Movie Wizard entfernen. Trotz löschen weiterhin Werbung

Anniiii · 24.01.2015, 18:23

Ein falscher Klick und ich habe mir Movie Wizard inkl. 10 weitere Programme herunter geladen.
Die "kleineren" Programme konnte ich ohne Probleme über die Systemsteuerung entfernen bzw deinstallieren. Movie Wizard leider nicht. Mittlerweile konnte ich über den Revo Uninstaller - Movie Wizard aus der Systemsteuerung entfernen, allerdings erscheinen immer wieder beim Surfen im Internet weiterhin die Werbefenster. Wie kann ich diese los werden?

Vielen Dank im Voraus für eure Hilfe!

deeprybka · 24.01.2015, 18:29

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Anniiii · 24.01.2015, 18:42

Hallo Jürgen,

vielen Dank schon einmal dass du mir helfen möchtest

Hier der erste Scan, allerdings hat sich bei mir nur ein Fenster geöffnet!?!

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by User (administrator) on USER-PC on 24-01-2015 18:39:33
Running from C:\Users\User\Downloads
Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Small Island Development) C:\ProgramData\mnoRYlZTjd\DlMoQktqa.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\User\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2168424 2010-10-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-20] (Intel(R) Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-01-21] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [191304 2011-01-17] ()
HKLM-x32\...\Run: [PlusService] => C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2012-02-27] (Yuna Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-11] (AVAST Software)
HKLM-x32\...\Run: [gmsd_de_66] => [X]
HKLM-x32\...\Run: [mbot_de_395] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [192616 2011-03-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 - (No Name) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M8D66A3BE-050D-4721-A91C-EFEF034859ED&SearchSource=58&CUI=&UM=8&UP=SP837D4855-8C69-45DF-8437-9EB87B1ECEA9&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1ex653aBDOR
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll No File
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=8 -> C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\user.js
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-10]
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-12-12]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-12-12]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-29]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-10]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-11] (Avast Software)
R2 DlMoQktqa; C:\ProgramData\mnoRYlZTjd\DlMoQktqa.exe [2734456 2015-01-07] (Small Island Development)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-20] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-17] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-07] (Fuyu LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Adsamdrtmins; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-01-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-11] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-11] ()
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [50176 2011-01-21] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-11] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 18:39 - 2015-01-24 18:39 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-01-24 18:35 - 2015-01-24 18:37 - 02129920 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe
2015-01-19 18:57 - 2015-01-19 18:58 - 00037321 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-19 18:56 - 2015-01-24 18:39 - 00025473 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-19 18:56 - 2015-01-24 18:39 - 00000000 ____D () C:\FRST
2015-01-19 18:22 - 2015-01-19 18:22 - 00000247 _____ () C:\Windows\system32\2015-01-19-17-22-38.084-aswFe.exe-4440.log
2015-01-19 18:14 - 2015-01-19 18:22 - 00000247 _____ () C:\Windows\system32\2015-01-19-17-14-21.087-aswFe.exe-6936.log
2015-01-19 18:14 - 2015-01-19 18:14 - 00000197 _____ () C:\Windows\system32\2015-01-19-17-14-14.092-AvastVBoxSVC.exe-3232.log
2015-01-19 17:35 - 2015-01-19 17:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-19 17:35 - 2015-01-19 17:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-19 17:34 - 2015-01-19 17:34 - 00001270 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-01-19 17:34 - 2015-01-19 17:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-19 17:28 - 2015-01-19 17:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-01-11 21:44 - 2015-01-11 21:44 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-11 21:44 - 2015-01-11 21:44 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-11 21:36 - 2015-01-11 21:36 - 00001992 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-01-11 21:36 - 2015-01-11 21:36 - 00001932 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-01-11 21:36 - 2015-01-11 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-11 21:35 - 2015-01-11 21:35 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-11 21:35 - 2015-01-11 21:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-11 21:34 - 2015-01-11 21:34 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-01-11 20:50 - 2015-01-11 20:50 - 00003256 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-4193091509-1981412286-3300238867-1001
2015-01-11 20:46 - 2015-01-11 20:46 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2015-01-11 20:41 - 2015-01-11 20:41 - 05049344 _____ (Crawler.com ) C:\Users\User\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2015-01-11 20:25 - 2015-01-19 18:01 - 00000000 ____D () C:\ProgramData\Browser
2015-01-08 20:44 - 2015-01-08 20:44 - 00003100 _____ () C:\Windows\System32\Tasks\{2BDC3066-B574-4BE4-8B71-215296389417}
