Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.01.2015, 12:01   #1
Shir0hige
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



Hallo zusammen.

Ich habe seit einiger Zeit bemerkt, dass mein Laptop wesentlich langsamer ist als sonst. Erst tat ich es als ein Internet Problem ab, da ich hauptsächlich surfe. Mir ist aber jetzt aufgefallen, dass im Taskmanager unter Prozessen mehrfach ein Prozess namens compatibilitycheck.exe vorkommt, den ich nicht kenne und welche auch nicht von mir als Benutzer gesteuert ist.

Diese Prozesse lasten meinen PC sehr aus (meistens sind 2-3 [von bis zu ca 15] unter den Prozessen welchen den meisten Arbeitsspeicher benutzen) und selbst wenn ich neu starte und kein Programm öffne ist meine CPU-Auslastung bei mindestens 70% teilweise sogar höher. Sobald ich ein anderes Programm benutze liegt sie eigentlich immer bei 100%. Diese Prozesse lassen sich nicht von mir löschen. Desweiteren habe ich immer Pop-Ups, selbst dann wenn ich nichtmal einen Browser offen habe. Habe den PC letztens neu gestartet und da kam auch ohne das ich irgendwas aufhatte ein Pop-Up, der aber direkt wieder verschwand. Außerdem kommt im Hintergrund öfter auf einmal eine Stimme, welche sich als ein Ausschnitt aus verschiedenen Interviews, Berichten, etc. entpuppt, für 2-10 Sekunden läuft und wieder verschwindet. Auch dies passiert ohne Browser, aber naturlich auch mit.

Nutzen kann man den PC so kaum, da er von fast allem überfordert ist.

Ich habe die Schritte so befolgt wie sie in der Anleitung standen, nur habe ich keine Erfahrung in Foren und was das richtige Posten angeht, daher hoffe ich, dass das mit dem Posten der Logs wie gewollt klappt.


Hier die Logs:

Defogger disable:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:49 on 21/01/2015 (***** *****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Hier der FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by ***** ***** (administrator) on DAVID on 21-01-2015 10:52:39
Running from C:\Users\***** *****\Desktop
Loaded Profiles: ***** ***** (Available profiles: ***** *****)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Spotify Ltd) C:\Users\***** *****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\***** *****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [T-Home Dialerschutz-Software] => C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6814240 2009-02-13] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [RocketDock] => "C:\Program Files\RocketDock\RocketDock.exe"
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [Spotify Web Helper] => C:\Users\***** *****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\***** *****\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {7b16325e-30b4-11e1-9eb1-00265eb087d7} - F:\Autorun.exe
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {8052ec9d-f8b4-11df-8b29-00265eb087d7} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {8d6e4b71-f4d4-11df-9935-806e6f6e6963} - E:\AutoRun.exe
Startup: C:\Users\***** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://rts.dsrlte.com?affID=na
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
SearchScopes: HKLM -> DefaultScope {772CA233-EF58-4C12-BD53-408EFC32E247} URL = 
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> DefaultScope {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312329&CUI=UN39588198854758620&UM=2
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312329&CUI=UN39588198854758620&UM=2
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {241EC647-646E-4DDF-9263-2F5111F019F6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {34AEBC21-74EA-4AF2-9473-630C7A0F5BB7} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {772CA233-EF58-4C12-BD53-408EFC32E247} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{58A12B80-1895-4C95-9F28-3D8660E0C185}: [NameServer] 223.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: 
FF NetworkProxy: "autoconfig_url", "data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gaXNZb3VUdWJlVmlkZW8odXJsKXsgcmV0dXJuIG5ldyBSZWdFeHAoIl4oPzpodHRwfGh0dHBzKTpcXC9cXC8oPzouKikoPzouZ29vZ2xldmlkZW8uY29tfC5jLnlvdXR1YmUuY29tKSg/Oi4qKVxcL3ZpZGVvcGxheWJhY2soPzouKikoPzpnY3I9dXN8XFwvZ2NyXFwvdXNcXC8pKD86LiopJCIsJ2knKS50ZXN0KHVybCk7fWZ1bmN0aW9uIGlzWW91VHViZVZpZGVvUGFnZSh1cmwsIGhvc3QsIHZpZHVybCkgeyByZXR1cm4gaG9zdC5pbmRleE9mKCd5b3V0dWJlLmNvbScpICE9IC0xICYmIHVybC5pbmRleE9mKHZpZHVybCkgIT0gLTE7fWZ1bmN0aW9uIEZpbmRQcm94eUZvclVSTCh1cmwsIGhvc3QpIHtpZihpc1lvdVR1YmVWaWRlbyh1cmwpICB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj0wQ0t3N2t1SWxWcyZpbmRleD0xNSZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj13UGJITmtLYnprNCZpbmRleD0xNiZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj04bF9CN1NMWjZ5MCZpbmRleD0xNyZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSl7IHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMTQuMTAwOjMxMzEnO31lbHNleyByZXR1cm4gJ0RJUkVDVCc7fX0="
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2508884068-3804397540-1067786986-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\***** *****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2508884068-3804397540-1067786986-1000: electronicarts.com/GameFacePlugin -> C:\Users\***** *****\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF SearchPlugin: C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\searchplugins\dsrlte.xml
FF Extension: Avira Browser Safety - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\abs@avira.com [2015-01-20]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-09]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-09]
FF Extension: MEGA - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\firefox@mega.co.nz.xpi [2014-12-23]
FF Extension: ProxTube - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\info@convert2mp3.net.xpi [2014-06-22]
FF Extension: NoScript - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-09]
FF Extension: Flash Block - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2014-12-09]
FF Extension: Adblock Plus - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-22]
FF Extension: Adblock Edge - C:\Users\***** *****\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-09]
FF HKLM\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\***** *****\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\***** *****\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com [2013-10-19]
FF HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Firefox\Extensions: [seesimilar@SeeSimilar.com] - C:\Users\***** *****\AppData\Roaming\Mozilla\Extensions\seesimilar@SeeSimilar.com

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\***** *****\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\***** *****\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-30]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\***** *****\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 CouponarificService; C:\Program Files\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv.exe [161280 2014-11-19] () [File not signed]
R2 DFSVC; C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-05-16] (Microsoft Corporation) [File not signed]
R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 OO SSD Migration Kit; "C:\Program Files\OO Software\SSD Migration Kit\oosmkag.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 DFSYS; C:\Program Files\T-Home\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH)
S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [29184 2007-02-08] (Thesycon GmbH, Germany)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-08-12] (SAMSUNG ELECTRONICS CO., LTD.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl70a16154; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58CD8086-3C8A-4E54-8294-DFE630690E61}\MpKsl70a16154.sys [39464 2015-01-21] (Microsoft Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [36048 2014-11-19] (NetFilterSDK.com)
R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [238464 2008-11-21] (Vimicro Corporation)
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw.sys [52928 2014-05-06] (StdLib)
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}w; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w.sys [52928 2014-04-29] (StdLib)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Migrate OS to SSD 4.0\program\BioNTDrv.SYS [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 10:52 - 2015-01-21 10:53 - 00019168 _____ () C:\Users\***** *****\Desktop\FRST.txt
2015-01-21 10:52 - 2015-01-21 10:53 - 00000000 ____D () C:\FRST
2015-01-21 10:51 - 2015-01-21 10:51 - 01118208 _____ (Farbar) C:\Users\***** *****\Desktop\FRST.exe
2015-01-21 10:49 - 2015-01-21 10:49 - 00000484 _____ () C:\Users\***** *****\Desktop\defogger_disable.log
2015-01-21 10:49 - 2015-01-21 10:49 - 00000000 _____ () C:\Users\***** *****\defogger_reenable
2015-01-21 10:47 - 2015-01-21 10:47 - 00050477 _____ () C:\Users\***** *****\Desktop\Defogger.exe
2015-01-21 10:23 - 2015-01-21 10:23 - 00000000 ____D () C:\Users\***** *****\AppData\Local\AviraSpeedup
2015-01-21 10:22 - 2015-01-21 10:22 - 00000056 _____ () C:\Windows\setupact.log
2015-01-21 10:22 - 2015-01-21 10:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-20 17:43 - 2015-01-20 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-01-20 17:35 - 2015-01-20 17:33 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-20 17:32 - 2015-01-20 17:32 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Avira
2015-01-20 17:31 - 2015-01-20 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-20 17:30 - 2015-01-20 17:43 - 00000000 ____D () C:\Program Files\Avira
2015-01-20 17:30 - 2015-01-20 17:32 - 00000000 ____D () C:\ProgramData\Avira
2015-01-20 17:30 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-20 17:30 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-20 17:30 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-20 17:30 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-01-17 12:12 - 2015-01-17 12:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 12:05 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:05 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 12:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:05 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:05 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 10:41 - 2015-01-21 10:54 - 00000112 _____ () C:\ProgramData\Y4Ki2D2g0.dat
2015-01-11 17:59 - 2015-01-11 17:59 - 00000641 _____ () C:\Users\***** *****\Desktop\Bilder.lnk
2015-01-10 20:21 - 2015-01-10 20:21 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-10 20:21 - 2015-01-10 20:21 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-08 13:32 - 2015-01-20 17:40 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-08 13:30 - 2015-01-21 10:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-08 13:30 - 2015-01-21 10:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2014-12-25 15:49 - 2014-12-25 15:49 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\EurekaLab s.a.s
2014-12-23 21:17 - 2014-12-23 21:17 - 00000320 _____ () C:\Users\***** *****\Desktop\Magic The Gathering Online .appref-ms
2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast
2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Wizards of the Coast
2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-12-23 21:14 - 2014-12-30 22:43 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Deployment

