Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: .exe - ungültiges Bild

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.03.2015, 09:56   #1
adonisierend
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



Guten Mittag zusammen.
Nachdem gestern mein Avira eine Meldung brachte setze ich irgendetwas in Quarantäne und sollte etwas löschen.
Nun erscheint bei jedem Programm, welches ich öffnen möchte folgende Fehlermeldung:

siehe Anhang.

Ich habe den C Cleaner durchlaufen lassen, ohne Erfolg.
Avira kann ich weshalb auch immer nicht einsehen was es genau war

Malwarebytes läuft gerade.......

Hilfeeeee
Angehängte Grafiken
Dateityp: png Fehlermeldung.png (38,8 KB, 468x aufgerufen)

Alt 26.03.2015, 10:14   #2
adonisierend
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



habe gerade gesehen, dass tala68 das selbe Problem hat.
farbar 32bit scant gerade


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by User (administrator) on USER-PC on 26-03-2015 11:04:26
Running from C:\Users\User\Desktop
Loaded Profiles: User &  (Available profiles: User & Gast)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIJJE.EXE
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Mozilla Corporation) C:\Program Files\Pale Moon\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [65016 2013-01-17] (Lenovo)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\windows\system32\TpShocks.exe [186248 2012-09-20] (Lenovo.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-01-29] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379064 2012-10-17] (Synaptics Incorporated)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [4507208 2015-03-17] (SoftPerfect Research)
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-24] (Spotify Ltd)
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIJJE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [6701624 2015-03-24] (Spotify Ltd)
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\...\MountPoints2: {d92b8e66-f6c6-11e2-a0c0-00234df2186e} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-24] (Spotify Ltd)
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIJJE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [6701624 2015-03-24] (Spotify Ltd)
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d92b8e66-f6c6-11e2-a0c0-00234df2186e} - E:\MotoCastSetup.exe -a
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-03-16] ()
Lsa: [Notification Packages] scecli ACGina

