Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.02.2015, 20:48   #1
Ritaratlos
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Hi,

nach Befall mit Schadsoftware lässt sich der Sicherheitscenterdienst nicht mehr aktivieren.

System wurde von Malware befallen, die versuchte "Trojan.Ransomlock.G" in Minutenabstand zu installieren. Dies wurde von "Norton 360 Premier Edition" jedoch verhindert.

Lt. Norton war Ausgangspunkt der Attacke windll32.exe in C:\Windows\SysWOW64

Habe mit "malwarebytes" gescannt und einige Dateien in Quarantäne genommen. Nach darauf folgender Herausnahme windll32.exe aus Autostart und Scan mit "tune up" läuft System nicht mehr erkennbar anders als vor dem Befall.

Einziger erkennbarer Unterschied: der Sicherheitscenterdienst lässt sich nicht mehr aktivieren.

malwarebytes und Norton finden nichts mehr.

Bisher versucht:
- manueller Start wie auf Microsoft Helppage beschrieben
- Löschen des Repository-Ordners unter System32\Wbem (der unter SysWOW ist leer) und Neuaufsatz mit "net start winmgmt"

auffällig ist, dass im Folder "Abhängigkeiten" keine Eintragungen vorhanden sind?

Beim Versuch des manuellen Starts erscheint die Fehlermeldung 1068 "Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden"

anbei die Log-Files


FRST:



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by xxxxxxxxxxx (administrator) on DESKTOP-PC on 01-02-2015 19:44:13
Running from C:\Users\xxxxxxxxxxx\Downloads
Loaded Profiles: xxxxxxxxxxx (Available profiles: xxxxxxxxxxx)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(SYDATEC) C:\Program Files (x86)\SYDATEC\Password Guard v3\pwgtray.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
(LaCie SA) C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUDefragBackend64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\xxxxxxxxxxx\Downloads\Defogger(3).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2009-09-01] (Nero AG)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2557976 2014-06-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [Password Guard v3] => C:\Program Files (x86)\SYDATEC\Password Guard v3\pwgtray.exe [675464 2009-10-27] (SYDATEC)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2007-09-04] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [LaCie Ethernet Agent Startup] => C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe [5722112 2009-10-16] (LaCie SA)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\MountPoints2: {21ba2c39-e493-11e1-9d11-4061860dc6c8} - J:\setup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2010 Zahlungserinnerung.lnk
ShortcutTarget: Quicken 2010 Zahlungserinnerung.lnk -> C:\Program Files (x86)\Lexware\Quicken\2010\billmind.exe (Lexware GmbH & Co. KG)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-232553567-516970607-3978274004-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?type=3&tp=iehome&locale=de_de&c=94&bd=pavilion&pf=cndt
HKU\S-1-5-21-232553567-516970607-3978274004-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
SearchScopes: HKLM -> DefaultScope {134B5A9E-37E4-4B34-93B8-94ED49FF6DDB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {134B5A9E-37E4-4B34-93B8-94ED49FF6DDB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> DefaultScope {134B5A9E-37E4-4B34-93B8-94ED49FF6DDB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {134B5A9E-37E4-4B34-93B8-94ED49FF6DDB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> DefaultScope {134B5A9E-37E4-4B34-93B8-94ED49FF6DDB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> {134B5A9E-37E4-4B34-93B8-94ED49FF6DDB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> {3A8D9662-4E9F-4402-9DFC-4564479A471E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=C93D1590-C539-4FDB-8493-A71C05BAF874&apn_sauid=3DDC48D7-3EBF-412A-8BD7-DF1C6FBBA016
SearchScopes: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Winamp Toolbar Loader -> {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} -> C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {28B66320-9687-4B13-8757-36F901887AB5} hxxp://fotobuch.whitewall.com/ips-opdata/layout/avenso/objects/canvasx.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: about:home
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=C93D1590-C539-4FDB-8493-A71C05BAF874&apn_ptnrs=9M&apn_sauid=3DDC48D7-3EBF-412A-8BD7-DF1C6FBBA016&apn_dtid=OSJ000&&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\searchplugins\safesearch.xml
FF Extension: 20-20 3D Viewer - C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\2020Player@2020Technologies.com [2011-03-25]
FF Extension: Ask Toolbar - C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\toolbar@ask.com [2012-10-18]
FF Extension: Winamp Toolbar - C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2013-04-09]
FF Extension: Garmin Communicator - C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-31]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [87344 2009-09-01] (Prolific Technology Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-06-24] (Sony Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\52C4E60E5.zot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-10-25] (Devguru Co., Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [194048 2008-11-25] ( ) [File not signed]
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2009-02-20] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 gwiopm; C:\Program Files (x86)\Slotman\gwiopm.sys [3904 1998-06-03] () [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-16] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20150131.003\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20150131.003\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 19:44 - 2015-02-01 19:44 - 00025256 _____ () C:\Users\xxxxxxxxxxx\Downloads\FRST.txt
2015-02-01 19:44 - 2015-02-01 19:44 - 00000000 ____D () C:\FRST
2015-02-01 19:43 - 2015-02-01 19:43 - 02131456 _____ (Farbar) C:\Users\xxxxxxxxxxx\Downloads\frst64.exe
2015-02-01 19:40 - 2015-02-01 19:40 - 00000000 _____ () C:\Users\xxxxxxxxxxx\defogger_reenable
2015-02-01 19:39 - 2015-02-01 19:39 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger(3).exe
2015-02-01 19:36 - 2015-02-01 19:36 - 00001938 _____ () C:\Users\xxxxxxxxxxx\Documents\Malwarebytes20150125.txt
2015-01-31 15:06 - 2015-01-31 15:06 - 00664576 _____ () C:\Users\xxxxxxxxxxx\Downloads\MicrosoftFixit50562.msi
2015-01-30 12:42 - 2015-01-30 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-30 12:32 - 2015-01-30 12:32 - 37987520 _____ (Microsoft Corporation) C:\Users\xxxxxxxxxxx\Downloads\Windows-KB890830-x64-V5.20.exe
2015-01-25 22:40 - 2015-01-25 22:40 - 00353101 _____ () C:\Users\xxxxxxxxxxx\Downloads\MicrosoftFixit20084.mini.diagcab
2015-01-25 22:39 - 2015-01-25 22:40 - 01059840 _____ () C:\Users\xxxxxxxxxxx\Downloads\MicrosoftFixit50981.msi
2015-01-25 21:31 - 2015-02-01 19:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 21:31 - 2015-01-25 21:31 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-25 21:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 21:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-25 21:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-25 21:30 - 2015-01-25 21:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\xxxxxxxxxxx\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-25 20:32 - 2015-01-25 20:32 - 00000000 ____D () C:\Users\xxxxxxxxxxx\Documents\ProcAlyzer Dumps
2015-01-25 19:46 - 2015-01-25 20:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-25 19:46 - 2015-01-25 19:46 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-25 19:46 - 2015-01-25 19:46 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-25 19:46 - 2015-01-25 19:46 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-25 19:46 - 2015-01-25 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-25 19:46 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-25 19:45 - 2015-01-25 19:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-25 19:42 - 2015-01-25 19:42 - 01191200 _____ () C:\Users\xxxxxxxxxxx\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe
2015-01-25 19:40 - 2015-01-25 19:40 - 01191200 _____ () C:\Users\xxxxxxxxxxx\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-01-24 20:25 - 2015-01-24 20:25 - 00000256 _____ () C:\Users\xxxxxxxxxxx\Downloads\defogger_enable.log
2015-01-24 20:24 - 2015-01-24 20:24 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger(2).exe
2015-01-24 20:21 - 2015-01-24 20:21 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger(1).exe
2015-01-24 20:19 - 2015-02-01 19:40 - 00000484 _____ () C:\Users\xxxxxxxxxxx\Downloads\defogger_disable.log
2015-01-24 20:18 - 2015-01-24 20:18 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger.exe
2015-01-24 14:30 - 2015-01-24 15:15 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-01-24 14:30 - 2015-01-24 14:30 - 02935152 _____ () C:\Users\xxxxxxxxxxx\Downloads\SecurityTaskManager_Setup.exe
2015-01-24 14:30 - 2015-01-24 14:30 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00001137 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\SecTaskMan
2015-01-24 14:30 - 2015-01-24 14:30 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-01-24 13:57 - 2015-01-24 13:57 - 00000000 ____D () C:\NPE
2015-01-24 13:52 - 2015-01-24 15:12 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\NPE
2015-01-16 11:35 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 11:35 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 11:35 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 11:35 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-16 11:35 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-16 11:35 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-16 11:35 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-16 11:35 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-16 11:35 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-16 11:35 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 11:35 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 11:35 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 11:35 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-02 07:59 - 2015-01-02 07:59 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 19:40 - 2009-11-13 16:19 - 00000000 ____D () C:\Users\xxxxxxxxxxx
2015-02-01 19:38 - 2011-11-08 20:00 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-01 19:28 - 2009-11-13 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 19:12 - 2012-04-20 05:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 18:43 - 2011-05-29 06:26 - 00000000 ____D () C:\Users\xxxxxxxxxxx\Documents\Outlook-Dateien
2015-02-01 18:42 - 2014-03-21 15:30 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Roaming\KeePass
2015-02-01 18:26 - 2009-09-25 02:05 - 01718868 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 04:28 - 2009-11-13 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 15:58 - 2009-11-13 16:20 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\Hewlett-Packard
2015-01-31 15:55 - 2013-04-10 09:29 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\CrashDumps
2015-01-31 15:39 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 15:39 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 15:32 - 2012-08-13 06:15 - 00000000 ____D () C:\Temp
2015-01-31 15:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 15:31 - 2009-07-14 05:51 - 00109345 _____ () C:\Windows\setupact.log
2015-01-31 15:19 - 2012-05-03 14:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-31 14:26 - 2009-09-18 20:39 - 00741970 _____ () C:\Windows\PFRO.log
2015-01-31 12:29 - 2009-11-13 21:22 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-01-25 23:31 - 2010-05-13 11:16 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Roaming\HpUpdate
2015-01-25 22:14 - 2009-11-13 16:26 - 00133760 _____ () C:\Users\xxxxxxxxxxx\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-25 22:13 - 2009-07-14 05:45 - 00480016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 21:45 - 2009-07-14 08:45 - 00000000 ____D () C:\Windows\ShellNew
2015-01-25 21:12 - 2012-04-20 05:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 21:12 - 2012-04-20 05:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 21:12 - 2011-05-15 06:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 13:52 - 2009-09-18 20:50 - 00000000 ____D () C:\ProgramData\Norton
2015-01-16 12:42 - 2013-08-16 06:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 12:14 - 2009-09-19 06:25 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 12:14 - 2009-09-19 06:25 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 12:14 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 20:40 - 2012-02-10 09:24 - 00017447 _____ () C:\Users\xxxxxxxxxxx\Documents\SDK_Rückzahlungen.xlsx
2015-01-02 22:31 - 2014-08-22 06:28 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\Adobe

==================== Files in the root of some directories =======

2009-11-17 21:52 - 2009-11-17 21:52 - 3211264 _____ () C:\Program Files (x86)\Common FilesDDBACSetup.msi
2013-11-27 23:46 - 2013-11-27 23:46 - 49940480 _____ () C:\Program Files (x86)\GUT57F0.tmp
2009-11-21 23:05 - 2014-08-04 07:09 - 0000151 _____ () C:\Users\xxxxxxxxxxx\AppData\Roaming\default.rss
2010-02-09 08:16 - 2010-02-09 08:16 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Devices
2010-02-09 08:15 - 2010-02-09 08:20 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Dialogs
2010-02-09 08:20 - 2010-02-09 08:20 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Dictionaries
2009-12-23 11:17 - 2009-12-23 11:17 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Digital Basic
2009-12-14 20:53 - 2009-12-14 20:53 - 0000000 _____ () C:\Users\xxxxxxxxxxx\AppData\Roaming\downloads.m3u
2009-11-16 20:35 - 2009-11-16 20:35 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\images
2009-11-16 20:29 - 2009-11-16 20:29 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\libiconv
2012-11-04 16:56 - 2014-02-13 07:15 - 0007599 _____ () C:\Users\xxxxxxxxxxx\AppData\Local\Resmon.ResmonCfg
2009-11-16 20:29 - 2009-11-16 20:29 - 0000268 ___RH () C:\ProgramData\Abstract
2009-11-16 20:35 - 2009-11-16 20:35 - 0000012 ___RH () C:\ProgramData\Alerts
2009-11-16 20:29 - 2009-11-16 20:29 - 0000012 ___RH () C:\ProgramData\Analog Pad
2010-02-09 08:16 - 2010-02-09 08:16 - 0000268 ___RH () C:\ProgramData\Digital Light
2010-02-09 08:15 - 2010-02-09 08:20 - 0000268 ___RH () C:\ProgramData\Digital Mono
2010-02-09 08:20 - 2010-02-09 08:20 - 0000268 ___RH () C:\ProgramData\DirectoryService
2009-12-23 11:17 - 2009-12-23 11:17 - 0000268 ___RH () C:\ProgramData\Displays
2010-02-09 08:16 - 2010-02-09 08:16 - 0000012 ___RH () C:\ProgramData\Licenses
2010-02-09 08:15 - 2010-02-09 08:20 - 0000012 ___RH () C:\ProgramData\Limiter
2010-02-09 08:20 - 2010-02-09 08:20 - 0000012 ___RH () C:\ProgramData\MAS
2009-12-23 11:17 - 2009-12-23 11:17 - 0000012 ___RH () C:\ProgramData\MIDI Devices
2010-02-09 08:20 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbw.DAT
2010-02-09 08:13 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2009-12-23 11:15 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbz.DAT
2010-02-09 08:16 - 2010-02-09 08:16 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT
2009-11-16 20:35 - 2014-08-10 16:18 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2009-11-16 20:29 - 2014-05-18 21:30 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2009-11-16 20:35 - 2009-11-16 20:35 - 0000268 ___RH () C:\ProgramData\programs
2012-09-28 13:05 - 2012-09-28 13:05 - 0000138 _____ () C:\ProgramData\zltclhakprijrji

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 12:39

==================== End Of Log ============================
         
--- --- ---



Additions:
(musste ich wg. Überschreitung maximaler Anzahl Zeiche leider anhängen; Sorry!)