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 10:54 - 2014-05-21 13:54 - 00001332 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-7.job
2015-01-21 10:49 - 2010-11-20 19:58 - 00000000 ____D () C:\Users\***** *****
2015-01-21 10:30 - 2009-07-14 05:34 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 10:30 - 2009-07-14 05:34 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 10:28 - 2013-11-04 19:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 10:26 - 2010-11-20 19:55 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 10:26 - 2010-11-20 19:36 - 01772187 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 10:23 - 2014-02-08 20:30 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\newnext.me
2015-01-21 10:23 - 2012-07-07 22:42 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Dropbox
2015-01-21 10:22 - 2014-05-21 13:54 - 00002220 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4.job
2015-01-21 10:22 - 2014-05-21 13:54 - 00001484 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5.job
2015-01-21 10:22 - 2014-05-21 13:54 - 00001392 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-1.job
2015-01-21 10:22 - 2014-05-21 13:54 - 00001378 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2.job
2015-01-21 10:22 - 2014-05-21 13:53 - 00003454 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3.job
2015-01-21 10:22 - 2014-05-21 13:53 - 00001400 _____ () C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-6.job
2015-01-21 10:22 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 10:22 - 2009-07-14 05:33 - 00496744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-20 22:05 - 2014-05-21 13:50 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Security System 2
2015-01-20 19:04 - 2011-01-01 20:36 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\vlc
2015-01-20 17:52 - 2010-11-20 20:57 - 00155032 _____ () C:\Users\***** *****\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-20 17:44 - 2014-12-01 23:09 - 00000000 ____D () C:\Program Files\Couponarific
2015-01-20 17:38 - 2014-05-21 13:50 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\BupSystem
2015-01-20 17:10 - 2010-11-21 20:48 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\WD
2015-01-20 17:10 - 2010-11-21 20:48 - 00000000 ____D () C:\Program Files\Common Files\Memeo
2015-01-19 22:16 - 2011-07-31 12:54 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-19 21:30 - 2012-08-02 11:31 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\Spotify
2015-01-19 19:25 - 2012-08-02 11:31 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Spotify
2015-01-17 16:27 - 2014-06-22 13:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-15 14:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-15 12:28 - 2012-03-30 13:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-15 12:28 - 2011-05-20 05:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 13:14 - 2013-08-15 15:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:10 - 2010-11-20 21:57 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 18:25 - 2010-12-11 19:19 - 00000000 ____D () C:\Program Files\Magic Workstation
2015-01-12 18:24 - 2010-11-20 21:27 - 00000000 ____D () C:\Program Files\CyberLink
2015-01-12 18:24 - 2010-11-20 20:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-12 18:18 - 2010-11-20 21:26 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-12 18:10 - 2010-12-03 22:03 - 00000000 ____D () C:\Users\***** *****\AppData\Roaming\CyberLink
2015-01-11 18:21 - 2010-12-28 14:37 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Google
2015-01-11 18:21 - 2010-12-28 14:37 - 00000000 ____D () C:\Program Files\Google
2015-01-09 10:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-31 12:13 - 2010-11-20 20:24 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-25 14:42 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-23 21:14 - 2011-01-27 20:43 - 00000000 ____D () C:\Users\***** *****\AppData\Local\Apps\2.0

==================== Files in the root of some directories =======
2011-08-31 16:21 - 2011-09-04 19:09 - 0000000 ____H () C:\Users\***** *****\AppData\Roaming\windrvconfig.txt
2011-11-19 20:02 - 2011-11-26 16:50 - 0010240 _____ () C:\Users\***** *****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-21 14:01 - 2014-05-21 14:01 - 0301496 _____ (VuuPC Limited) C:\Users\***** *****\AppData\Local\nsr324A.tmp
2011-07-21 23:24 - 2011-07-21 23:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-08-26 21:06 - 2011-08-27 13:32 - 0007246 _____ () C:\ProgramData\hpzinstall.log
2015-01-13 10:41 - 2015-01-21 10:54 - 0000112 _____ () C:\ProgramData\Y4Ki2D2g0.dat

Files to move or delete:
====================
C:\ProgramData\Y4Ki2D2g0.dat
C:\Users\***** *****\MTGOinstall.exe


Some content of TEMP:
====================
C:\Users\***** *****\AppData\Local\Temp\avgnt.exe
C:\Users\***** *****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxgeqzy.dll
C:\Users\***** *****\AppData\Local\Temp\ose00000.exe
C:\Users\***** *****\AppData\Local\Temp\_isC6DA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 21:02

==================== End Of Log ============================
         
--- --- ---


Und der FRST addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by ***** ***** at 2015-01-21 10:54:49
Running from C:\Users\***** *****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira System Speedup 1.5 (HKLM\...\Avira System Speedup_is1) (Version: 1.5 - 2000 - 2014 Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.3 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Free Video to iPhone Converter version 3.2.12 (HKLM\...\Free Video to iPhone Converter_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube Download version 3.1.37.918 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic The Gathering Online  (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\35c9d60442fbb010) (Version: 3.4.83.467 - Wizards of the Coast)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5791 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.8 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
Spotify (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
T-Home Dialerschutz-Software (HKLM\...\{E8C5BD56-F5D8-41D3-8A71-273468FE256A}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD Discovery Software (HKLM\...\{324F388E-4F28-42D6-ADD1-9AB27D249523}) (Version: 1.70 - Western Digital)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\***** *****\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{CBD32ACD-3033-5DC4-AF3E-A32955785032}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\***** *****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

15-01-2015 15:34:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
18-01-2015 13:12:32 Windows Update
20-01-2015 17:43:26 Avira System Speedup 1.5

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-05-21 13:44 - 00004422 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	capitalimonline.com
127.0.0.1	www.verifi-infonet.com
127.0.0.1	www.forsil-srl.com
127.0.0.1	trustedppiclaims.co.uk
127.0.0.1	ftp.signara.org
127.0.0.1	buy-fifa-ultimateteam-coins.com
127.0.0.1	pay.pal-schutz.com
127.0.0.1	swqk3xftx38.h149.pp39dk.com
127.0.0.1	robertoleal.es
127.0.0.1	verifi-infonet.com
127.0.0.1	ssl.paypal.secure.your.billing.information.mytrickworld.com
127.0.0.1	lastminute-ibiza.net
127.0.0.1	myaccount.aol.com.onlineaccounts.upgrade.online.billing.account.update.alcaldiadearaure.gob.ve
127.0.0.1	www.rhnp.org
127.0.0.1	173.214.178.24
127.0.0.1	bit.ly
127.0.0.1	www.axisengneering.com
127.0.0.1	www.positive-eft.com
127.0.0.1	hw0vrcfmu0fpd.com
127.0.0.1	www.art3c.com.tw
127.0.0.1	www.kielkoppfest.harzwinter.net
127.0.0.1	www.battle.net-account.asxp.cn.com
127.0.0.1	mgstrategiesstudio.com
127.0.0.1	www.paypal.com.p2jdb5zb17llxg1i.0243cn71m8gjun1.com
127.0.0.1	paypal.com.update.account.toughbook.cl
127.0.0.1	www.lappen-123.no
127.0.0.1	www.paypal-update.visitasgratis.info
127.0.0.1	stromarket.ru
127.0.0.1	www.ocevap.com