2015-01-08 20:38 - 2015-01-08 20:48 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-08 20:32 - 2015-01-08 20:33 - 143452799 _____ () C:\Users\User\Desktop\lexi2.cpr
2015-01-08 20:29 - 2015-01-11 21:43 - 00001091 _____ () C:\Users\User\Desktop\Continue Live Installation.lnk
2015-01-07 23:56 - 2015-01-07 23:56 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-07 23:54 - 2015-01-07 23:54 - 00003142 _____ () C:\Windows\System32\Tasks\{0FA4B8A4-296A-4522-AC73-2A304E514602}
2015-01-07 23:53 - 2015-01-07 23:53 - 00000000 ____D () C:\ProgramData\2355320829
2015-01-07 23:23 - 2015-01-07 23:23 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-01-07 23:20 - 2015-01-07 23:20 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-07 23:20 - 2015-01-07 23:20 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-07 23:20 - 2015-01-07 23:20 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-07 23:19 - 2015-01-19 19:03 - 00000000 ____D () C:\Users\User\AppData\Local\MovieWizard
2015-01-07 23:19 - 2015-01-19 17:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\VOPackage
2015-01-07 23:19 - 2015-01-08 20:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\omiga-plus
2015-01-07 23:19 - 2015-01-07 23:19 - 00004010 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-07 23:19 - 2015-01-07 23:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-01-07 23:18 - 2015-01-07 23:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\InetStat
2015-01-07 23:18 - 2015-01-07 23:19 - 00000000 ____D () C:\ProgramData\mnoRYlZTjd
2015-01-05 13:50 - 2015-01-05 13:50 - 00025799 _____ () C:\Users\User\Desktop\rentenkassechat.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 18:38 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 18:38 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 18:33 - 2013-05-20 10:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 18:27 - 2011-03-30 13:42 - 02087112 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 18:15 - 2013-05-20 10:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 18:15 - 2013-05-20 10:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 18:15 - 2011-06-29 22:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 18:14 - 2013-08-18 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-24 18:14 - 2011-06-17 17:49 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-24 18:11 - 2014-11-27 16:05 - 03353776 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-24 18:10 - 2011-01-12 16:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 18:10 - 2011-01-12 16:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 21:18 - 2014-06-20 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-19 18:59 - 2014-12-12 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-19 18:01 - 2009-08-04 10:51 - 00711094 _____ () C:\Windows\system32\perfh007.dat
2015-01-19 18:01 - 2009-08-04 10:51 - 00153542 _____ () C:\Windows\system32\perfc007.dat
2015-01-19 18:01 - 2009-07-14 06:13 - 01651444 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 17:58 - 2013-05-29 00:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-19 17:57 - 2011-03-30 14:15 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-01-19 17:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 17:54 - 2009-07-14 05:51 - 00095731 _____ () C:\Windows\setupact.log
2015-01-19 17:35 - 2014-07-18 17:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-19 17:35 - 2014-07-18 17:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-19 17:35 - 2011-06-17 09:19 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-19 17:08 - 2011-03-30 14:10 - 00001429 _____ () C:\Windows\system32\ServiceFilter.ini
2015-01-11 21:41 - 2011-03-30 14:10 - 00002472 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-01-11 21:40 - 2011-03-30 13:38 - 00488158 _____ () C:\Windows\PFRO.log
2015-01-11 21:35 - 2014-06-24 21:47 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-11 21:35 - 2014-06-24 21:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-11 21:35 - 2013-06-23 22:30 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-11 20:50 - 2011-06-18 08:46 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-08 20:58 - 2014-10-28 12:08 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-01-08 20:58 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-08 20:55 - 2011-06-16 23:52 - 00001427 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-08 09:55 - 2011-06-17 00:28 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-01-12 17:02 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-03-30 14:23 - 2011-03-30 14:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-01-12 16:48 - 2011-01-12 16:49 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-01-12 16:48 - 2011-01-12 16:48 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2011-03-30 14:19 - 2011-03-30 14:22 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2011-03-30 14:22 - 2011-03-30 14:23 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2011-03-30 14:18 - 2011-03-30 14:19 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\BackupSetup.exe
C:\Users\User\AppData\Local\Temp\ffunzip.exe
C:\Users\User\AppData\Local\Temp\GLF72A5.tmp.ConduitEngineSetup.exe
C:\Users\User\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\MSND930.exe
C:\Users\User\AppData\Local\Temp\nseAAE1.exe
C:\Users\User\AppData\Local\Temp\prxGLF72A5.tmp.tbIncr.dll
C:\Users\User\AppData\Local\Temp\supoptsetup.exe
C:\Users\User\AppData\Local\Temp\tbIncr.dll
C:\Users\User\AppData\Local\Temp\Update_034f.exe
C:\Users\User\AppData\Local\Temp\Update_3b18.exe
C:\Users\User\AppData\Local\Temp\Update_bac3.exe
C:\Users\User\AppData\Local\Temp\Update_d73f.exe
C:\Users\User\AppData\Local\Temp\wlsetup-cvr.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-08 21:50