Gmer



Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-01 20:08:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\xxxxx~1\AppData\Local\Temp\fwliifoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448                                                                                                fffff80002db8000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495                                                                                                fffff80002db802f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                        00000000773cfc80 5 bytes JMP 00000001002b012a
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                          00000000773cfcb0 5 bytes JMP 00000001002b0bc2
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                        00000000773cfe14 5 bytes JMP 00000001002b0048
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtReadVirtualMemory                         00000000773cfe90 5 bytes JMP 00000001002b0e68
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                 00000000773cfea8 5 bytes JMP 00000001002b0594
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                            00000000773cff24 5 bytes JMP 00000001002b0f4a
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                              00000000773d0004 5 bytes JMP 00000001002b0758
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                      00000000773d0038 5 bytes JMP 00000001002b0ca4
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                              00000000773d0068 5 bytes JMP 00000001002b0d86
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                           00000000773d0084 5 bytes JMP 0000000100020050
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread                         00000000773d02e8 5 bytes JMP 00000001002b020c
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                              00000000773d079c 5 bytes JMP 00000001002b03d0
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                  00000000773d088c 5 bytes JMP 00000001002b09fe
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                            00000000773d08a4 2 bytes JMP 00000001002b091c
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 3                        00000000773d08a7 2 bytes [EE, 88]
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                00000000773d0df4 5 bytes JMP 00000001002b0676
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx                          00000000773d15d4 5 bytes JMP 00000001002b02ee
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                          00000000773d1920 5 bytes JMP 00000001002b083a
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                      00000000773d1be4 5 bytes JMP 00000001002b0ae0
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                             00000000773d1d70 5 bytes JMP 00000001002b04b2
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206            00000000767e524f 7 bytes JMP 00000001002c04ba
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                00000000767e53d0 7 bytes JMP 00000001002c0766
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149               00000000767e5677 7 bytes JMP 00000001002c059e
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                      00000000767e589a 7 bytes JMP 00000001002c020e
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                      00000000767e5a1d 7 bytes JMP 00000001002c092e
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                 00000000767e5c9b 7 bytes JMP 00000001002c0682
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                   00000000767e5d87 7 bytes JMP 00000001002c084a
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123  00000000767e7240 7 bytes JMP 00000001002c03d6
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                 0000000075051492 7 bytes JMP 00000001002c0cb8
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                     0000000075371401 2 bytes JMP 7582b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                       0000000075371419 2 bytes JMP 7582b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                     0000000075371431 2 bytes JMP 758a8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                     000000007537144a 2 bytes CALL 758048ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                               * 9
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                        00000000753714dd 2 bytes JMP 758a87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                 00000000753714f5 2 bytes JMP 758a8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                        000000007537150d 2 bytes JMP 758a8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                 0000000075371525 2 bytes JMP 758a8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                       000000007537153d 2 bytes JMP 7581fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                            0000000075371555 2 bytes JMP 758268ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                     000000007537156d 2 bytes JMP 758a8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                       0000000075371585 2 bytes JMP 758a8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                          000000007537159d 2 bytes JMP 758a865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                       00000000753715b5 2 bytes JMP 7581fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                     00000000753715cd 2 bytes JMP 7582b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                 00000000753716b2 2 bytes JMP 758a8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                 00000000753716bd 2 bytes JMP 758a85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                          0000000075371401 2 bytes JMP 7582b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                            0000000075371419 2 bytes JMP 7582b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                          0000000075371431 2 bytes JMP 758a8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                          000000007537144a 2 bytes CALL 758048ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                               * 9
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                             00000000753714dd 2 bytes JMP 758a87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                      00000000753714f5 2 bytes JMP 758a8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                             000000007537150d 2 bytes JMP 758a8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                      0000000075371525 2 bytes JMP 758a8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                            000000007537153d 2 bytes JMP 7581fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                 0000000075371555 2 bytes JMP 758268ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                          000000007537156d 2 bytes JMP 758a8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                            0000000075371585 2 bytes JMP 758a8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                               000000007537159d 2 bytes JMP 758a865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                            00000000753715b5 2 bytes JMP 7581fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                          00000000753715cd 2 bytes JMP 7582b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                      00000000753716b2 2 bytes JMP 758a8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                      00000000753716bd 2 bytes JMP 758a85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                         00000000773cfc80 5 bytes JMP 000000010033012a
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                           00000000773cfcb0 5 bytes JMP 0000000100330bc2
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                         00000000773cfe14 5 bytes JMP 0000000100330048
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtReadVirtualMemory                                          00000000773cfe90 5 bytes JMP 0000000100330e68
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                  00000000773cfea8 5 bytes JMP 0000000100330594
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                             00000000773cff24 5 bytes JMP 0000000100330f4a
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                               00000000773d0004 5 bytes JMP 0000000100330758
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                       00000000773d0038 5 bytes JMP 0000000100330ca4
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                               00000000773d0068 5 bytes JMP 0000000100330d86
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                            00000000773d0084 5 bytes JMP 0000000100030050
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread                                          00000000773d02e8 5 bytes JMP 000000010033020c
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                               00000000773d079c 5 bytes JMP 00000001003303d0
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                   00000000773d088c 5 bytes JMP 00000001003309fe
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                             00000000773d08a4 2 bytes JMP 000000010033091c
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 3                                         00000000773d08a7 2 bytes [F6, 88]
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                 00000000773d0df4 5 bytes JMP 0000000100330676
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx                                           00000000773d15d4 5 bytes JMP 00000001003302ee
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                           00000000773d1920 5 bytes JMP 000000010033083a
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                       00000000773d1be4 5 bytes JMP 0000000100330ae0
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                              00000000773d1d70 5 bytes JMP 00000001003304b2
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                             00000000767e524f 7 bytes JMP 00000001003403d8
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                 00000000767e53d0 7 bytes JMP 0000000100340684
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                00000000767e5677 7 bytes JMP 00000001003404bc
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                       00000000767e589a 7 bytes JMP 000000010034012c
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                       00000000767e5a1d 7 bytes JMP 000000010034084c
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                  00000000767e5c9b 7 bytes JMP 00000001003405a0
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                    00000000767e5d87 7 bytes JMP 0000000100340768
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                   00000000767e7240 7 bytes JMP 00000001003402f4
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                  0000000075051492 7 bytes JMP 0000000100340a12
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                    0000000075371401 2 bytes JMP 7582b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                      0000000075371419 2 bytes JMP 7582b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                    0000000075371431 2 bytes JMP 758a8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                    000000007537144a 2 bytes CALL 758048ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                               * 9
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                       00000000753714dd 2 bytes JMP 758a87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                00000000753714f5 2 bytes JMP 758a8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                       000000007537150d 2 bytes JMP 758a8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                0000000075371525 2 bytes JMP 758a8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                      000000007537153d 2 bytes JMP 7581fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                           0000000075371555 2 bytes JMP 758268ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                    000000007537156d 2 bytes JMP 758a8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                      0000000075371585 2 bytes JMP 758a8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                         000000007537159d 2 bytes JMP 758a865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                      00000000753715b5 2 bytes JMP 7581fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                    00000000753715cd 2 bytes JMP 7582b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                00000000753716b2 2 bytes JMP 758a8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                00000000753716bd 2 bytes JMP 758a85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                   00000000773cfc80 5 bytes JMP 00000001001f012a
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                     00000000773cfcb0 5 bytes JMP 00000001001f0bc2
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                   00000000773cfe14 5 bytes JMP 00000001001f0048
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtReadVirtualMemory                                    00000000773cfe90 5 bytes JMP 00000001001f0e68
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                            00000000773cfea8 5 bytes JMP 00000001001f0594
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                       00000000773cff24 5 bytes JMP 00000001001f0f4a
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                         00000000773d0004 5 bytes JMP 00000001001f0758
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                 00000000773d0038 5 bytes JMP 00000001001f0ca4
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                         00000000773d0068 5 bytes JMP 00000001001f0d86
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                      00000000773d0084 5 bytes JMP 0000000100020050
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread                                    00000000773d02e8 5 bytes JMP 00000001001f020c
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                         00000000773d079c 5 bytes JMP 00000001001f03d0
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                             00000000773d088c 5 bytes JMP 00000001001f09fe
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                       00000000773d08a4 2 bytes JMP 00000001001f091c
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 3                                   00000000773d08a7 2 bytes [E2, 88]
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                           00000000773d0df4 5 bytes JMP 00000001001f0676
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx                                     00000000773d15d4 5 bytes JMP 00000001001f02ee
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                     00000000773d1920 5 bytes JMP 00000001001f083a
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                 00000000773d1be4 5 bytes JMP 00000001001f0ae0
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                        00000000773d1d70 5 bytes JMP 00000001001f04b2
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                            0000000075051492 7 bytes JMP 0000000100200af6
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                       00000000767e524f 7 bytes JMP 00000001002003d8
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                           00000000767e53d0 7 bytes JMP 0000000100200684
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                          00000000767e5677 7 bytes JMP 00000001002004bc
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                 00000000767e589a 7 bytes JMP 000000010020012c
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                 00000000767e5a1d 7 bytes JMP 000000010020084c
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                            00000000767e5c9b 7 bytes JMP 00000001002005a0
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                              00000000767e5d87 7 bytes JMP 0000000100200768
.text     C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123             00000000767e7240 7 bytes JMP 00000001002002f4
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                         00000000773cfc80 5 bytes JMP 00000001001f012a
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                           00000000773cfcb0 5 bytes JMP 00000001001f0bc2
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                         00000000773cfe14 5 bytes JMP 00000001001f0048
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtReadVirtualMemory                                                                          00000000773cfe90 5 bytes JMP 00000001001f0e68
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                                  00000000773cfea8 5 bytes JMP 00000001001f0594
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                             00000000773cff24 5 bytes JMP 00000001001f0f4a
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                               00000000773d0004 5 bytes JMP 00000001001f0758
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                       00000000773d0038 5 bytes JMP 00000001001f0ca4
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                               00000000773d0068 5 bytes JMP 00000001001f0d86
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                            00000000773d0084 5 bytes JMP 0000000100020050
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread                                                                          00000000773d02e8 5 bytes JMP 00000001001f020c
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                               00000000773d079c 5 bytes JMP 00000001001f03d0
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                   00000000773d088c 5 bytes JMP 00000001001f09fe
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                             00000000773d08a4 2 bytes JMP 00000001001f091c
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 3                                                                         00000000773d08a7 2 bytes [E2, 88]
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                 00000000773d0df4 5 bytes JMP 00000001001f0676
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx                                                                           00000000773d15d4 5 bytes JMP 00000001001f02ee
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                           00000000773d1920 5 bytes JMP 00000001001f083a
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                       00000000773d1be4 5 bytes JMP 00000001001f0ae0
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                              00000000773d1d70 5 bytes JMP 00000001001f04b2
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                             00000000767e524f 7 bytes JMP 00000001002003d8
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                                 00000000767e53d0 7 bytes JMP 0000000100200684
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                                00000000767e5677 7 bytes JMP 00000001002004bc
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                       00000000767e589a 7 bytes JMP 000000010020012c
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                       00000000767e5a1d 7 bytes JMP 000000010020084c
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                                  00000000767e5c9b 7 bytes JMP 00000001002005a0
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                    00000000767e5d87 7 bytes JMP 0000000100200768
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                   00000000767e7240 7 bytes JMP 00000001002002f4
.text     C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                                  0000000075051492 7 bytes JMP 0000000100200930
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                      0000000075371401 2 bytes JMP 7582b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                        0000000075371419 2 bytes JMP 7582b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                      0000000075371431 2 bytes JMP 758a8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                      000000007537144a 2 bytes CALL 758048ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                               * 9
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                         00000000753714dd 2 bytes JMP 758a87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                  00000000753714f5 2 bytes JMP 758a8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                         000000007537150d 2 bytes JMP 758a8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                  0000000075371525 2 bytes JMP 758a8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                        000000007537153d 2 bytes JMP 7581fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                             0000000075371555 2 bytes JMP 758268ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                      000000007537156d 2 bytes JMP 758a8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                        0000000075371585 2 bytes JMP 758a8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                           000000007537159d 2 bytes JMP 758a865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                        00000000753715b5 2 bytes JMP 7581fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                      00000000753715cd 2 bytes JMP 7582b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                  00000000753716b2 2 bytes JMP 758a8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                  00000000753716bd 2 bytes JMP 758a85f1 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                      0000000075371401 2 bytes JMP 7582b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                        0000000075371419 2 bytes JMP 7582b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                      0000000075371431 2 bytes JMP 758a8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                      000000007537144a 2 bytes CALL 758048ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                                                               * 9
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                         00000000753714dd 2 bytes JMP 758a87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                  00000000753714f5 2 bytes JMP 758a8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                         000000007537150d 2 bytes JMP 758a8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                  0000000075371525 2 bytes JMP 758a8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                        000000007537153d 2 bytes JMP 7581fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                             0000000075371555 2 bytes JMP 758268ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                      000000007537156d 2 bytes JMP 758a8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                        0000000075371585 2 bytes JMP 758a8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                           000000007537159d 2 bytes JMP 758a865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                        00000000753715b5 2 bytes JMP 7581fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                      00000000753715cd 2 bytes JMP 7582b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                  00000000753716b2 2 bytes JMP 758a8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                  00000000753716bd 2 bytes JMP 758a85f1 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread    C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [1560:1588]                                                                     0000000000020064

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                             unknown MBR code

---- EOF - GMER 2.1 ----
         


sowie malwarebytes:



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 25.01.2015
Suchlauf-Zeit: 21:31:37
Logdatei: Malwarebytes20150125.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.25.10
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: xxxxxxxxxxx

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 359420
Verstrichene Zeit: 11 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 6
Trojan.Agent.ED, C:\ProgramData\5E06E4C25.cpp, Löschen bei Neustart, [a4fa7784533636009cb743ce4db546ba], 
Trojan.Agent.ED, C:\Users\xxxxxxxxxxx\AppData\Local\Temp\Low\GDKf.dll, In Quarantäne, [148a53a8f891f93d64ef7d9406fc40c0], 
Trojan.Agent.ED, C:\Users\xxxxxxxxxxx\AppData\Local\Temp\Low\oSy0.dll, In Quarantäne, [366805f64b3e3afc2b287e933ec42dd3], 
Trojan.Agent.ED, C:\Users\xxxxxxxxxxx\AppData\Local\Temp\Low\ReqJ.dll, In Quarantäne, [910dbd3eabde4bebfe555eb3d62c8878], 
Trojan.Agent.ED, C:\Users\xxxxxxxxxxx\AppData\Local\Temp\Low\zwx1.dll, In Quarantäne, [0f8f02f902876dc959fa5cb52bd7fe02], 
PUP.Optional.OpenCandy, C:\Users\xxxxxxxxxxx\Downloads\winamp563_full_emusic-7plus_de-de.exe, In Quarantäne, [396509f28900e4526d13e1ea0df852ae], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         


Alles was ein Neuaufsetzen des Systems vermeidet, wäre toll...