There are 63 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {019E612F-B8F3-415B-8EAD-4AC47C01275C} - System32\Tasks\{E00C48C4-87C3-49CA-B00D-268CB9C644A1} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Datel\Action Replay Code Manager\ActionReplayCodeManager.exe"
Task: {10332AD8-1A6D-48A3-8E38-E346CACF7EE3} - \7842eb70 No Task File <==== ATTENTION
Task: {11530222-9822-4EAA-BFB9-5925E06C72A3} - \d88be1c No Task File <==== ATTENTION
Task: {1328961F-FE69-4320-8EF1-1269ED486E7E} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-6 => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-novainstaller.exe <==== ATTENTION
Task: {1A01F8A6-86EA-4569-BA32-608D06521C06} - \ceb89d40 No Task File <==== ATTENTION
Task: {1CC0017D-A4BA-4373-BC62-1C80719E4D4A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {22C6D372-FC50-4519-B5C5-A2B56F42B3C2} - \7a3ef47c No Task File <==== ATTENTION
Task: {2F4D318B-F369-4C98-B304-F5A8E18C93A2} - \ace63bf0 No Task File <==== ATTENTION
Task: {323FDAEF-12A7-4C6E-B6B8-1EFEA42F5001} - \b0e63a68 No Task File <==== ATTENTION
Task: {34C690D4-20C4-4ABC-8BA0-AF2364492543} - \becf0200 No Task File <==== ATTENTION
Task: {42F4DE03-5E7C-445A-9867-C04F63F31EE6} - \ad3af7c8 No Task File <==== ATTENTION
Task: {4913859C-17B0-4960-BE76-779215D91849} - \4c86bc0c No Task File <==== ATTENTION
Task: {4B6023C5-EDD2-4C66-831F-48FFEE52CACE} - \b1538c78 No Task File <==== ATTENTION
Task: {4FACD718-1A45-4290-A96F-0B663F59C4C4} - System32\Tasks\45026eb0 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4076733968.exe <==== ATTENTION
Task: {53CECBCA-C046-4232-8759-2BAA40B79C4B} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3 => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3.exe <==== ATTENTION
Task: {56CDA0D3-78A0-421E-ABB9-418C91501505} - \df070e80 No Task File <==== ATTENTION
Task: {5A46ACF8-4B69-4FE3-8BAE-EE0CC0BCEE56} - \b6f52770 No Task File <==== ATTENTION
Task: {5E6792EE-0A3D-46FB-AE22-EA8F8E5C503D} - \16d25320 No Task File <==== ATTENTION
Task: {6B115181-745C-4D10-A3DB-F3D04CB0490A} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5 => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5.exe <==== ATTENTION
Task: {71D6D7F1-71D0-43DB-A988-CF9201EA9BC8} - \575739e8 No Task File <==== ATTENTION
Task: {72CD3727-88FB-405C-94BB-23E4FE3FE617} - \ddd72840 No Task File <==== ATTENTION
Task: {7A4DF1FF-FD15-4061-A24A-F4F6148ADED8} - \a2002928 No Task File <==== ATTENTION
Task: {7AA01F0B-5604-4EF7-B09F-63AEB007B3A2} - \54da9420 No Task File <==== ATTENTION
Task: {7ECFCA4D-5ACA-44D4-9333-0D19E24A5AA5} - System32\Tasks\f5f36f24 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4059328268.exe <==== ATTENTION
Task: {88BAC989-1324-4B59-9C75-54BE7B9646F6} - \9ea26a9c No Task File <==== ATTENTION
Task: {8A16775E-A772-4A3D-8F7E-45627DF4CB08} - \c039b47c No Task File <==== ATTENTION
Task: {8B268604-D0B2-477C-BE61-BA0AEB68A949} - System32\Tasks\{26F5BD3E-F422-4FAA-9FD1-D56CAAF3AD57} => pcalua.exe -a "C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe"
Task: {8F8B76FF-C32A-489C-8559-E479D0EDAE09} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2 => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2.exe <==== ATTENTION
Task: {92DA3894-AF54-4C1A-ABC4-E562DE68330D} - \da240da0 No Task File <==== ATTENTION
Task: {A03FF811-E18E-48D3-8B7E-A45553F7B140} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {A62CF9AE-CEB2-4475-9CDB-4C7A0B76883B} - System32\Tasks\{335CA652-06A0-4C90-B11F-106466CCE734} => pcalua.exe -a "C:\Users\***** *****\Desktop\setup.exe" -d "C:\Users\***** *****\Desktop"
Task: {A8243FDB-E6E0-4DA9-A7D4-F2704FF53571} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-7 => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-nova.exe <==== ATTENTION
Task: {A82B83D3-41D0-46F1-B5EE-DD6B6C1B6931} - \e8bd60 No Task File <==== ATTENTION
Task: {B2FF72F8-2491-489D-9EB0-C60DEAC65581} - \da4afbb0 No Task File <==== ATTENTION
Task: {BE2E2CB0-4E3D-4BE2-833D-BB08C64D8E6B} - System32\Tasks\e8d3af80 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3906187136.exe <==== ATTENTION
Task: {BFD675EC-58D8-4F98-993C-9B1D2E1E9FAB} - \6bdc3698 No Task File <==== ATTENTION
Task: {C90047E2-DAF4-4EF1-8628-13D8DBD4DCCA} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [2014-12-11] (Avira Operations GmbH & Co. KG)
Task: {CA5E6FDD-DEE3-472B-A779-DC221523F209} - System32\Tasks\{A36728D1-C91B-49A3-8728-BABA5743CED5} => pcalua.exe -a "D:\Sonstiges\European Code Manager PC software\Setup.exe" -d "D:\Sonstiges\European Code Manager PC software"
Task: {D3F11C58-6191-4441-B9CD-A3DD00302089} - System32\Tasks\{44221F18-D3DE-4777-9286-F3A22E0BBC24} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {D62FF945-FED7-4B79-98E9-7D1E6254F800} - \889d9f2c No Task File <==== ATTENTION
Task: {D942E5D6-9803-4E79-80BD-6A7E5740D353} - \11015950 No Task File <==== ATTENTION
Task: {DB6F1920-AE35-413F-9EB4-EBC2A3D9C97D} - System32\Tasks\f409e070 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3021004544.exe <==== ATTENTION
Task: {E14534E0-FB7A-41FA-86E1-CA8FD695F3E7} - System32\Tasks\ff3efb40 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup2275163168.exe <==== ATTENTION
Task: {EA27474F-86DD-43D8-A893-780467D1161C} - System32\Tasks\{2BF3C3A4-A032-46D5-8E6C-20C23974797E} => c:\program files\opera\opera.exe [2014-04-27] (Opera Software)
Task: {EDDD8E7E-DF80-4F61-BD60-E82B6AFD3738} - \13d83880 No Task File <==== ATTENTION
Task: {EF8B3455-FBD6-4ACF-A646-6BE89587B4F8} - \517999a8 No Task File <==== ATTENTION
Task: {EF961023-A4AB-4ACC-BC3D-B1DB17149720} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-05-15] (Samsung Electronics Co., Ltd.)
Task: {F41A82C7-C7BF-44D8-A7D7-8345F924F450} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-1 => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-codedownloader.exe <==== ATTENTION
Task: {F514247D-FC72-4E10-99A0-DBBE91B7BE72} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2008-12-03] ()
Task: {FDCB7367-5FAC-4BB6-98CF-D8136710CCA7} - System32\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4 => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-1.job => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2.job => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3.job => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4.job => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5.job => C:\Program Files\PlusSHD-9.9\afdac15d-7bd5-405d-9a08-c67ddb3e609a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-6.job => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-novainstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\afdac15d-7bd5-405d-9a08-c67ddb3e609a-7.job => C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-nova.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-08-19 21:09 - 2010-06-17 20:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2009-09-01 05:31 - 2009-09-01 05:31 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-08 13:30 - 2015-01-12 13:55 - 00091304 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2010-11-21 02:20 - 2009-12-12 15:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-11-21 02:01 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\***** *****\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-21 10:23 - 2015-01-21 10:23 - 00043008 _____ () c:\Users\***** *****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxgeqzy.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\***** *****\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\***** *****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\***** *****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-08 13:30 - 2015-01-08 21:51 - 51252392 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-08 13:31 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-08 13:31 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-08 13:31 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-08 13:31 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
2015-01-17 12:12 - 2015-01-17 12:13 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-15 12:28 - 2015-01-15 12:28 - 16844464 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2508884068-3804397540-1067786986-500 - Administrator - Disabled)
***** ***** (S-1-5-21-2508884068-3804397540-1067786986-1000 - Administrator - Enabled) => C:\Users\***** *****
Gast (S-1-5-21-2508884068-3804397540-1067786986-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2508884068-3804397540-1067786986-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2015 03:49:05 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (01/20/2015 02:24:07 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (01/20/2015 08:51:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0xfbc
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/20/2015 08:51:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x588
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/20/2015 08:18:02 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (01/19/2015 11:33:28 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (01/19/2015 11:25:14 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (01/19/2015 11:24:36 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (01/19/2015 09:32:40 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.SetupChannel()
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.DoConfiguration(String filename, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (01/19/2015 05:45:50 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"


System errors:
=============
Error: (01/21/2015 10:23:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
netfilter2

Error: (01/21/2015 10:22:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "OO SSD Migration Kit" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/21/2015 10:22:38 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/21/2015 10:22:38 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/20/2015 06:24:40 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (01/20/2015 06:07:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.

Error: (01/20/2015 06:07:39 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (01/20/2015 05:39:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
netfilter2

Error: (01/20/2015 05:39:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "OO SSD Migration Kit" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/20/2015 05:39:35 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-01-20 18:10:24.050
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-14 12:05:07.496
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-13 21:48:54.378
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-13 20:44:39.625
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-13 20:12:56.550
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-13 20:01:59.492
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-12 17:27:42.457
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 10:11:24.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-07 13:47:45.441
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 14:23:55.627
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 85%
Total physical RAM: 3036.61 MB
Available physical RAM: 451.7 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 2482.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:142.09 GB) (Free:46.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:96.38 GB) (Free:10.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: 91AC48D6)
Partition 1: (Active) - (Size=142.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=96.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
zu guter Letzt der GMER:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-21 11:13:58
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SanDisk_ rev.X231 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\DAVIDE~1\AppData\Local\Temp\pxldapod.sys


---- System - GMER 2.1 ----

SSDT    8EBEEAE6                                                                                         ZwCreateSection
SSDT    8EBEEAF0                                                                                         ZwRequestWaitReplyPort
SSDT    8EBEEAEB                                                                                         ZwSetContextThread
SSDT    8EBEEAF5                                                                                         ZwSetSecurityObject
SSDT    8EBEEAFA                                                                                         ZwSystemDebugControl
SSDT    8EBEEA87                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text   ntoskrnl.exe!ZwRequestWaitReplyPort + 14B9                                                       83075A15 1 Byte  [06]
.text   ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                           83095662 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text   ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                              8309CC04 4 Bytes  JMP B5DB8EBE 
.text   ntoskrnl.exe!KeRemoveQueueEx + 185F                                                              8309CFA4 4 Bytes  [EB, EA, BE, 8E]
.text   ntoskrnl.exe!KeRemoveQueueEx + 18DB                                                              8309D020 4 Bytes  JMP A57B8EBE 
.text   ntoskrnl.exe!KeRemoveQueueEx + 192F                                                              8309D074 4 Bytes  [FA, EA, BE, 8E]
.text   ntoskrnl.exe!KeRemoveQueueEx + 1937                                                              8309D07C 4 Bytes  [87, EA, BE, 8E]
.text   C:\Windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x99810000, 0x2D5378, 0xE8000020]

---- Devices - GMER 2.1 ----

Device  \Driver\DFInjDrv \Device\DFInjDrv                                                                DFInjDrv32.sys
Device  \Driver\BTHUSB \Device\00000078                                                                  bthport.sys
Device  \Driver\BTHUSB \Device\0000007a                                                                  bthport.sys

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eb087d7                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00265eb087d7@204208300125         0x6C 0x8B 0x35 0x0F ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eb087d7 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00265eb087d7@204208300125             0x6C 0x8B 0x35 0x0F ...
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                            
Reg     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSMK01.00.00.01PRO                        9E60C89BEF73DE1A9B461DAA54F4C473B0E5D69592F026DB212D770A859D141B24C989AEF57D7D71D7BBE9B5D49F83144F3A31C114A5E2F7AC5D9719881869EDCAA3782B5A14FB92F83DDF678842AD86C2B5A95BFB9F657DCDD92F2F2A949699C27E85E4455E861AC810CCEC81C69ED38BF2908E6531DB835FB1AF96AE69BC61DF80636143564C19B28D47AC33ED38FBD11F7BBBCC7DF614DF87514C3DBF7BFC186189DC45CC0214C9A226BD784B5FEE5D7EC3F716FDEB2F72130C82E116FB990AEB33441F62DD84C1CF84698F467B149C65060B867EF6C75E201F9D8A3D66D57481DE3A89901DD6F32CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407A6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC79335452DA3813582173E45B3B30BAACFBD408B789F6BBEDA54EEA85030A76E9FDFA070A4167A667BB88E1F56BEBA85A5F4D5D7979975062C52912A8070C528E3B31C32F366B3601AAB459D8A1FD5FD8D58BEF615EA9A37021B5F7190D4071676ED0625F811084000552E1DD6FD2B24C0F9AB826B1E0382BA1D6920E173EA7135B31FBEA4C72D9AE87CCD713C7AC7A4C611D72B2D0439896D682226D8C74CFA368BB6F582884004E91A3583C05259267C3481FA67DAD4FAF6FC326D437A1C6A121705E61088BC49
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active               
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@8EF953EE      2024

---- EOF - GMER 2.1 ----
         
Ich bedanke mich bereits im Vorfeld für die Hilfe, denn dies ist die einzige Seite bei der ich eine vernünftige Lösung für mein Problem hoffe zu finden.

Gruß

David

P.S.: In den Logs habe ich, falls Vor- und Nachname zusammen vorkamen beides durch '***** *****' ersetzt.

Alt 21.01.2015, 12:02   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 21.01.2015, 12:16   #3
Shir0hige
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



Hallo und Danke für die schnelle Antwort.

