Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mein Notebook arbeitet sehr sehr langsam evtl. virus?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.02.2015, 17:10   #1
donny1982
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?



Mein Notebook mit win 7 Arbeitet seit 2 Tagen sehr langsam. Firefox aufmachen dauert 5 minuten. Hab den Verdacht dass ich mir da was eingefangen hab. Würd gern wissen mit welchem Programm ich da gucken muss.



mfg

Donny

Alt 03.02.2015, 17:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 06.02.2015, 20:14   #3
donny1982
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Donny1982 (administrator) on DONNY1982-PC on 06-02-2015 19:40:51
Running from C:\Users\Donny1982\Desktop
Loaded Profiles: Donny1982 & UpdatusUser (Available profiles: Donny1982 & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\JDownloader\jre\bin\javaw.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YARNJJE.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (Authentec Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-1828066295-1020933206-982316413-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
AppInit_DLLs: c:\Windows\System32\nvinitx.dll => c:\Windows\System32\nvinitx.dll [245872 2013-01-11] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1828066295-1020933206-982316413-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54813;https=127.0.0.1:54813
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1828066295-1020933206-982316413-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1828066295-1020933206-982316413-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1419272650&from=smt&uid=HITACHIXHTS727550A9E364_J3310081GA8TZBGA8TZBX
HKU\S-1-5-21-1828066295-1020933206-982316413-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1419272650&from=smt&uid=HITACHIXHTS727550A9E364_J3310081GA8TZBGA8TZBX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1828066295-1020933206-982316413-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419272650&from=smt&uid=HITACHIXHTS727550A9E364_J3310081GA8TZBGA8TZBX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1828066295-1020933206-982316413-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1419272650&from=smt&uid=HITACHIXHTS727550A9E364_J3310081GA8TZBGA8TZBX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1828066295-1020933206-982316413-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: easytoshop -> {c2e2dfb1-f145-48c9-b58e-9384aa0850a9} -> C:\ProgramData\easytoshop\0qWprnfOdDKown.x64.dll No File
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1419272650&from=smt&uid=HITACHIXHTS727550A9E364_J3310081GA8TZBGA8TZBX

FireFox:
========
FF ProfilePath: C:\Users\Donny1982\AppData\Roaming\Mozilla\Firefox\Profiles\uv03bhng.default
FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=nt&ts=1419272650&from=smt&uid=HITACHIXHTS727550A9E364_J3310081GA8TZBGA8TZBX
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: mystartsearch
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Donny1982\AppData\Roaming\Mozilla\Firefox\Profiles\uv03bhng.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Donny1982\AppData\Roaming\Mozilla\Firefox\Profiles\uv03bhng.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF Extension: Avira Browser Safety - C:\Users\Donny1982\AppData\Roaming\Mozilla\Firefox\Profiles\uv03bhng.default\Extensions\abs@avira.com [2015-02-02]
FF Extension: Fast Start - C:\Users\Donny1982\AppData\Roaming\Mozilla\Firefox\Profiles\uv03bhng.default\Extensions\faststartff@gmail.com [2014-12-22]
FF Extension: Cliqz Beta - C:\Users\Donny1982\AppData\Roaming\Mozilla\Firefox\Profiles\uv03bhng.default\Extensions\cliqz@cliqz.com.xpi [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-11-04]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Donny1982\AppData\Roaming\Mozilla\Firefox\Profiles\uv03bhng.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-1828066295-1020933206-982316413-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1828066295-1020933206-982316413-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Donny1982\AppData\Roaming\Mozilla\Firefox\Profiles\uv03bhng.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

