users\******\AppData\Local\Temp\_is2EBE.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 08:17

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015 01
Ran by ****** at 2015-01-16 20:37:44
Running from C:\Users\******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

10-Sekunden-Haushaltsbuch 5 5.05  (HKLM\...\10-Sekunden-Haushaltsbuch 5) (Version: 5.05 - easy softway)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Send to Kindle (HKLM\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.12 - Doctorsoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{6848704E-C8D4-4F4F-9181-5926D4A11E98}) (Version: 3.0.741.0 - ATI Technologies, Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 1994873568.48.56.10161386 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Audiograbber Lame-MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BatteryLifeExtender (HKLM\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung)
Buchungssatzpauker-B IKR 2.50 (Shareware) (HKLM\...\{141A7ECB-AA8E-4C16-85FE-6FFF804799CF}) (Version: 2.50 - Dumproff Adolf)
Buchungssatzpauker-K IKR 2.50 (Shareware) (HKLM\...\{3909CBC3-ECC5-43FF-A963-CD6E031B9217}) (Version: 2.50 - Dumproff Adolf)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
calibre (HKLM\...\{C727544A-23E0-41A8-9901-2353CE3FE62A}) (Version: 2.14.0 - Kovid Goyal)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Benutzerregistrierung (HKLM\...\Canon MP550 series Benutzerregistrierung) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (Version: 2009.0901.2227.38495 - ATI) Hidden
ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}) (Version: 4.2.4 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.13587 - Landesfinanzdirektion Thüringen)
Evernote v. 5.8.1 (HKLM\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube Download version 3.2.11.812 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.11.812 - DVDVideoSoft Ltd.)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
GeekBuddy (HKLM\...\{87A5B227-81F8-4E51-86CA-39E89CB33B16}) (Version: 4.18.121 - Comodo Security Solutions Inc)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LG United Mobile Drivers (HKLM\...\{0C1879C1-B74A-4C6D-8880-E3F54B78E816}) (Version: 3.7.1.0 - LG Electronics)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.70.3.3 - Marvell)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (Version: 3.7.22.0 - Nokia) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 5.9.2 - )
PC Connectivity Solution (HKLM\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
PDF Architect (HKLM\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.)
Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.1.14 - Samsung)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Ulead Photo Explorer 8.0 SE Basic (HKLM\...\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}) (Version: 8.0 - Ulead Systems, Inc.)
Ulead PhotoImpact XL (HKLM\...\{0DDDE141-9696-4E33-AB82-EF398169D7E5}) (Version: 8.5 - Ulead System)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\InprocServer32 -> C:\Users\******\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll No File
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\******\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

11-01-2015 18:01:35 Windows-Sicherung
14-01-2015 22:41:06 Windows Update
16-01-2015 19:05:09 Removed pdfforge Toolbar v6.7.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1411DECF-7C8F-433E-9086-2E38636CD4AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {1ADE930A-2B52-45AF-93D0-834293513949} - System32\Tasks\{F5935191-8A12-43D6-82EE-0FADBBAA99D3} => C:\Users\******\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {2305DEF5-962C-43C2-B137-6BA272EB80A9} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {3BEA1269-71AA-491F-B309-219AE332725E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {4EE2A8A1-9346-423F-8EC2-1760E5073B97} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {65CAA3FC-6411-4E38-A61B-05EDDDD07C53} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {6962625C-7903-41FF-8AD0-051472BA0016} - System32\Tasks\{9FFF92E5-413D-4BF7-9C9E-D7F94F4812CD} => C:\Program Files\10-Sekunden-Haushaltsbuch\10hh.exe [2009-12-22] ()
Task: {7366B38C-B7CB-49A5-AE9B-DC9EF847FB55} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.)
Task: {771EB0D6-0380-4D6E-9272-6418D128F8EF} - System32\Tasks\{7D96276C-A156-4DBF-8676-6C44EBE1180E} => C:\Program Files\10-Sekunden-Haushaltsbuch\10hh.exe [2009-12-22] ()
Task: {7A732BC1-5A1E-4D0C-B47C-CB9BAD16307D} - System32\Tasks\{BC233059-9719-4CC2-988C-2199E7E56CD5} => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
Task: {86AABC58-8DA0-4A1A-90C8-7AE51DC464DB} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {89198E57-3A74-4378-BC6B-78DA4258E0B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {8A29FF2D-80A1-4DAC-8007-66FDEA4D5BE9} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-12] (Samsung Electronics Co., Ltd.)
Task: {A17B5FC0-AFE5-4DBD-8A17-920D275E4610} - System32\Tasks\{BFE436B3-7139-45D2-AC4E-D8F8AAD3A425} => pcalua.exe -a "C:\Users\******\Downloads\sw_uninstaller.exe" -d "C:\Users\******\Downloads"
Task: {DE3C1843-6933-4DB6-BBF9-46DF66C0A9E2} - System32\Tasks\{258CABA4-C6F6-497E-BED3-E85E071F5053} => pcalua.exe -a "C:\Users\******\Downloads\install_flash_player.exe" -d "C:\Users\******\Downloads"
Task: {E9ED053E-9795-446B-8E23-287E75864848} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {FD41B263-ACFD-4FA6-A90A-D12884107BA0} - System32\Tasks\{A93FC1A1-B973-48A8-A31E-9579AE3722D6} => pcalua.exe -a E:\Data\setup.exe -d E:\ -c TI