==================== End Of Log ============================

--- --- ---

--- --- ---

deeprybka · 24.01.2015, 18:44

Hi,

guckst Du da:

Code:

ATTFilter

C:\Users\User\Downloads\Addition.txt

Deswegen nochmal Haken setzen bei Addition.txt...Die wird nämlich nur beim ersten Mal mit erstellt.

Schritt 1

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Anniiii · 24.01.2015, 18:49

Hier nochmal

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by User (administrator) on USER-PC on 24-01-2015 18:47:27
Running from C:\Users\User\Downloads
Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Small Island Development) C:\ProgramData\mnoRYlZTjd\DlMoQktqa.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe
(Farbar) C:\Users\User\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2168424 2010-10-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-20] (Intel(R) Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-01-21] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [191304 2011-01-17] ()
HKLM-x32\...\Run: [PlusService] => C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2012-02-27] (Yuna Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-11] (AVAST Software)
HKLM-x32\...\Run: [gmsd_de_66] => [X]
HKLM-x32\...\Run: [mbot_de_395] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [192616 2011-03-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 - (No Name) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M8D66A3BE-050D-4721-A91C-EFEF034859ED&SearchSource=58&CUI=&UM=8&UP=SP837D4855-8C69-45DF-8437-9EB87B1ECEA9&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1ex653aBDOR
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll No File
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=8 -> C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\user.js
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-10]
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-12-12]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-12-12]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-29]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-10]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-11] (Avast Software)
R2 DlMoQktqa; C:\ProgramData\mnoRYlZTjd\DlMoQktqa.exe [2734456 2015-01-07] (Small Island Development)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-20] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-17] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-07] (Fuyu LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Adsamdrtmins; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-01-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-11] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-11] ()
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [50176 2011-01-21] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-11] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 18:44 - 2015-01-24 18:44 - 00000000 ____D () C:\Users\User\Downloads\Konto
2015-01-24 18:39 - 2015-01-24 18:39 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-01-24 18:35 - 2015-01-24 18:37 - 02129920 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe
2015-01-19 18:57 - 2015-01-19 18:58 - 00037321 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-19 18:56 - 2015-01-24 18:47 - 00025359 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-19 18:56 - 2015-01-24 18:47 - 00000000 ____D () C:\FRST
2015-01-19 18:22 - 2015-01-19 18:22 - 00000247 _____ () C:\Windows\system32\2015-01-19-17-22-38.084-aswFe.exe-4440.log
2015-01-19 18:14 - 2015-01-19 18:22 - 00000247 _____ () C:\Windows\system32\2015-01-19-17-14-21.087-aswFe.exe-6936.log
2015-01-19 18:14 - 2015-01-19 18:14 - 00000197 _____ () C:\Windows\system32\2015-01-19-17-14-14.092-AvastVBoxSVC.exe-3232.log
2015-01-19 17:35 - 2015-01-19 17:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-19 17:35 - 2015-01-19 17:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-19 17:34 - 2015-01-19 17:34 - 00001270 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-01-19 17:34 - 2015-01-19 17:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-19 17:28 - 2015-01-19 17:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-01-11 21:44 - 2015-01-11 21:44 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-11 21:44 - 2015-01-11 21:44 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-11 21:36 - 2015-01-11 21:36 - 00001992 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-01-11 21:36 - 2015-01-11 21:36 - 00001932 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-01-11 21:36 - 2015-01-11 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-11 21:35 - 2015-01-11 21:35 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-11 21:35 - 2015-01-11 21:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-11 21:34 - 2015-01-11 21:34 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-01-11 20:50 - 2015-01-11 20:50 - 00003256 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-4193091509-1981412286-3300238867-1001
2015-01-11 20:46 - 2015-01-11 20:46 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2015-01-11 20:41 - 2015-01-11 20:41 - 05049344 _____ (Crawler.com ) C:\Users\User\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2015-01-11 20:25 - 2015-01-19 18:01 - 00000000 ____D () C:\ProgramData\Browser
2015-01-08 20:44 - 2015-01-08 20:44 - 00003100 _____ () C:\Windows\System32\Tasks\{2BDC3066-B574-4BE4-8B71-215296389417}
2015-01-08 20:38 - 2015-01-08 20:48 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-08 20:32 - 2015-01-08 20:33 - 143452799 _____ () C:\Users\User\Desktop\lexi2.cpr