Nein ich habe leider keine anderen Logs, da ich nur Avira drauf habe und damit, nach eurer Anleitung, versucht habe die Logs zu exportieren, was aber irgendwie nicht gemacht wurde.
__________________

Alt 21.01.2015, 12:36   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



Dann schau doch nach ob Avira was gefunden hat und wenn ja diese Zeilen notieren und hier posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.01.2015, 12:45   #5
Shir0hige
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



Mein Problem ist das ich zwar bei Avira den Teil finde mit den 'Funden' aber nicht genau weiß was passiert wenn ich auf exportieren drücke oder wie ich das dann hier her bekomme, sodass ich es dir zeigen kann. Ich kann dir hier die einzelnen Funde reinkopieren, weiß aber nicht, ob dass das ist was du brauchst.

Code:
ATTFilter
In der Datei 'C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\wkscli.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.118120' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
         
Code:
ATTFilter
In der Datei 'C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\wkscli.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.118120' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
         
Code:
ATTFilter
Die Datei 'C:\Users\David Engel\AppData\Roaming\Security System 2\uninstaller.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/AgentCV.A.9121' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51986267.qua' verschoben!
         
Code:
ATTFilter
Die Datei 'C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{BE3E4190-72AB-EA8B-E208-F8475DD24312}-7024639.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '492b4dec.qua' verschoben!
         
Code:
ATTFilter
Die Datei 'C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{BE3E4190-72AB-EA8B-E208-F8475DD24312}-7024639.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '492b4dec.qua' verschoben!
         
Code:
ATTFilter
Die Datei 'C:\Users\David Engel\AppData\Roaming\BupSystem\bup.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/AgentCV.A.3743' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1b2d5ec1.qua' verschoben!
         


Alt 21.01.2015, 13:02   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



Dann jetzt Avira deinstallieren. Du hast nämlich schon MSE installiert und zwei Virenscanner parallel sollte man niemals fahren. Sag Bescheid wenn runter ist.
__________________
--> Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung

Alt 21.01.2015, 13:10   #7
Shir0hige
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



Avira ist deinstalliert.

Alt 21.01.2015, 13:25   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



Dann jetzt MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.01.2015, 18:16   #9
Shir0hige
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



Hab ich gemacht. Beim ersten Scan hat sich der Pc aufgehängt. nach dem Neustart liefen aber sowohl Scan als auch CleanUp problemlos. Hab danach nochmal nen Scan laufen lassen und poste beide Logs

1.:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.01.21.07
  rootkit: v2015.01.14.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
David Engel :: DAVID [administrator]

21.01.2015 17:27:10
mbar-log-2015-01-21 (17-27-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 311736
Time elapsed: 12 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\SOFTWARE\Cerberus (Backdoor.Trace) -> Delete on reboot. [44c7e5152f5a52e430741811e02423dd]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\David Engel\M-1-74-6482-7942-8945 (Trojan.Agent.Gen) -> Delete on reboot. [f8137783ef9aaa8c73095edd659ebc44]

Files Detected: 5
C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [06a6ee2ce32f5a6805489ef56f0e96c3]
C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [cc8ff7d676ce6d84af98bd099cabc971]
C:\Windows\System32\drivers\etc\hosts (Hijack.Host) -> Bad: (127.0.0.1	173.214.178.24) Good: () -> Replace on reboot. [ac5f47b3672277bf150f35a418ed768a]
C:\Windows\System32\drivers\etc\hosts (Hijack.Host) -> Bad: (127.0.0.1	192.185.97.25) Good: () -> Replace on reboot. [df2c48b2e6a391a5ea3b4d8c37ce7f81]
C:\Windows\System32\drivers\etc\hosts (Hijack.Host) -> Bad: (127.0.0.1	82.98.147.80) Good: () -> Replace on reboot. [709b46b475143303be68ac2da0659e62]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
2.:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.01.21.07
  rootkit: v2015.01.14.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
David Engel :: DAVID [administrator]

21.01.2015 18:03:46
mbar-log-2015-01-21 (18-03-46).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 311778
Time elapsed: 9 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Hab den PC dazwischen nochmal neu gestartet (nach dem 2. Scan) und da war der Prozess compatibilitycheck.exe weg und es lief alles wieder normal schnell. Jetzt ist er aber wieder da

Alt 21.01.2015, 19:44   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.01.2015, 20:23   #11
Shir0hige
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



adwcleaner:

Code:
ATTFilter
# AdwCleaner v4.108 - Bericht erstellt am 21/01/2015 um 19:52:13
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-18.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : David Engel - DAVID
# Gestartet von : C:\Users\David Engel\Desktop\AdwCleaner_4.108.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : netfilter
[#] Dienst Gelöscht : {9d5747ee-0448-4681-8337-1555de75a3b6}Gw
[#] Dienst Gelöscht : {9d5747ee-0448-4681-8337-1555de75a3b6}w

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Program Files\IminentToolbar
Ordner Gelöscht : C:\Program Files\SupraSavings
Ordner Gelöscht : C:\Program Files\CouponArific
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\genienext
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\NativeMessaging
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\TBHostSupport
Ordner Gelöscht : C:\Users\David Engel\AppData\Local\Webinternetsecurity
Ordner Gelöscht : C:\Users\David Engel\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\David Engel\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\BupSystem
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\IminentToolbar
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\newnext.me
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\SearchProtect
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\Security System 2
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\SeeSimilar
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\David Engel\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\David Engel\Documents\Mobogenie
Datei Gelöscht : C:\Windows\system32\drivers\netfilter.sys
Datei Gelöscht : C:\Users\David Engel\daemonprocess.txt
Datei Gelöscht : C:\Users\David Engel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
Datei Gelöscht : C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\searchplugins\dsrlte.xml

***** [ Tasks ] *****

Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-1
Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-2
Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-3
Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-4
Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-5
Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-6
Task Gelöscht : afdac15d-7bd5-405d-9a08-c67ddb3e609a-7

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [SeeSimilar@SeeSimilar.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [SeeSimilar@SeeSimilar.com]
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3312329
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{114DB5FA-0AFB-BB92-A75B-F44D3CE875CD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{772CA233-EF58-4C12-BD53-408EFC32E247}
Schlüssel Gelöscht : HKCU\Software\ClickConnect
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\sizlsearch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Supra Savings
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : HKLM\SOFTWARE\Supra Savings
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\couponarific
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ams1.ib.adnxs.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\de.yhs4.search.yahoo.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dsrlte.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fra1.ib.adnxs.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ib.adnxs.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nym1.ib.adnxs.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\rts.dsrlte.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovigo.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.trovigo.com

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v35.0 (x86 de)

[gf77mrzk.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "146dd855a775bb5a8ed29b2549d1eba8");

*************************

AdwCleaner[R0].txt - [10610 octets] - [21/01/2015 19:50:19]
AdwCleaner[S0].txt - [10359 octets] - [21/01/2015 19:52:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10420 octets] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by David Engel on 21.01.2015 at 20:00:12,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] netfilter 
Successfully deleted: [Service] netfilter 