Opera: 
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1517928 2013-03-11] (Lenovo Group Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-16] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-20] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-01-11] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 19:40 - 2015-02-06 19:43 - 00019890 _____ () C:\Users\Donny1982\Desktop\FRST.txt
2015-02-05 17:26 - 2015-02-05 17:27 - 02131968 _____ (Farbar) C:\Users\Donny1982\Desktop\FRST64.exe
2015-02-01 18:51 - 2014-10-14 19:25 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S03E03.Das.Teufelstoupet.German.Dubbed.DL.FS.WEBRiP.x264-BET
2015-02-01 18:51 - 2014-09-03 20:39 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S03E01E02.German.Dubbed.DL.FS.WEBRiP.x264-BET
2015-02-01 18:43 - 2015-02-01 18:51 - 85057312 _____ () C:\Users\Donny1982\Downloads\snsdgrdudlwer48x20303.part2.rar
2015-02-01 18:43 - 2015-02-01 18:51 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdudlwer48x20303.part1.rar
2015-02-01 18:43 - 2014-09-03 20:39 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S03E04.Ring.frei.für.Commander.Cool.German.Dubbed.DL.FS.WEBRiP.x264-BET
2015-02-01 18:42 - 2015-02-01 18:51 - 93804712 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48x2030102.part2.rar
2015-02-01 18:34 - 2015-02-01 18:43 - 88400228 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48x20304.part2.rar
2015-02-01 18:34 - 2015-02-01 18:42 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48x20304.part1.rar
2015-02-01 18:34 - 2015-02-01 18:42 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48x2030102.part1.rar
2015-02-01 17:17 - 2015-02-01 18:15 - 1048576000 _____ () C:\Users\Donny1982\Downloads\16.part1.rar
2015-02-01 17:17 - 2015-02-01 17:59 - 892257034 _____ () C:\Users\Donny1982\Downloads\16.part2.rar
2015-01-31 19:56 - 2015-01-31 20:23 - 419430400 _____ () C:\Users\Donny1982\Downloads\15.part2.rar
2015-01-31 19:56 - 2015-01-31 20:17 - 419430400 _____ () C:\Users\Donny1982\Downloads\15.part1.rar
2015-01-31 19:56 - 2015-01-31 19:59 - 58536423 _____ () C:\Users\Donny1982\Downloads\15.part3.rar
2015-01-26 19:05 - 2014-09-02 22:51 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S01E04.Das.Comicfressermonster.German.Dubbed.DL.FS.WEBRiP.h264-BET
2015-01-26 18:56 - 2015-01-26 19:01 - 71165282 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20104.part3.rar
2015-01-26 18:56 - 2014-09-02 22:50 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S01E03.Hundekuchen.und.Kaesemonster.German.Dubbed.DL.FS.WEBRiP.h264-BET
2015-01-26 18:55 - 2015-01-26 19:05 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20104.part1.rar
2015-01-26 18:55 - 2015-01-26 19:04 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20104.part2.rar
2015-01-26 18:48 - 2015-01-26 18:55 - 80312956 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20103.part3.rar
2015-01-26 18:48 - 2014-09-02 22:50 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S01E02.Hundehuettenspuk.German.Dubbed.DL.FS.WEBRiP.h264-BET
2015-01-26 18:47 - 2015-01-26 18:56 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20103.part2.rar
2015-01-26 18:46 - 2015-01-26 18:55 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20103.part1.rar
2015-01-26 18:40 - 2015-01-26 18:47 - 93084900 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20102.part3.rar
2015-01-26 18:40 - 2014-09-02 22:48 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S01E01.Der.fahrradfahrende.Geist.German.Dubbed.DL.FS.WEBRiP.h264-BET
2015-01-26 18:38 - 2015-01-26 18:48 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20102.part2.rar
2015-01-26 18:36 - 2015-01-26 18:46 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20102.part1.rar
2015-01-26 18:27 - 2015-01-26 18:40 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20101.part2.rar
2015-01-26 18:27 - 2015-01-26 18:38 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20101.part1.rar
2015-01-26 18:27 - 2015-01-26 18:36 - 88642690 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20101.part3.rar
2015-01-25 11:41 - 2014-11-15 16:26 - 00000000 ____D () C:\Users\Donny1982\Downloads\Planes.2.Immer.im.Einsatz.2014.BDRip.AC3.German.XviD-POE
2015-01-25 11:36 - 2015-01-25 11:41 - 101970032 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part14.rar
2015-01-25 11:33 - 2015-01-25 11:41 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part13.rar
2015-01-25 11:28 - 2015-01-25 11:36 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part12.rar
2015-01-25 11:25 - 2015-01-25 11:36 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part11.rar
2015-01-25 11:25 - 2015-01-25 11:33 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part10.rar
2015-01-25 11:17 - 2015-01-25 11:27 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part09.rar
2015-01-25 11:17 - 2015-01-25 11:25 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part08.rar
2015-01-25 11:14 - 2015-01-25 11:25 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part07.rar
2015-01-25 11:10 - 2015-01-25 11:17 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part06.rar
2015-01-25 11:07 - 2015-01-25 11:17 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part05.rar
2015-01-25 11:04 - 2015-01-25 11:14 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part04.rar
2015-01-25 10:59 - 2015-01-25 11:09 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part03.rar
2015-01-25 10:59 - 2015-01-25 11:03 - 00000000 ____D () C:\Users\Donny1982\Downloads\Planes 2013 BDRip DL AC3 German x264 - Nessy
2015-01-25 10:56 - 2015-01-25 11:06 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part01.rar
2015-01-25 10:56 - 2015-01-25 11:04 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part02.rar
2015-01-25 10:53 - 2015-01-25 10:56 - 30669319 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part20.rar
2015-01-25 10:50 - 2015-01-25 10:59 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part19.rar
2015-01-25 10:45 - 2015-01-25 10:56 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part18.rar
2015-01-25 10:43 - 2015-01-25 10:50 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part17.rar
2015-01-25 10:42 - 2015-01-25 10:53 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part16.rar
2015-01-25 10:34 - 2015-01-25 10:45 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part15.rar
2015-01-25 10:33 - 2015-01-25 10:42 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part14.rar
2015-01-25 10:31 - 2015-01-25 10:43 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part13.rar
2015-01-25 10:21 - 2015-01-25 10:34 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part11.rar
2015-01-25 10:21 - 2015-01-25 10:31 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part12.rar
2015-01-25 10:20 - 2015-01-25 10:33 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part10.rar
2015-01-25 10:11 - 2015-01-25 10:21 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part09.rar
2015-01-25 10:11 - 2015-01-25 10:21 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part08.rar
2015-01-25 10:11 - 2015-01-25 10:20 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part07.rar
2015-01-25 10:01 - 2015-01-25 10:11 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part06.rar
2015-01-25 10:01 - 2015-01-25 10:11 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part05.rar
2015-01-25 10:01 - 2015-01-25 10:11 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part04.rar
2015-01-25 09:50 - 2015-01-25 10:01 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part03.rar
2015-01-25 09:50 - 2015-01-25 10:01 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part02.rar
2015-01-25 09:50 - 2015-01-25 10:01 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part01.rar
2015-01-23 20:08 - 2015-01-23 20:38 - 00000000 ____D () C:\Users\Donny1982\Downloads\nummer6 yeti
2015-01-20 15:58 - 2015-01-20 15:58 - 00001112 _____ () C:\Users\Donny1982\Downloads\3y56bx2nx729p3t.dlc
2015-01-19 19:52 - 2015-01-25 10:17 - 00000000 ____D () C:\Users\Donny1982\Downloads\The.Angriest.Man.in.Brooklyn.2014.German.AC3.BDRiP.x264-iMDb
2015-01-19 19:41 - 2015-01-25 10:17 - 00000000 ____D () C:\Users\Donny1982\Downloads\The.Wolf.of.Wall.Street.2013.BDRip.AAC.German.x264-FDSD
2015-01-18 11:01 - 2015-01-04 23:24 - 1601060390 ____R () C:\Users\Donny1982\Downloads\freetv_smackdown02012015.mp4
2015-01-17 21:33 - 2015-01-03 22:32 - 00000000 ____D () C:\Users\Donny1982\Downloads\WWE.Friday.Night.Smackdown.26.12.2014.UNTOUCHED.PDTV.German.mkv-FreeTV
2015-01-17 20:32 - 2015-01-17 20:32 - 00001092 _____ () C:\Users\Donny1982\Downloads\UL_wwe_TLC_2014-wfcqsgnkerqf.dlc
2015-01-17 18:29 - 2015-01-17 18:29 - 00000000 ____D () C:\Users\Donny1982\Downloads\Extra
2015-01-17 18:28 - 2015-01-17 18:28 - 00000000 ____D () C:\Users\Donny1982\Downloads\Film
2015-01-16 15:55 - 2015-01-16 15:55 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-15 20:18 - 2015-01-15 20:18 - 00003568 _____ () C:\Users\Donny1982\Downloads\WWE_Monday_Night_Raw_15_12_2014_PDTV_German_mkv-FreeTV-3nvbwgnnqpegz.dlc
2015-01-14 15:08 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:08 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:08 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:08 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 15:08 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 15:08 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 15:08 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 15:08 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 15:08 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 15:08 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:08 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:08 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 15:08 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 19:08 - 2015-01-31 19:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-12 20:09 - 2015-01-12 20:09 - 00001161 _____ () C:\Users\Donny1982\Desktop\Serien - Verknüpfung.lnk
2015-01-09 20:06 - 2015-01-09 20:39 - 00000000 ____D () C:\Users\Donny1982\Downloads\Telefon
2015-01-08 21:30 - 2015-01-08 21:42 - 02908903 _____ () C:\Users\Donny1982\Downloads\Mo-Do - Eins, Zwei, Polizei.mp3.part