2015-01-08 20:29 - 2015-01-11 21:43 - 00001091 _____ () C:\Users\User\Desktop\Continue Live Installation.lnk
2015-01-07 23:56 - 2015-01-07 23:56 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-07 23:54 - 2015-01-07 23:54 - 00003142 _____ () C:\Windows\System32\Tasks\{0FA4B8A4-296A-4522-AC73-2A304E514602}
2015-01-07 23:53 - 2015-01-07 23:53 - 00000000 ____D () C:\ProgramData\2355320829
2015-01-07 23:23 - 2015-01-07 23:23 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-01-07 23:20 - 2015-01-07 23:20 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-07 23:20 - 2015-01-07 23:20 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-07 23:20 - 2015-01-07 23:20 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-07 23:19 - 2015-01-19 19:03 - 00000000 ____D () C:\Users\User\AppData\Local\MovieWizard
2015-01-07 23:19 - 2015-01-19 17:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\VOPackage
2015-01-07 23:19 - 2015-01-08 20:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\omiga-plus
2015-01-07 23:19 - 2015-01-07 23:19 - 00004010 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-07 23:19 - 2015-01-07 23:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-01-07 23:18 - 2015-01-07 23:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\InetStat
2015-01-07 23:18 - 2015-01-07 23:19 - 00000000 ____D () C:\ProgramData\mnoRYlZTjd
2015-01-05 13:50 - 2015-01-05 13:50 - 00025799 _____ () C:\Users\User\Desktop\rentenkassechat.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 18:38 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 18:38 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 18:33 - 2013-05-20 10:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 18:27 - 2011-03-30 13:42 - 02087112 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 18:19 - 2013-08-18 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-24 18:15 - 2013-05-20 10:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 18:15 - 2013-05-20 10:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 18:15 - 2011-06-29 22:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 18:14 - 2011-06-17 17:49 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-24 18:11 - 2014-11-27 16:05 - 03353776 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-24 18:10 - 2011-01-12 16:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 18:10 - 2011-01-12 16:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 21:18 - 2014-06-20 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-19 18:59 - 2014-12-12 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-19 18:01 - 2009-08-04 10:51 - 00711094 _____ () C:\Windows\system32\perfh007.dat
2015-01-19 18:01 - 2009-08-04 10:51 - 00153542 _____ () C:\Windows\system32\perfc007.dat
2015-01-19 18:01 - 2009-07-14 06:13 - 01651444 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 17:58 - 2013-05-29 00:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-19 17:57 - 2011-03-30 14:15 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-01-19 17:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 17:54 - 2009-07-14 05:51 - 00095731 _____ () C:\Windows\setupact.log
2015-01-19 17:35 - 2014-07-18 17:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-19 17:35 - 2014-07-18 17:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-19 17:35 - 2011-06-17 09:19 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-19 17:08 - 2011-03-30 14:10 - 00001429 _____ () C:\Windows\system32\ServiceFilter.ini
2015-01-11 21:41 - 2011-03-30 14:10 - 00002472 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-01-11 21:40 - 2011-03-30 13:38 - 00488158 _____ () C:\Windows\PFRO.log
2015-01-11 21:35 - 2014-06-24 21:47 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-11 21:35 - 2014-06-24 21:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-11 21:35 - 2013-06-23 22:30 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-11 20:50 - 2011-06-18 08:46 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-08 20:58 - 2014-10-28 12:08 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-01-08 20:58 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-08 20:55 - 2011-06-16 23:52 - 00001427 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-08 09:55 - 2011-06-17 00:28 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-01-12 17:02 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-03-30 14:23 - 2011-03-30 14:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-01-12 16:48 - 2011-01-12 16:49 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-01-12 16:48 - 2011-01-12 16:48 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2011-03-30 14:19 - 2011-03-30 14:22 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2011-03-30 14:22 - 2011-03-30 14:23 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2011-03-30 14:18 - 2011-03-30 14:19 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\BackupSetup.exe
C:\Users\User\AppData\Local\Temp\ffunzip.exe
C:\Users\User\AppData\Local\Temp\GLF72A5.tmp.ConduitEngineSetup.exe
C:\Users\User\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\MSND930.exe
C:\Users\User\AppData\Local\Temp\nseAAE1.exe
C:\Users\User\AppData\Local\Temp\prxGLF72A5.tmp.tbIncr.dll
C:\Users\User\AppData\Local\Temp\supoptsetup.exe
C:\Users\User\AppData\Local\Temp\tbIncr.dll
C:\Users\User\AppData\Local\Temp\Update_034f.exe
C:\Users\User\AppData\Local\Temp\Update_3b18.exe
C:\Users\User\AppData\Local\Temp\Update_bac3.exe
C:\Users\User\AppData\Local\Temp\Update_d73f.exe
C:\Users\User\AppData\Local\Temp\wlsetup-cvr.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-08 21:50