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{0AB4AAFB-F576-4D16-ACC6-571BD39AEEC4}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{1094E40E-BF2A-4BF9-AAE3-F5414638231F}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{140381EA-1C9E-4CBC-89C0-E936BDBEE208}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{14B336DC-7F90-4404-8242-759A8F5AFB2D}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{291DA5B7-92EC-4687-B502-A2C170E151C8}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{38F95AD1-4D77-4B9A-A03F-F9B945EA342A}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{540AD25D-93EF-47D9-A4B8-E38B126E240B}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{591FDDDA-3B4D-40DA-8486-8971532DAAB7}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{63F5C932-CE02-4120-BA0A-D1F7A03E8B63}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{846736A7-F795-4628-9C97-CBFDF4552FFE}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{CA807143-0586-46D7-A783-F6CDB90C32F1}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{CEC67E50-BAF0-48FA-BD86-0323E8D94E4D}
Successfully deleted: [Empty Folder] C:\Users\David Engel\appdata\local\{F8AEFE3A-7B04-4480-B866-0913D126C3C9}



~~~ FireFox

Emptied folder: C:\Users\David Engel\AppData\Roaming\mozilla\firefox\profiles\gf77mrzk.default\minidumps [77 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2015 at 20:16:07,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by David Engel (administrator) on DAVID on 21-01-2015 20:17:38
Running from C:\Users\David Engel\Desktop
Loaded Profiles: David Engel (Available profiles: David Engel)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(T-Systems International GmbH) C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Spotify Ltd) C:\Users\David Engel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\David Engel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [T-Home Dialerschutz-Software] => C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe [1411720 2010-03-29] (T-Systems International GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6814240 2009-02-13] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [RocketDock] => "C:\Program Files\RocketDock\RocketDock.exe"
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Run: [Spotify Web Helper] => C:\Users\David Engel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {7b16325e-30b4-11e1-9eb1-00265eb087d7} - F:\Autorun.exe
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {8052ec9d-f8b4-11df-8b29-00265eb087d7} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\MountPoints2: {8d6e4b71-f4d4-11df-9935-806e6f6e6963} - E:\AutoRun.exe
Startup: C:\Users\David Engel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {241EC647-646E-4DDF-9263-2F5111F019F6} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000 -> {34AEBC21-74EA-4AF2-9473-630C7A0F5BB7} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{58A12B80-1895-4C95-9F28-3D8660E0C185}: [NameServer] 223.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: 
FF NetworkProxy: "autoconfig_url", "data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gaXNZb3VUdWJlVmlkZW8odXJsKXsgcmV0dXJuIG5ldyBSZWdFeHAoIl4oPzpodHRwfGh0dHBzKTpcXC9cXC8oPzouKikoPzouZ29vZ2xldmlkZW8uY29tfC5jLnlvdXR1YmUuY29tKSg/Oi4qKVxcL3ZpZGVvcGxheWJhY2soPzouKikoPzpnY3I9dXN8XFwvZ2NyXFwvdXNcXC8pKD86LiopJCIsJ2knKS50ZXN0KHVybCk7fWZ1bmN0aW9uIGlzWW91VHViZVZpZGVvUGFnZSh1cmwsIGhvc3QsIHZpZHVybCkgeyByZXR1cm4gaG9zdC5pbmRleE9mKCd5b3V0dWJlLmNvbScpICE9IC0xICYmIHVybC5pbmRleE9mKHZpZHVybCkgIT0gLTE7fWZ1bmN0aW9uIEZpbmRQcm94eUZvclVSTCh1cmwsIGhvc3QpIHtpZihpc1lvdVR1YmVWaWRlbyh1cmwpICB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj0wQ0t3N2t1SWxWcyZpbmRleD0xNSZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj13UGJITmtLYnprNCZpbmRleD0xNiZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSB8fCBpc1lvdVR1YmVWaWRlb1BhZ2UodXJsLCBob3N0LCAnaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj04bF9CN1NMWjZ5MCZpbmRleD0xNyZsaXN0PVBMN1d6MEdjNER0UHVZa1hrZTlpLVFwY1lWOVowWjdSQmUnKSl7IHJldHVybiAnUFJPWFkgMjA5LjIzOS4xMTQuMTAwOjMxMzEnO31lbHNleyByZXR1cm4gJ0RJUkVDVCc7fX0="
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2508884068-3804397540-1067786986-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David Engel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2508884068-3804397540-1067786986-1000: electronicarts.com/GameFacePlugin -> C:\Users\David Engel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Extension: Avira Browser Safety - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\abs@avira.com [2015-01-20]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-09]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-09]
FF Extension: MEGA - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\firefox@mega.co.nz.xpi [2014-12-23]
FF Extension: ProxTube - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\info@convert2mp3.net.xpi [2014-06-22]
FF Extension: NoScript - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-09]
FF Extension: Flash Block - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2014-12-09]
FF Extension: Adblock Plus - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-22]
FF Extension: Adblock Edge - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-12-09]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\David Engel\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-30]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 CouponarificService; C:\Program Files\0892CCEA-3029-46F2-BD98-F3177431F5F8\xtloowpkjv.exe [161280 2014-11-19] () [File not signed]
R2 DFSVC; C:\Program Files\T-Home\Dialerschutz-Software\DFInject.exe [288768 2009-10-21] (T-Systems International GmbH) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2011-05-16] (Microsoft Corporation) [File not signed]
R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 OO SSD Migration Kit; "C:\Program Files\OO Software\SSD Migration Kit\oosmkag.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 DFSYS; C:\Program Files\T-Home\Dialerschutz-Software\DFSYS.SYS [14624 2009-10-15] (T-Systems International GmbH)
S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [29184 2007-02-08] (Thesycon GmbH, Germany)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-08-12] (SAMSUNG ELECTRONICS CO., LTD.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [82648 2015-01-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKslb5c991d7; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{175C28DB-FB44-4E1F-BB75-A33BF1418175}\MpKslb5c991d7.sys [39464 2015-01-21] (Microsoft Corporation)
R3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [238464 2008-11-21] (Vimicro Corporation)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Migrate OS to SSD 4.0\program\BioNTDrv.SYS [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 20:16 - 2015-01-21 20:16 - 00002620 _____ () C:\Users\David Engel\Desktop\JRT.txt
2015-01-21 20:00 - 2015-01-21 20:00 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 19:59 - 2015-01-21 19:59 - 01707939 _____ (Thisisu) C:\Users\David Engel\Desktop\JRT.exe
2015-01-21 19:54 - 2015-01-21 19:54 - 00000000 ____D () C:\Program Files\Couponarific
2015-01-21 19:50 - 2015-01-21 19:52 - 00000000 ____D () C:\AdwCleaner
2015-01-21 19:49 - 2015-01-21 19:49 - 02186752 _____ () C:\Users\David Engel\Desktop\AdwCleaner_4.108.exe
2015-01-21 16:53 - 2015-01-21 18:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-21 16:53 - 2015-01-21 18:03 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 16:53 - 2015-01-21 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-21 16:52 - 2015-01-21 16:52 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 16:51 - 2015-01-21 18:13 - 00000000 ____D () C:\Users\David Engel\Desktop\mbar
2015-01-21 16:47 - 2015-01-21 19:53 - 00001316 _____ () C:\Windows\PFRO.log
2015-01-21 13:29 - 2015-01-21 13:29 - 16466552 _____ (Malwarebytes Corp.) C:\Users\David Engel\Desktop\mbar-1.08.3.1004.exe
2015-01-21 12:00 - 2015-01-21 12:00 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-01-21 11:13 - 2015-01-21 11:13 - 00004734 _____ () C:\Users\David Engel\Desktop\Gmer.log
2015-01-21 11:00 - 2015-01-21 11:00 - 00380416 _____ () C:\Users\David Engel\Desktop\Gmer-19357.exe
2015-01-21 10:54 - 2015-01-21 11:23 - 00049935 _____ () C:\Users\David Engel\Desktop\Addition.txt
2015-01-21 10:52 - 2015-01-21 20:17 - 00015423 _____ () C:\Users\David Engel\Desktop\FRST.txt
2015-01-21 10:52 - 2015-01-21 20:17 - 00000000 ____D () C:\FRST
2015-01-21 10:51 - 2015-01-21 10:51 - 01118208 _____ (Farbar) C:\Users\David Engel\Desktop\FRST.exe
2015-01-21 10:49 - 2015-01-21 11:21 - 00000486 _____ () C:\Users\David Engel\Desktop\defogger_disable.log
2015-01-21 10:49 - 2015-01-21 10:49 - 00000000 _____ () C:\Users\David Engel\defogger_reenable
2015-01-21 10:47 - 2015-01-21 10:47 - 00050477 _____ () C:\Users\David Engel\Desktop\Defogger.exe
2015-01-21 10:22 - 2015-01-21 19:53 - 00000392 _____ () C:\Windows\setupact.log
2015-01-21 10:22 - 2015-01-21 10:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-20 17:30 - 2015-01-21 16:47 - 00000000 ____D () C:\Program Files\Avira
2015-01-17 12:12 - 2015-01-17 12:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 12:05 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:05 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 12:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:05 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:05 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 10:41 - 2015-01-21 20:01 - 00000112 _____ () C:\ProgramData\Y4Ki2D2g0.dat
2015-01-11 17:59 - 2015-01-11 17:59 - 00000641 _____ () C:\Users\David Engel\Desktop\Bilder.lnk
2015-01-10 20:21 - 2015-01-10 20:21 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-10 20:21 - 2015-01-10 20:21 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-08 13:32 - 2015-01-21 13:08 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-08 13:30 - 2015-01-21 19:59 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-08 13:30 - 2015-01-21 19:59 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2014-12-25 15:49 - 2014-12-25 15:49 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\EurekaLab s.a.s
2014-12-23 21:17 - 2014-12-23 21:17 - 00000320 _____ () C:\Users\David Engel\Desktop\Magic The Gathering Online .appref-ms
2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast
2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\Users\David Engel\AppData\Local\Wizards of the Coast
2014-12-23 21:17 - 2014-12-23 21:17 - 00000000 ____D () C:\ProgramData\Gibraltar
2014-12-23 21:14 - 2014-12-30 22:43 - 00000000 ____D () C:\Users\David Engel\AppData\Local\Deployment

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 20:02 - 2009-07-14 05:34 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 20:02 - 2009-07-14 05:34 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 20:00 - 2012-07-07 22:42 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\Dropbox
2015-01-21 19:58 - 2010-11-20 19:55 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 19:58 - 2010-11-20 19:36 - 01906315 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 19:53 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 19:52 - 2010-11-20 19:58 - 00000000 ____D () C:\Users\David Engel
2015-01-21 19:49 - 2011-01-01 20:36 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\vlc
2015-01-21 19:28 - 2013-11-04 19:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 17:47 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\addins
2015-01-21 12:33 - 2012-08-02 11:31 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\Spotify
2015-01-21 10:22 - 2009-07-14 05:33 - 00496744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-20 17:52 - 2010-11-20 20:57 - 00155032 _____ () C:\Users\David Engel\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-20 17:10 - 2010-11-21 20:48 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\WD