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-02-12 13:14 - 2009-02-10 16:01 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2009-09-16 22:57 - 2009-03-05 10:54 - 00311296 _____ () C:\windows\SYSTEM32\Rezip.exe
2009-09-16 23:06 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2009-02-12 06:32 - 2009-02-12 06:32 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-09-16 22:52 - 2009-09-16 22:52 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 08507384 _____ () C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 02354168 _____ () C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 01014776 _____ () C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00364536 _____ () C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 02481144 _____ () C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 01347064 _____ () C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00206328 _____ () C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 02653176 _____ () C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00033272 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00035832 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00207352 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 11166712 _____ () C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00276984 _____ () C:\Program Files\Nokia\Nokia Suite\phonon4.dll
2012-12-21 15:29 - 2012-12-21 15:29 - 00391600 _____ () C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
2012-12-21 15:29 - 2012-12-21 15:29 - 00059280 _____ () C:\Program Files\Nokia\Nokia Suite\securestorage.dll
2012-12-21 17:56 - 2012-12-21 17:56 - 00438264 _____ () C:\Program Files\Nokia\Nokia Suite\NService.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00446456 _____ () C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00520696 _____ () C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00720888 _____ () C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
2012-12-21 17:56 - 2012-12-21 17:56 - 00606200 _____ () C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00093176 _____ () C:\Program Files\Nokia\Nokia Suite\qjson.dll
2012-12-21 15:29 - 2012-12-21 15:29 - 00110080 _____ () C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 00439304 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 00321032 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2014-11-10 16:33 - 2015-01-14 21:39 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:A42A9F39
AlternateDataStreams: C:\Users\******\Desktop\FRST.exe:$CmdTcID
AlternateDataStreams: C:\Users\******\Desktop\FRST.exe:$CmdZnID
AlternateDataStreams: C:\Users\******\Downloads\SpotifySetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\******\Downloads\SpotifySetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\******\Downloads\SpyBot Search Destroy - CHIP-Installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\******\Downloads\SpyBot Search Destroy - CHIP-Installer.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1016556084-3091970497-507946437-500 - Administrator - Disabled)
****** (S-1-5-21-1016556084-3091970497-507946437-1000 - Administrator - Enabled) => C:\Users\******
Gast (S-1-5-21-1016556084-3091970497-507946437-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1016556084-3091970497-507946437-1011 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 07:06:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1d8c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/16/2015 07:05:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {d5990f70-e051-4b08-b895-4111f328ba13}

Error: (01/16/2015 00:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1f20
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/16/2015 10:09:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PDF Architect.exe, Version 1.0.52.8917 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1064

Startzeit: 01d0316be4026c6a

Endzeit: 67

Anwendungspfad: C:\Program Files\PDF Architect\PDF Architect.exe

Berichts-ID: 46c632fc-9d5f-11e4-a642-002454196649

Error: (01/16/2015 07:54:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/16/2015 07:54:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/16/2015 07:54:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/16/2015 07:54:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/16/2015 07:24:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchSettings.exe, Version: 6.7.0.4, Zeitstempel: 0x50eed4e3
Name des fehlerhaften Moduls: SearchSettings.exe, Version: 6.7.0.4, Zeitstempel: 0x50eed4e3
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008a976
ID des fehlerhaften Prozesses: 0xe2c
Startzeit der fehlerhaften Anwendung: 0xSearchSettings.exe0
Pfad der fehlerhaften Anwendung: SearchSettings.exe1
Pfad des fehlerhaften Moduls: SearchSettings.exe2
Berichtskennung: SearchSettings.exe3

Error: (01/15/2015 05:32:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1a2c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (01/16/2015 08:23:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.

Error: (01/16/2015 07:13:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.

Error: (01/16/2015 07:23:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.

Error: (01/15/2015 09:44:57 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/15/2015 07:02:56 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎14.‎01.‎2015 um 23:07:12 unerwartet heruntergefahren.

Error: (01/14/2015 09:38:13 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/13/2015 06:26:15 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/11/2015 07:41:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.

Error: (01/10/2015 09:45:47 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/10/2015 06:03:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.


Microsoft Office Sessions:
=========================
Error: (03/20/2011 10:26:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/20/2011 00:05:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/22/2011 06:13:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/15/2011 03:52:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 711 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (02/15/2011 06:23:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 47%
Total physical RAM: 3036.61 MB
Available physical RAM: 1580.61 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 3960.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:141.49 GB) (Free:41.68 GB) NTFS
Drive d: () (Fixed) (Total:141.5 GB) (Free:141.34 GB) NTFS
Drive g: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:108.04 GB) NTFS
Drive h: () (Removable) (Total:7.41 GB) (Free:5.35 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B4B6F23B)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=141.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 5284981F)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0B)

==================== End Of Log ============================

Mein PC läuft wie immer schätze ich. Ich wurde ein paar Mal zum Neustart aufgefordert.

Habe ich alles richtig gepostet?

Ich wünsche dir noch einen schönen Abend!

deeprybka · 16.01.2015, 20:54

Prima gemacht!

(auch das mit der Firewall war nicht nur richtig sondern durchaus sinnvoll)

Schritt

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

anna12345 · 17.01.2015, 06:52

Guten Morgen Jürgen,

hier die ESET-Logfile:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4456503424d92644ae930f4bf776ad3a
# engine=22007
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-17 05:08:33
# local_time=2015-01-17 06:08:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 42936 166023491 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 47835815 173102504 0 0
# scanned=279263
# found=4
# cleaned=0
# scan_time=32434
sh=D3B261347DEA979D9F42B85B7CCED6741CCD8AE6 ft=1 fh=a72bb79d4905971b vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Roaming\OpenCandy\1BEB02FCFB7D40E9A0844CE4EBEA0921\pcspeedup_oc.exe.vir"
sh=A43EB05D1AAC1AC629D1E4D4F31656FD3DCB76F7 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\******\AppData\Local\Mozilla\Firefox\Profiles\shqqcb6n.default\cache2\entries\01DEDE333CFD26E2E30CE8A35EBBA4384E885C55"
sh=E9E6CF2E27E6A0F750ECB855569BFEB51ADCBDC5 ft=1 fh=6262449564b27a45 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\SpyBot Search Destroy - CHIP-Installer.exe"
sh=8FFCE9F184B198CF42231AE23EE92E409FA97E49 ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="G:\******\Backup Set 2015-01-02 104858\Backup Files 2015-01-02 104858\Backup files 8.zip"

Viele Grüße
Anna

deeprybka · 17.01.2015, 12:21

Hallo Anna,
Du bist aber früh auf...