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV=
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV=
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNiQ,,&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNiQ,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062459640-3492374546-2499261898-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062459640-3492374546-2499261898-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}
BHO: Simple New Tab Bho -> {5C2DD58F-613F-4580-8AC0-F10D760AF938} -> C:\Users\User\AppData\Local\simple_new_tab\simple_new_tab.dll [2014-01-11] (Temp Company Ltd)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)
BHO: OfferMosquito -> {82B16A3D-F03E-4565-A532-666B219C9A53} -> C:\Users\User\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll [2014-03-12] (Bebo Media Ltd)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fh14k260.default
FF DefaultSearchEngine: Search
FF DefaultSearchUrl: hxxp://native-search.com/search.php?channel=deg&q=
FF SelectedSearchEngine: Search
FF Homepage: hxxp://native-search.com/?channel=deg
FF Keyword.URL: hxxp://native-search.com/search.php?channel=deg&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4062459640-3492374546-2499261898-1000: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\User\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF Plugin HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\User\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-08-09] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fh14k260.default\searchplugins\search.xml [2014-04-11]
FF Extension: Avira Browser Safety - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fh14k260.default\Extensions\abs@avira.com [2015-02-05]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV="
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR DefaultSearchURL: Default -> hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=58&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&q={searchTerms}&SSPV=
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SAT=CNTS
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira Browser Safety) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [134648 2013-01-17] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [273912 2013-01-17] (Lenovo)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [3251472 2015-03-16] (Client Connect LTD)
R2 EpsonScanSvc; C:\windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-10-17] (Macrovision Europe Ltd.) [File not signed]
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [44024 2013-01-29] (Lenovo Group Limited)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [127072 2012-08-24] (Lenovo Group Limited)
R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [62456 2013-01-29] (Lenovo Group Limited)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1664296 2013-01-09] (Lenovo Group Limited)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [116368 2012-12-18] (Lenovo Group Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-10] (Avira Operations GmbH & Co. KG)
R3 LenovoRd; C:\windows\System32\Drivers\LenovoRd.sys [88832 2009-05-11] (Lenovo)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-26] (Malwarebytes Corporation)
R3 NETwNs32; C:\windows\System32\DRIVERS\NETwNs32.sys [7523840 2012-01-23] (Intel Corporation)
R1 networx; C:\windows\System32\drivers\networx.sys [56128 2015-03-17] (NetFilterSDK.com)
R3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [38200 2012-10-17] (Synaptics Incorporated)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH)
S3 PCDSRVC{3037D694-FD904ACA-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
R3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 11:04 - 2015-03-26 11:05 - 00024073 _____ () C:\Users\User\Desktop\FRST.txt
2015-03-26 11:04 - 2015-03-26 11:04 - 00000000 ____D () C:\FRST
2015-03-26 11:03 - 2015-03-26 11:03 - 01135104 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-03-26 10:37 - 2015-03-26 10:40 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 10:11 - 2015-03-26 10:26 - 00000442 _____ () C:\windows\Tasks\ParetoLogic Registration3.job
2015-03-26 10:10 - 2015-03-26 10:27 - 00000468 _____ () C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-03-26 10:10 - 2015-03-26 10:26 - 00000416 _____ () C:\windows\Tasks\ParetoLogic Update Version3.job
2015-03-26 10:10 - 2015-03-26 10:10 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2015-03-26 10:08 - 2015-03-26 10:08 - 05813872 _____ (ParetoLogic Inc.) C:\Users\User\Desktop\ParetoLogic PC Health Advisor_de.exe
2015-03-25 10:56 - 2015-03-11 04:30 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-25 10:56 - 2015-03-11 04:30 - 00534528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-25 10:56 - 2015-03-11 04:29 - 00818176 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-25 10:56 - 2015-03-11 04:29 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-25 10:56 - 2015-03-11 04:29 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-25 10:56 - 2015-03-11 04:29 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-25 10:56 - 2015-03-11 04:29 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-03-25 10:56 - 2015-03-11 04:26 - 00892928 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-24 16:57 - 2015-03-25 09:45 - 00000000 ____D () C:\Users\User\AppData\Local\avaavxvyex
2015-03-22 10:11 - 2015-03-22 10:11 - 00043839 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2015-03-19 07:55 - 2015-03-19 07:55 - 00000000 ____D () C:\Users\User\AppData\Local\avayvaxvaa
2015-03-18 11:33 - 2015-03-18 11:33 - 00000000 ____D () C:\ProgramData\SoftPerfect
2015-03-18 11:33 - 2015-03-18 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2015-03-18 11:33 - 2015-03-18 11:33 - 00000000 ____D () C:\Program Files\NetWorx
2015-03-18 11:33 - 2015-03-17 14:00 - 00056128 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\networx.sys
2015-03-11 08:33 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 08:33 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-11 08:33 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 08:33 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 08:33 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 08:33 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 08:33 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 08:33 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 08:33 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-11 08:33 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 08:33 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-11 08:33 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-11 08:33 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-11 08:33 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 08:33 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 08:33 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-11 08:33 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-11 08:33 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-11 08:33 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-11 08:33 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-11 08:33 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:33 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:33 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-11 