2015-01-20 17:10 - 2010-11-21 20:48 - 00000000 ____D () C:\Program Files\Common Files\Memeo
2015-01-19 22:16 - 2011-07-31 12:54 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-19 19:25 - 2012-08-02 11:31 - 00000000 ____D () C:\Users\David Engel\AppData\Local\Spotify
2015-01-17 16:27 - 2014-06-22 13:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-15 14:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-15 12:28 - 2012-03-30 13:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-15 12:28 - 2011-05-20 05:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 13:14 - 2013-08-15 15:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:10 - 2010-11-20 21:57 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 18:25 - 2010-12-11 19:19 - 00000000 ____D () C:\Program Files\Magic Workstation
2015-01-12 18:24 - 2010-11-20 21:27 - 00000000 ____D () C:\Program Files\CyberLink
2015-01-12 18:24 - 2010-11-20 20:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-12 18:18 - 2010-11-20 21:26 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-12 18:10 - 2010-12-03 22:03 - 00000000 ____D () C:\Users\David Engel\AppData\Roaming\CyberLink
2015-01-11 18:21 - 2010-12-28 14:37 - 00000000 ____D () C:\Users\David Engel\AppData\Local\Google
2015-01-11 18:21 - 2010-12-28 14:37 - 00000000 ____D () C:\Program Files\Google
2015-01-09 10:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-31 12:13 - 2010-11-20 20:24 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-25 14:42 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-23 21:14 - 2011-01-27 20:43 - 00000000 ____D () C:\Users\David Engel\AppData\Local\Apps\2.0

==================== Files in the root of some directories =======
2011-08-31 16:21 - 2011-09-04 19:09 - 0000000 ____H () C:\Users\David Engel\AppData\Roaming\windrvconfig.txt
2011-11-19 20:02 - 2011-11-26 16:50 - 0010240 _____ () C:\Users\David Engel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-21 14:01 - 2014-05-21 14:01 - 0301496 _____ (VuuPC Limited) C:\Users\David Engel\AppData\Local\nsr324A.tmp
2011-07-21 23:24 - 2011-07-21 23:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-08-26 21:06 - 2011-08-27 13:32 - 0007246 _____ () C:\ProgramData\hpzinstall.log
2015-01-13 10:41 - 2015-01-21 20:01 - 0000112 _____ () C:\ProgramData\Y4Ki2D2g0.dat

Files to move or delete:
====================
C:\ProgramData\Y4Ki2D2g0.dat
C:\Users\David Engel\MTGOinstall.exe


Some content of TEMP:
====================
C:\Users\David Engel\AppData\Local\Temp\avgnt.exe
C:\Users\David Engel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyotk9h.dll
C:\Users\David Engel\AppData\Local\Temp\ose00000.exe
C:\Users\David Engel\AppData\Local\Temp\Quarantine.exe
C:\Users\David Engel\AppData\Local\Temp\sqlite3.dll
C:\Users\David Engel\AppData\Local\Temp\_isC6DA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 21:02

==================== End Of Log ============================
         
--- --- ---

Alt 21.01.2015, 20:25   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.01.2015, 20:30   #13
Shir0hige
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



hier noch die addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by David Engel at 2015-01-21 20:28:33
Running from C:\Users\David Engel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.3 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Free Video to iPhone Converter version 3.2.12 (HKLM\...\Free Video to iPhone Converter_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube Download version 3.1.37.918 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic The Gathering Online  (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\35c9d60442fbb010) (Version: 3.4.83.467 - Wizards of the Coast)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5791 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.8 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
Spotify (HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
T-Home Dialerschutz-Software (HKLM\...\{E8C5BD56-F5D8-41D3-8A71-273468FE256A}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD Discovery Software (HKLM\...\{324F388E-4F28-42D6-ADD1-9AB27D249523}) (Version: 1.70 - Western Digital)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\David Engel\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{CBD32ACD-3033-5DC4-AF3E-A32955785032}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2508884068-3804397540-1067786986-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David Engel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

18-01-2015 13:12:32 Windows Update
20-01-2015 17:43:26 Avira System Speedup 1.5
21-01-2015 17:45:37 Malwarebytes Anti-Rootkit Restore Point
21-01-2015 18:22:54 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {019E612F-B8F3-415B-8EAD-4AC47C01275C} - System32\Tasks\{E00C48C4-87C3-49CA-B00D-268CB9C644A1} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Datel\Action Replay Code Manager\ActionReplayCodeManager.exe"
Task: {10332AD8-1A6D-48A3-8E38-E346CACF7EE3} - \7842eb70 No Task File <==== ATTENTION
Task: {11530222-9822-4EAA-BFB9-5925E06C72A3} - \d88be1c No Task File <==== ATTENTION
Task: {1A01F8A6-86EA-4569-BA32-608D06521C06} - \ceb89d40 No Task File <==== ATTENTION
Task: {1CC0017D-A4BA-4373-BC62-1C80719E4D4A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {22C6D372-FC50-4519-B5C5-A2B56F42B3C2} - \7a3ef47c No Task File <==== ATTENTION
Task: {2F4D318B-F369-4C98-B304-F5A8E18C93A2} - \ace63bf0 No Task File <==== ATTENTION
Task: {323FDAEF-12A7-4C6E-B6B8-1EFEA42F5001} - \b0e63a68 No Task File <==== ATTENTION
Task: {34C690D4-20C4-4ABC-8BA0-AF2364492543} - \becf0200 No Task File <==== ATTENTION
Task: {42F4DE03-5E7C-445A-9867-C04F63F31EE6} - \ad3af7c8 No Task File <==== ATTENTION
Task: {4913859C-17B0-4960-BE76-779215D91849} - \4c86bc0c No Task File <==== ATTENTION
Task: {4B6023C5-EDD2-4C66-831F-48FFEE52CACE} - \b1538c78 No Task File <==== ATTENTION
Task: {4FACD718-1A45-4290-A96F-0B663F59C4C4} - System32\Tasks\45026eb0 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4076733968.exe <==== ATTENTION
Task: {56CDA0D3-78A0-421E-ABB9-418C91501505} - \df070e80 No Task File <==== ATTENTION
Task: {5A46ACF8-4B69-4FE3-8BAE-EE0CC0BCEE56} - \b6f52770 No Task File <==== ATTENTION
Task: {5E6792EE-0A3D-46FB-AE22-EA8F8E5C503D} - \16d25320 No Task File <==== ATTENTION
Task: {71D6D7F1-71D0-43DB-A988-CF9201EA9BC8} - \575739e8 No Task File <==== ATTENTION
Task: {72CD3727-88FB-405C-94BB-23E4FE3FE617} - \ddd72840 No Task File <==== ATTENTION
Task: {7A4DF1FF-FD15-4061-A24A-F4F6148ADED8} - \a2002928 No Task File <==== ATTENTION
Task: {7AA01F0B-5604-4EF7-B09F-63AEB007B3A2} - \54da9420 No Task File <==== ATTENTION
Task: {7ECFCA4D-5ACA-44D4-9333-0D19E24A5AA5} - System32\Tasks\f5f36f24 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4059328268.exe <==== ATTENTION
Task: {88BAC989-1324-4B59-9C75-54BE7B9646F6} - \9ea26a9c No Task File <==== ATTENTION
Task: {8A16775E-A772-4A3D-8F7E-45627DF4CB08} - \c039b47c No Task File <==== ATTENTION
Task: {8B268604-D0B2-477C-BE61-BA0AEB68A949} - System32\Tasks\{26F5BD3E-F422-4FAA-9FD1-D56CAAF3AD57} => pcalua.exe -a "C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe"
Task: {92DA3894-AF54-4C1A-ABC4-E562DE68330D} - \da240da0 No Task File <==== ATTENTION
Task: {A03FF811-E18E-48D3-8B7E-A45553F7B140} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {A62CF9AE-CEB2-4475-9CDB-4C7A0B76883B} - System32\Tasks\{335CA652-06A0-4C90-B11F-106466CCE734} => pcalua.exe -a "C:\Users\David Engel\Desktop\setup.exe" -d "C:\Users\David Engel\Desktop"
Task: {A82B83D3-41D0-46F1-B5EE-DD6B6C1B6931} - \e8bd60 No Task File <==== ATTENTION
Task: {B2FF72F8-2491-489D-9EB0-C60DEAC65581} - \da4afbb0 No Task File <==== ATTENTION
Task: {BE2E2CB0-4E3D-4BE2-833D-BB08C64D8E6B} - System32\Tasks\e8d3af80 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3906187136.exe <==== ATTENTION
Task: {BFD675EC-58D8-4F98-993C-9B1D2E1E9FAB} - \6bdc3698 No Task File <==== ATTENTION
Task: {CA5E6FDD-DEE3-472B-A779-DC221523F209} - System32\Tasks\{A36728D1-C91B-49A3-8728-BABA5743CED5} => pcalua.exe -a "D:\Sonstiges\European Code Manager PC software\Setup.exe" -d "D:\Sonstiges\European Code Manager PC software"
Task: {D3F11C58-6191-4441-B9CD-A3DD00302089} - System32\Tasks\{44221F18-D3DE-4777-9286-F3A22E0BBC24} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {D62FF945-FED7-4B79-98E9-7D1E6254F800} - \889d9f2c No Task File <==== ATTENTION
Task: {D942E5D6-9803-4E79-80BD-6A7E5740D353} - \11015950 No Task File <==== ATTENTION
Task: {DB6F1920-AE35-413F-9EB4-EBC2A3D9C97D} - System32\Tasks\f409e070 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3021004544.exe <==== ATTENTION
Task: {E14534E0-FB7A-41FA-86E1-CA8FD695F3E7} - System32\Tasks\ff3efb40 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup2275163168.exe <==== ATTENTION
Task: {EA27474F-86DD-43D8-A893-780467D1161C} - System32\Tasks\{2BF3C3A4-A032-46D5-8E6C-20C23974797E} => c:\program files\opera\opera.exe [2014-04-27] (Opera Software)
Task: {EDDD8E7E-DF80-4F61-BD60-E82B6AFD3738} - \13d83880 No Task File <==== ATTENTION
Task: {EF8B3455-FBD6-4ACF-A646-6BE89587B4F8} - \517999a8 No Task File <==== ATTENTION
Task: {EF961023-A4AB-4ACC-BC3D-B1DB17149720} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-05-15] (Samsung Electronics Co., Ltd.)
Task: {F514247D-FC72-4E10-99A0-DBBE91B7BE72} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2008-12-03] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-08-19 21:09 - 2010-06-17 20:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2009-09-01 05:31 - 2009-09-01 05:31 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-08 13:30 - 2015-01-12 13:55 - 00091304 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2010-11-21 02:01 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\David Engel\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-21 19:54 - 2015-01-21 19:54 - 00043008 _____ () c:\Users\David Engel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyotk9h.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\David Engel\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\David Engel\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\David Engel\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-08 13:30 - 2015-01-08 21:51 - 51252392 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-08 13:31 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-08 13:31 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-08 13:31 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-08 13:31 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
2010-11-21 02:20 - 2009-12-12 15:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2015-01-17 12:12 - 2015-01-17 12:13 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2508884068-3804397540-1067786986-500 - Administrator - Disabled)
David Engel (S-1-5-21-2508884068-3804397540-1067786986-1000 - Administrator - Enabled) => C:\Users\David Engel
Gast (S-1-5-21-2508884068-3804397540-1067786986-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2508884068-3804397540-1067786986-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-01-21 17:32:07.272
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-20 18:10:24.050
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-14 12:05:07.496
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-13 21:48:54.378
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-13 20:44:39.625
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-13 20:12:56.550
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-13 20:01:59.492
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-12 17:27:42.457
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 10:11:24.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-07 13:47:45.441
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\T-Home\Dialerschutz-Software\df.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 71%