Bitte die **** mit dem Benutzernamen ersetzen und dann erst als Fixlist abspeichern. Sonst geht das nicht...

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\InprocServer32 -> C:\Users\******\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll No File
AlternateDataStreams: C:\windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:A42A9F39
C:\Users\******\AppData\Local\Mozilla\Firefox\Profiles\shqqcb6n.default\cache2\entries\01DEDE333CFD26E2E30CE8A35EBBA4384E885C55
EmptyTemp:
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Nach dem Reboot:

Schritt 2

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

anna12345 · 17.01.2015, 13:23

Hallo Jürgen,

ja ich bin ein Frühaufsteher

und anscheinend auch ein Trottel, denn ich habe deine Anweisung, die ***** mit dem Benutzernamen zu ersetzen, überlesen. Ich habe die Anwendung jetzt zweimal laufen lassen und poste dir einfach mal beide Logs. Hat das überhaupt funktioniert?

Log mit ****:

Code:

ATTFilter

Ran by Benutzer at 2015-01-17 12:32:41 Run:1
Running from C:\Users\Benutzer\Desktop
Loaded Profiles: Benutzer (Available profiles: Benutzer)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\InprocServer32 -> C:\Users\******\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll No File
AlternateDataStreams: C:\windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:A42A9F39
C:\Users\******\AppData\Local\Mozilla\Firefox\Profiles\shqqcb6n.default\cache2\entries\01DEDE333CFD26E2E30CE8A35EBBA4384E885C55
EmptyTemp:
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
*****************

"HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}" => Key deleted successfully.
C:\windows\system32\FlashPlayerApp.exe => ":$CmdTcID" ADS removed successfully.
C:\windows\system32\ieUnatt.exe => ":$CmdTcID" ADS removed successfully.
C:\windows\system32\nlasvc.dll => ":$CmdTcID" ADS removed successfully.
C:\windows\system32\ntkrnlpa.exe => ":$CmdTcID" ADS removed successfully.
C:\windows\system32\ntoskrnl.exe => ":$CmdTcID" ADS removed successfully.
C:\windows\system32\profsvc.dll => ":$CmdTcID" ADS removed successfully.
C:\windows\system32\TSWbPrxy.exe => ":$CmdTcID" ADS removed successfully.
C:\windows\system32\Drivers\mrxdav.sys => ":$CmdTcID" ADS removed successfully.
C:\ProgramData\Temp => ":4CF61E54" ADS removed successfully.
C:\ProgramData\Temp => ":A42A9F39" ADS removed successfully.
"C:\Users\******\AppData\Local\Mozilla\Firefox\Profiles\shqqcb6n.default\cache2\entries\01DEDE333CFD26E2E30CE8A35EBBA4384E885C55" => File/Directory not found.
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. 
EmptyTemp: => Removed 815.9 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 12:34:11 ====

Log mit Benutzernamen:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-01-2015 01
Ran by Benutzer at 2015-01-17 12:44:17 Run:2
Running from C:\Users\Benutzer\Desktop
Loaded Profiles: Benutzer (Available profiles: Benutzer)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58}\InprocServer32 -> C:\Users\Benutzer\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll No File
AlternateDataStreams: C:\windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:A42A9F39
C:\Users\Benutzer\AppData\Local\Mozilla\Firefox\Profiles\shqqcb6n.default\cache2\entries\01DEDE333CFD26E2E30CE8A35EBBA4384E885C55
EmptyTemp:
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
*****************

HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{22848257-6a2d-4d2a-8d56-c886d25b8b58} => Key not found. 
"C:\windows\system32\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ieUnatt.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\nlasvc.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ntkrnlpa.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\profsvc.dll" => ":$CmdTcID" ADS not found.
"C:\windows\system32\TSWbPrxy.exe" => ":$CmdTcID" ADS not found.
"C:\windows\system32\Drivers\mrxdav.sys" => ":$CmdTcID" ADS not found.
"C:\ProgramData\Temp" => ":4CF61E54" ADS not found.
"C:\ProgramData\Temp" => ":A42A9F39" ADS not found.
"C:\Users\Benutzer\AppData\Local\Mozilla\Firefox\Profiles\shqqcb6n.default\cache2\entries\01DEDE333CFD26E2E30CE8A35EBBA4384E885C55" => File/Directory not found.
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. 
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. 
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. 
EmptyTemp: => Removed 18.7 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 12:44:22 ====