Gruß

Alt 01.02.2015, 21:06   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 01.02.2015, 21:22   #3
Ritaratlos
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Hi,

das wäre der Log additions (hoffe ich habe richtig verstanden, was ich mit damit machen soll):

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by xxxxxxxxxxx at 2015-02-01 19:44:48
Running from C:\Users\xxxxxxxxxxx\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Nero SoundTrax Help (x32 Version: 4.4.32.0 - Nero AG) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
Bauskript Software 2011-04 Standard (HKLM-x32\...\Bauskript Software 2011-04 Standard) (Version: 2011-04 Standard - Bauskript Software)
Blitzrechnen (HKLM-x32\...\Blitzrechnen) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG8200 series Benutzerregistrierung (HKLM-x32\...\Canon MG8200 series Benutzerregistrierung) (Version:  - )
Canon MG8200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8200_series) (Version:  - )
Canon MG8200 series On-screen Manual (HKLM-x32\...\Canon MG8200 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Capture NX (HKLM-x32\...\Capture NX) (Version: 1.3.0 - NIKON CORPORATION)
Capture NX 2 (HKLM-x32\...\Capture NX 2) (Version: 2.2.4 - NIKON CORPORATION)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
DDBAC (HKLM-x32\...\{12E50555-348C-4416-91E2-2BB99499554E}) (Version: 4.3.62 - DataDesign)
Deer Drive (x32 Version: 2.2.0.82 - WildTangent) Hidden
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.7.7 - fotobuch.de AG)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.2 - Nikon)
fotokasten comfort 5.0 (HKLM-x32\...\fotokasten comfort_is1) (Version:  - )
FUJIdirekt Bestellsoftware 5.2 (HKLM-x32\...\FUJIdirekt Bestellsoftware_is1) (Version:  - )
Garmin BaseCamp (HKLM-x32\...\{00BC5C92-9F00-41B2-AE04-4C6B5DF0981F}) (Version: 4.3.2 - Garmin Ltd or its subsidiaries)
Garmin TOPO Deutschland 2010 (HKLM-x32\...\{C7C82ED1-E5AD-48CF-8B92-38DD9B49610C}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin TOPO France v2 (HKLM-x32\...\{4F763864-DDEA-46CA-AA1E-63A9C2453E83}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Geogrid® DPV (HKLM-x32\...\Geogrid_DPV) (Version:  - )
Gigaset QuickSync (HKLM-x32\...\{2c2f4c57-83a8-4790-a281-e83d306a9199}) (Version: 6.1.0822.15063 - Gigaset Communications GmbH)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GRID Demo (HKLM-x32\...\{3C850287-4CD5-4FAD-BE39-A4AF7851A7C6}) (Version: 1.00.0000 - Codemasters)
GTR 2 1.0.0.0 (HKLM-x32\...\{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1) (Version: v1.0.0.0 - 10tacle Studios Publishing AG)
Hardwarediagnosetools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java(TM) 6 Update 2 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LaCie Network Assistant 1.4.0.30 (HKLM-x32\...\{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1) (Version: 1.4.0.30 - LaCie SA)
Lexware Info Service (HKLM-x32\...\{59624372-3B85-47f4-9B04-4911E551DF1E}) (Version: 2.61.00.0033 - Lexware GmbH & Co. KG)
Lexware online banking (HKLM-x32\...\{6C35CAC7-27C9-4CB0-BBB8-CBF9994215DA}) (Version: 8.00.00.0067 - Lexware GmbH & Co. KG)
LibreCAD (HKLM-x32\...\LibreCAD) (Version: 2.0.2 - LibreCAD Team)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Logitech Gaming Software 5.08 (HKLM\...\{96F1BA99-300F-4DD5-A26B-788EF63B53B1}) (Version: 5.08.146 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MEDUSA4 PERSONAL V5.0.1 (HKLM-x32\...\MEDUSA4_PERSONAL_V5_0_1) (Version: V5.0.1 - CAD Schroer)
MEDUSA4 PERSONAL V5.1.2 (HKLM-x32\...\MEDUSA4_PERSONAL_V5_1_2) (Version: V5.1.2 - CAD Schroer)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Motorola)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
Nero 9 (HKLM-x32\...\{24726980-c600-42f0-a20e-3afb3c3ad829}) (Version:  - Nero AG)
Nero BackItUp (HKLM-x32\...\{0420F95C-11FF-4E02-B967-6CC22B188F9F}) (Version: 5.2.6000 - Nero AG)
Nero BackItUp and Burn (HKLM-x32\...\{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}) (Version: 1.2.0009 - Nero AG)
Nero BurnRights (HKLM-x32\...\{397516AE-7DFE-4F90-84E0-BD616D559434}) (Version: 3.6.17000 - Nero AG)
Nero Express (HKLM-x32\...\{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}) (Version: 9.6.11000 - Nero AG)
Nero RescueAgent (HKLM-x32\...\{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}) (Version: 2.6.13000 - Nero AG)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.91.000 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.00.0000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.1 - Nikon)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OLYMPUS Master 2 (HKLM-x32\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Password Guard v3 (HKLM-x32\...\{A0836944-E481-425D-B376-41818DC396D8}) (Version: 3.00.0000 - SYDATEC)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
PlayMemories Home (HKLM-x32\...\{6F26A633-ACC2-4850-82C5-60A06D606175}) (Version: 3.1.20.06241 - Sony Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
Pro Evolution Soccer 2009 (HKLM-x32\...\{A8DB611A-D80E-450D-85F6-3ACDD164BE31}) (Version: 1.00.0000 - KONAMI)
Quicken 2010 - Servicepack 5 (HKLM-x32\...\{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}) (Version: 17.05.0000 - Lexware GmbH & Co KG)
Quicken 2010 (HKLM-x32\...\InstallShield_{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}) (Version: 17.00.00.0081 - Lexware GmbH & Co. KG)
Quicken 2010 (x32 Version: 17.00.00.0081 - Lexware GmbH & Co. KG) Hidden
Quicken Import Export Server 2010 (HKLM-x32\...\{7DA9F24A-CEC3-426E-BFFA-ADB94D922463}) (Version: 17.00.00.0048 - Lexware GmbH & Co. KG)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Remote Virtual USB (HKLM-x32\...\{ECE9D6C8-2DE8-4505-920E-103FAF0AC9CF}) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1600.0 - SAMSUNG Electronics Co., Ltd.)
Security Task Manager 2.0 (HKLM-x32\...\Security Task Manager) (Version: 2.0 - Neuber Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Slotman (HKLM-x32\...\Slotman_is1) (Version:  - Elmar)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
SoundTrax (x32 Version: 4.4.37.1 - Nero AG) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stellarium 0.11.0 (HKLM-x32\...\Stellarium_is1) (Version:  - )
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.11 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.16 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Südtirol (Topo) (HKLM-x32\...\{53F7328C-6687-4AC9-9F68-2E28D8273033}_is1) (Version:  - )
Top25 Viewer basierend auf Geogrid®-Viewer Version 3.2 (HKLM-x32\...\DeInst_d2vexcrd C:/Program Files (x86)/Top25 V2) (Version:  - )
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.0 - Nikon)
Wertpapieranalyse 2009 (HKLM-x32\...\{3118E461-1976-4F6A-97B4-B655F3AAB263}) (Version: 1.00.0004 - Lexware)
WhiteWall 5.0 (HKLM-x32\...\WhiteWall_is1) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Toolbar (HKLM-x32\...\Winamp Toolbar) (Version:  - ) <==== ATTENTION
Winamp Toolbar (HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Winamp Toolbar) (Version:  - ) <==== ATTENTION
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list restore points.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {019FAC03-D0A9-405F-BD4C-6F49F4561A58} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03] (Lexware GmbH & Co. KG)
Task: {03512E67-0C20-4A2C-8A01-D31C02591B6F} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
Task: {0F9F5E9D-28F5-477E-8EAC-C923C5E268B8} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
Task: {1AED997E-4BC5-400B-9243-D7395A8739C8} - System32\Tasks\{703636CF-CB47-40E4-B774-E6A409B2D8C4} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {1E391896-8D8C-465A-84EA-A6E9289BE28C} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {2181DE9C-A1C1-4E18-8FD7-E762277CF198} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {25C065DC-1EF4-4D40-9825-A57072DD4A75} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {32E0A311-F321-4010-AF13-EEF161897274} - System32\Tasks\{38960F90-C87A-41BF-BF9B-B48962273503} => pcalua.exe -a "C:\Users\xxxxxxxxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TIQZ89OR\ddbac[1].exe" -d C:\Windows\SysWOW64
Task: {41C61B6C-B248-4AFC-A6B2-3E243D0D69A3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {455DECAD-5620-42B8-AF6A-9B67F14AE2CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {4B5A3E85-7292-436F-82B0-B99636998372} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {4C8BFD43-F0FB-4524-A1BF-68D6E39E76D5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {50071A48-3839-49B4-9C24-A9F4BD43A7F4} - System32\Tasks\{06AE9A28-748C-406F-A05A-0994647D9183} => C:\Program Files (x86)\Remote Virtual USB\RMVUSB.exe [2007-09-07] ()
Task: {545E89C9-0C81-45B4-9FA4-9E6AE076B55C} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {598D5696-9754-4A66-BB72-296E955744F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {6D12358F-98D8-4BE0-812D-DCF7A7FE43D5} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {7CCF8A36-7F00-444F-ADB7-104297ACF6AB} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {869026C0-2893-4B2E-BBEF-44762085EA59} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9614EC8F-BEAF-48F4-B878-5359007D095A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {9C097270-60C2-4D72-9631-745355B141D8} - System32\Tasks\{13A9DBFB-0A7B-4F5C-B41C-2DB4E5F712CB} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {9C2861A7-0326-4EBB-9142-BEE7B3006CF7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A2B6D619-0D14-4540-9AEA-1FB09126CAAE} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {A408FFA4-57BF-4005-BE40-25D5CFCA96E1} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {AB4CF7B1-8EF8-4B64-8394-CDCCDE7B66CA} - System32\Tasks\{98341623-8203-4F0D-8D1E-7929BC3408E3} => pcalua.exe -a "C:\Program Files (x86)\Remote Virtual USB\BusSetup.exe" -d "C:\Program Files (x86)\Remote Virtual USB"
Task: {AE7EA230-1AA0-41ED-A1C1-52CADA9FA9BE} - System32\Tasks\{948244F6-06C6-46D1-984C-1B51A71CD7C9} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {B39ADE4B-66E9-4031-A236-D14C731B0C45} - System32\Tasks\{312B6176-08CB-4567-9333-BF1C621DFC89} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {B958A90F-E7AA-424A-A430-7BF4BC0ED864} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {BC671308-3A14-450E-9DFE-53F248713310} - System32\Tasks\{4A63755D-25CF-46B4-AFA4-E2BD6DCF7A62} => pcalua.exe -a "C:\Users\xxxxxxxxxxx\Downloads\template_black_calendar(2).exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C17BDE27-ECDC-4BD8-82DE-53AD2E0C9A6C} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {C6084CAD-B012-478E-AFFB-95E01CD19B74} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {C978E607-4803-4377-9F49-F1361200ED31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {D7DE0A2A-2596-45F1-B8F1-8767F454416C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DE50C2D6-5DB1-4135-80E3-B621570F11F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {EC6A16B8-FB64-40D5-879F-B8589EAF62B2} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {ED63AC16-4EAF-4F68-B5BA-8A72772754FB} - System32\Tasks\{8533E975-FCBD-4397-A2B7-966CAA8238AD} => C:\Program Files (x86)\Remote Virtual USB\RMVUSB.exe [2007-09-07] ()
Task: {FB15EC61-2923-4562-8BD7-5E7016A5D634} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {FC02427A-98CD-4E55-A2E4-AE22BB174621} - System32\Tasks\{C6CE09EC-00F3-49F3-B659-76C38492F1BF} => pcalua.exe -a "E:\BackItUp and Burn\setup.exe" -d C:\Windows\SysWOW64 -c /embed"{15C3D283-36C4-425B-AE67-3B5034C39287}" /hide_splash /hide_progress /runprerequisites"BackItUp,BurnRights,Express,RescueAgent,Common" /l1031
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2011-11-08 20:04 - 2011-02-07 08:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-12-06 22:00 - 2011-12-06 22:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2011-12-06 22:00 - 2011-12-06 22:00 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2009-09-18 20:35 - 2009-02-27 18:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2009-07-08 13:35 - 2009-07-08 13:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-05-26 09:36 - 2009-05-26 09:36 - 00656896 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
2015-02-01 19:39 - 2015-02-01 19:39 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger(3).exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-19 14:57 - 2011-09-19 14:57 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2011-09-19 14:57 - 2011-09-19 14:57 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2011-09-19 14:59 - 2011-09-19 14:59 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2011-09-19 14:57 - 2011-09-19 14:57 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2011-09-19 14:57 - 2011-09-19 14:57 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2015-01-25 19:45 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-25 19:45 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-25 19:45 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-25 19:45 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-25 19:45 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-09-18 20:35 - 2009-02-19 16:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2009-08-05 12:45 - 2009-08-05 12:45 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-01-30 12:42 - 2015-01-30 12:42 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-04-06 21:57 - 2013-04-06 21:57 - 00020296 _____ () C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\winamp.dll
2014-07-16 09:21 - 2014-07-16 09:21 - 00611128 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUKernel.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00152888 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUBasic.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00820024 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\MainControls.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00119096 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUTransl.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00161080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\PerlRegEx.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00210744 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\XMLComponents.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00449848 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\GR32_D6.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00129336 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SchedAgent_2007.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00335672 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUCompression.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00307000 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\DEC.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00493368 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Html.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00307000 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\ntrtl60.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00458040 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\PowerManager.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00470328 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SysInfo.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00656184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\MSI_D6.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00144184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUIcoEngineerDirTree.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00076600 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUShell.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00068408 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SysControls.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00215864 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\ProgramRating.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00423224 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\VisControls.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00033080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUBase.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 01145144 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxBarD12.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00044856 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxCoreD12.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00016184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxComnD12.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00055608 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxThemeD12.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00852280 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\cxLibraryD12.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00069944 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxGDIPlusD12.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00154424 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\cefcomponent.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00278840 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\AppInitialization.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00107320 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUShredder.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00632632 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUDiskCleanerClass.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00092984 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUApps.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00042808 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TURar.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00489272 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Traces.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00083256 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUOperaClass.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00047928 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUApplications.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00042808 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUSafariClass.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00140088 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\CommonForms.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00609080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\VirtualTreesR.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00065848 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUIECacheClass.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00103224 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUDefragClient.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00962872 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TuningWizard.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00107320 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Internet.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00207672 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxBarExtItemsD12.bpl
2014-07-16 09:22 - 2014-07-16 09:22 - 00289080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\RegCleaner.bpl
2014-07-16 09:21 - 2014-07-16 09:21 - 00023864 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\IEControl.bpl
2015-01-25 21:12 - 2015-01-25 21:12 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\xxxxxxxxxxx\Downloads\message.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-232553567-516970607-3978274004-500 - Administrator - Disabled)
xxxxxxxxxxx (S-1-5-21-232553567-516970607-3978274004-1001 - Administrator - Enabled) => C:\Users\xxxxxxxxxxx
Gast (S-1-5-21-232553567-516970607-3978274004-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-232553567-516970607-3978274004-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 00:47:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/31/2015 03:55:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4c8073ec
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x34c
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (01/31/2015 03:54:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4c8073ec
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1544
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (01/31/2015 03:23:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18517, Zeitstempel: 0x53aa2e07
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000050506
ID des fehlerhaften Prozesses: 0x8b4
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (01/31/2015 00:29:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm pcdr5cuiw32.exe, Version 5.1.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d58