Total physical RAM: 3036.61 MB
Available physical RAM: 869.51 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 3515.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:142.09 GB) (Free:47.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:96.38 GB) (Free:10.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: 91AC48D6)
Partition 1: (Active) - (Size=142.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=96.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 21.01.2015, 20:41   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {10332AD8-1A6D-48A3-8E38-E346CACF7EE3} - \7842eb70 No Task File <==== ATTENTION
Task: {11530222-9822-4EAA-BFB9-5925E06C72A3} - \d88be1c No Task File <==== ATTENTION
Task: {1A01F8A6-86EA-4569-BA32-608D06521C06} - \ceb89d40 No Task File <==== ATTENTION
Task: {22C6D372-FC50-4519-B5C5-A2B56F42B3C2} - \7a3ef47c No Task File <==== ATTENTION
Task: {2F4D318B-F369-4C98-B304-F5A8E18C93A2} - \ace63bf0 No Task File <==== ATTENTION
Task: {323FDAEF-12A7-4C6E-B6B8-1EFEA42F5001} - \b0e63a68 No Task File <==== ATTENTION
Task: {34C690D4-20C4-4ABC-8BA0-AF2364492543} - \becf0200 No Task File <==== ATTENTION
Task: {42F4DE03-5E7C-445A-9867-C04F63F31EE6} - \ad3af7c8 No Task File <==== ATTENTION
Task: {4913859C-17B0-4960-BE76-779215D91849} - \4c86bc0c No Task File <==== ATTENTION
Task: {4B6023C5-EDD2-4C66-831F-48FFEE52CACE} - \b1538c78 No Task File <==== ATTENTION
Task: {4FACD718-1A45-4290-A96F-0B663F59C4C4} - System32\Tasks\45026eb0 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4076733968.exe <==== ATTENTION
Task: {56CDA0D3-78A0-421E-ABB9-418C91501505} - \df070e80 No Task File <==== ATTENTION
Task: {5A46ACF8-4B69-4FE3-8BAE-EE0CC0BCEE56} - \b6f52770 No Task File <==== ATTENTION
Task: {5E6792EE-0A3D-46FB-AE22-EA8F8E5C503D} - \16d25320 No Task File <==== ATTENTION
Task: {71D6D7F1-71D0-43DB-A988-CF9201EA9BC8} - \575739e8 No Task File <==== ATTENTION
Task: {72CD3727-88FB-405C-94BB-23E4FE3FE617} - \ddd72840 No Task File <==== ATTENTION
Task: {7A4DF1FF-FD15-4061-A24A-F4F6148ADED8} - \a2002928 No Task File <==== ATTENTION
Task: {7AA01F0B-5604-4EF7-B09F-63AEB007B3A2} - \54da9420 No Task File <==== ATTENTION
Task: {7ECFCA4D-5ACA-44D4-9333-0D19E24A5AA5} - System32\Tasks\f5f36f24 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4059328268.exe <==== ATTENTION
Task: {88BAC989-1324-4B59-9C75-54BE7B9646F6} - \9ea26a9c No Task File <==== ATTENTION
Task: {8A16775E-A772-4A3D-8F7E-45627DF4CB08} - \c039b47c No Task File <==== ATTENTION
Task: {92DA3894-AF54-4C1A-ABC4-E562DE68330D} - \da240da0 No Task File <==== ATTENTION
Task: {A62CF9AE-CEB2-4475-9CDB-4C7A0B76883B} - System32\Tasks\{335CA652-06A0-4C90-B11F-106466CCE734} => pcalua.exe -a "C:\Users\David Engel\Desktop\setup.exe" -d "C:\Users\David Engel\Desktop"
Task: {A82B83D3-41D0-46F1-B5EE-DD6B6C1B6931} - \e8bd60 No Task File <==== ATTENTION
Task: {B2FF72F8-2491-489D-9EB0-C60DEAC65581} - \da4afbb0 No Task File <==== ATTENTION
Task: {BE2E2CB0-4E3D-4BE2-833D-BB08C64D8E6B} - System32\Tasks\e8d3af80 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3906187136.exe <==== ATTENTION
Task: {BFD675EC-58D8-4F98-993C-9B1D2E1E9FAB} - \6bdc3698 No Task File <==== ATTENTION
Task: {D62FF945-FED7-4B79-98E9-7D1E6254F800} - \889d9f2c No Task File <==== ATTENTION
Task: {D942E5D6-9803-4E79-80BD-6A7E5740D353} - \11015950 No Task File <==== ATTENTION
Task: {DB6F1920-AE35-413F-9EB4-EBC2A3D9C97D} - System32\Tasks\f409e070 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3021004544.exe <==== ATTENTION
Task: {E14534E0-FB7A-41FA-86E1-CA8FD695F3E7} - System32\Tasks\ff3efb40 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup2275163168.exe <==== ATTENTION
Task: {EDDD8E7E-DF80-4F61-BD60-E82B6AFD3738} - \13d83880 No Task File <==== ATTENTION
Task: {EF8B3455-FBD6-4ACF-A646-6BE89587B4F8} - \517999a8 No Task File <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: Avira Browser Safety - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\abs@avira.com [2015-01-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\David Engel\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-30]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
C:\Users\David Engel\AppData\Local\nsr324A.tmp
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
C:\Users\Default\AppData\Roaming\Compatibility Verifier
C:\ProgramData\Y4Ki2D2g0.dat
C:\Users\David Engel\MTGOinstall.exe
C:\Users\David Engel\AppData\Local\Temp\avgnt.exe
C:\Users\David Engel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyotk9h.dll
C:\Users\David Engel\AppData\Local\Temp\ose00000.exe
C:\Users\David Engel\AppData\Local\Temp\Quarantine.exe
C:\Users\David Engel\AppData\Local\Temp\sqlite3.dll
C:\Users\David Engel\AppData\Local\Temp\_isC6DA.exe
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.01.2015, 20:58   #15
Shir0hige
 
Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Standard

Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung



FRST ist beim Fixing leider hängen geblieben und hat nicht mehr reagiert. als ich den Prozess beendet hatte und FRST neu gestartet hab sagte es mir direkt der Fixlog sei fertig.

Ich poste ihn mal:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2015
Ran by David Engel at 2015-01-21 20:44:52 Run:1
Running from C:\Users\David Engel\Desktop
Loaded Profiles: David Engel (Available profiles: David Engel)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {10332AD8-1A6D-48A3-8E38-E346CACF7EE3} - \7842eb70 No Task File <==== ATTENTION
Task: {11530222-9822-4EAA-BFB9-5925E06C72A3} - \d88be1c No Task File <==== ATTENTION
Task: {1A01F8A6-86EA-4569-BA32-608D06521C06} - \ceb89d40 No Task File <==== ATTENTION
Task: {22C6D372-FC50-4519-B5C5-A2B56F42B3C2} - \7a3ef47c No Task File <==== ATTENTION
Task: {2F4D318B-F369-4C98-B304-F5A8E18C93A2} - \ace63bf0 No Task File <==== ATTENTION
Task: {323FDAEF-12A7-4C6E-B6B8-1EFEA42F5001} - \b0e63a68 No Task File <==== ATTENTION
Task: {34C690D4-20C4-4ABC-8BA0-AF2364492543} - \becf0200 No Task File <==== ATTENTION
Task: {42F4DE03-5E7C-445A-9867-C04F63F31EE6} - \ad3af7c8 No Task File <==== ATTENTION
Task: {4913859C-17B0-4960-BE76-779215D91849} - \4c86bc0c No Task File <==== ATTENTION
Task: {4B6023C5-EDD2-4C66-831F-48FFEE52CACE} - \b1538c78 No Task File <==== ATTENTION
Task: {4FACD718-1A45-4290-A96F-0B663F59C4C4} - System32\Tasks\45026eb0 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4076733968.exe <==== ATTENTION
Task: {56CDA0D3-78A0-421E-ABB9-418C91501505} - \df070e80 No Task File <==== ATTENTION
Task: {5A46ACF8-4B69-4FE3-8BAE-EE0CC0BCEE56} - \b6f52770 No Task File <==== ATTENTION
Task: {5E6792EE-0A3D-46FB-AE22-EA8F8E5C503D} - \16d25320 No Task File <==== ATTENTION
Task: {71D6D7F1-71D0-43DB-A988-CF9201EA9BC8} - \575739e8 No Task File <==== ATTENTION
Task: {72CD3727-88FB-405C-94BB-23E4FE3FE617} - \ddd72840 No Task File <==== ATTENTION
Task: {7A4DF1FF-FD15-4061-A24A-F4F6148ADED8} - \a2002928 No Task File <==== ATTENTION
Task: {7AA01F0B-5604-4EF7-B09F-63AEB007B3A2} - \54da9420 No Task File <==== ATTENTION
Task: {7ECFCA4D-5ACA-44D4-9333-0D19E24A5AA5} - System32\Tasks\f5f36f24 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup4059328268.exe <==== ATTENTION
Task: {88BAC989-1324-4B59-9C75-54BE7B9646F6} - \9ea26a9c No Task File <==== ATTENTION
Task: {8A16775E-A772-4A3D-8F7E-45627DF4CB08} - \c039b47c No Task File <==== ATTENTION
Task: {92DA3894-AF54-4C1A-ABC4-E562DE68330D} - \da240da0 No Task File <==== ATTENTION
Task: {A62CF9AE-CEB2-4475-9CDB-4C7A0B76883B} - System32\Tasks\{335CA652-06A0-4C90-B11F-106466CCE734} => pcalua.exe -a "C:\Users\David Engel\Desktop\setup.exe" -d "C:\Users\David Engel\Desktop"
Task: {A82B83D3-41D0-46F1-B5EE-DD6B6C1B6931} - \e8bd60 No Task File <==== ATTENTION
Task: {B2FF72F8-2491-489D-9EB0-C60DEAC65581} - \da4afbb0 No Task File <==== ATTENTION
Task: {BE2E2CB0-4E3D-4BE2-833D-BB08C64D8E6B} - System32\Tasks\e8d3af80 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3906187136.exe <==== ATTENTION
Task: {BFD675EC-58D8-4F98-993C-9B1D2E1E9FAB} - \6bdc3698 No Task File <==== ATTENTION
Task: {D62FF945-FED7-4B79-98E9-7D1E6254F800} - \889d9f2c No Task File <==== ATTENTION
Task: {D942E5D6-9803-4E79-80BD-6A7E5740D353} - \11015950 No Task File <==== ATTENTION
Task: {DB6F1920-AE35-413F-9EB4-EBC2A3D9C97D} - System32\Tasks\f409e070 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup3021004544.exe <==== ATTENTION
Task: {E14534E0-FB7A-41FA-86E1-CA8FD695F3E7} - System32\Tasks\ff3efb40 => C:\Users\DAVIDE~1\AppData\Local\Temp\\setup2275163168.exe <==== ATTENTION
Task: {EDDD8E7E-DF80-4F61-BD60-E82B6AFD3738} - \13d83880 No Task File <==== ATTENTION
Task: {EF8B3455-FBD6-4ACF-A646-6BE89587B4F8} - \517999a8 No Task File <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: Avira Browser Safety - C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\abs@avira.com [2015-01-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\David Engel\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-30]
CHR HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\...\Chrome\Extension: [pickdmmkcajdddggmoaommkkoafandof] - C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx [2013-10-10]
C:\Users\David Engel\AppData\Local\nsr324A.tmp
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
C:\Users\Default\AppData\Roaming\Compatibility Verifier
C:\ProgramData\Y4Ki2D2g0.dat
C:\Users\David Engel\MTGOinstall.exe
C:\Users\David Engel\AppData\Local\Temp\avgnt.exe
C:\Users\David Engel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyotk9h.dll
C:\Users\David Engel\AppData\Local\Temp\ose00000.exe
C:\Users\David Engel\AppData\Local\Temp\Quarantine.exe
C:\Users\David Engel\AppData\Local\Temp\sqlite3.dll
C:\Users\David Engel\AppData\Local\Temp\_isC6DA.exe
EmptyTemp:
Hosts:
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10332AD8-1A6D-48A3-8E38-E346CACF7EE3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10332AD8-1A6D-48A3-8E38-E346CACF7EE3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7842eb70" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11530222-9822-4EAA-BFB9-5925E06C72A3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11530222-9822-4EAA-BFB9-5925E06C72A3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d88be1c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A01F8A6-86EA-4569-BA32-608D06521C06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A01F8A6-86EA-4569-BA32-608D06521C06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ceb89d40" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22C6D372-FC50-4519-B5C5-A2B56F42B3C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22C6D372-FC50-4519-B5C5-A2B56F42B3C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7a3ef47c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F4D318B-F369-4C98-B304-F5A8E18C93A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F4D318B-F369-4C98-B304-F5A8E18C93A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ace63bf0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{323FDAEF-12A7-4C6E-B6B8-1EFEA42F5001}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{323FDAEF-12A7-4C6E-B6B8-1EFEA42F5001}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b0e63a68" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34C690D4-20C4-4ABC-8BA0-AF2364492543}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34C690D4-20C4-4ABC-8BA0-AF2364492543}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\becf0200" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42F4DE03-5E7C-445A-9867-C04F63F31EE6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42F4DE03-5E7C-445A-9867-C04F63F31EE6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ad3af7c8" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4913859C-17B0-4960-BE76-779215D91849}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4913859C-17B0-4960-BE76-779215D91849}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4c86bc0c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B6023C5-EDD2-4C66-831F-48FFEE52CACE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B6023C5-EDD2-4C66-831F-48FFEE52CACE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b1538c78" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FACD718-1A45-4290-A96F-0B663F59C4C4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FACD718-1A45-4290-A96F-0B663F59C4C4}" => Key deleted successfully.