08:33 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 08:33 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 08:33 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 08:33 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-11 08:33 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-11 08:33 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 08:33 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 08:33 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-11 08:33 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 08:33 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 08:33 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 08:32 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:32 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-11 08:32 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-11 08:32 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-11 08:32 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-11 08:32 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-11 08:32 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-11 08:32 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-11 08:32 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 08:32 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 08:32 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 08:32 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 08:32 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 08:32 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 08:32 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 08:31 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-03-11 08:31 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 08:31 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-11 08:31 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-11 08:31 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-11 08:31 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-11 08:31 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-11 08:31 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-11 08:31 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-11 08:31 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-11 08:31 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-11 08:31 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-11 08:31 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-11 08:31 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 08:31 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-10 23:38 - 2015-03-10 23:38 - 10165597 _____ () C:\Users\User\VID-20150310-WA0001.mp4
2015-03-03 11:05 - 2015-03-03 11:05 - 00027648 ____H () C:\Users\User\Downloads\photothumb.db
2015-02-27 14:02 - 2015-02-27 18:00 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-26 08:24 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-26 08:23 - 2015-02-26 08:23 - 00000000 ____D () C:\Users\User\AppData\Local\avayvxvaxc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 11:03 - 2013-05-31 10:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2015-03-26 11:00 - 2015-02-06 17:45 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-26 10:50 - 2014-02-09 14:12 - 00000000 ____D () C:\Users\User\Desktop\Originals
2015-03-26 10:49 - 2013-06-01 12:59 - 00044032 ____H () C:\Users\User\Desktop\photothumb.db
2015-03-26 10:45 - 2013-05-25 11:47 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 10:39 - 2014-08-12 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-26 10:39 - 2014-08-12 21:05 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-26 10:39 - 2014-03-17 09:28 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-26 10:36 - 2009-07-14 05:34 - 00028944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 10:36 - 2009-07-14 05:34 - 00028944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 10:33 - 2010-11-20 21:58 - 01252833 _____ () C:\windows\WindowsUpdate.log
2015-03-26 10:29 - 2013-05-31 10:06 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2015-03-26 10:26 - 2013-05-25 11:47 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 10:26 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-26 10:26 - 2009-07-14 05:39 - 00069171 _____ () C:\windows\setupact.log
2015-03-26 10:14 - 2014-11-13 21:24 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-03-26 09:37 - 2013-05-21 13:32 - 00000466 _____ () C:\windows\Tasks\SystemToolsDailyTest.job
2015-03-26 09:34 - 2014-12-12 18:14 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-26 09:34 - 2014-05-07 08:31 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-25 15:04 - 2014-05-01 23:08 - 00467456 ___SH () C:\Users\User\Documents\Thumbs.db
2015-03-24 20:56 - 2014-01-30 11:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Fifth
2015-03-24 18:50 - 2013-05-21 13:32 - 00000528 _____ () C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-03-24 18:49 - 2010-11-20 22:48 - 00119640 _____ () C:\windows\PFRO.log
2015-03-24 16:57 - 2014-05-10 01:40 - 00000000 ____D () C:\Program Files\SearchProtect
2015-03-24 13:06 - 2013-07-29 20:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-03-24 00:01 - 2014-03-04 16:49 - 00075776 ____H () C:\Users\User\Documents\photothumb.db
2015-03-24 00:00 - 2013-09-22 15:02 - 00116736 ____H () C:\Users\User\photothumb.db
2015-03-23 11:27 - 2014-04-29 17:48 - 00413696 ___SH () C:\Users\User\Thumbs.db
2015-03-22 10:11 - 2013-07-07 22:56 - 00000000 ____D () C:\Users\User\.gimp-2.8
2015-03-18 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache
2015-03-15 10:53 - 2013-05-26 10:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-15 10:53 - 2009-07-14 05:33 - 01634584 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-15 10:49 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-03-13 08:14 - 2014-04-16 23:23 - 00000000 ____D () C:\windows\system32\MRT
2015-03-13 08:06 - 2014-04-16 23:23 - 119837696 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-11 18:45 - 2009-07-14 05:52 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-03-09 20:19 - 2013-10-20 22:36 - 00020869 _____ () C:\Users\User\Desktop\Pingelingeling.odt
2015-03-08 14:31 - 2010-11-20 22:01 - 01619284 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-05 12:34 - 2014-08-06 11:44 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 12:34 - 2013-08-07 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 12:34 - 2013-08-07 22:12 - 00000000 ____D () C:\Program Files\Avira
2015-03-03 18:31 - 2013-07-01 15:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-03-03 10:56 - 2014-01-08 17:57 - 00000000 ____D () C:\Users\User\Documents\WICHTIGES
2015-02-24 04:23 - 2013-05-21 13:31 - 00246920 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-04-29 10:15 - 2014-04-29 10:15 - 0000320 _____ () C:\Users\User\AppData\Roaming\aps.uninstall.scan.results
2014-04-29 10:12 - 2014-04-29 10:12 - 1107768 _____ (AnyProtect.com) C:\Users\User\AppData\Local\nso3399.tmp
2015-03-22 10:11 - 2015-03-22 10:11 - 0043839 _____ () C:\Users\User\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\User\avg_tuht_stf_de_2015_185_15cmp16.exe
C:\Users\User\FSCaptureSetup53.exe
C:\Users\User\gimp-2.8.6-setup.exe
C:\Users\User\mbam-setup-1.75.0.1300.exe
C:\Users\User\pdf24-creator-6.0.1.exe
C:\Users\User\phase562install.exe
C:\Users\User\wrar500.exe


Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-16 08:42

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by User at 2015-03-26 11:06:05
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (HKLM\...\Adobe_67a7fb1e97aa14ee9ef0950eb6fd757) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.67.10 - )
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.12.0 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Druckerdeinstallation für EPSON WF-3520 Series (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.40 - )
Epson Benutzerhandbuch WF-3520 Series (HKLM\...\WF-3520 Series Useg) (Version:  - )
Epson Connect Guide (HKLM\...\Epson Connect Guide) (Version:  - )
Epson Event Manager (HKLM\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3520 Series (HKLM\...\WF-3520 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Fallen Shadows - Schatten der Kindheit (HKLM\...\{AE2893E9-145A-41AC-85C6-ED046B13572E}) (Version: 1.0.0 - Happy Muffin Top)
FastStone Capture 5.3 (HKLM\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
Firefox Browser (remove only) (HKLM\...\Firefox Browser) (Version:  - )
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.32.327 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Chrome Frame (HKLM\...\{7455D86F-5295-389C-AA29-18D2BDAF8DD8}) (Version: 65.169.102 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lenovo Patch Utility (HKLM\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.21 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5802.24 - PC-Doctor, Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movavi Video Suite 12 (HKLM\...\Movavi Video Suite 12) (Version: 12.2.1 - Movavi)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
NetWorx 5.3.4 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Pale Moon 25.2.1 (x86 en-US) (HKLM\...\Pale Moon 25.2.1 (x86 en-US)) (Version: 25.2.1 - Moonchild Productions)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.0.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pflanzen gegen Zombies (HKLM\...\{38541171-2520-8420-4707-482373142242}) (Version: 1.0 - Bluefish Games)
Pflanzen gegen Zombies (HKLM\...\{3F0356D7-2C0A-4284-B6D3-BD04972FE2F7}}_is1) (Version:  - Gamesload)
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Plants vs. Zombies (HKLM\...\Plants vs. Zombies) (Version:  - PopCap Games)
RCT3 Soaked (HKLM\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
RecordPad Sound Recorder (HKLM\...\Recordpad) (Version: 5.15 - NCH Software)
Rescue and Recovery (HKLM\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.50.0025.00 - Lenovo Group Limited)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
RollerCoaster Tycoon 2 (HKLM\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
RollerCoaster Tycoon 3 (HKLM\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
Search Protect (HKLM\...\SearchProtect) (Version: 2.22.0.160 - Client Connect LTD) <==== ATTENTION
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Software Updater (HKLM\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Spotify (HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.2 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.98 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.0.10.0 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.9 - Lenovo)
Tinypic 3.18 (HKLM\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
TopStyle Lite (Version 3) (HKLM\...\TopStyle Lite (Version 3.0)) (Version:  - )
TopStyle Lite (Version 3) (HKLM\...\TSLite3_is1) (Version:  - )
Twisted Lands - Insomniac (HKLM\...\Twisted Lands - Insomniac) (Version:  - )
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Intel (e1yexpress) Net  (10/20/2011 10.1.17.0) (HKLM\...\133F9046FF7A87F5692D42D459416781366A9496) (Version: 10/20/2011 10.1.17.0 - Intel)