Startzeit: 01d03d344b0d9825

Endzeit: 31

Anwendungspfad: C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

Berichts-ID:

Error: (01/31/2015 01:19:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/30/2015 06:00:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/30/2015 11:38:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4c8073ec
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x84c
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (01/30/2015 11:37:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4c8073ec
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x12dc
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (01/25/2015 11:41:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4c8073ec
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x6bc
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3


System errors:
=============
Error: (02/01/2015 07:47:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (02/01/2015 07:46:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (02/01/2015 07:45:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (02/01/2015 07:45:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (02/01/2015 07:44:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (02/01/2015 07:42:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (02/01/2015 07:42:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (02/01/2015 07:41:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (02/01/2015 07:15:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (02/01/2015 06:47:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%126


Microsoft Office Sessions:
=========================
Error: (02/01/2015 00:47:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest

Error: (01/31/2015 03:55:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MobileMeServices.exe1.6.65.04c8073ecKERNELBASE.dll6.1.7601.1840953159a86c06d007e0000c42d34c01d03d65f277ed6fC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exeC:\Windows\syswow64\KERNELBASE.dll302a064d-a959-11e4-ae76-4061860dc6c8

Error: (01/31/2015 03:54:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MobileMeServices.exe1.6.65.04c8073ecKERNELBASE.dll6.1.7601.1840953159a86c06d007e0000c42d154401d03d65def98f6dC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exeC:\Windows\syswow64\KERNELBASE.dll1da3796b-a959-11e4-ae76-4061860dc6c8

Error: (01/31/2015 03:23:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.1851753aa2e07c000000500000000000505068b401d03d60fe4f7209C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dllb801cca5-a954-11e4-a13c-4061860dc6c8

Error: (01/31/2015 00:29:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: pcdr5cuiw32.exe5.1.0.0d5801d03d344b0d982531C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

Error: (01/31/2015 01:19:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest

Error: (01/30/2015 06:00:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest

Error: (01/30/2015 11:38:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MobileMeServices.exe1.6.65.04c8073ecKERNELBASE.dll6.1.7601.1840953159a86c06d007e0000c42d84c01d03c78df489d97C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exeC:\Windows\syswow64\KERNELBASE.dll1cfeadf8-a86c-11e4-a036-4061860dc6c8

Error: (01/30/2015 11:37:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MobileMeServices.exe1.6.65.04c8073ecKERNELBASE.dll6.1.7601.1840953159a86c06d007e0000c42d12dc01d03c78bccbcdbeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exeC:\Windows\syswow64\KERNELBASE.dll0958f255-a86c-11e4-a036-4061860dc6c8

Error: (01/25/2015 11:41:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MobileMeServices.exe1.6.65.04c8073ecKERNELBASE.dll6.1.7601.1840953159a86c06d007e0000c42d6bc01d038f017ad7fefC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exeC:\Windows\syswow64\KERNELBASE.dll555ecd8f-a4e3-11e4-89f7-4061860dc6c8


CodeIntegrity Errors:
===================================
  Date: 2011-12-11 16:22:35.112
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Slotman\gwiopm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-11 16:22:35.066
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Slotman\gwiopm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-02-14 10:16:39.529
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Slotman\gwiopm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-02-14 10:16:39.519
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Slotman\gwiopm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 33%
Total physical RAM: 8183.08 MB
Available physical RAM: 5414.22 MB
Total Pagefile: 16364.35 MB
Available Pagefile: 12945.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:921.14 GB) (Free:721.8 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.28 GB) (Free:1.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=921.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 01.02.2015, 21:30   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alt 01.02.2015, 22:15   #5
Ritaratlos
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Hallo Cosinus,

der log:

Code:
ATTFilter
ComboFix 15-01-29.01 - xxxxxxxxxx 01.02.2015  22:44:07.1.8 - x64
ausgeführt von:: c:\users\xxxxxxxxxx\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
c:\windows\IsUn0407.exe
c:\windows\SysWow64\tmp4EC3.tmp
c:\windows\SysWow64\tmp4F31.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-01 bis 2015-02-01  ))))))))))))))))))))))))))))))
.
.
2015-02-01 21:57 . 2015-02-01 21:57	--------	d-----w-	c:\windows\system32\wbem\repository
2015-02-01 21:56 . 2015-02-01 21:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-01 18:44 . 2015-02-01 18:47	--------	d-----w-	C:\FRST
2015-01-25 20:31 . 2015-02-01 18:21	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-25 20:31 . 2014-11-21 05:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-01-25 20:31 . 2014-11-21 05:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-01-25 20:31 . 2014-11-21 05:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-01-25 20:31 . 2015-01-25 20:31	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-01-25 20:31 . 2015-01-25 20:31	--------	d-----w-	c:\programdata\Malwarebytes
2015-01-25 18:46 . 2013-09-20 09:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2015-01-25 18:46 . 2015-01-25 19:15	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-01-25 18:45 . 2015-01-25 18:47	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2015-01-24 13:30 . 2015-01-24 14:15	--------	d-----w-	c:\programdata\SecTaskMan
2015-01-24 13:30 . 2015-01-24 13:30	--------	d-----w-	c:\users\xxxxxxxxxx\AppData\Local\SecTaskMan
2015-01-24 13:30 . 2015-01-24 13:30	--------	d-----w-	c:\program files (x86)\Security Task Manager
2015-01-24 12:57 . 2015-01-24 12:57	--------	d-----w-	C:\NPE
2015-01-24 12:52 . 2015-01-24 14:12	--------	d-----w-	c:\users\xxxxxxxxxx\AppData\Local\NPE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-25 20:12 . 2012-04-20 04:05	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-25 20:12 . 2011-05-15 05:01	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-31 12:12 . 2009-11-16 19:22	113365784	----a-w-	c:\windows\system32\MRT.exe
2014-12-13 05:09 . 2014-12-19 09:31	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-19 09:31	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-10 21:32	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 21:32	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 21:32	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 21:32	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 21:32	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 02:50 . 2014-12-10 21:32	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 02:44 . 2014-12-10 21:32	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 21:32	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 21:32	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 21:31	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 21:32	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 21:32	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 21:32	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 21:31	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 21:32	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 21:32	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 21:31	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 21:32	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 21:32	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 21:32	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 21:32	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 21:31	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 21:31	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 21:32	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 21:32	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 21:32	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 21:32	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 21:31	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 21:31	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 21:32	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 21:32	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 21:32	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 21:32	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 21:32	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 21:32	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 21:32	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 21:32	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 21:31	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 21:32	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 21:32	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 21:32	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 21:32	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 21:31	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 21:32	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 21:32	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 21:32	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 21:32	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 21:32	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-19 03:31 . 2014-11-19 03:31	1217192	----a-w-	c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-10 21:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-21 15:35	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-21 15:35	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 21:32	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-21 15:35	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-21 15:35	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 21:32	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 21:30	2048	----a-w-	c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 21:30	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-11-27 22:46 . 2013-11-27 22:46	49940480	----a-w-	c:\program files (x86)\GUT57F0.tmp
2009-11-17 20:52 . 2009-11-17 20:52	3211264	----a-w-	c:\program files (x86)\Common FilesDDBACSetup.msi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Password Guard v3"="c:\program files (x86)\SYDATEC\Password Guard v3\pwgtray.exe" [2009-10-27 675464]
"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"LaCie Ethernet Agent Startup"="c:\program files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe" [2009-10-16 5722112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2009-09-01 1086760]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-20 74752]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2014-06-24 2557976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Quicken 2010 Zahlungserinnerung.lnk - c:\program files (x86)\Lexware\Quicken\2010\billmind.exe [2009-8-14 192512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe"
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"Nikon Transfer Monitor"=c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
"Nikon Message Center 2"=c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
"BATINDICATOR"=c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
"CanonSolutionMenuEx"=c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys;c:\windows\SYSNATIVE\DRIVERS\GenBus.sys [x]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys;c:\windows\SYSNATIVE\DRIVERS\GenHC.sys [x]
R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys;c:\windows\SYSNATIVE\DRIVERS\GigasetGenericUSB_x64.sys [x]
R3 gwiopm;gwiopm;c:\program files (x86)\Slotman\gwiopm.sys;c:\program files (x86)\Slotman\gwiopm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
R3 SOHDs;Sony Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys;c:\windows\SYSNATIVE\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys;c:\windows\SYSNATIVE\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys;c:\windows\SYSNATIVE\DRIVERS\sscemdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20150130.001\IDSvia64.sys;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20150130.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/09/18 21:43];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl;c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 20:12]
.
2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-13 02:18]
.
2015-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-13 02:18]
.
2015-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?type=3&tp=iehome&locale=de_de&c=94&bd=pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=C93D1590-C539-4FDB-8493-A71C05BAF874&apn_ptnrs=9M&apn_sauid=3DDC48D7-3EBF-412A-8BD7-DF1C6FBBA016&apn_dtid=OSJ000&&q=
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-KeePass Password Safe 2 - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
Wow6432Node-HKLM-Run-KeePass 2 PreLoad - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Top25 V2 - c:\windows\IsUn0407.exe
AddRemove-{C611CF88-969D-43E6-A877-D6D6439DD081} - c:\programdata\{ADCBF7A8-716E-4B21-AF03-E3F11C06C309}\HP_Remote_Solution_Install.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32;c:\program files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-01  23:11:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-01 22:11
.
Vor Suchlauf: 14 Verzeichnis(se), 775.717.855.232 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 775.528.095.744 Bytes frei
.
- - End Of File - - 994101E0C66AA0F53935C918EB4D59C9
         


Alt 02.02.2015, 09:04   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Bitte nun mbar:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068

Alt 02.02.2015, 21:00   #7
Ritaratlos
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Hallo Cosinus,

Rückmeldung war nach erstem Scan: "no malware found, no clean up necessary"

anbei log:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.02.05
  rootkit: v2015.01.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
xxxxxxxxxxx :: DESKTOP-PC [administrator]