C:\Windows\System32\Tasks\45026eb0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\45026eb0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56CDA0D3-78A0-421E-ABB9-418C91501505}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56CDA0D3-78A0-421E-ABB9-418C91501505}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\df070e80" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A46ACF8-4B69-4FE3-8BAE-EE0CC0BCEE56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A46ACF8-4B69-4FE3-8BAE-EE0CC0BCEE56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b6f52770" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E6792EE-0A3D-46FB-AE22-EA8F8E5C503D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E6792EE-0A3D-46FB-AE22-EA8F8E5C503D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\16d25320" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71D6D7F1-71D0-43DB-A988-CF9201EA9BC8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71D6D7F1-71D0-43DB-A988-CF9201EA9BC8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\575739e8" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72CD3727-88FB-405C-94BB-23E4FE3FE617}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72CD3727-88FB-405C-94BB-23E4FE3FE617}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddd72840" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A4DF1FF-FD15-4061-A24A-F4F6148ADED8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A4DF1FF-FD15-4061-A24A-F4F6148ADED8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a2002928" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AA01F0B-5604-4EF7-B09F-63AEB007B3A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AA01F0B-5604-4EF7-B09F-63AEB007B3A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\54da9420" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7ECFCA4D-5ACA-44D4-9333-0D19E24A5AA5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ECFCA4D-5ACA-44D4-9333-0D19E24A5AA5}" => Key deleted successfully.
C:\Windows\System32\Tasks\f5f36f24 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f5f36f24" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88BAC989-1324-4B59-9C75-54BE7B9646F6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88BAC989-1324-4B59-9C75-54BE7B9646F6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9ea26a9c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A16775E-A772-4A3D-8F7E-45627DF4CB08}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A16775E-A772-4A3D-8F7E-45627DF4CB08}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c039b47c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92DA3894-AF54-4C1A-ABC4-E562DE68330D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92DA3894-AF54-4C1A-ABC4-E562DE68330D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da240da0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A62CF9AE-CEB2-4475-9CDB-4C7A0B76883B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A62CF9AE-CEB2-4475-9CDB-4C7A0B76883B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{335CA652-06A0-4C90-B11F-106466CCE734} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{335CA652-06A0-4C90-B11F-106466CCE734}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A82B83D3-41D0-46F1-B5EE-DD6B6C1B6931}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A82B83D3-41D0-46F1-B5EE-DD6B6C1B6931}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e8bd60" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2FF72F8-2491-489D-9EB0-C60DEAC65581}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2FF72F8-2491-489D-9EB0-C60DEAC65581}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\da4afbb0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE2E2CB0-4E3D-4BE2-833D-BB08C64D8E6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE2E2CB0-4E3D-4BE2-833D-BB08C64D8E6B}" => Key deleted successfully.
C:\Windows\System32\Tasks\e8d3af80 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e8d3af80" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFD675EC-58D8-4F98-993C-9B1D2E1E9FAB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFD675EC-58D8-4F98-993C-9B1D2E1E9FAB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6bdc3698" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D62FF945-FED7-4B79-98E9-7D1E6254F800}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D62FF945-FED7-4B79-98E9-7D1E6254F800}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\889d9f2c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D942E5D6-9803-4E79-80BD-6A7E5740D353}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D942E5D6-9803-4E79-80BD-6A7E5740D353}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\11015950" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB6F1920-AE35-413F-9EB4-EBC2A3D9C97D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB6F1920-AE35-413F-9EB4-EBC2A3D9C97D}" => Key deleted successfully.
C:\Windows\System32\Tasks\f409e070 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f409e070" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E14534E0-FB7A-41FA-86E1-CA8FD695F3E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E14534E0-FB7A-41FA-86E1-CA8FD695F3E7}" => Key deleted successfully.
C:\Windows\System32\Tasks\ff3efb40 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ff3efb40" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDDD8E7E-DF80-4F61-BD60-E82B6AFD3738}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDDD8E7E-DF80-4F61-BD60-E82B6AFD3738}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\13d83880" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF8B3455-FBD6-4ACF-A646-6BE89587B4F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF8B3455-FBD6-4ACF-A646-6BE89587B4F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\517999a8" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\David Engel\AppData\Roaming\Mozilla\Firefox\Profiles\gf77mrzk.default\Extensions\abs@avira.com => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pickdmmkcajdddggmoaommkkoafandof" => Key deleted successfully.
C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx => Moved successfully.
"HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp" => Key deleted successfully.
C:\Users\David Engel\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx => Moved successfully.
"HKU\S-1-5-21-2508884068-3804397540-1067786986-1000\SOFTWARE\Google\Chrome\Extensions\pickdmmkcajdddggmoaommkkoafandof" => Key deleted successfully.
"C:\Users\David Engel\AppData\Local\CRE\pickdmmkcajdddggmoaommkkoafandof.crx" => File/Directory not found.
C:\Users\David Engel\AppData\Local\nsr324A.tmp => Moved successfully.
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4} => Moved successfully.

"C:\Users\Default\AppData\Roaming\Compatibility Verifier" directory move:

Could not move "C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak" => Scheduled to move on reboot.
Could not move "C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak" => Scheduled to move on reboot.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll => Moved successfully.
Could not move "C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log" => Scheduled to move on reboot.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll => Moved successfully.
Could not move "C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat" => Scheduled to move on reboot.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe => Moved successfully.
Could not move "C:\Users\Default\AppData\Roaming\Compatibility Verifier" directory. => Scheduled to move on reboot.

C:\ProgramData\Y4Ki2D2g0.dat => Moved successfully.
C:\Users\David Engel\MTGOinstall.exe => Moved successfully.
C:\Users\David Engel\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\David Engel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyotk9h.dll => Moved successfully.
C:\Users\David Engel\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\David Engel\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\David Engel\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\David Engel\AppData\Local\Temp\_isC6DA.exe => Moved successfully.
Hosts was reset successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-21 20:56:26)<=

==> ATTENTION: System is not rebooted.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak => Moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log => Is moved successfully.
C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat => Moved successfully.
"C:\Users\Default\AppData\Roaming\Compatibility Verifier" => Directory could not move.

==== End of Fixlog 20:56:29 ====
         

Antwort

Themen zu Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung
antivir, antivirus, avira, bonjour, browser, compatibilitycheck.exe, converter, dvdvideosoft ltd., excel, failed, firefox, flash player, home, homepage, object, problem, programm, realtek, scan, security, sekunden, svchost.exe, system, taskmanager, teredo, updates, vista, windows



Ähnliche Themen: Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung


  1. Windows XP: Internet-Leistung extrem verlangsamt nach Trojaner-Befall?
    Log-Analyse und Auswertung - 18.11.2015 (10)
  2. Windows 7 Rechner unterschiedliche Leistung
    Plagegeister aller Art und deren Bekämpfung - 28.07.2015 (12)
  3. Windows 8: Datenträger 0 (C:) ständig auf 100% Leistung und Laptop sehr langsam.
    Log-Analyse und Auswertung - 30.05.2015 (5)
  4. Windows 7: (compatibilitycheck.exe) PC sehr belastet und Prozesse lassen sich nicht schließen.
    Log-Analyse und Auswertung - 27.03.2015 (21)
  5. Problem mit Compatibilitycheck.exe und PoPups
    Plagegeister aller Art und deren Bekämpfung - 19.02.2015 (9)
  6. Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (39)
  7. Windows 7: Virus compatibilitycheck.exe spielt Werbung im Hintergrund ab
    Log-Analyse und Auswertung - 19.01.2015 (11)
  8. compatibilitycheck
    Log-Analyse und Auswertung - 17.01.2015 (27)
  9. Windows 7 starter: Leistung des PC hat deutlich nachgelassen.
    Log-Analyse und Auswertung - 08.05.2014 (5)
  10. Windows 8: Browser öffnet unaufgefordert neue Fenster, Rückkehr zur Startseite
    Log-Analyse und Auswertung - 09.04.2014 (12)
  11. [Windows 7] Nach Login bei Windows erscheint nur noch ein schwarzer Bildschirm mit Mauszeiger
    Plagegeister aller Art und deren Bekämpfung - 12.03.2014 (1)
  12. Windows 7: Laptop langsam, läuft auf voller leistung bis er überheitzt und aus geht
    Log-Analyse und Auswertung - 20.12.2013 (7)
  13. Duqu nutzt bislang unbekannte Lücke im Windows-Kernel
    Nachrichten - 02.11.2011 (0)
  14. Windows 7 beendet sich unaufgefordert
    Plagegeister aller Art und deren Bekämpfung - 18.08.2011 (2)
  15. Antivirensoftware nutzt Exploit-Schutz von Windows nur unzureichend
    Nachrichten - 03.08.2010 (0)
  16. Windows Explorer.exe frist CPU-Leistung
    Log-Analyse und Auswertung - 24.12.2007 (1)
  17. Neuer Windows-Wurm Bagle.Q nutzt Lücke im Internet Explorer aus
    Plagegeister aller Art und deren Bekämpfung - 18.03.2004 (1)

Zum Thema Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung - Hallo zusammen. Ich habe seit einiger Zeit bemerkt, dass mein Laptop wesentlich langsamer ist als sonst. Erst tat ich es als ein Internet Problem ab, da ich hauptsächlich surfe. Mir - Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung...
Archiv
Du betrachtest: Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.