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 19:41 - 2014-11-18 21:34 - 00000000 ____D () C:\FRST
2015-02-06 19:16 - 2013-06-25 16:58 - 02058009 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 19:04 - 2014-12-11 10:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 05:03 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 05:03 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 23:07 - 2014-12-11 10:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 23:06 - 2014-12-11 10:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 23:06 - 2014-12-11 10:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 15:39 - 2011-04-12 08:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-02-02 15:39 - 2011-04-12 08:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-02-02 15:39 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 06:28 - 2013-06-28 19:27 - 00000000 ____D () C:\Users\Donny1982\AppData\Roaming\vlc
2015-02-01 21:52 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-31 19:53 - 2013-07-04 20:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 10:16 - 2014-11-15 03:26 - 00005884 _____ () C:\Windows\setupact.log
2015-01-21 17:21 - 2014-10-29 18:50 - 00000000 ____D () C:\Users\Donny1982\Downloads\Bewerbung Iwi
2015-01-20 03:26 - 2013-06-28 16:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-20 03:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 03:05 - 2014-02-28 03:03 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2013-01-11 14:13 - 2013-01-11 14:13 - 0022464 _____ (Intel Corporation) C:\Users\Donny1982\AppData\Roaming\JomCap.dll

Some content of TEMP:
====================
C:\Users\Donny1982\AppData\Local\Temp\avgnt.exe
C:\Users\Donny1982\AppData\Local\Temp\bitool.dll
C:\Users\Donny1982\AppData\Local\Temp\Quarantine.exe
C:\Users\Donny1982\AppData\Local\Temp\setup.exe
C:\Users\Donny1982\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\Donny1982\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:25

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Donny1982 at 2015-02-06 19:47:09
Running from C:\Users\Donny1982\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{8A1C4F73-1FEE-4E43-A82F-BDB24E004096}) (Version: 0.9.37 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.53 - Cliqz.com)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version:  - )
Druckerdeinstallation für EPSON WF-3520 Series (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
Epson Benutzerhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Useg) (Version:  - )
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Netg) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Free iPad Video Converter 3.7.2.1 (HKLM-x32\...\Free iPad Video Converter_is1) (Version:  - FreeAudioVideoSoftTech, Inc.)
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.00.02 - )
MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_MSI_Slideshow_Maker_2) (Version: 2.0.0.8 - MAGIX AG)
MAGIX Slideshow Maker 2 (x32 Version: 2.0.0.8 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MP4 To MP3 Converter V3.0.5 (HKLM-x32\...\MP4 To MP3 Converter_is1) (Version:  - hxxp://www.MP4ToMP3Converter.net)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1828066295-1020933206-982316413-1000\...\MyFreeCodec) (Version:  - )
MyHarmony (HKU\S-1-5-21-1828066295-1020933206-982316413-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version:  - mystartsearch) <==== ATTENTION
NVIDIA 3D Vision Treiber 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.00 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.51.0045.00 - Lenovo Group Limited)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
SpeedCommander 13 (x64) (HKLM\...\SpeedCommander 13 (x64)) (Version: 13 - SpeedProject)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WaveLab LE 8 (64 bit) (HKLM\...\WaveLabLE8_64) (Version: 8.0.3.698 - Steinberg)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

25-01-2015 12:03:54 Geplanter Prüfpunkt
02-02-2015 00:00:01 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-19 17:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12A94F2C-FEA7-4D7A-BB2C-BEEB94AEB348} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {1323497A-B8B7-442C-8034-4F5106EB7B50} - System32\Tasks\{E2B80576-5163-40C2-97E2-9276CF9954F7} => C:\Users\Donny1982\Downloads\zoek.exe
Task: {33397B68-E794-4506-B910-68772F38888B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4B470FED-8DCD-4E22-8884-F171533F04DE} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {4B8CEC7E-9B78-4348-B0D4-4359615BBA7F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {731DADC7-C632-4EB3-AF10-B7C42185A69D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {77C94A17-F43B-49AC-B94D-77046E856AB1} - System32\Tasks\{F4828AB9-4C25-42DD-8968-200A39482542} => C:\Users\Donny1982\Downloads\zoek.exe
Task: {7C42157D-0A82-444E-89EE-7FA95748E57B} - System32\Tasks\{2F0FC155-729B-40C3-A046-0656A0925C84} => C:\Users\Donny1982\Downloads\zoek.exe
Task: {D83AB191-990C-4529-BFE6-63EA1BF89607} - System32\Tasks\{C85BA825-7305-46D8-ABF1-C0C4A853E5E5} => C:\Users\Donny1982\Downloads\zoek.exe
Task: {E2ED0F0A-24ED-4F9D-A687-2D7C47A32E91} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {F9E15A47-AC32-495A-812A-634D9C6140E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-28 16:06 - 2013-01-10 22:36 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-28 16:04 - 2011-09-25 23:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-28 17:14 - 2010-10-26 09:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-01-20 12:17 - 2014-01-20 12:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-11 05:56 - 2013-03-11 05:56 - 00241664 _____ () C:\Program Files (x86)\Lenovo\Rescue and Recovery\CDRecord.dll
2013-03-11 06:30 - 2013-03-11 06:30 - 00248168 _____ () C:\Program Files (x86)\Common Files\Lenovo\CDRecord.dll
2015-01-13 19:08 - 2015-01-31 19:53 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1828066295-1020933206-982316413-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Donny1982\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
ATTENTION: Missing Desktop Wallpaper Registry entry.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1828066295-1020933206-982316413-500 - Administrator - Disabled)
Donny1982 (S-1-5-21-1828066295-1020933206-982316413-1000 - Administrator - Enabled) => C:\Users\Donny1982
Gast (S-1-5-21-1828066295-1020933206-982316413-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1828066295-1020933206-982316413-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-1828066295-1020933206-982316413-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2015 03:27:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (02/05/2015 03:27:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (02/05/2015 03:27:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/02/2015 03:40:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c9c