02.02.2015 21:23:13
mbar-log-2015-02-02 (21-23-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 373600
Time elapsed: 15 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 02.02.2015, 21:01   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Alt 03.02.2015, 07:18   #9
Ritaratlos
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Hallo Cosinus,

anbei logs


adwcleaner:

Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 03/02/2015 um 07:49:22
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-02.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : xxxxxxxxxx - DESKTOP-PC
# Gestartet von : C:\Users\xxxxxxxxxx\Downloads\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\ProgramData\Winamp Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Winamp Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Software Update Utility
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\xxxxxxxxxx\AppData\Local\SecTaskMan
Ordner Gelöscht : C:\Users\xxxxxxxxxx\AppData\Local\Winamp Toolbar
Ordner Gelöscht : C:\Users\xxxxxxxxxx\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\{0B38152B-1B20-484D-A11F-5E04A9B0661F}
Ordner Gelöscht : C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\toolbar@ask.com
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Datei Gelöscht : C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\searchplugins\safesearch.xml
Datei Gelöscht : C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{134B5A9E-37E4-4B34-93B8-94ED49FF6DDB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3A8D9662-4E9F-4402-9DFC-4564479A471E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{134B5A9E-37E4-4B34-93B8-94ED49FF6DDB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{134B5A9E-37E4-4B34-93B8-94ED49FF6DDB}
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\APN
Schlüssel Gelöscht : HKLM\SOFTWARE\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 192.168.*.*;*.local

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)

[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.date", "4");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.lastDate", "3");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.lastMonth", "1");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.lastYear", "2015");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.month", "69");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.prevMonth", "865");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.total", "16655");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.week", "69");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.year", "933");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"2020Player@2020Technologies.com\":{\"d\":\"C:\\\\Users\\\\xxxxxxxxxx\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\7s6g5qp4.default\[...]
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=C93D1590-C539-4FDB-8493-A71C05BAF874&apn_ptnrs=9M&apn_sauid=3DDC48D7-3EBF-412A-8BD7-DF1C6FBBA016&[...]
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_33500;facebook_45469;;post_to_twitter_46693;facebook_46704;ebay_46803");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.cookie.homepage", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.cookie.search", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.curtain.congrats", "none");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.default.homepage.check", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.default.search.check", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.guid", "{A8B7DCA3-EC35-8F85-5A3C-64AB494D005B}");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.homepageprotection.enabled", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.install.distroid", "winamp");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.20.9397");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.install.lid", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.install.mtmhp", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.install.ncid", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "3");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "1");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2015");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.log", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "12");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "15");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "58");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "8");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "17");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2012");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.relatednews.enabled", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.remote.publish.xml", "1422945208968");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.button", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.cid", "09-04-2013");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.instd", "20120812155613915");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.oid", "12-08-2012");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.placement", "left");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.savehistory", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.searchtype", "web");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.source", "winamp-ff");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.searchprotection.enabled", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.skin.custom", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.degc", "-9");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.degf", "15");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.image", "chrome://winamptoolbar/skin/weather/33_n.png");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.locationid", "USNY0996");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.metric", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.tooltip", "New York , NY : Mostly Clear");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.update", "1422945208970");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.zipcode", "10065");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.focus", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.forward", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.open", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.pause", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.play", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.rewind", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.stop", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.volume", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.ticker.show", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");

*************************

AdwCleaner[R0].txt - [22488 octets] - [03/02/2015 07:37:17]
AdwCleaner[S0].txt - [22194 octets] - [03/02/2015 07:49:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22255 octets] ##########
         



JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by xxxxxxxxxxx on 03.02.2015 at  7:59:11,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-232553567-516970607-3978274004-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\xxxxxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\7s6g5qp4.default\searchplugins\aol-search.xml
Successfully deleted: [Folder] C:\Users\xxxxxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\7s6g5qp4.default\winamptoolbardata
Successfully deleted the following from C:\Users\xxxxxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\7s6g5qp4.default\prefs.js

user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=C93D1590-C539-4FDB-8493-A71C05BAF874&apn_ptnrs=9M&apn_sauid=3DDC48D7-3EB
Emptied folder: C:\Users\xxxxxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\7s6g5qp4.default\minidumps [37 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.02.2015 at  8:01:54,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         




und Neuscan FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by xxxxxxxxxxx (administrator) on DESKTOP-PC on 03-02-2015 08:08:26
Running from C:\Users\xxxxxxxxxxx\Downloads
Loaded Profiles: xxxxxxxxxxx (Available profiles: xxxxxxxxxxx)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(SYDATEC) C:\Program Files (x86)\SYDATEC\Password Guard v3\pwgtray.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
(LaCie SA) C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Farbar) C:\Users\xxxxxxxxxxx\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2009-09-01] (Nero AG)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2557976 2014-06-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [Password Guard v3] => C:\Program Files (x86)\SYDATEC\Password Guard v3\pwgtray.exe [675464 2009-10-27] (SYDATEC)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2007-09-04] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [LaCie Ethernet Agent Startup] => C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe [5722112 2009-10-16] (LaCie SA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2010 Zahlungserinnerung.lnk
ShortcutTarget: Quicken 2010 Zahlungserinnerung.lnk -> C:\Program Files (x86)\Lexware\Quicken\2010\billmind.exe (Lexware GmbH & Co. KG)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-232553567-516970607-3978274004-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-232553567-516970607-3978274004-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {28B66320-9687-4B13-8757-36F901887AB5} hxxp://fotobuch.whitewall.com/ips-opdata/layout/avenso/objects/canvasx.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: 20-20 3D Viewer - C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\2020Player@2020Technologies.com [2011-03-25]
FF Extension: Garmin Communicator - C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-02-03]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [87344 2009-09-01] (Prolific Technology Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-06-24] (Sony Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-10-25] (Devguru Co., Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [194048 2008-11-25] ( ) [File not signed]
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2009-02-20] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 gwiopm; C:\Program Files (x86)\Slotman\gwiopm.sys [3904 1998-06-03] () [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-16] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20150202.019\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20150202.019\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 08:07 - 2015-02-03 08:07 - 02131456 _____ (Farbar) C:\Users\xxxxxxxxxxx\Downloads\FRST64(1).exe
2015-02-03 08:01 - 2015-02-03 08:01 - 00002425 _____ () C:\Users\xxxxxxxxxxx\Desktop\JRT.txt
2015-02-03 07:58 - 2015-02-03 07:58 - 01388274 _____ (Thisisu) C:\Users\xxxxxxxxxxx\Downloads\JRT.exe
2015-02-03 07:37 - 2015-02-03 07:49 - 00000000 ____D () C:\AdwCleaner
2015-02-03 07:36 - 2015-02-03 07:36 - 02194432 _____ () C:\Users\xxxxxxxxxxx\Downloads\AdwCleaner_4.109.exe
2015-02-02 21:23 - 2015-02-02 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-02 21:20 - 2015-02-02 21:20 - 16466552 _____ (Malwarebytes Corp.) C:\Users\xxxxxxxxxxx\Downloads\mbar-1.08.3.1004.exe
2015-02-01 23:11 - 2015-02-01 23:11 - 00029927 _____ () C:\ComboFix.txt
2015-02-01 22:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-01 22:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-01 22:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-01 22:40 - 2015-02-01 23:11 - 00000000 ____D () C:\Qoobox
2015-02-01 22:39 - 2015-02-01 23:08 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 22:37 - 2015-02-01 22:37 - 05611408 ____R (Swearware) C:\Users\xxxxxxxxxxx\Downloads\ComboFix.exe
2015-02-01 22:05 - 2015-02-03 08:03 - 00000000 ____D () C:\Users\xxxxxxxxxxx\Documents\Virusabarbeitung
2015-02-01 20:22 - 2015-02-01 20:22 - 00563608 _____ () C:\Windows\Minidump\020115-37923-01.dmp
2015-02-01 19:53 - 2015-02-01 19:53 - 00380416 _____ () C:\Users\xxxxxxxxxxx\Downloads\Gmer-19357.exe
2015-02-01 19:44 - 2015-02-03 08:08 - 00021343 _____ () C:\Users\xxxxxxxxxxx\Downloads\FRST.txt
2015-02-01 19:44 - 2015-02-03 08:08 - 00000000 ____D () C:\FRST
2015-02-01 19:44 - 2015-02-01 19:47 - 00056745 _____ () C:\Users\xxxxxxxxxxx\Downloads\Addition.txt
2015-02-01 19:43 - 2015-02-01 19:43 - 02131456 _____ (Farbar) C:\Users\xxxxxxxxxxx\Downloads\frst64.exe
2015-02-01 19:40 - 2015-02-01 19:40 - 00000000 _____ () C:\Users\xxxxxxxxxxx\defogger_reenable
2015-02-01 19:39 - 2015-02-01 19:39 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger(3).exe
2015-01-31 15:06 - 2015-01-31 15:06 - 00664576 _____ () C:\Users\xxxxxxxxxxx\Downloads\MicrosoftFixit50562.msi
2015-01-30 12:42 - 2015-01-30 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-30 12:32 - 2015-01-30 12:32 - 37987520 _____ (Microsoft Corporation) C:\Users\xxxxxxxxxxx\Downloads\Windows-KB890830-x64-V5.20.exe
2015-01-25 22:40 - 2015-01-25 22:40 - 00353101 _____ () C:\Users\xxxxxxxxxxx\Downloads\MicrosoftFixit20084.mini.diagcab
2015-01-25 22:39 - 2015-01-25 22:40 - 01059840 _____ () C:\Users\xxxxxxxxxxx\Downloads\MicrosoftFixit50981.msi
2015-01-25 21:31 - 2015-02-02 21:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 21:31 - 2015-02-02 21:22 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 21:31 - 2015-01-25 21:31 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-25 21:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-25 21:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-25 21:30 - 2015-01-25 21:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\xxxxxxxxxxx\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-25 20:32 - 2015-01-25 20:32 - 00000000 ____D () C:\Users\xxxxxxxxxxx\Documents\ProcAlyzer Dumps
2015-01-25 19:46 - 2015-01-25 20:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-25 19:46 - 2015-01-25 19:46 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-25 19:46 - 2015-01-25 19:46 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-25 19:46 - 2015-01-25 19:46 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-25 19:46 - 2015-01-25 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-25 19:46 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-25 19:45 - 2015-01-25 19:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-25 19:42 - 2015-01-25 19:42 - 01191200 _____ () C:\Users\xxxxxxxxxxx\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe
2015-01-25 19:40 - 2015-01-25 19:40 - 01191200 _____ () C:\Users\xxxxxxxxxxx\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-01-24 20:25 - 2015-01-24 20:25 - 00000256 _____ () C:\Users\xxxxxxxxxxx\Downloads\defogger_enable.log
2015-01-24 20:24 - 2015-01-24 20:24 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger(2).exe
2015-01-24 20:21 - 2015-01-24 20:21 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger(1).exe
2015-01-24 20:19 - 2015-02-01 19:40 - 00000484 _____ () C:\Users\xxxxxxxxxxx\Downloads\defogger_disable.log
2015-01-24 20:18 - 2015-01-24 20:18 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger.exe
2015-01-24 14:30 - 2015-01-24 14:30 - 02935152 _____ () C:\Users\xxxxxxxxxxx\Downloads\SecurityTaskManager_Setup.exe
2015-01-24 14:30 - 2015-01-24 14:30 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00001137 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-01-24 13:57 - 2015-01-24 13:57 - 00000000 ____D () C:\NPE
2015-01-24 13:52 - 2015-01-24 15:12 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\NPE
2015-01-16 11:35 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 11:35 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 11:35 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 11:35 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-16 11:35 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-16 11:35 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-16 11:35 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-16 11:35 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-16 11:35 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-16 11:35 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 11:35 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 11:35 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 11:35 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 07:59 - 2011-05-29 06:26 - 00000000 ____D () C:\Users\xxxxxxxxxxx\Documents\Outlook-Dateien
2015-02-03 07:58 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 07:58 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 07:53 - 2013-04-10 09:29 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\CrashDumps
2015-02-03 07:50 - 2012-08-13 06:15 - 00000000 ____D () C:\Temp
2015-02-03 07:50 - 2009-11-13 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 07:50 - 2009-09-18 20:39 - 00742822 _____ () C:\Windows\PFRO.log
2015-02-03 07:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 07:50 - 2009-07-14 05:51 - 00109737 _____ () C:\Windows\setupact.log
2015-02-03 07:49 - 2009-09-25 02:05 - 01798320 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 07:28 - 2009-11-13 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 22:12 - 2012-04-20 05:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 21:29 - 2010-05-13 11:16 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Roaming\HpUpdate
2015-02-01 22:58 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 22:56 - 2014-03-21 15:30 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Roaming\KeePass
2015-02-01 22:53 - 2014-03-21 15:25 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2015-02-01 20:43 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-01 20:22 - 2010-02-04 08:07 - 00000000 ____D () C:\Windows\Minidump
2015-02-01 20:21 - 2010-02-04 08:07 - 1176796061 _____ () C:\Windows\MEMORY.DMP
2015-02-01 20:09 - 2011-11-08 20:00 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-01 19:40 - 2009-11-13 16:19 - 00000000 ____D () C:\Users\xxxxxxxxxxx
2015-01-31 15:58 - 2009-11-13 16:20 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\Hewlett-Packard
2015-01-31 15:19 - 2012-05-03 14:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-31 12:29 - 2009-11-13 21:22 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-01-25 22:14 - 2009-11-13 16:26 - 00133760 _____ () C:\Users\xxxxxxxxxxx\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-25 22:13 - 2009-07-14 05:45 - 00480016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 21:45 - 2009-07-14 08:45 - 00000000 ____D () C:\Windows\ShellNew
2015-01-25 21:12 - 2012-04-20 05:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 21:12 - 2012-04-20 05:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 21:12 - 2011-05-15 06:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 13:52 - 2009-09-18 20:50 - 00000000 ____D () C:\ProgramData\Norton
2015-01-16 12:42 - 2013-08-16 06:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 12:14 - 2009-09-19 06:25 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 12:14 - 2009-09-19 06:25 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 12:14 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 20:40 - 2012-02-10 09:24 - 00017447 _____ () C:\Users\xxxxxxxxxxx\Documents\SDK_Rückzahlungen.xlsx