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by User at 2015-01-24 18:48:04
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
ALDI NORD Bestellsoftware 4.14.5 (HKLM-x32\...\ALDI NORD Bestellsoftware) (Version: 4.14.5 - ORWO Net)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0030 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_N3_Series (HKLM-x32\...\ASUS_N3_Series) (Version: 1.0.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2322.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.3.2322.0 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
ETDWare PS/2-x64 7.0.5.15_WHQL (HKLM\...\Elantech) (Version: 7.0.5.15 - ELAN Microelectronics Corp.)
ExpressGateCloud (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.6.20.110 - VideACE Co.)
ExpressGateCloud (x32 Version: 2.6.20.110 - VideACE Co.) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{26211D4B-CD06-44C8-BA6E-F937E1692629}) (Version: 3.0.114.13 - Fresco Logic Inc.)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 12.0.742.100 - Google Inc.)
Google Update Helper (x32 Version: 1.2.183.13 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Intel(R) Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.290 - Oracle)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Messenger Plus! 5 (HKLM-x32\...\Messenger Plus!) (Version: 5.11.0.760 - Yuna Software)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Graphics Driver 265.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 265.96 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6221 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
USB2.0 UVC 2M WebCam (HKLM\...\USB2.0 UVC 2M WebCam) (Version: 5.8.55133.208 - Sonix)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\...\{FC3F1B35-555E-420C-BAF5-80608DCDD336}) (Version: 21.00.8480 - Buhl Data Service GmbH)
XnView 1.98.2 (HKLM-x32\...\XnView_is1) (Version: 1.98.2 - Gougelet Pierre-e)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-12-2014 15:56:25 Windows Update
18-12-2014 17:03:38 Windows Update
23-12-2014 11:26:24 Windows Update
28-12-2014 18:38:30 Windows Update
05-01-2015 12:46:10 Windows Update
11-01-2015 20:38:19 Windows Update
11-01-2015 21:29:16 avast! antivirus system restore point
11-01-2015 21:36:06 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
19-01-2015 17:24:39 Windows Update
19-01-2015 18:00:49 Revo Uninstaller's restore point - Movie Wizard
19-01-2015 18:08:04 Revo Uninstaller's restore point - Photo Notifier and Animation Creator
19-01-2015 18:08:28 Photo Notifier and Animation Creator wurde entfernt.
19-01-2015 18:10:54 Revo Uninstaller's restore point - Spyware Terminator 2012
24-01-2015 18:11:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1EEA7C05-90CF-489E-998C-ECC3CD41E162} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {27F68C3C-D10A-4F46-910B-2B0C84BBE90D} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {35F04C88-54E5-4614-8B1B-8CEE3C5B9AE5} - System32\Tasks\{2BDC3066-B574-4BE4-8B71-215296389417} => pcalua.exe -a C:\ProgramData\MovieWizard\uninstall.exe -c /kb=y /ic=1
Task: {418AC38A-133F-4E5C-9E8F-F1FCD30BCE2D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {4CD5389C-EC9B-44C1-B3E5-03DBF058A750} - System32\Tasks\{0FA4B8A4-296A-4522-AC73-2A304E514602} => pcalua.exe -a C:\Users\User\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: {6454799E-A467-4F70-881E-4C5B66B78103} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12] (Google Inc.)
Task: {68C95B32-F54A-4A93-950E-8D4974F5BC6F} - System32\Tasks\avastBCLRestartS-1-5-21-4193091509-1981412286-3300238867-1001 => Firefox.exe 
Task: {A7A3A7CC-8C08-41FD-900D-94D72602C800} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {A7E6A06B-F2EB-4D8E-AC32-816C859CAAE2} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {C12012C5-397F-4104-98C2-396321DCF603} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12] (Google Inc.)
Task: {CAA131A6-E126-4E03-AABC-51DA03575CAE} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
Task: {CFB291BD-E069-4B53-AAF9-D07DF2C04742} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-11] (AVAST Software)
Task: {E336769A-C0E8-4D8C-BE20-4EF9E420CC92} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {F9A5D327-CA5B-4F2A-B1E9-6EFDEB5BBE81} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-07-20 00:48 - 2010-07-20 00:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-01-17 22:16 - 2011-01-17 22:16 - 00091464 _____ () C:\EXPRESSGATEUTIL\VAWINSERVICE.EXE