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2015 01
Ran by ****** (administrator) on ****** on 17-01-2015 13:19:05
Running from C:\Users\******\Desktop
Loaded Profiles: ****** (Available profiles: ******)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Windows\System32\Rezip.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Ulead Systems, Inc.) C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Spotify Ltd) C:\Users\******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-01] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [Ulead AutoDetector] => C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [45056 2003-11-19] (Ulead Systems, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-16] (Google Inc.)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [Spotify Web Helper] => C:\Users\******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-04] (Spotify Ltd)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\MountPoints2: {4eb7635b-6923-11e0-ab26-002454196649} - F:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\MountPoints2: {94d6983d-8ed2-11e2-961b-002454196649} - H:\LGAutoRun.exe
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {A70E5BAE-0A3E-4CA7-B622-68C0A9E93046} URL = hxxp://de.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=302398&ilc=12&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1016556084-3091970497-507946437-1000: @citrixonline.com/appdetectorplugin -> C:\Users\******\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\webde-suche.xml
FF Extension: Avira Browser Safety - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Facebook Translate - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\facebook-translate@oliver.schloebe.de [2014-04-07]
FF Extension: WEB.DE MailCheck - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\toolbar@web.de [2014-12-15]
FF Extension: Evernote Web Clipper - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-03-18]
FF Extension: feedly - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\feedly@devhd.xpi [2013-06-17]
FF Extension: Google Translator for Firefox - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\translator@zoli.bod.xpi [2013-06-24]
FF Extension: ImTranslator - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-06-17]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-11-10]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-02-10]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 yksvc; C:\windows\System32\yk62x86.dll [282624 2009-06-15] (Marvell)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-03-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-03-06] (LG Electronics Inc.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 HMD; C:\windows\System32\DRIVERS\hmd.sys [15400 2014-06-26] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-29] (Avira GmbH)
R3 VMC326; C:\windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 12:27 - 2015-01-17 12:27 - 00000000 ____D () C:\Users\******\Desktop\FRST-OlderVersion
2015-01-16 20:59 - 2015-01-16 20:59 - 02347384 _____ (ESET) C:\Users\******\Desktop\esetsmartinstaller_deu.exe
2015-01-16 19:35 - 2015-01-17 12:50 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 19:35 - 2015-01-16 19:35 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-16 19:35 - 2015-01-16 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-16 19:35 - 2015-01-16 19:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 19:35 - 2015-01-16 19:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-16 19:35 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-16 19:35 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-16 19:35 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-16 19:24 - 2015-01-16 19:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\******\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-16 19:21 - 2015-01-16 19:29 - 00000000 ____D () C:\AdwCleaner
2015-01-16 19:20 - 2015-01-16 19:20 - 02191360 _____ () C:\Users\******\Desktop\AdwCleaner_4.107.exe
2015-01-16 19:08 - 2015-01-16 19:08 - 00000079 _____ () C:\windows\wininit.ini
2015-01-16 17:26 - 2015-01-16 20:39 - 00036689 _____ () C:\Users\******\Desktop\Addition.txt
2015-01-16 17:25 - 2015-01-17 13:19 - 00019006 _____ () C:\Users\******\Desktop\FRST.txt
2015-01-16 17:24 - 2015-01-17 13:19 - 00000000 ____D () C:\FRST
2015-01-16 17:24 - 2015-01-17 12:27 - 01117696 _____ (Farbar) C:\Users\******\Desktop\FRST.exe
2015-01-16 14:09 - 2015-01-16 19:12 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-16 14:09 - 2015-01-16 19:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-16 14:02 - 2015-01-16 14:02 - 01179936 _____ () C:\Users\******\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-01-14 07:52 - 2015-01-14 07:52 - 03971512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-01-14 07:52 - 2015-01-14 07:52 - 03916728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 07:52 - 2015-01-14 07:52 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 07:52 - 2015-01-14 07:52 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 07:52 - 2015-01-14 07:52 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 07:52 - 2015-01-14 07:52 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-12 15:08 - 2015-01-12 15:09 - 00000000 ____D () C:\Users\******\AppData\Local\EvernoteNW
2015-01-04 10:25 - 2015-01-05 07:55 - 00000000 ____D () C:\Users\******\AppData\Local\Spotify
2015-01-04 10:25 - 2015-01-04 11:20 - 00002054 _____ () C:\Users\******\Desktop\Spotify.lnk
2015-01-04 10:25 - 2015-01-04 10:25 - 00001823 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-01-04 10:23 - 2015-01-06 13:26 - 00000000 ____D () C:\Users\******\AppData\Roaming\Spotify
2015-01-04 10:22 - 2015-01-04 10:22 - 00137888 _____ (Spotify Ltd) C:\Users\******\Downloads\SpotifySetup.exe
2015-01-02 15:22 - 2015-01-02 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-01-01 21:51 - 2015-01-01 21:51 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieBrowserModeList
2015-01-01 17:45 - 2015-01-01 17:45 - 00083264 _____ (Amazon.com, Inc.) C:\windows\system32\stkMonitor.dll
2015-01-01 17:45 - 2015-01-01 17:45 - 00000000 ____D () C:\Program Files\Amazon
2015-01-01 17:20 - 2015-01-01 17:20 - 00000000 ____D () C:\Users\******\AppData\Local\calibre-cache
2015-01-01 17:17 - 2015-01-01 18:37 - 00000000 ____D () C:\Users\******\Documents\Calibre-Bibliothek
2015-01-01 17:17 - 2015-01-01 17:20 - 00000000 ____D () C:\Users\******\AppData\Roaming\calibre
2015-01-01 17:16 - 2015-01-01 17:16 - 00000930 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-01-01 17:15 - 2015-01-01 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-01-01 17:15 - 2015-01-01 17:16 - 00000000 ____D () C:\Program Files\Calibre2
2014-12-26 17:58 - 2015-01-17 12:40 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-26 17:58 - 2015-01-13 20:40 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-12-18 06:22 - 2014-12-18 06:22 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 12:55 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 12:55 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 12:48 - 2010-04-05 09:47 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 12:48 - 2009-12-24 16:12 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-01-17 12:47 - 2010-04-05 09:47 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 12:46 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-17 12:46 - 2009-07-14 05:39 - 00180552 _____ () C:\windows\setupact.log
2015-01-17 12:45 - 2009-09-16 22:52 - 01141878 _____ () C:\windows\WindowsUpdate.log
2015-01-17 12:36 - 2009-09-16 23:44 - 01235270 _____ () C:\windows\PFRO.log
2015-01-16 19:29 - 2009-12-25 15:53 - 00000000 ____D () C:\ProgramData\ICQ
2015-01-16 19:17 - 2011-10-30 09:33 - 00000000 ____D () C:\ProgramData\Comodo
2015-01-16 19:17 - 2010-01-09 21:45 - 00000000 ____D () C:\Program Files\COMODO
2015-01-16 19:17 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-16 19:10 - 2011-10-30 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-01-16 15:06 - 2009-12-26 13:18 - 00000000 ____D () C:\Users\******\AppData\Roaming\UseNeXT
2015-01-16 15:06 - 2009-12-26 13:18 - 00000000 ____D () C:\Program Files\UseNeXT
2015-01-14 22:42 - 2013-08-15 20:17 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 22:42 - 2009-12-25 12:55 - 110348472 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 22:26 - 2009-12-25 14:02 - 00000000 ____D () C:\Users\******\Documents\Sonstiges
2015-01-14 21:39 - 2014-11-10 16:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 21:39 - 2013-01-29 09:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 20:40 - 2013-06-17 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 14:05 - 2009-07-26 21:06 - 02058380 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-06 21:16 - 2014-01-04 19:42 - 00000000 ____D () C:\Users\******\Documents\Ebooks
2015-01-01 22:45 - 2011-02-12 13:14 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-01 22:34 - 2013-06-07 14:42 - 00000000 ____D () C:\ProgramData\tmp
2015-01-01 21:57 - 2013-06-07 14:42 - 00001230 _____ () C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
2015-01-01 21:57 - 2013-06-07 14:42 - 00001210 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2015-01-01 17:46 - 2013-10-17 19:42 - 00000000 ____D () C:\Users\******\AppData\Local\Amazon
2014-12-19 14:39 - 2011-02-12 17:40 - 00000000 ____D () C:\ProgramData\CanonIJ