==================== Files in the root of some directories =======

2009-11-17 21:52 - 2009-11-17 21:52 - 3211264 _____ () C:\Program Files (x86)\Common FilesDDBACSetup.msi
2013-11-27 23:46 - 2013-11-27 23:46 - 49940480 _____ () C:\Program Files (x86)\GUT57F0.tmp
2009-11-21 23:05 - 2014-08-04 07:09 - 0000151 _____ () C:\Users\xxxxxxxxxxx\AppData\Roaming\default.rss
2010-02-09 08:16 - 2010-02-09 08:16 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Devices
2010-02-09 08:15 - 2010-02-09 08:20 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Dialogs
2010-02-09 08:20 - 2010-02-09 08:20 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Dictionaries
2009-12-23 11:17 - 2009-12-23 11:17 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Digital Basic
2009-12-14 20:53 - 2009-12-14 20:53 - 0000000 _____ () C:\Users\xxxxxxxxxxx\AppData\Roaming\downloads.m3u
2009-11-16 20:35 - 2009-11-16 20:35 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\images
2009-11-16 20:29 - 2009-11-16 20:29 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\libiconv
2012-11-04 16:56 - 2014-02-13 07:15 - 0007599 _____ () C:\Users\xxxxxxxxxxx\AppData\Local\Resmon.ResmonCfg
2009-11-16 20:29 - 2009-11-16 20:29 - 0000268 ___RH () C:\ProgramData\Abstract
2009-11-16 20:35 - 2009-11-16 20:35 - 0000012 ___RH () C:\ProgramData\Alerts
2009-11-16 20:29 - 2009-11-16 20:29 - 0000012 ___RH () C:\ProgramData\Analog Pad
2010-02-09 08:16 - 2010-02-09 08:16 - 0000268 ___RH () C:\ProgramData\Digital Light
2010-02-09 08:15 - 2010-02-09 08:20 - 0000268 ___RH () C:\ProgramData\Digital Mono
2010-02-09 08:20 - 2010-02-09 08:20 - 0000268 ___RH () C:\ProgramData\DirectoryService
2009-12-23 11:17 - 2009-12-23 11:17 - 0000268 ___RH () C:\ProgramData\Displays
2010-02-09 08:16 - 2010-02-09 08:16 - 0000012 ___RH () C:\ProgramData\Licenses
2010-02-09 08:15 - 2010-02-09 08:20 - 0000012 ___RH () C:\ProgramData\Limiter
2010-02-09 08:20 - 2010-02-09 08:20 - 0000012 ___RH () C:\ProgramData\MAS
2009-12-23 11:17 - 2009-12-23 11:17 - 0000012 ___RH () C:\ProgramData\MIDI Devices
2010-02-09 08:20 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbw.DAT
2010-02-09 08:13 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2009-12-23 11:15 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbz.DAT
2010-02-09 08:16 - 2010-02-09 08:16 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT
2009-11-16 20:35 - 2014-08-10 16:18 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2009-11-16 20:29 - 2014-05-18 21:30 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2009-11-16 20:35 - 2009-11-16 20:35 - 0000268 ___RH () C:\ProgramData\programs
2012-09-28 13:05 - 2012-09-28 13:05 - 0000138 _____ () C:\ProgramData\zltclhakprijrji

Some content of TEMP:
====================
C:\Users\xxxxxxxxxxx\AppData\Local\Temp\Quarantine.exe
C:\Users\xxxxxxxxxxx\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 12:39

==================== End Of Log ============================
         
--- --- ---

Alt 03.02.2015, 10:58   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.


Alt 03.02.2015, 16:43   #11
Ritaratlos
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



neuer Scan mit FRST.....


log:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by xxxxxxxxx (administrator) on DESKTOP-PC on 03-02-2015 17:35:27
Running from C:\Users\xxxxxxxxx\Downloads
Loaded Profiles: xxxxxxxxx (Available profiles: xxxxxxxxx)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(SYDATEC) C:\Program Files (x86)\SYDATEC\Password Guard v3\pwgtray.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
(LaCie SA) C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Farbar) C:\Users\xxxxxxxxx\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2009-09-01] (Nero AG)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2557976 2014-06-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [Password Guard v3] => C:\Program Files (x86)\SYDATEC\Password Guard v3\pwgtray.exe [675464 2009-10-27] (SYDATEC)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2007-09-04] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [LaCie Ethernet Agent Startup] => C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe [5722112 2009-10-16] (LaCie SA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2010 Zahlungserinnerung.lnk
ShortcutTarget: Quicken 2010 Zahlungserinnerung.lnk -> C:\Program Files (x86)\Lexware\Quicken\2010\billmind.exe (Lexware GmbH & Co. KG)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-232553567-516970607-3978274004-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-232553567-516970607-3978274004-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {28B66320-9687-4B13-8757-36F901887AB5} hxxp://fotobuch.whitewall.com/ips-opdata/layout/avenso/objects/canvasx.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\xxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: 20-20 3D Viewer - C:\Users\xxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\2020Player@2020Technologies.com [2011-03-25]
FF Extension: Garmin Communicator - C:\Users\xxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-02-03]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [87344 2009-09-01] (Prolific Technology Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-06-24] (Sony Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-10-25] (Devguru Co., Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [194048 2008-11-25] ( ) [File not signed]
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2009-02-20] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 gwiopm; C:\Program Files (x86)\Slotman\gwiopm.sys [3904 1998-06-03] () [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-16] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20150202.019\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20150202.019\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 17:35 - 2015-02-03 17:35 - 02131456 _____ (Farbar) C:\Users\xxxxxxxxx\Downloads\FRST64(1).exe
2015-02-03 08:01 - 2015-02-03 08:01 - 00002425 _____ () C:\Users\xxxxxxxxx\Desktop\JRT.txt
2015-02-03 07:58 - 2015-02-03 07:58 - 01388274 _____ (Thisisu) C:\Users\xxxxxxxxx\Downloads\JRT.exe
2015-02-03 07:37 - 2015-02-03 07:49 - 00000000 ____D () C:\AdwCleaner
2015-02-03 07:36 - 2015-02-03 07:36 - 02194432 _____ () C:\Users\xxxxxxxxx\Downloads\AdwCleaner_4.109.exe
2015-02-02 21:23 - 2015-02-02 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-02 21:20 - 2015-02-02 21:20 - 16466552 _____ (Malwarebytes Corp.) C:\Users\xxxxxxxxx\Downloads\mbar-1.08.3.1004.exe
2015-02-01 23:11 - 2015-02-01 23:11 - 00029927 _____ () C:\ComboFix.txt
2015-02-01 22:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-01 22:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-01 22:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-01 22:40 - 2015-02-01 23:11 - 00000000 ____D () C:\Qoobox
2015-02-01 22:39 - 2015-02-01 23:08 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 22:37 - 2015-02-01 22:37 - 05611408 ____R (Swearware) C:\Users\xxxxxxxxx\Downloads\ComboFix.exe
2015-02-01 22:05 - 2015-02-03 17:33 - 00000000 ____D () C:\Users\xxxxxxxxx\Documents\Virusabarbeitung
2015-02-01 20:22 - 2015-02-01 20:22 - 00563608 _____ () C:\Windows\Minidump\020115-37923-01.dmp
2015-02-01 19:53 - 2015-02-01 19:53 - 00380416 _____ () C:\Users\xxxxxxxxx\Downloads\Gmer-19357.exe
2015-02-01 19:44 - 2015-02-03 17:35 - 00021507 _____ () C:\Users\xxxxxxxxx\Downloads\FRST.txt
2015-02-01 19:44 - 2015-02-03 17:35 - 00000000 ____D () C:\FRST
2015-02-01 19:44 - 2015-02-01 19:47 - 00056745 _____ () C:\Users\xxxxxxxxx\Downloads\Addition.txt
2015-02-01 19:43 - 2015-02-01 19:43 - 02131456 _____ (Farbar) C:\Users\xxxxxxxxx\Downloads\frst64.exe
2015-02-01 19:40 - 2015-02-01 19:40 - 00000000 _____ () C:\Users\xxxxxxxxx\defogger_reenable
2015-02-01 19:39 - 2015-02-01 19:39 - 00050477 _____ () C:\Users\xxxxxxxxx\Downloads\Defogger(3).exe
2015-01-31 15:06 - 2015-01-31 15:06 - 00664576 _____ () C:\Users\xxxxxxxxx\Downloads\MicrosoftFixit50562.msi
2015-01-30 12:42 - 2015-01-30 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-30 12:32 - 2015-01-30 12:32 - 37987520 _____ (Microsoft Corporation) C:\Users\xxxxxxxxx\Downloads\Windows-KB890830-x64-V5.20.exe
2015-01-25 22:40 - 2015-01-25 22:40 - 00353101 _____ () C:\Users\xxxxxxxxx\Downloads\MicrosoftFixit20084.mini.diagcab
2015-01-25 22:39 - 2015-01-25 22:40 - 01059840 _____ () C:\Users\xxxxxxxxx\Downloads\MicrosoftFixit50981.msi
2015-01-25 21:31 - 2015-02-02 21:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 21:31 - 2015-02-02 21:22 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 21:31 - 2015-01-25 21:31 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-25 21:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-25 21:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-25 21:30 - 2015-01-25 21:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\xxxxxxxxx\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-25 20:32 - 2015-01-25 20:32 - 00000000 ____D () C:\Users\xxxxxxxxx\Documents\ProcAlyzer Dumps
2015-01-25 19:46 - 2015-01-25 20:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-25 19:46 - 2015-01-25 19:46 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-25 19:46 - 2015-01-25 19:46 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-25 19:46 - 2015-01-25 19:46 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-25 19:46 - 2015-01-25 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-25 19:46 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-25 19:45 - 2015-01-25 19:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-25 19:42 - 2015-01-25 19:42 - 01191200 _____ () C:\Users\xxxxxxxxx\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe
2015-01-25 19:40 - 2015-01-25 19:40 - 01191200 _____ () C:\Users\xxxxxxxxx\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-01-24 20:25 - 2015-01-24 20:25 - 00000256 _____ () C:\Users\xxxxxxxxx\Downloads\defogger_enable.log
2015-01-24 20:24 - 2015-01-24 20:24 - 00050477 _____ () C:\Users\xxxxxxxxx\Downloads\Defogger(2).exe
2015-01-24 20:21 - 2015-01-24 20:21 - 00050477 _____ () C:\Users\xxxxxxxxx\Downloads\Defogger(1).exe
2015-01-24 20:19 - 2015-02-01 19:40 - 00000484 _____ () C:\Users\xxxxxxxxx\Downloads\defogger_disable.log
2015-01-24 20:18 - 2015-01-24 20:18 - 00050477 _____ () C:\Users\xxxxxxxxx\Downloads\Defogger.exe
2015-01-24 14:30 - 2015-01-24 14:30 - 02935152 _____ () C:\Users\xxxxxxxxx\Downloads\SecurityTaskManager_Setup.exe
2015-01-24 14:30 - 2015-01-24 14:30 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00001137 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-01-24 13:57 - 2015-01-24 13:57 - 00000000 ____D () C:\NPE
2015-01-24 13:52 - 2015-01-24 15:12 - 00000000 ____D () C:\Users\xxxxxxxxx\AppData\Local\NPE
2015-01-16 11:35 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 11:35 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 11:35 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 11:35 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-16 11:35 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-16 11:35 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-16 11:35 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-16 11:35 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-16 11:35 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-16 11:35 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 11:35 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 11:35 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 11:35 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 17:32 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 17:32 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 17:30 - 2013-04-10 09:29 - 00000000 ____D () C:\Users\xxxxxxxxx\AppData\Local\CrashDumps
2015-02-03 17:30 - 2009-09-25 02:05 - 01822610 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 17:29 - 2011-05-29 06:26 - 00000000 ____D () C:\Users\xxxxxxxxx\Documents\Outlook-Dateien
2015-02-03 17:29 - 2009-11-13 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 17:25 - 2012-08-13 06:15 - 00000000 ____D () C:\Temp
2015-02-03 17:25 - 2009-11-13 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 17:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 17:24 - 2009-07-14 05:51 - 00109793 _____ () C:\Windows\setupact.log
2015-02-03 08:12 - 2012-04-20 05:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 07:50 - 2009-09-18 20:39 - 00742822 _____ () C:\Windows\PFRO.log
2015-02-02 21:29 - 2010-05-13 11:16 - 00000000 ____D () C:\Users\xxxxxxxxx\AppData\Roaming\HpUpdate
2015-02-01 22:58 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 22:56 - 2014-03-21 15:30 - 00000000 ____D () C:\Users\xxxxxxxxx\AppData\Roaming\KeePass
2015-02-01 22:53 - 2014-03-21 15:25 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2015-02-01 20:43 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-01 20:22 - 2010-02-04 08:07 - 00000000 ____D () C:\Windows\Minidump
2015-02-01 20:21 - 2010-02-04 08:07 - 1176796061 _____ () C:\Windows\MEMORY.DMP
2015-02-01 20:09 - 2011-11-08 20:00 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-01 19:40 - 2009-11-13 16:19 - 00000000 ____D () C:\Users\xxxxxxxxx
2015-01-31 15:58 - 2009-11-13 16:20 - 00000000 ____D () C:\Users\xxxxxxxxx\AppData\Local\Hewlett-Packard
2015-01-31 15:19 - 2012-05-03 14:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-31 12:29 - 2009-11-13 21:22 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-01-25 22:14 - 2009-11-13 16:26 - 00133760 _____ () C:\Users\xxxxxxxxx\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-25 22:13 - 2009-07-14 05:45 - 00480016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 21:45 - 2009-07-14 08:45 - 00000000 ____D () C:\Windows\ShellNew
2015-01-25 21:12 - 2012-04-20 05:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 21:12 - 2012-04-20 05:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 21:12 - 2011-05-15 06:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 13:52 - 2009-09-18 20:50 - 00000000 ____D () C:\ProgramData\Norton
2015-01-16 12:42 - 2013-08-16 06:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 12:14 - 2009-09-19 06:25 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 12:14 - 2009-09-19 06:25 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 12:14 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 20:40 - 2012-02-10 09:24 - 00017447 _____ () C:\Users\xxxxxxxxx\Documents\SDK_Rückzahlungen.xlsx