2015-01-11 21:34 - 2015-01-11 21:34 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-11 21:34 - 2015-01-11 21:34 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2011-01-12 17:01 - 2011-01-12 17:01 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2011-01-12 17:01 - 2011-01-12 17:01 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-30 14:09 - 2007-11-30 19:20 - 00051768 _____ () C:\PROGRAM FILES (X86)\ASUS\ASUS LIVE UPDATE\ALU.EXE
2010-04-03 03:21 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\PROGRAM FILES (X86)\ASUS\ASUS WEBSTORAGE\SERVICE\ASUSWSSERVICE.EXE
2010-07-20 00:48 - 2010-07-20 00:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-02-12 03:19 - 2011-01-27 01:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-09-24 00:53 - 2010-09-24 00:53 - 01601536 _____ () C:\PROGRAM FILES (X86)\ASUS\WIRELESS CONSOLE 3\WCOURIER.EXE
2011-01-17 22:16 - 2011-01-17 22:16 - 00191304 _____ () C:\EXPRESSGATEUTIL\VAWINAGENT.EXE
2014-07-23 00:02 - 2014-09-18 13:50 - 01428760 _____ () C:\PROGRAM FILES (X86)\WISO\STEUERSOFTWARE 2014\MSHAKTUELL.EXE
2015-01-19 17:11 - 2015-01-19 17:11 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15011900\algo.dll
2015-01-11 21:34 - 2015-01-11 21:34 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-24 18:12 - 2015-01-24 18:12 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012400\algo.dll
2011-01-17 22:16 - 2011-01-17 22:16 - 00091464 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-12-25 03:12 - 2010-12-25 03:12 - 00157000 _____ () C:\ExpressGateUtil\libexpat.dll
2011-01-04 01:27 - 2011-01-04 01:27 - 00061768 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2011-03-30 14:09 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-09-24 00:53 - 2010-09-24 00:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2011-01-17 22:16 - 2011-01-17 22:16 - 00191304 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2015-01-11 21:35 - 2015-01-11 21:35 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-23 00:02 - 2014-09-18 13:50 - 01428760 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2014-07-23 00:01 - 2014-09-18 13:50 - 09726232 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-07-23 00:01 - 2014-09-18 13:51 - 03902232 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 02752280 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 02125592 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01933080 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 04325656 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-07-23 00:01 - 2014-02-11 10:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-07-23 00:01 - 2014-02-11 10:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-07-23 00:01 - 2014-02-11 10:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01572632 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 05302040 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01740568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01812248 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01633560 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01340696 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01312536 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 07357208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01287448 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2011-01-17 15:19 - 2011-06-17 09:22 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-03-30 13:58 - 2011-03-10 05:22 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-12-12 18:04 - 2014-12-12 18:04 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-24 18:15 - 2015-01-24 18:15 - 16844464 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administrator (S-1-5-21-4193091509-1981412286-3300238867-500 - Administrator - Disabled)
Gast (S-1-5-21-4193091509-1981412286-3300238867-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4193091509-1981412286-3300238867-1024 - Limited - Enabled)
UpdatusUser (S-1-5-21-4193091509-1981412286-3300238867-1000 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-4193091509-1981412286-3300238867-1001 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2015 06:38:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 19.1.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1d80