==================== Files in the root of some directories =======
2013-01-29 13:52 - 2013-01-29 13:52 - 0000010 _____ () C:\Users\******\AppData\Roaming\hhxprot5
2013-01-29 14:21 - 2013-01-29 15:31 - 0000018 _____ () C:\Users\******\AppData\Roaming\sys386ll.dat
2010-03-18 21:10 - 2011-08-28 10:34 - 0006144 _____ () C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-01-24 17:16 - 2010-01-24 17:16 - 0019666 _____ () C:\Users\******\AppData\Local\internal.grp
2012-01-19 14:28 - 2013-09-22 19:42 - 0007603 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg
2011-12-13 16:28 - 2011-12-13 16:28 - 0000000 _____ () C:\Users\******\AppData\Local\{D0A1124C-68EF-4F6A-B531-2023A5612259}
2009-12-24 14:57 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2009-09-16 23:05 - 2009-09-16 23:05 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-09-16 23:03 - 2009-09-16 23:03 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2009-09-16 23:00 - 2009-09-16 23:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-09-16 23:04 - 2009-09-16 23:04 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2009-09-16 22:59 - 2009-09-16 22:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-09-16 23:01 - 2009-09-16 23:03 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 08:17

==================== End Of Log ============================

--- --- ---

--- --- ---

deeprybka · 20.01.2015, 10:53

Schritt 1

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

anna12345 · 20.01.2015, 12:27

Hallo Jürgen,

schön, dass du wieder reinschaust!

Der PC läuft wie immer, es ging ja nur darum, ob ich mir da irgendeinen Trojaner oder so eingefangen habe.

Hier die beiden Logs:

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by ****** (administrator) on ****** on 20-01-2015 11:37:53
Running from C:\Users\******\Desktop
Loaded Profiles: ****** (Available profiles: ******)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Windows\System32\Rezip.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Ulead Systems, Inc.) C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Spotify Ltd) C:\Users\******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-01] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [Ulead AutoDetector] => C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [45056 2003-11-19] (Ulead Systems, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-16] (Google Inc.)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Run: [Spotify Web Helper] => C:\Users\******\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-04] (Spotify Ltd)
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\MountPoints2: {4eb7635b-6923-11e0-ab26-002454196649} - F:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\MountPoints2: {94d6983d-8ed2-11e2-961b-002454196649} - H:\LGAutoRun.exe
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> {A70E5BAE-0A3E-4CA7-B622-68C0A9E93046} URL = hxxp://de.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=302398&ilc=12&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1016556084-3091970497-507946437-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1016556084-3091970497-507946437-1000: @citrixonline.com/appdetectorplugin -> C:\Users\******\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\searchplugins\webde-suche.xml
FF Extension: Avira Browser Safety - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Facebook Translate - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\facebook-translate@oliver.schloebe.de [2014-04-07]
FF Extension: WEB.DE MailCheck - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\toolbar@web.de [2014-12-15]
FF Extension: Evernote Web Clipper - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-03-18]
FF Extension: feedly - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\feedly@devhd.xpi [2013-06-17]
FF Extension: Google Translator for Firefox - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\translator@zoli.bod.xpi [2013-06-24]
FF Extension: ImTranslator - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\shqqcb6n.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-06-17]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-11-10]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-02-10]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 yksvc; C:\windows\System32\yk62x86.dll [282624 2009-06-15] (Marvell)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-03-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-03-06] (LG Electronics Inc.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 HMD; C:\windows\System32\DRIVERS\hmd.sys [15400 2014-06-26] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-29] (Avira GmbH)
R3 VMC326; C:\windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 12:27 - 2015-01-20 11:37 - 00000000 ____D () C:\Users\******\Desktop\FRST-OlderVersion
2015-01-16 20:59 - 2015-01-16 20:59 - 02347384 _____ (ESET) C:\Users\******\Desktop\esetsmartinstaller_deu.exe
2015-01-16 19:35 - 2015-01-20 08:16 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 19:35 - 2015-01-16 19:35 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-16 19:35 - 2015-01-16 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-16 19:35 - 2015-01-16 19:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 19:35 - 2015-01-16 19:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-16 19:35 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-16 19:35 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-16 19:35 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-16 19:24 - 2015-01-16 19:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\******\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-16 19:21 - 2015-01-16 19:29 - 00000000 ____D () C:\AdwCleaner
2015-01-16 19:20 - 2015-01-16 19:20 - 02191360 _____ () C:\Users\******\Desktop\AdwCleaner_4.107.exe
2015-01-16 19:08 - 2015-01-16 19:08 - 00000079 _____ () C:\windows\wininit.ini
2015-01-16 17:26 - 2015-01-16 20:39 - 00036689 _____ () C:\Users\******\Desktop\Addition.txt
2015-01-16 17:25 - 2015-01-20 11:38 - 00019254 _____ () C:\Users\******\Desktop\FRST.txt
2015-01-16 17:24 - 2015-01-20 11:38 - 00000000 ____D () C:\FRST
2015-01-16 17:24 - 2015-01-20 11:37 - 01118208 _____ (Farbar) C:\Users\******\Desktop\FRST.exe
2015-01-16 14:09 - 2015-01-16 19:12 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-16 14:09 - 2015-01-16 19:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-16 14:02 - 2015-01-16 14:02 - 01179936 _____ () C:\Users\******\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-01-14 07:52 - 2015-01-14 07:52 - 03971512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-01-14 07:52 - 2015-01-14 07:52 - 03916728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 07:52 - 2015-01-14 07:52 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 07:52 - 2015-01-14 07:52 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 07:52 - 2015-01-14 07:52 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 07:52 - 2015-01-14 07:52 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-12 15:08 - 2015-01-12 15:09 - 00000000 ____D () C:\Users\******\AppData\Local\EvernoteNW
2015-01-04 10:25 - 2015-01-05 07:55 - 00000000 ____D () C:\Users\******\AppData\Local\Spotify
2015-01-04 10:25 - 2015-01-04 11:20 - 00002054 _____ () C:\Users\******\Desktop\Spotify.lnk
2015-01-04 10:25 - 2015-01-04 10:25 - 00001823 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-01-04 10:23 - 2015-01-06 13:26 - 00000000 ____D () C:\Users\******\AppData\Roaming\Spotify
2015-01-04 10:22 - 2015-01-04 10:22 - 00137888 _____ (Spotify Ltd) C:\Users\******\Downloads\SpotifySetup.exe
2015-01-02 15:22 - 2015-01-02 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-01-01 21:51 - 2015-01-01 21:51 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieBrowserModeList
2015-01-01 17:45 - 2015-01-01 17:45 - 00083264 _____ (Amazon.com, Inc.) C:\windows\system32\stkMonitor.dll
2015-01-01 17:45 - 2015-01-01 17:45 - 00000000 ____D () C:\Program Files\Amazon
2015-01-01 17:20 - 2015-01-01 17:20 - 00000000 ____D () C:\Users\******\AppData\Local\calibre-cache
2015-01-01 17:17 - 2015-01-01 18:37 - 00000000 ____D () C:\Users\******\Documents\Calibre-Bibliothek
2015-01-01 17:17 - 2015-01-01 17:20 - 00000000 ____D () C:\Users\******\AppData\Roaming\calibre
2015-01-01 17:16 - 2015-01-01 17:16 - 00000930 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-01-01 17:15 - 2015-01-01 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-01-01 17:15 - 2015-01-01 17:16 - 00000000 ____D () C:\Program Files\Calibre2
2014-12-26 17:58 - 2015-01-20 10:40 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-26 17:58 - 2015-01-13 20:40 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 10:50 - 2009-09-16 22:52 - 01285197 _____ () C:\windows\WindowsUpdate.log
2015-01-20 10:48 - 2010-04-05 09:47 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 07:44 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 07:44 - 2009-07-14 05:34 - 00023664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 07:37 - 2010-04-05 09:47 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 07:37 - 2009-12-24 16:12 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-01-20 07:36 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-20 07:36 - 2009-07-14 05:39 - 00181056 _____ () C:\windows\setupact.log
2015-01-17 12:36 - 2009-09-16 23:44 - 01235270 _____ () C:\windows\PFRO.log
2015-01-16 19:29 - 2009-12-25 15:53 - 00000000 ____D () C:\ProgramData\ICQ
2015-01-16 19:17 - 2011-10-30 09:33 - 00000000 ____D () C:\ProgramData\Comodo
2015-01-16 19:17 - 2010-01-09 21:45 - 00000000 ____D () C:\Program Files\COMODO
2015-01-16 19:17 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-16 19:10 - 2011-10-30 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-01-16 15:06 - 2009-12-26 13:18 - 00000000 ____D () C:\Users\******\AppData\Roaming\UseNeXT
2015-01-16 15:06 - 2009-12-26 13:18 - 00000000 ____D () C:\Program Files\UseNeXT
2015-01-14 22:42 - 2013-08-15 20:17 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 22:42 - 2009-12-25 12:55 - 110348472 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 22:26 - 2009-12-25 14:02 - 00000000 ____D () C:\Users\******\Documents\Sonstiges
2015-01-14 21:39 - 2014-11-10 16:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 21:39 - 2013-01-29 09:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 20:40 - 2013-06-17 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 14:05 - 2009-07-26 21:06 - 02058380 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-06 21:16 - 2014-01-04 19:42 - 00000000 ____D () C:\Users\******\Documents\Ebooks
2015-01-01 22:45 - 2011-02-12 13:14 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-01 22:34 - 2013-06-07 14:42 - 00000000 ____D () C:\ProgramData\tmp
2015-01-01 21:57 - 2013-06-07 14:42 - 00001230 _____ () C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
2015-01-01 21:57 - 2013-06-07 14:42 - 00001210 _____ () C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
2015-01-01 17:46 - 2013-10-17 19:42 - 00000000 ____D () C:\Users\******\AppData\Local\Amazon

==================== Files in the root of some directories =======
2013-01-29 13:52 - 2013-01-29 13:52 - 0000010 _____ () C:\Users\******\AppData\Roaming\hhxprot5
2013-01-29 14:21 - 2013-01-29 15:31 - 0000018 _____ () C:\Users\******\AppData\Roaming\sys386ll.dat
2010-03-18 21:10 - 2011-08-28 10:34 - 0006144 _____ () C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-01-24 17:16 - 2010-01-24 17:16 - 0019666 _____ () C:\Users\******\AppData\Local\internal.grp
2012-01-19 14:28 - 2013-09-22 19:42 - 0007603 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg
2011-12-13 16:28 - 2011-12-13 16:28 - 0000000 _____ () C:\Users\******\AppData\Local\{D0A1124C-68EF-4F6A-B531-2023A5612259}
2009-12-24 14:57 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2009-09-16 23:05 - 2009-09-16 23:05 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-09-16 23:03 - 2009-09-16 23:03 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2009-09-16 23:00 - 2009-09-16 23:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-09-16 23:04 - 2009-09-16 23:04 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2009-09-16 22:59 - 2009-09-16 22:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-09-16 23:01 - 2009-09-16 23:03 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 08:17