Startzeit: 01d03474eb45025e

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 4c54492c-aae9-11e4-a2e5-60d819abb49f

Error: (02/02/2015 03:38:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984

Error: (02/02/2015 03:38:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984

Error: (02/02/2015 03:38:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/02/2015 00:50:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/01/2015 01:01:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/31/2015 00:57:13 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (01/26/2015 05:58:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows-Biometriedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1083

Error: (01/25/2015 10:21:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (01/25/2015 10:20:59 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (01/25/2015 10:20:58 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (01/25/2015 10:20:58 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (01/20/2015 03:28:17 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/19/2015 11:04:15 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (01/18/2015 10:26:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows-Biometriedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1083

Error: (01/16/2015 08:53:21 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT-AUTORITÄT)
Description: Der Ereignisprotokollierungsdienst hat einen Fehler (Auflösung=112) beim Initialisieren der Protokollierung der Ressourcen für Kanal "Microsoft-Windows-Kernel-EventTracing/Admin" erkannt.

Error: (01/16/2015 04:03:22 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-19 17:50:48.718
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-19 17:50:48.687
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 3979.23 MB
Available physical RAM: 2278.9 MB
Total Pagefile: 7956.65 MB
Available Pagefile: 5178.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:27.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B972BEC2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 06.02.2015, 20:55   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?



Was ist mit meiner Frage nach bisherigen Funden und wenn es welche gab, den Logs dazu?


Zitat:
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
was machst du mit so einer Uralt-Version auf einem modernen Win7-System?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.02.2015, 08:29   #5
donny1982
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?



Es sind keine Funde angezeigt worden.

@Acrobat 5.0 keine Ahnung warum der so alt is


Alt 07.02.2015, 16:32   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?



Bitte mit MBAR weitermachen:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Mein Notebook arbeitet sehr sehr langsam evtl. virus?

Alt 08.02.2015, 14:52   #7
donny1982
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.08.04
  rootkit: v2015.02.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Donny1982 :: DONNY1982-PC [administrator]

08.02.2015 12:48:40
mbar-log-2015-02-08 (12-48-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 396397
Time elapsed: 1 hour(s), 47 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 08.02.2015, 15:02   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.02.2015, 21:20   #9
donny1982
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?



Code:
ATTFilter
# AdwCleaner v4.110 - Bericht erstellt 08/02/2015 um 20:55:00
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-08.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Donny1982 - DONNY1982-PC
# Gestarted von : C:\Users\Donny1982\Desktop\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\Donny1982\AppData\Local\DriverTuner
Ordner Gelöscht : C:\Users\Donny1982\AppData\Roaming\mystartsearch
Ordner Gelöscht : C:\Users\Donny1982\AppData\Roaming\Mozilla\Firefox\Profiles\uv03bhng.default\Extensions\faststartff@gmail.com
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Donny1982\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Donny1982\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Donny1982\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Donny1982\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKCU\Software\BoBrowser
Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init
Schlüssel Gelöscht : HKCU\Software\DriverTuner
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\mystartsearchSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v35.0.1 (x86 de)

[uv03bhng.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://www.mystartsearch.com/newtab/?type=nt&ts=1419272650&from=smt&uid=HITACHIXHTS727550A9E364_J3310081GA8TZBGA8TZBX");
[uv03bhng.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch");

*************************

AdwCleaner[R0].txt - [840 Bytes] - [02/04/2014 19:55:03]
AdwCleaner[R1].txt - [2141 Bytes] - [20/11/2014 20:44:31]
AdwCleaner[R2].txt - [5095 Bytes] - [08/02/2015 20:45:43]
AdwCleaner[R3].txt - [5152 Bytes] - [08/02/2015 20:52:07]
AdwCleaner[S0].txt - [2106 Bytes] - [20/11/2014 20:46:22]
AdwCleaner[S1].txt - [4932 Bytes] - [08/02/2015 20:55:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4991  Bytes] ##########
         

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Donny1982 on 08.02.2015 at 21:05:56,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\Donny1982\AppData\Roaming\mozilla\firefox\profiles\uv03bhng.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2015 at 21:08:26,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Donny1982 (administrator) on DONNY1982-PC on 08-02-2015 21:17:20
Running from C:\Users\Donny1982\Desktop
Loaded Profiles: Donny1982 & UpdatusUser (Available profiles: Donny1982 & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (Authentec Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-1828066295-1020933206-982316413-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1828066295-1020933206-982316413-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54813;https=127.0.0.1:54813
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1828066295-1020933206-982316413-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1828066295-1020933206-982316413-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1828066295-1020933206-982316413-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {c2e2dfb1-f145-48c9-b58e-9384aa0850a9} ->  No File
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Donny1982\AppData\Roaming\Mozilla\Firefox\Profiles\uv03bhng.default
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Donny1982\AppData\Roaming\Mozilla\Firefox\Profiles\uv03bhng.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Donny1982\AppData\Roaming\Mozilla\Firefox\Profiles\uv03bhng.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Donny1982\AppData\Roaming\Mozilla\Firefox\Profiles\uv03bhng.default\Extensions\abs@avira.com [2015-02-02]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-11-04]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