Startzeit: 01d037fc5271a989

Endzeit: 0

Anwendungspfad: C:\Users\User\Desktop\FRST64.exe

Berichts-ID: bb5b9e02-a3ef-11e4-b280-f46d0482b822

Error: (01/24/2015 06:12:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Spyware Terminator Driver Filter.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/19/2015 06:22:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1288
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/11/2015 09:21:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xea8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/11/2015 08:53:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FIREFOX.EXE, Version 34.0.5.5443 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1de8

Startzeit: 01d02dd7d41ed93b

Endzeit: 12

Anwendungspfad: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE

Berichts-ID: 7c5559e0-99cb-11e4-91b7-f46d0482b822

Error: (01/11/2015 08:50:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xa24
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/11/2015 08:49:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x734
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/08/2015 09:48:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/08/2015 09:48:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/28/2014 11:30:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1c60
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (01/24/2015 06:39:21 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/24/2015 06:36:29 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/24/2015 06:35:41 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/24/2015 06:11:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (01/19/2015 06:29:02 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2015 06:28:55 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2015 06:28:47 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2015 06:28:40 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2015 06:28:34 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2015 06:28:28 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (01/24/2015 06:38:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe19.1.2015.01d8001d037fc5271a9890C:\Users\User\Desktop\FRST64.exebb5b9e02-a3ef-11e4-b280-f46d0482b822