==================== End Of Log ============================

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by ****** at 2015-01-20 11:39:02
Running from C:\Users\******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

10-Sekunden-Haushaltsbuch 5 5.05  (HKLM\...\10-Sekunden-Haushaltsbuch 5) (Version: 5.05 - easy softway)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Send to Kindle (HKLM\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
AnyPC Client (HKLM\...\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}) (Version: 1.0.0.12 - Doctorsoft)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{6848704E-C8D4-4F4F-9181-5926D4A11E98}) (Version: 3.0.741.0 - ATI Technologies, Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 1994873568.48.56.10161386 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Audiograbber Lame-MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BatteryLifeExtender (HKLM\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung)
Buchungssatzpauker-B IKR 2.50 (Shareware) (HKLM\...\{141A7ECB-AA8E-4C16-85FE-6FFF804799CF}) (Version: 2.50 - Dumproff Adolf)
Buchungssatzpauker-K IKR 2.50 (Shareware) (HKLM\...\{3909CBC3-ECC5-43FF-A963-CD6E031B9217}) (Version: 2.50 - Dumproff Adolf)
Business Contact Manager für Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
calibre (HKLM\...\{C727544A-23E0-41A8-9901-2353CE3FE62A}) (Version: 2.14.0 - Kovid Goyal)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Benutzerregistrierung (HKLM\...\Canon MP550 series Benutzerregistrierung) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (Version: 2009.0901.2227.38495 - ATI) Hidden
ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}) (Version: 4.2.4 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.2 - Samsung)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.13587 - Landesfinanzdirektion Thüringen)
Evernote v. 5.8.1 (HKLM\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube Download version 3.2.11.812 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.11.812 - DVDVideoSoft Ltd.)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
GeekBuddy (HKLM\...\{87A5B227-81F8-4E51-86CA-39E89CB33B16}) (Version: 4.18.121 - Comodo Security Solutions Inc)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LG United Mobile Drivers (HKLM\...\{0C1879C1-B74A-4C6D-8880-E3F54B78E816}) (Version: 3.7.1.0 - LG Electronics)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.70.3.3 - Marvell)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FDE96E86-7780-431C-92F7-679C6A7CEC51}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (Version: 3.7.22.0 - Nokia) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 5.9.2 - )
PC Connectivity Solution (HKLM\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
PDF Architect (HKLM\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.)
Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.1.14 - Samsung)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Support Center (HKLM\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1016556084-3091970497-507946437-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Ulead Photo Explorer 8.0 SE Basic (HKLM\...\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}) (Version: 8.0 - Ulead Systems, Inc.)
Ulead PhotoImpact XL (HKLM\...\{0DDDE141-9696-4E33-AB82-EF398169D7E5}) (Version: 8.5 - Ulead System)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1016556084-3091970497-507946437-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\******\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

16-01-2015 19:05:09 Removed pdfforge Toolbar v6.7.
18-01-2015 18:00:36 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1411DECF-7C8F-433E-9086-2E38636CD4AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {1ADE930A-2B52-45AF-93D0-834293513949} - System32\Tasks\{F5935191-8A12-43D6-82EE-0FADBBAA99D3} => C:\Users\******\AppData\Local\Amazon\Kindle\application\Kindle.exe [2014-02-26] (Amazon.com)
Task: {2305DEF5-962C-43C2-B137-6BA272EB80A9} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {3BEA1269-71AA-491F-B309-219AE332725E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {4EE2A8A1-9346-423F-8EC2-1760E5073B97} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {65CAA3FC-6411-4E38-A61B-05EDDDD07C53} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {6962625C-7903-41FF-8AD0-051472BA0016} - System32\Tasks\{9FFF92E5-413D-4BF7-9C9E-D7F94F4812CD} => C:\Program Files\10-Sekunden-Haushaltsbuch\10hh.exe [2009-12-22] ()
Task: {7366B38C-B7CB-49A5-AE9B-DC9EF847FB55} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.)
Task: {771EB0D6-0380-4D6E-9272-6418D128F8EF} - System32\Tasks\{7D96276C-A156-4DBF-8676-6C44EBE1180E} => C:\Program Files\10-Sekunden-Haushaltsbuch\10hh.exe [2009-12-22] ()
Task: {7A732BC1-5A1E-4D0C-B47C-CB9BAD16307D} - System32\Tasks\{BC233059-9719-4CC2-988C-2199E7E56CD5} => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
Task: {86AABC58-8DA0-4A1A-90C8-7AE51DC464DB} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {89198E57-3A74-4378-BC6B-78DA4258E0B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {8A29FF2D-80A1-4DAC-8007-66FDEA4D5BE9} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-12] (Samsung Electronics Co., Ltd.)
Task: {A17B5FC0-AFE5-4DBD-8A17-920D275E4610} - System32\Tasks\{BFE436B3-7139-45D2-AC4E-D8F8AAD3A425} => pcalua.exe -a "C:\Users\******\Downloads\sw_uninstaller.exe" -d "C:\Users\******\Downloads"
Task: {DE3C1843-6933-4DB6-BBF9-46DF66C0A9E2} - System32\Tasks\{258CABA4-C6F6-497E-BED3-E85E071F5053} => pcalua.exe -a "C:\Users\******\Downloads\install_flash_player.exe" -d "C:\Users\******\Downloads"
Task: {E9ED053E-9795-446B-8E23-287E75864848} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {FD41B263-ACFD-4FA6-A90A-D12884107BA0} - System32\Tasks\{A93FC1A1-B973-48A8-A31E-9579AE3722D6} => pcalua.exe -a E:\Data\setup.exe -d E:\ -c TI