==================== Files in the root of some directories =======

2009-11-17 21:52 - 2009-11-17 21:52 - 3211264 _____ () C:\Program Files (x86)\Common FilesDDBACSetup.msi
2013-11-27 23:46 - 2013-11-27 23:46 - 49940480 _____ () C:\Program Files (x86)\GUT57F0.tmp
2009-11-21 23:05 - 2014-08-04 07:09 - 0000151 _____ () C:\Users\xxxxxxxxx\AppData\Roaming\default.rss
2010-02-09 08:16 - 2010-02-09 08:16 - 0000268 ___RH () C:\Users\xxxxxxxxx\AppData\Roaming\Devices
2010-02-09 08:15 - 2010-02-09 08:20 - 0000268 ___RH () C:\Users\xxxxxxxxx\AppData\Roaming\Dialogs
2010-02-09 08:20 - 2010-02-09 08:20 - 0000268 ___RH () C:\Users\xxxxxxxxx\AppData\Roaming\Dictionaries
2009-12-23 11:17 - 2009-12-23 11:17 - 0000268 ___RH () C:\Users\xxxxxxxxx\AppData\Roaming\Digital Basic
2009-12-14 20:53 - 2009-12-14 20:53 - 0000000 _____ () C:\Users\xxxxxxxxx\AppData\Roaming\downloads.m3u
2009-11-16 20:35 - 2009-11-16 20:35 - 0000268 ___RH () C:\Users\xxxxxxxxx\AppData\Roaming\images
2009-11-16 20:29 - 2009-11-16 20:29 - 0000268 ___RH () C:\Users\xxxxxxxxx\AppData\Roaming\libiconv
2012-11-04 16:56 - 2014-02-13 07:15 - 0007599 _____ () C:\Users\xxxxxxxxx\AppData\Local\Resmon.ResmonCfg
2009-11-16 20:29 - 2009-11-16 20:29 - 0000268 ___RH () C:\ProgramData\Abstract
2009-11-16 20:35 - 2009-11-16 20:35 - 0000012 ___RH () C:\ProgramData\Alerts
2009-11-16 20:29 - 2009-11-16 20:29 - 0000012 ___RH () C:\ProgramData\Analog Pad
2010-02-09 08:16 - 2010-02-09 08:16 - 0000268 ___RH () C:\ProgramData\Digital Light
2010-02-09 08:15 - 2010-02-09 08:20 - 0000268 ___RH () C:\ProgramData\Digital Mono
2010-02-09 08:20 - 2010-02-09 08:20 - 0000268 ___RH () C:\ProgramData\DirectoryService
2009-12-23 11:17 - 2009-12-23 11:17 - 0000268 ___RH () C:\ProgramData\Displays
2010-02-09 08:16 - 2010-02-09 08:16 - 0000012 ___RH () C:\ProgramData\Licenses
2010-02-09 08:15 - 2010-02-09 08:20 - 0000012 ___RH () C:\ProgramData\Limiter
2010-02-09 08:20 - 2010-02-09 08:20 - 0000012 ___RH () C:\ProgramData\MAS
2009-12-23 11:17 - 2009-12-23 11:17 - 0000012 ___RH () C:\ProgramData\MIDI Devices
2010-02-09 08:20 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbw.DAT
2010-02-09 08:13 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2009-12-23 11:15 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbz.DAT
2010-02-09 08:16 - 2010-02-09 08:16 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT
2009-11-16 20:35 - 2014-08-10 16:18 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2009-11-16 20:29 - 2014-05-18 21:30 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2009-11-16 20:35 - 2009-11-16 20:35 - 0000268 ___RH () C:\ProgramData\programs
2012-09-28 13:05 - 2012-09-28 13:05 - 0000138 _____ () C:\ProgramData\zltclhakprijrji

Some content of TEMP:
====================
C:\Users\xxxxxxxxx\AppData\Local\Temp\Quarantine.exe
C:\Users\xxxxxxxxx\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 12:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---




sowie neue Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by xxxxxxxxxxx at 2015-02-03 17:36:04
Running from C:\Users\xxxxxxxxxxx\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Nero SoundTrax Help (x32 Version: 4.4.32.0 - Nero AG) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bauskript Software 2011-04 Standard (HKLM-x32\...\Bauskript Software 2011-04 Standard) (Version: 2011-04 Standard - Bauskript Software)
Blitzrechnen (HKLM-x32\...\Blitzrechnen) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG8200 series Benutzerregistrierung (HKLM-x32\...\Canon MG8200 series Benutzerregistrierung) (Version:  - )
Canon MG8200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8200_series) (Version:  - )
Canon MG8200 series On-screen Manual (HKLM-x32\...\Canon MG8200 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Capture NX (HKLM-x32\...\Capture NX) (Version: 1.3.0 - NIKON CORPORATION)
Capture NX 2 (HKLM-x32\...\Capture NX 2) (Version: 2.2.4 - NIKON CORPORATION)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
DDBAC (HKLM-x32\...\{12E50555-348C-4416-91E2-2BB99499554E}) (Version: 4.3.62 - DataDesign)
Deer Drive (x32 Version: 2.2.0.82 - WildTangent) Hidden
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.7.7 - fotobuch.de AG)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.2 - Nikon)
fotokasten comfort 5.0 (HKLM-x32\...\fotokasten comfort_is1) (Version:  - )
FUJIdirekt Bestellsoftware 5.2 (HKLM-x32\...\FUJIdirekt Bestellsoftware_is1) (Version:  - )
Garmin BaseCamp (HKLM-x32\...\{00BC5C92-9F00-41B2-AE04-4C6B5DF0981F}) (Version: 4.3.2 - Garmin Ltd or its subsidiaries)
Garmin TOPO Deutschland 2010 (HKLM-x32\...\{C7C82ED1-E5AD-48CF-8B92-38DD9B49610C}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin TOPO France v2 (HKLM-x32\...\{4F763864-DDEA-46CA-AA1E-63A9C2453E83}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Geogrid® DPV (HKLM-x32\...\Geogrid_DPV) (Version:  - )
Gigaset QuickSync (HKLM-x32\...\{2c2f4c57-83a8-4790-a281-e83d306a9199}) (Version: 6.1.0822.15063 - Gigaset Communications GmbH)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GRID Demo (HKLM-x32\...\{3C850287-4CD5-4FAD-BE39-A4AF7851A7C6}) (Version: 1.00.0000 - Codemasters)
GTR 2 1.0.0.0 (HKLM-x32\...\{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1) (Version: v1.0.0.0 - 10tacle Studios Publishing AG)
Hardwarediagnosetools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java(TM) 6 Update 2 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LaCie Network Assistant 1.4.0.30 (HKLM-x32\...\{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1) (Version: 1.4.0.30 - LaCie SA)
Lexware Info Service (HKLM-x32\...\{59624372-3B85-47f4-9B04-4911E551DF1E}) (Version: 2.61.00.0033 - Lexware GmbH & Co. KG)
Lexware online banking (HKLM-x32\...\{6C35CAC7-27C9-4CB0-BBB8-CBF9994215DA}) (Version: 8.00.00.0067 - Lexware GmbH & Co. KG)
LibreCAD (HKLM-x32\...\LibreCAD) (Version: 2.0.2 - LibreCAD Team)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Logitech Gaming Software 5.08 (HKLM\...\{96F1BA99-300F-4DD5-A26B-788EF63B53B1}) (Version: 5.08.146 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MEDUSA4 PERSONAL V5.0.1 (HKLM-x32\...\MEDUSA4_PERSONAL_V5_0_1) (Version: V5.0.1 - CAD Schroer)
MEDUSA4 PERSONAL V5.1.2 (HKLM-x32\...\MEDUSA4_PERSONAL_V5_1_2) (Version: V5.1.2 - CAD Schroer)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Motorola)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
Nero 9 (HKLM-x32\...\{24726980-c600-42f0-a20e-3afb3c3ad829}) (Version:  - Nero AG)
Nero BackItUp (HKLM-x32\...\{0420F95C-11FF-4E02-B967-6CC22B188F9F}) (Version: 5.2.6000 - Nero AG)
Nero BackItUp and Burn (HKLM-x32\...\{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}) (Version: 1.2.0009 - Nero AG)
Nero BurnRights (HKLM-x32\...\{397516AE-7DFE-4F90-84E0-BD616D559434}) (Version: 3.6.17000 - Nero AG)
Nero Express (HKLM-x32\...\{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}) (Version: 9.6.11000 - Nero AG)
Nero RescueAgent (HKLM-x32\...\{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}) (Version: 2.6.13000 - Nero AG)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.91.000 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.00.0000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.1 - Nikon)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
OLYMPUS Master 2 (HKLM-x32\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Password Guard v3 (HKLM-x32\...\{A0836944-E481-425D-B376-41818DC396D8}) (Version: 3.00.0000 - SYDATEC)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
PlayMemories Home (HKLM-x32\...\{6F26A633-ACC2-4850-82C5-60A06D606175}) (Version: 3.1.20.06241 - Sony Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
Pro Evolution Soccer 2009 (HKLM-x32\...\{A8DB611A-D80E-450D-85F6-3ACDD164BE31}) (Version: 1.00.0000 - KONAMI)
Quicken 2010 - Servicepack 5 (HKLM-x32\...\{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}) (Version: 17.05.0000 - Lexware GmbH & Co KG)
Quicken 2010 (HKLM-x32\...\InstallShield_{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}) (Version: 17.00.00.0081 - Lexware GmbH & Co. KG)
Quicken 2010 (x32 Version: 17.00.00.0081 - Lexware GmbH & Co. KG) Hidden
Quicken Import Export Server 2010 (HKLM-x32\...\{7DA9F24A-CEC3-426E-BFFA-ADB94D922463}) (Version: 17.00.00.0048 - Lexware GmbH & Co. KG)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Remote Virtual USB (HKLM-x32\...\{ECE9D6C8-2DE8-4505-920E-103FAF0AC9CF}) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1600.0 - SAMSUNG Electronics Co., Ltd.)
Security Task Manager 2.0 (HKLM-x32\...\Security Task Manager) (Version: 2.0 - Neuber Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Slotman (HKLM-x32\...\Slotman_is1) (Version:  - Elmar)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
SoundTrax (x32 Version: 4.4.37.1 - Nero AG) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stellarium 0.11.0 (HKLM-x32\...\Stellarium_is1) (Version:  - )
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.11 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.16 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Südtirol (Topo) (HKLM-x32\...\{53F7328C-6687-4AC9-9F68-2E28D8273033}_is1) (Version:  - )
Top25 Viewer basierend auf Geogrid®-Viewer Version 3.2 (HKLM-x32\...\DeInst_d2vexcrd C:/Program Files (x86)/Top25 V2) (Version:  - )
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.0 - Nikon)
Wertpapieranalyse 2009 (HKLM-x32\...\{3118E461-1976-4F6A-97B4-B655F3AAB263}) (Version: 1.00.0004 - Lexware)
WhiteWall 5.0 (HKLM-x32\...\WhiteWall_is1) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-12-2014 20:30:35 Windows Update
02-01-2015 09:36:59 Geplanter Prüfpunkt
09-01-2015 13:55:42 Geplanter Prüfpunkt
16-01-2015 12:29:16 Windows Update
24-01-2015 12:46:27 Geplanter Prüfpunkt
25-01-2015 22:04:27 Norton 360 Registry Clean
31-01-2015 15:07:12 Installed Microsoft Fix it 50562