Error: (01/24/2015 06:12:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Spyware Terminator Driver Filter.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/19/2015 06:22:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425128801d0340b3164e0a4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb7d53da0-9fff-11e4-b280-f46d0482b822

Error: (01/11/2015 09:21:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425ea801d02dd8c7dd21c3C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll711f0fb0-99cf-11e4-91b7-f46d0482b822

Error: (01/11/2015 08:53:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FIREFOX.EXE34.0.5.54431de801d02dd7d41ed93b12C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE7c5559e0-99cb-11e4-91b7-f46d0482b822

Error: (01/11/2015 08:50:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425a2401d02dd7b118baa2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll0e45e951-99cb-11e4-91b7-f46d0482b822

Error: (01/11/2015 08:49:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d664800000030000142573401d02dd4bc1d8d71C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle351f39f-99ca-11e4-91b7-f46d0482b822

Error: (01/08/2015 09:48:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dllC:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll2

Error: (01/08/2015 09:48:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (12/28/2014 11:30:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d66480000003000014251c6001d01d40964cac44C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1fd77ffb-8ee1-11e4-91b7-f46d0482b822


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 55%
Total physical RAM: 4006.71 MB
Available physical RAM: 1785.01 MB
Total Pagefile: 8011.61 MB
Available Pagefile: 4908.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:256 GB) (Free:167.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:315.17 GB) (Free:314.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: B2088A36)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=256 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=315.2 GB) - (Type=OF Extended)

==================== End Of Log ============================

deeprybka · 24.01.2015, 18:51

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Download
Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 3

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

deeprybka · 25.01.2015, 11:50

Ok. Wenn ich bis 18h nicht gepostet habe, dann hab ichs vergessen. Dann schreibst hier nochmal

deeprybka · 25.01.2015, 17:57

Hi,

Code:

ATTFilter

Adobe Flash Player 10 ActiveX, 
Java 7 Update 67 
Java(TM) 6 Update 29
Google Chrome 12

das bitte alles updaten. Bei Java ist es wichtig, dass die alten Versionen deinstalliert werden.

Cleanup:

Alle Logs gepostet? Ja! Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

>>clean<<
Wir haben es geschafft!

Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Wie kann ich mich in Zukunft besser schützen?

Tipps, Dos & Don'ts

Updates & Software

Beim Betriebsystem Windows die automatischen Updates aktivieren.

Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player & PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Firewall, Antivirus & Co.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. (Updatefunktion aktivieren!)
Meine Empfehlungen:
Kaspersky Antivirus
Emsisoft Anti-Malware
avast Free Antivirus
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Cracks, Downloads & Co.

Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.
Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)

Auch virustotal.com ist Dein Freund! Lade dubiose oder unbekannte Dateien hoch, bevor Du diese startest oder installierst.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe daher mit Vorsicht und klicke mit Verstand.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von Dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo Deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst Du von einem Deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und Du solltest nicht denselben Fehler machen.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Anniiii · 26.01.2015, 15:06

Alles erledigt

vielen Dank nochmal

deeprybka · 26.01.2015, 17:11

Gerne! Alles Gute!

25.01.2015, 11:50	#7
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Movie Wizard entfernen. Trotz löschen weiterhin Werbung Ok. Wenn ich bis 18h nicht gepostet habe, dann hab ichs vergessen. Dann schreibst hier nochmal __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

26.01.2015, 17:11	#10
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Movie Wizard entfernen. Trotz löschen weiterhin Werbung Gerne! Alles Gute! __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Movie Wizard entfernen. Trotz löschen weiterhin Werbung

Plagegeister aller Art und deren Bekämpfung: Movie Wizard entfernen. Trotz löschen weiterhin Werbung