Opera: 
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1517928 2013-03-11] (Lenovo Group Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-16] (Avira Operations GmbH & Co. KG)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-01-11] (NVIDIA Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 21:17 - 2015-02-08 21:17 - 00014458 _____ () C:\Users\Donny1982\Desktop\FRST.txt
2015-02-08 21:17 - 2015-02-08 21:17 - 00000000 ____D () C:\Users\Donny1982\Desktop\FRST-OlderVersion
2015-02-08 21:08 - 2015-02-08 21:16 - 00000832 _____ () C:\Users\Donny1982\Desktop\JRT.txt
2015-02-08 21:05 - 2015-02-08 21:05 - 01388274 _____ (Thisisu) C:\Users\Donny1982\Desktop\JRT.exe
2015-02-08 21:00 - 2015-02-08 21:00 - 00005079 _____ () C:\Users\Donny1982\Desktop\AdwCleaner[S1].txt
2015-02-08 20:45 - 2015-02-08 20:45 - 02112512 _____ () C:\Users\Donny1982\Desktop\AdwCleaner_4.110.exe
2015-02-08 16:34 - 2015-02-08 20:55 - 00000112 _____ () C:\Windows\setupact.log
2015-02-08 16:34 - 2015-02-08 16:34 - 00001058 _____ () C:\Windows\PFRO.log
2015-02-08 16:34 - 2015-02-08 16:34 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-08 10:15 - 2015-02-08 14:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-08 10:00 - 2015-02-08 14:39 - 00000000 ____D () C:\Users\Donny1982\Desktop\mbar
2015-02-08 09:48 - 2015-02-08 09:52 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Donny1982\Desktop\mbar-1.08.3.1004.exe
2015-02-05 17:26 - 2015-02-08 21:17 - 02132992 _____ (Farbar) C:\Users\Donny1982\Desktop\FRST64.exe
2015-02-01 18:51 - 2014-10-14 19:25 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S03E03.Das.Teufelstoupet.German.Dubbed.DL.FS.WEBRiP.x264-BET
2015-02-01 18:51 - 2014-09-03 20:39 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S03E01E02.German.Dubbed.DL.FS.WEBRiP.x264-BET
2015-02-01 18:43 - 2015-02-01 18:51 - 85057312 _____ () C:\Users\Donny1982\Downloads\snsdgrdudlwer48x20303.part2.rar
2015-02-01 18:43 - 2015-02-01 18:51 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdudlwer48x20303.part1.rar
2015-02-01 18:43 - 2014-09-03 20:39 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S03E04.Ring.frei.für.Commander.Cool.German.Dubbed.DL.FS.WEBRiP.x264-BET
2015-02-01 18:42 - 2015-02-01 18:51 - 93804712 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48x2030102.part2.rar
2015-02-01 18:34 - 2015-02-01 18:43 - 88400228 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48x20304.part2.rar
2015-02-01 18:34 - 2015-02-01 18:42 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48x20304.part1.rar
2015-02-01 18:34 - 2015-02-01 18:42 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48x2030102.part1.rar
2015-02-01 17:17 - 2015-02-01 18:15 - 1048576000 _____ () C:\Users\Donny1982\Downloads\16.part1.rar
2015-02-01 17:17 - 2015-02-01 17:59 - 892257034 _____ () C:\Users\Donny1982\Downloads\16.part2.rar
2015-01-31 19:56 - 2015-01-31 20:23 - 419430400 _____ () C:\Users\Donny1982\Downloads\15.part2.rar
2015-01-31 19:56 - 2015-01-31 20:17 - 419430400 _____ () C:\Users\Donny1982\Downloads\15.part1.rar
2015-01-31 19:56 - 2015-01-31 19:59 - 58536423 _____ () C:\Users\Donny1982\Downloads\15.part3.rar
2015-01-26 19:05 - 2014-09-02 22:51 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S01E04.Das.Comicfressermonster.German.Dubbed.DL.FS.WEBRiP.h264-BET
2015-01-26 18:56 - 2015-01-26 19:01 - 71165282 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20104.part3.rar
2015-01-26 18:56 - 2014-09-02 22:50 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S01E03.Hundekuchen.und.Kaesemonster.German.Dubbed.DL.FS.WEBRiP.h264-BET
2015-01-26 18:55 - 2015-01-26 19:05 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20104.part1.rar
2015-01-26 18:55 - 2015-01-26 19:04 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20104.part2.rar
2015-01-26 18:48 - 2015-01-26 18:55 - 80312956 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20103.part3.rar
2015-01-26 18:48 - 2014-09-02 22:50 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S01E02.Hundehuettenspuk.German.Dubbed.DL.FS.WEBRiP.h264-BET
2015-01-26 18:47 - 2015-01-26 18:56 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20103.part2.rar
2015-01-26 18:46 - 2015-01-26 18:55 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20103.part1.rar
2015-01-26 18:40 - 2015-01-26 18:47 - 93084900 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20102.part3.rar
2015-01-26 18:40 - 2014-09-02 22:48 - 00000000 ____D () C:\Users\Donny1982\Downloads\Spuernase.Scooby.Doo.S01E01.Der.fahrradfahrende.Geist.German.Dubbed.DL.FS.WEBRiP.h264-BET
2015-01-26 18:38 - 2015-01-26 18:48 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20102.part2.rar
2015-01-26 18:36 - 2015-01-26 18:46 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20102.part1.rar
2015-01-26 18:27 - 2015-01-26 18:40 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20101.part2.rar
2015-01-26 18:27 - 2015-01-26 18:38 - 104857600 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20101.part1.rar
2015-01-26 18:27 - 2015-01-26 18:36 - 88642690 _____ () C:\Users\Donny1982\Downloads\snsdgrdlwe48h20101.part3.rar
2015-01-25 11:41 - 2014-11-15 16:26 - 00000000 ____D () C:\Users\Donny1982\Downloads\Planes.2.Immer.im.Einsatz.2014.BDRip.AC3.German.XviD-POE
2015-01-25 11:36 - 2015-01-25 11:41 - 101970032 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part14.rar
2015-01-25 11:33 - 2015-01-25 11:41 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part13.rar
2015-01-25 11:28 - 2015-01-25 11:36 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part12.rar
2015-01-25 11:25 - 2015-01-25 11:36 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part11.rar
2015-01-25 11:25 - 2015-01-25 11:33 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part10.rar
2015-01-25 11:17 - 2015-01-25 11:27 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part09.rar
2015-01-25 11:17 - 2015-01-25 11:25 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part08.rar
2015-01-25 11:14 - 2015-01-25 11:25 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part07.rar
2015-01-25 11:10 - 2015-01-25 11:17 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part06.rar
2015-01-25 11:07 - 2015-01-25 11:17 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part05.rar
2015-01-25 11:04 - 2015-01-25 11:14 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part04.rar
2015-01-25 10:59 - 2015-01-25 11:09 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part03.rar
2015-01-25 10:59 - 2015-01-25 11:03 - 00000000 ____D () C:\Users\Donny1982\Downloads\Planes 2013 BDRip DL AC3 German x264 - Nessy
2015-01-25 10:56 - 2015-01-25 11:06 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part01.rar
2015-01-25 10:56 - 2015-01-25 11:04 - 106954752 _____ () C:\Users\Donny1982\Downloads\poe-planes2-xvid.part02.rar
2015-01-25 10:53 - 2015-01-25 10:56 - 30669319 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part20.rar
2015-01-25 10:50 - 2015-01-25 10:59 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part19.rar
2015-01-25 10:45 - 2015-01-25 10:56 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part18.rar
2015-01-25 10:43 - 2015-01-25 10:50 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part17.rar
2015-01-25 10:42 - 2015-01-25 10:53 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part16.rar
2015-01-25 10:34 - 2015-01-25 10:45 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part15.rar
2015-01-25 10:33 - 2015-01-25 10:42 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part14.rar
2015-01-25 10:31 - 2015-01-25 10:43 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part13.rar
2015-01-25 10:21 - 2015-01-25 10:34 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part11.rar
2015-01-25 10:21 - 2015-01-25 10:31 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part12.rar
2015-01-25 10:20 - 2015-01-25 10:33 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part10.rar
2015-01-25 10:11 - 2015-01-25 10:21 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part09.rar
2015-01-25 10:11 - 2015-01-25 10:21 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part08.rar
2015-01-25 10:11 - 2015-01-25 10:20 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part07.rar
2015-01-25 10:01 - 2015-01-25 10:11 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part06.rar
2015-01-25 10:01 - 2015-01-25 10:11 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part05.rar
2015-01-25 10:01 - 2015-01-25 10:11 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part04.rar
2015-01-25 09:50 - 2015-01-25 10:01 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part03.rar
2015-01-25 09:50 - 2015-01-25 10:01 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part02.rar
2015-01-25 09:50 - 2015-01-25 10:01 - 110100480 _____ () C:\Users\Donny1982\Downloads\Planse.2013.DL.X2.Nessy.part01.rar
2015-01-23 20:08 - 2015-01-23 20:38 - 00000000 ____D () C:\Users\Donny1982\Downloads\nummer6 yeti
2015-01-20 15:58 - 2015-01-20 15:58 - 00001112 _____ () C:\Users\Donny1982\Downloads\3y56bx2nx729p3t.dlc
2015-01-19 19:52 - 2015-01-25 10:17 - 00000000 ____D () C:\Users\Donny1982\Downloads\The.Angriest.Man.in.Brooklyn.2014.German.AC3.BDRiP.x264-iMDb
2015-01-19 19:41 - 2015-01-25 10:17 - 00000000 ____D () C:\Users\Donny1982\Downloads\The.Wolf.of.Wall.Street.2013.BDRip.AAC.German.x264-FDSD
2015-01-18 11:01 - 2015-01-04 23:24 - 1601060390 ____R () C:\Users\Donny1982\Downloads\freetv_smackdown02012015.mp4
2015-01-17 21:33 - 2015-01-03 22:32 - 00000000 ____D () C:\Users\Donny1982\Downloads\WWE.Friday.Night.Smackdown.26.12.2014.UNTOUCHED.PDTV.German.mkv-FreeTV
2015-01-17 20:32 - 2015-01-17 20:32 - 00001092 _____ () C:\Users\Donny1982\Downloads\UL_wwe_TLC_2014-wfcqsgnkerqf.dlc
2015-01-17 18:29 - 2015-01-17 18:29 - 00000000 ____D () C:\Users\Donny1982\Downloads\Extra
2015-01-17 18:28 - 2015-01-17 18:28 - 00000000 ____D () C:\Users\Donny1982\Downloads\Film
2015-01-16 15:55 - 2015-01-16 15:55 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-15 20:18 - 2015-01-15 20:18 - 00003568 _____ () C:\Users\Donny1982\Downloads\WWE_Monday_Night_Raw_15_12_2014_PDTV_German_mkv-FreeTV-3nvbwgnnqpegz.dlc
2015-01-14 15:08 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:08 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:08 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:08 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 15:08 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 15:08 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 15:08 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 15:08 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 15:08 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 15:08 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:08 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:08 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 15:08 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 19:08 - 2015-02-08 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-12 20:09 - 2015-01-12 20:09 - 00001161 _____ () C:\Users\Donny1982\Desktop\Serien - Verknüpfung.lnk
2015-01-09 20:06 - 2015-01-09 20:39 - 00000000 ____D () C:\Users\Donny1982\Downloads\Telefon