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-01 22:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {019FAC03-D0A9-405F-BD4C-6F49F4561A58} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03] (Lexware GmbH & Co. KG)
Task: {03512E67-0C20-4A2C-8A01-D31C02591B6F} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
Task: {0F9F5E9D-28F5-477E-8EAC-C923C5E268B8} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
Task: {1AED997E-4BC5-400B-9243-D7395A8739C8} - System32\Tasks\{703636CF-CB47-40E4-B774-E6A409B2D8C4} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {1E391896-8D8C-465A-84EA-A6E9289BE28C} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {2181DE9C-A1C1-4E18-8FD7-E762277CF198} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {25C065DC-1EF4-4D40-9825-A57072DD4A75} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {32E0A311-F321-4010-AF13-EEF161897274} - System32\Tasks\{38960F90-C87A-41BF-BF9B-B48962273503} => pcalua.exe -a "C:\Users\xxxxxxxxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TIQZ89OR\ddbac[1].exe" -d C:\Windows\SysWOW64
Task: {41C61B6C-B248-4AFC-A6B2-3E243D0D69A3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {455DECAD-5620-42B8-AF6A-9B67F14AE2CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {4B5A3E85-7292-436F-82B0-B99636998372} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {4C8BFD43-F0FB-4524-A1BF-68D6E39E76D5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {50071A48-3839-49B4-9C24-A9F4BD43A7F4} - System32\Tasks\{06AE9A28-748C-406F-A05A-0994647D9183} => C:\Program Files (x86)\Remote Virtual USB\RMVUSB.exe [2007-09-07] ()
Task: {545E89C9-0C81-45B4-9FA4-9E6AE076B55C} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {598D5696-9754-4A66-BB72-296E955744F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {6D12358F-98D8-4BE0-812D-DCF7A7FE43D5} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {7CCF8A36-7F00-444F-ADB7-104297ACF6AB} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {869026C0-2893-4B2E-BBEF-44762085EA59} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9614EC8F-BEAF-48F4-B878-5359007D095A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {9C097270-60C2-4D72-9631-745355B141D8} - System32\Tasks\{13A9DBFB-0A7B-4F5C-B41C-2DB4E5F712CB} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {9C2861A7-0326-4EBB-9142-BEE7B3006CF7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A2B6D619-0D14-4540-9AEA-1FB09126CAAE} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {A408FFA4-57BF-4005-BE40-25D5CFCA96E1} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {AB4CF7B1-8EF8-4B64-8394-CDCCDE7B66CA} - System32\Tasks\{98341623-8203-4F0D-8D1E-7929BC3408E3} => pcalua.exe -a "C:\Program Files (x86)\Remote Virtual USB\BusSetup.exe" -d "C:\Program Files (x86)\Remote Virtual USB"
Task: {AE7EA230-1AA0-41ED-A1C1-52CADA9FA9BE} - System32\Tasks\{948244F6-06C6-46D1-984C-1B51A71CD7C9} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {B39ADE4B-66E9-4031-A236-D14C731B0C45} - System32\Tasks\{312B6176-08CB-4567-9333-BF1C621DFC89} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {B958A90F-E7AA-424A-A430-7BF4BC0ED864} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {BC671308-3A14-450E-9DFE-53F248713310} - System32\Tasks\{4A63755D-25CF-46B4-AFA4-E2BD6DCF7A62} => pcalua.exe -a "C:\Users\xxxxxxxxxxx\Downloads\template_black_calendar(2).exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C17BDE27-ECDC-4BD8-82DE-53AD2E0C9A6C} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {C6084CAD-B012-478E-AFFB-95E01CD19B74} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {C978E607-4803-4377-9F49-F1361200ED31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {D7DE0A2A-2596-45F1-B8F1-8767F454416C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DE50C2D6-5DB1-4135-80E3-B621570F11F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {ED63AC16-4EAF-4F68-B5BA-8A72772754FB} - System32\Tasks\{8533E975-FCBD-4397-A2B7-966CAA8238AD} => C:\Program Files (x86)\Remote Virtual USB\RMVUSB.exe [2007-09-07] ()
Task: {FB15EC61-2923-4562-8BD7-5E7016A5D634} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {FC02427A-98CD-4E55-A2E4-AE22BB174621} - System32\Tasks\{C6CE09EC-00F3-49F3-B659-76C38492F1BF} => pcalua.exe -a "E:\BackItUp and Burn\setup.exe" -d C:\Windows\SysWOW64 -c /embed"{15C3D283-36C4-425B-AE67-3B5034C39287}" /hide_splash /hide_progress /runprerequisites"BackItUp,BurnRights,Express,RescueAgent,Common" /l1031
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2011-11-08 20:04 - 2011-02-07 08:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-12-06 22:00 - 2011-12-06 22:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2009-07-08 13:35 - 2009-07-08 13:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2011-12-06 22:00 - 2011-12-06 22:00 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2009-09-18 20:35 - 2009-02-27 18:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2009-05-26 09:36 - 2009-05-26 09:36 - 00656896 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-19 14:57 - 2011-09-19 14:57 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2011-09-19 14:57 - 2011-09-19 14:57 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2011-09-19 14:59 - 2011-09-19 14:59 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2011-09-19 14:57 - 2011-09-19 14:57 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2011-09-19 14:57 - 2011-09-19 14:57 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2015-01-25 19:45 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-25 19:45 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-25 19:45 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-25 19:45 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-25 19:45 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-09-18 20:35 - 2009-02-19 16:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2009-08-05 12:45 - 2009-08-05 12:45 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-10-16 02:42 - 2014-10-16 02:42 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2010-07-09 05:41 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-30 12:42 - 2015-01-30 12:42 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-01-25 21:12 - 2015-01-25 21:12 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\xxxxxxxxxxx\Downloads\message.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-232553567-516970607-3978274004-500 - Administrator - Disabled)
xxxxxxxxxxx (S-1-5-21-232553567-516970607-3978274004-1001 - Administrator - Enabled) => C:\Users\xxxxxxxxxxx
Gast (S-1-5-21-232553567-516970607-3978274004-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-232553567-516970607-3978274004-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 05:30:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4c8073ec
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x11b8
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3

Error: (02/03/2015 05:29:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4c8073ec
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x17b4
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3


System errors:
=============
Error: (02/03/2015 05:30:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B}


Microsoft Office Sessions:
=========================
Error: (02/03/2015 05:30:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MobileMeServices.exe1.6.65.04c8073ecKERNELBASE.dll6.1.7601.1840953159a86c06d007e0000c42d11b801d03fcebabc948fC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exeC:\Windows\syswow64\KERNELBASE.dllf8703412-abc1-11e4-a91d-4061860dc6c8

Error: (02/03/2015 05:29:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MobileMeServices.exe1.6.65.04c8073ecKERNELBASE.dll6.1.7601.1840953159a86c06d007e0000c42d17b401d03fcea2752addC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exeC:\Windows\syswow64\KERNELBASE.dlle48a873d-abc1-11e4-a91d-4061860dc6c8


CodeIntegrity Errors:
===================================
  Date: 2015-02-01 22:53:16.001
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-01 22:53:15.939
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-11 16:22:35.112
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Slotman\gwiopm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-12-11 16:22:35.066
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Slotman\gwiopm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-02-14 10:16:39.529
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Slotman\gwiopm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-02-14 10:16:39.519
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Slotman\gwiopm.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 28%
Total physical RAM: 8183.08 MB
Available physical RAM: 5838.95 MB
Total Pagefile: 16364.35 MB
Available Pagefile: 13817.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:921.14 GB) (Free:722.12 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.28 GB) (Free:1.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=921.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 03.02.2015, 20:40   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-232553567-516970607-3978274004-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
C:\ProgramData\PKP_DLbw.DAT
C:\ProgramData\PKP_DLbx.DAT
C:\ProgramData\PKP_DLbz.DAT
C:\ProgramData\PKP_DLck.DAT
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
C:\ProgramData\zltclhakprijrji
Task: {32E0A311-F321-4010-AF13-EEF161897274} - System32\Tasks\{38960F90-C87A-41BF-BF9B-B48962273503} => pcalua.exe -a "C:\Users\xxxxxxxxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TIQZ89OR\ddbac[1].exe" -d C:\Windows\SysWOW64
EmptyTemp:
Hosts:
         

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.


Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Alt 03.02.2015, 22:42   #13
Ritaratlos
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Hallo Cosinus,

so sieht der Fixlog aus:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by xxxxxxxxxxx at 2015-02-03 23:33:55 Run:1
Running from C:\Users\xxxxxxxxxxx\Downloads
Loaded Profiles: xxxxxxxxxxx (Available profiles: xxxxxxxxxxx)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-232553567-516970607-3978274004-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
C:\ProgramData\PKP_DLbw.DAT
C:\ProgramData\PKP_DLbx.DAT
C:\ProgramData\PKP_DLbz.DAT
C:\ProgramData\PKP_DLck.DAT
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
C:\ProgramData\zltclhakprijrji
Task: {32E0A311-F321-4010-AF13-EEF161897274} - System32\Tasks\{38960F90-C87A-41BF-BF9B-B48962273503} => pcalua.exe -a "C:\Users\xxxxxxxxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TIQZ89OR\ddbac[1].exe" -d C:\Windows\SysWOW64
EmptyTemp:
Hosts:
         
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-232553567-516970607-3978274004-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
C:\ProgramData\PKP_DLbw.DAT => Moved successfully.
C:\ProgramData\PKP_DLbx.DAT => Moved successfully.
C:\ProgramData\PKP_DLbz.DAT => Moved successfully.
C:\ProgramData\PKP_DLck.DAT => Moved successfully.
C:\ProgramData\PKP_DLdu.DAT => Moved successfully.
C:\ProgramData\PKP_DLdw.DAT => Moved successfully.
C:\ProgramData\zltclhakprijrji => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32E0A311-F321-4010-AF13-EEF161897274}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32E0A311-F321-4010-AF13-EEF161897274}" => Key deleted successfully.
C:\Windows\System32\Tasks\{38960F90-C87A-41BF-BF9B-B48962273503} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{38960F90-C87A-41BF-BF9B-B48962273503}" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 127.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 23:34:03 ====
         

Alt 03.02.2015, 22:47   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Alt 04.02.2015, 06:09   #15
Ritaratlos
 
Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Standard

Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068



Hallo Cosinus,

erhielt während des ESET Scan die Abfrage, ob ich zulassen will, dass "proactive browser potection" activiert wird (wohl aus "Spybot Search Destroy") und Änderungen auf meiner Festplatte vornimmt.

Habe "nein" geklickt (schlechte Erfahrungen mit zu schnellem "ja" klicken) und damit hoffentlich die Analyse nicht verfälscht.


MBAM:
hat keine Bedrohungen erkannt. logfile:


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.02.2015
Suchlauf-Zeit: 23:58:58
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.03.08
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: xxxxxxxxxxx

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 371228
Verstrichene Zeit: 10 Min, 49 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         





ESET:
hat einige Dateien als potentiell schädlich eingestuft (aber wohl weder in die Quarantäne verschoben noch gelöscht).

log-Datei:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d97fe1ead9cc5f4082a0e44241a6e720
# engine=22293
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-04 02:26:03
# local_time=2015-02-04 03:26:03 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 100 100 1255338 173679259 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 49237649 174646613 0 0
# scanned=430818
# found=3
# cleaned=0
# scan_time=10877
sh=5BC9FBDC50F92C3F8D7205C5AAF601195E7426C3 ft=1 fh=2d023dc8ad9ab571 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\Users\xxxxxxxxxxx\Downloads\Nero_BackItUpAndBurn-1.2.17b_update.exe"
sh=FB01F1239EB7810400AC91896870DC1D12139AE7 ft=1 fh=deb97aad3d19a46d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\xxxxxxxxxxx\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe"
sh=8A0FAC112243DF7B3C5CF31D4967176A73F275C5 ft=1 fh=afc1effd1bfd8178 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\xxxxxxxxxxx\Downloads\SpyBot Search Destroy - CHIP-Installer.exe"
         

Antwort

Themen zu Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068
.dll, administrator, adobe, bonjour, browser, defender, explorer, fehler, fehlermeldung, firefox, flash player, home, homepage, hängen, malware, mozilla, neustart, registry, safer networking, schutz, security, services.exe, svchost.exe, symantec, windows, winlogon.exe



Ähnliche Themen: Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068


  1. Windows 7 - Sicherheitscenterdienst kann nicht gestartet werden - Fehler 1068
    Log-Analyse und Auswertung - 04.11.2015 (16)
  2. Windows Firewall nicht startbar Fehlermeldung 0x8007042c und Fehler 1068
    Plagegeister aller Art und deren Bekämpfung - 24.07.2014 (1)
  3. Windows Sicherheitscenter lässt sich nicht mehr aktivieren, Malwarebytes funktioniert nicht
    Log-Analyse und Auswertung - 21.06.2014 (9)
  4. Windows 7: Windows Sicherheitscenter lässt sich nicht aktivieren.
    Plagegeister aller Art und deren Bekämpfung - 20.12.2013 (15)
  5. Google Redirect & Windows Sicherheitscenter lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 31.07.2013 (20)
  6. Windows Sicherheitscenter lässt sich durch Trojaner nicht mehr aktivieren.
    Log-Analyse und Auswertung - 27.06.2013 (13)
  7. AdWare und Windows Sicherheitscenter lässt sich nicht aktivieren
    Plagegeister aller Art und deren Bekämpfung - 23.06.2013 (21)
  8. Google Redirect Virus und Windows Sicherheitscenter deaktiviert und lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 10.03.2013 (16)
  9. "Windows Sicherheitscenter" lässt sich nicht aktivieren
    Plagegeister aller Art und deren Bekämpfung - 05.03.2013 (2)
  10. Umleitung von Google-Suchergebnissen, Windows-Sicherheitscenter lässt sich nicht aktivieren
    Plagegeister aller Art und deren Bekämpfung - 18.02.2013 (23)
  11. Windows-Sicherheitscenter lässt sich nicht aktivieren/Fehlweiterleitungen bei Google
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (22)
  12. google redirect , windows-sicherheitscenter lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 05.01.2012 (2)
  13. Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 21.06.2011 (21)
  14. Windows-Sicherheitscenter lässt sich nicht aktivieren
    Antiviren-, Firewall- und andere Schutzprogramme - 27.03.2011 (5)
  15. Windows-Sicherheitscenter lässt sich nicht aktivieren
    Mülltonne - 26.03.2011 (1)
  16. Windows Sicherheitscenter lässt sich nicht mehr aktivieren, die zweite
    Plagegeister aller Art und deren Bekämpfung - 08.03.2011 (2)
  17. Windows-Sicherheitscenter lässt sich nicht mehr aktivieren
    Plagegeister aller Art und deren Bekämpfung - 02.03.2011 (15)

Zum Thema Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 - Hi, nach Befall mit Schadsoftware lässt sich der Sicherheitscenterdienst nicht mehr aktivieren. System wurde von Malware befallen, die versuchte "Trojan.Ransomlock.G" in Minutenabstand zu installieren. Dies wurde von "Norton 360 Premier - Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068...
Archiv
Du betrachtest: Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.