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-02-12 13:14 - 2009-02-10 16:01 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2009-09-16 22:57 - 2009-03-05 10:54 - 00311296 _____ () C:\windows\SYSTEM32\Rezip.exe
2012-12-21 17:57 - 2012-12-21 17:57 - 08507384 _____ () C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 02354168 _____ () C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 01014776 _____ () C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00364536 _____ () C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 02481144 _____ () C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 01347064 _____ () C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00206328 _____ () C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 02653176 _____ () C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00033272 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00035832 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00207352 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 11166712 _____ () C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00276984 _____ () C:\Program Files\Nokia\Nokia Suite\phonon4.dll
2012-12-21 15:29 - 2012-12-21 15:29 - 00391600 _____ () C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
2012-12-21 15:29 - 2012-12-21 15:29 - 00059280 _____ () C:\Program Files\Nokia\Nokia Suite\securestorage.dll
2012-12-21 17:56 - 2012-12-21 17:56 - 00438264 _____ () C:\Program Files\Nokia\Nokia Suite\NService.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00446456 _____ () C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00520696 _____ () C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00720888 _____ () C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
2012-12-21 17:56 - 2012-12-21 17:56 - 00606200 _____ () C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
2012-12-21 17:57 - 2012-12-21 17:57 - 00093176 _____ () C:\Program Files\Nokia\Nokia Suite\qjson.dll
2012-12-21 15:29 - 2012-12-21 15:29 - 00110080 _____ () C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 00439304 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 00321032 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2009-02-12 06:32 - 2009-02-12 06:32 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-09-16 22:52 - 2009-09-16 22:52 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-09-16 23:06 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-11-10 16:33 - 2015-01-14 21:39 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-13 20:40 - 2015-01-13 20:40 - 16844464 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\******\Downloads\SpotifySetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\******\Downloads\SpotifySetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\******\Downloads\SpyBot Search Destroy - CHIP-Installer.exe:$CmdTcID
AlternateDataStreams: C:\Users\******\Downloads\SpyBot Search Destroy - CHIP-Installer.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1016556084-3091970497-507946437-500 - Administrator - Disabled)
****** (S-1-5-21-1016556084-3091970497-507946437-1000 - Administrator - Enabled) => C:\Users\******
Gast (S-1-5-21-1016556084-3091970497-507946437-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1016556084-3091970497-507946437-1011 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 02:33:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x12e4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/19/2015 07:46:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/19/2015 07:46:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/19/2015 07:46:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/19/2015 07:45:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/18/2015 09:03:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {48c7bef4-2b56-467e-8300-b05a68cf538a}

Error: (01/18/2015 07:51:39 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {48c7bef4-2b56-467e-8300-b05a68cf538a}

Error: (01/18/2015 07:51:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {48c7bef4-2b56-467e-8300-b05a68cf538a}

Error: (01/18/2015 07:51:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {48c7bef4-2b56-467e-8300-b05a68cf538a}

Error: (01/18/2015 06:00:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {48c7bef4-2b56-467e-8300-b05a68cf538a}


System errors:
=============
Error: (01/20/2015 07:36:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.

Error: (01/19/2015 07:38:24 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/19/2015 10:38:24 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/19/2015 07:06:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.

Error: (01/18/2015 07:22:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/18/2015 07:22:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Gatewaydienst auf Anwendungsebene erreicht.

Error: (01/18/2015 07:22:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht.

Error: (01/17/2015 10:41:18 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/17/2015 06:04:24 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/17/2015 05:45:19 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "******     :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.33
registriert werden. Der Computer mit IP-Adresse 169.254.58.38 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (03/20/2011 10:26:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/20/2011 00:05:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/22/2011 06:13:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/15/2011 03:52:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 711 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (02/15/2011 06:23:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz
Percentage of memory in use: 62%
Total physical RAM: 3036.61 MB
Available physical RAM: 1148.99 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 3460.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:141.49 GB) (Free:43.4 GB) NTFS
Drive d: () (Fixed) (Total:141.5 GB) (Free:141.34 GB) NTFS
Drive g: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:52.68 GB) NTFS
Drive h: () (Removable) (Total:7.41 GB) (Free:5.35 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B4B6F23B)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=141.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 5284981F)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0B)

==================== End Of Log ============================

deeprybka · 20.01.2015, 12:42

Wie gesagt, Du hättest nach 24 Stunden eine PM schicken sollen.

Das Firefoxproblem besteht also weiterhin?

anna12345 · 20.01.2015, 12:52

Es ist besser geworden! Gestern ist mir der Firefox nur einmal oder zweimal abgestürzt anstatt mehrmals und heute noch gar nicht.

Viele Grüße
Anna

deeprybka · 20.01.2015, 21:20

Zitat:

Zitat von anna12345

es ging ja nur darum, ob ich mir da irgendeinen Trojaner oder so eingefangen habe.

Das ist zu verneinen.

Logs sind OK.

Wenn der Firefox Probleme macht, dann bitte mal das probieren. Evtl. auch mal ein Reset dürchführen oder ihn neu installieren.

Cleanup:

Alle Logs gepostet? Ja! Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

>>clean<<
Wir haben es geschafft!

Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Wie kann ich mich in Zukunft besser schützen?

Tipps, Dos & Don'ts

Updates & Software

Beim Betriebsystem Windows die automatischen Updates aktivieren.

Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player & PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Firewall, Antivirus & Co.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. (Updatefunktion aktivieren!)
Meine Empfehlungen:
Kaspersky Antivirus
Emsisoft Anti-Malware
avast Free Antivirus
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Cracks, Downloads & Co.

Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.
Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)

Auch virustotal.com ist Dein Freund! Lade dubiose oder unbekannte Dateien hoch, bevor Du diese startest oder installierst.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe daher mit Vorsicht und klicke mit Verstand.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von Dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo Deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst Du von einem Deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und Du solltest nicht denselben Fehler machen.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Win 7/32 bit - Avira findet adware/multiplug.gen4 + Firefox stürzt immer ab

Plagegeister aller Art und deren Bekämpfung: Win 7/32 bit - Avira findet adware/multiplug.gen4 + Firefox stürzt immer ab