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 21:17 - 2014-11-18 21:34 - 00000000 ____D () C:\FRST
2015-02-08 21:04 - 2014-12-11 10:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 21:03 - 2011-04-12 08:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-02-08 21:03 - 2011-04-12 08:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-02-08 21:03 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 21:03 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 21:03 - 2009-07-14 05:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 20:59 - 2013-06-25 16:58 - 01152692 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 20:55 - 2014-04-02 19:55 - 00000000 ____D () C:\AdwCleaner
2015-02-08 20:55 - 2013-07-04 20:33 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-08 20:55 - 2013-06-28 16:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-08 20:55 - 2013-06-25 17:08 - 00001226 _____ () C:\Users\Donny1982\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-08 20:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 16:29 - 2014-12-22 20:32 - 00000000 ____D () C:\Users\Donny1982\AppData\Roaming\Samsung
2015-02-08 16:29 - 2014-12-22 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-02-08 16:29 - 2014-12-22 20:30 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-08 16:29 - 2013-06-28 18:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-08 15:43 - 2014-07-30 20:11 - 00000000 ____D () C:\Program Files\Steinberg
2015-02-08 15:39 - 2014-12-22 20:30 - 00000000 ____D () C:\ProgramData\Samsung
2015-02-08 15:32 - 2013-06-30 11:03 - 00000000 ____D () C:\ProgramData\Apple
2015-02-08 15:12 - 2013-07-04 20:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-08 12:39 - 2014-03-27 21:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 12:32 - 2014-11-20 19:55 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 23:07 - 2014-12-11 10:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 23:06 - 2014-12-11 10:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 23:06 - 2014-12-11 10:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 06:28 - 2013-06-28 19:27 - 00000000 ____D () C:\Users\Donny1982\AppData\Roaming\vlc
2015-02-01 21:52 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-21 17:21 - 2014-10-29 18:50 - 00000000 ____D () C:\Users\Donny1982\Downloads\Bewerbung Iwi
2015-01-20 03:05 - 2014-02-28 03:03 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2013-01-11 14:13 - 2013-01-11 14:13 - 0022464 _____ (Intel Corporation) C:\Users\Donny1982\AppData\Roaming\JomCap.dll

Some content of TEMP:
====================
C:\Users\Donny1982\AppData\Local\Temp\avgnt.exe
C:\Users\Donny1982\AppData\Local\Temp\Quarantine.exe
C:\Users\Donny1982\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:25

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Donny1982 at 2015-02-08 21:17:52
Running from C:\Users\Donny1982\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
calibre 64bit (HKLM\...\{8A1C4F73-1FEE-4E43-A82F-BDB24E004096}) (Version: 0.9.37 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version:  - )
Druckerdeinstallation für EPSON WF-3520 Series (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
Epson Benutzerhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Useg) (Version:  - )
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3520 Series (HKLM-x32\...\WF-3520 Series Netg) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Free iPad Video Converter 3.7.2.1 (HKLM-x32\...\Free iPad Video Converter_is1) (Version:  - FreeAudioVideoSoftTech, Inc.)
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.00.02 - )
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MP4 To MP3 Converter V3.0.5 (HKLM-x32\...\MP4 To MP3 Converter_is1) (Version:  - hxxp://www.MP4ToMP3Converter.net)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1828066295-1020933206-982316413-1000\...\MyFreeCodec) (Version:  - )
MyHarmony (HKU\S-1-5-21-1828066295-1020933206-982316413-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NVIDIA 3D Vision Treiber 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.00 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.51.0045.00 - Lenovo Group Limited)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
SpeedCommander 13 (x64) (HKLM\...\SpeedCommander 13 (x64)) (Version: 13 - SpeedProject)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

08-02-2015 15:38:55 Removed Samsung Kies
08-02-2015 15:40:46 Removed Steinberg Upload Manager
08-02-2015 16:29:19 Removed Samsung Kies3

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-19 17:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12A94F2C-FEA7-4D7A-BB2C-BEEB94AEB348} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {1323497A-B8B7-442C-8034-4F5106EB7B50} - System32\Tasks\{E2B80576-5163-40C2-97E2-9276CF9954F7} => C:\Users\Donny1982\Downloads\zoek.exe
Task: {33397B68-E794-4506-B910-68772F38888B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4B470FED-8DCD-4E22-8884-F171533F04DE} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {4B8CEC7E-9B78-4348-B0D4-4359615BBA7F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {731DADC7-C632-4EB3-AF10-B7C42185A69D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {77C94A17-F43B-49AC-B94D-77046E856AB1} - System32\Tasks\{F4828AB9-4C25-42DD-8968-200A39482542} => C:\Users\Donny1982\Downloads\zoek.exe
Task: {7C42157D-0A82-444E-89EE-7FA95748E57B} - System32\Tasks\{2F0FC155-729B-40C3-A046-0656A0925C84} => C:\Users\Donny1982\Downloads\zoek.exe
Task: {D83AB191-990C-4529-BFE6-63EA1BF89607} - System32\Tasks\{C85BA825-7305-46D8-ABF1-C0C4A853E5E5} => C:\Users\Donny1982\Downloads\zoek.exe
Task: {E2ED0F0A-24ED-4F9D-A687-2D7C47A32E91} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {F9E15A47-AC32-495A-812A-634D9C6140E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-28 16:06 - 2013-01-10 22:36 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-28 16:04 - 2011-09-25 23:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-28 17:14 - 2010-10-26 09:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2015-01-13 19:08 - 2015-01-31 19:53 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1828066295-1020933206-982316413-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Donny1982\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1828066295-1020933206-982316413-500 - Administrator - Disabled)
Donny1982 (S-1-5-21-1828066295-1020933206-982316413-1000 - Administrator - Enabled) => C:\Users\Donny1982
Gast (S-1-5-21-1828066295-1020933206-982316413-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1828066295-1020933206-982316413-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-1828066295-1020933206-982316413-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-19 17:50:48.718
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-19 17:50:48.687
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 3979.23 MB
Available physical RAM: 2342.95 MB
Total Pagefile: 7956.65 MB
Available Pagefile: 5897.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:28.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B972BEC2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 08.02.2015, 23:22   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1828066295-1020933206-982316413-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54813;https=127.0.0.1:54813
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1828066295-1020933206-982316413-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1828066295-1020933206-982316413-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {c2e2dfb1-f145-48c9-b58e-9384aa0850a9} ->  No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.02.2015, 21:30   #11
donny1982
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Donny1982 at 2015-02-09 21:25:10 Run:1
Running from C:\Users\Donny1982\Desktop
Loaded Profiles: Donny1982 & UpdatusUser (Available profiles: Donny1982 & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1828066295-1020933206-982316413-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54813;https=127.0.0.1:54813
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1828066295-1020933206-982316413-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1828066295-1020933206-982316413-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {c2e2dfb1-f145-48c9-b58e-9384aa0850a9} ->  No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
EmptyTemp:
Hosts:
      
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1828066295-1020933206-982316413-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1828066295-1020933206-982316413-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
HKU\S-1-5-21-1828066295-1020933206-982316413-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2e2dfb1-f145-48c9-b58e-9384aa0850a9}" => Key deleted successfully.
HKCR\CLSID\{c2e2dfb1-f145-48c9-b58e-9384aa0850a9} => Key not found. 
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 387.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 21:25:44 ====
         

Alt 09.02.2015, 21:32   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?



Vor dem Fix solltest du den Virenscanner deaktivieren, ds hast du offensichtlich nicht getan. Bitte den Fix richtig wiederholen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.02.2015, 22:09   #13
donny1982
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Donny1982 at 2015-02-09 22:08:16 Run:2
Running from C:\Users\Donny1982\Desktop
Loaded Profiles: Donny1982 & UpdatusUser (Available profiles: Donny1982 & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1828066295-1020933206-982316413-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54813;https=127.0.0.1:54813
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1828066295-1020933206-982316413-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1828066295-1020933206-982316413-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {c2e2dfb1-f145-48c9-b58e-9384aa0850a9} ->  No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
EmptyTem
*****************

HKLM\SOFTWARE\Policies\Google => Key not found. 
HKU\S-1-5-21-1828066295-1020933206-982316413-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-1828066295-1020933206-982316413-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
HKU\S-1-5-21-1828066295-1020933206-982316413-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2e2dfb1-f145-48c9-b58e-9384aa0850a9} => Key not found. 
HKCR\CLSID\{c2e2dfb1-f145-48c9-b58e-9384aa0850a9} => Key not found. 
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Key not found. 
EmptyTem => Error: No automatic fix found for this entry.

==== End of Fixlog 22:08:16 ====
         

Alt 09.02.2015, 22:11   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Standard

Mein Notebook arbeitet sehr sehr langsam evtl. virus?



So und nun der nächste Fehler: du hast die Fixlist.txt nicht komplett bzw 1:1 kopiert
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Mein Notebook arbeitet sehr sehr langsam evtl. virus?
arbeitet, dauert, ebook, eingefangen, firefox, gefangen, gucken, langsam, minute, notebook, programm, sehr langsam, tagen, verdacht, virus, virus?, welchem, win, win 7, wissen



Ähnliche Themen: Mein Notebook arbeitet sehr sehr langsam evtl. virus?


  1. Datenträgerauslastung permanent auf 100%, PC bootet kaum und arbeitet sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 07.10.2015 (11)
  2. notebook arbeitet ewig ist sehr langsam und reagiert zeitweise gar nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 20.02.2015 (14)
  3. Pc Notebook sehr langsam Trojaner Virus?
    Plagegeister aller Art und deren Bekämpfung - 26.12.2014 (7)
  4. Laptop arbeitet sehr langsam; Warnhinweise vorhanden
    Log-Analyse und Auswertung - 21.05.2014 (1)
  5. Notebook startet sehr langsam und Performance ist sehr schlecht
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (15)
  6. Windows 7: PC arbeitet sehr langsam und hängt sich auf
    Log-Analyse und Auswertung - 01.11.2013 (24)
  7. PC arbeitet sehr langsam, verzögerte Eingabe der Buchstaben.
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (20)
  8. Pc ist sehr langsam, evtl. Trojaner, Virus?
    Log-Analyse und Auswertung - 05.10.2012 (3)
  9. Notebook sehr langsam - Avast eingenständig ausgeschaltet - Virus?
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (16)
  10. PC plötzlich sehr, sehr langsam - evtl. neues update Adobe Flashplayer? kein Virus gefunden...
    Log-Analyse und Auswertung - 05.10.2011 (15)
  11. Pc arbeitet sehr Langsam viele Fehler, Hauptursache MSN-Listen Virus
    Log-Analyse und Auswertung - 08.02.2011 (7)
  12. Mein rechner ist seit eine viren attake sehr sehr langsam
    Log-Analyse und Auswertung - 10.02.2009 (0)
  13. PC arbeitet sehr langsam
    Log-Analyse und Auswertung - 12.10.2007 (1)
  14. Hilfe zum Zweiten. Mein PC ist sehr langsam, Virus?
    Log-Analyse und Auswertung - 14.09.2007 (2)
  15. Pc startet und arbeitet sehr langsam
    Log-Analyse und Auswertung - 29.07.2007 (5)
  16. Nach Trojaner arbeitet mein Rechner nur noch sehr langsam
    Log-Analyse und Auswertung - 03.06.2007 (10)
  17. ---Rechner friert ein, Arbeitet sehr langsam, Trojaner?---
    Log-Analyse und Auswertung - 15.01.2006 (7)

Zum Thema Mein Notebook arbeitet sehr sehr langsam evtl. virus? - Mein Notebook mit win 7 Arbeitet seit 2 Tagen sehr langsam. Firefox aufmachen dauert 5 minuten. Hab den Verdacht dass ich mir da was eingefangen hab. Würd gern wissen mit - Mein Notebook arbeitet sehr sehr langsam evtl. virus?...
Archiv
Du betrachtest: Mein Notebook arbeitet sehr sehr langsam evtl. virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.