Windows-Treiberpaket - Intel hdc  (10/05/2012 9.1.9.1002) (HKLM\...\4A2944E186251A41773D639F1FB1C31B9642332C) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\1AF5F143058CA8C5C954BD408C48232FAF21A69F) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\2528966896853AC8DEC09D148A501604155972BD) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\AC2EE0A9AD3E95C0C675C31C13CF653A6CB3A598) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel USB  (10/05/2012 9.1.9.1002) (HKLM\...\48EC18D43DCBA26BDC1D4FFB660F86792AB475D2) (Version: 10/05/2012 9.1.9.1002 - Intel)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-03-2015 12:01:25 Windows Update
13-03-2015 07:57:43 Windows Update
17-03-2015 08:02:53 Windows Update
20-03-2015 09:07:59 Windows Update
24-03-2015 14:43:16 Windows Update
26-03-2015 09:22:32 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {125ABCF0-D9B8-407F-B11C-A2F9B91BC4D1} - System32\Tasks\OMESupervisor => C:\Users\User\AppData\Local\omesuperv.exe <==== ATTENTION
Task: {15850CEF-34CD-4E6B-B49A-EC1F5B6B77AC} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {1C54C99A-AC30-4A70-985C-A1AA32EC93EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
Task: {1C87D32B-A7BC-4BEF-AC3F-4F5AFF1CA19A} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {5687C881-2490-4CF6-B471-5FB7293F1C4E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {68433102-3BA4-4129-8576-0D30261B8751} - System32\Tasks\Fifth => C:\Users\User\AppData\Roaming\Fifth\Fifth.exe [2014-03-12] () <==== ATTENTION
Task: {77208E3F-C7F5-4464-B949-1A1B8CB2069A} - System32\Tasks\{D4D8593A-5F7C-455B-9F44-4A82470B0A9C} => C:\Users\User\Documents\Firefox Browser\FirefoxPortable.exe [2013-03-08] (PortableApps.com)
Task: {80CE352F-80A2-4184-A1B7-3C9F996316A4} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {8192C99B-FBD1-4FAD-83A0-FC187ECFF19E} - System32\Tasks\{4493926D-CDA7-4F19-8DE6-D30C81608AF8} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-26] (SEIKO EPSON CORP.)
Task: {9105B51B-3077-47FC-B8A2-E00679EC77E4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9A71B82F-5099-45CC-9C2E-DCAA7A134049} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
Task: {A44178E2-2233-47F7-B158-222AAB5E17F5} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {B74CE05C-9979-48C7-BFDF-60C1ECF02F81} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()
Task: {C59C9647-1E87-4E40-880F-170DC2987BDD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {C6A8F75D-61DB-4C62-8824-9A1B07FB7C96} - System32\Tasks\{7F1B0606-156D-49B9-A655-155AE011A89B} => pcalua.exe -a C:\Users\User\Desktop\PlantsvsZombiesSetup.exe -d C:\Users\User\Desktop
Task: {CCE8FD0C-579B-4FB0-B222-F9C919B76A8A} - System32\Tasks\avaavxvyex => C:\Users\User\AppData\Local\avaavxvyex\avaavxvyex.exe [2015-03-16] () <==== ATTENTION
Task: {D393032F-08CE-4E33-A3B7-E93DB32222E6} - System32\Tasks\{3F4D803F-4F34-4A1F-A67C-C7AB63F8E68B} => C:\Users\User\Documents\Firefox Browser\FirefoxPortable.exe [2013-03-08] (PortableApps.com)
Task: {DE287C34-C5CF-4C22-AF31-012B2D781ED2} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {E01E2680-3178-4741-8B2F-6D9BE61E3CDF} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {E438CB44-1FAE-4359-9D8F-A7053FD5C569} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {E94F41F8-312D-46D9-A623-AB6DE1470327} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F6F2C829-B43C-43C1-8965-164730992482} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {FCA4D225-6735-4384-A922-0BDCA81E5BAF} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ParetoLogic Registration3.job => C:\windows\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) ==============

2013-01-09 11:33 - 2013-01-09 11:33 - 00086016 _____ () C:\Program Files\Lenovo\Access Connections\AcWrpc.dll
2013-05-21 13:22 - 2013-01-09 06:40 - 00095232 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2015-03-18 11:33 - 2015-03-03 15:49 - 00582656 _____ () C:\Program Files\NetWorx\sqlite.dll
2015-03-24 18:53 - 2015-03-24 18:54 - 40506936 _____ () C:\Users\User\AppData\Roaming\Spotify\libcef.dll
2015-03-24 18:53 - 2015-03-24 18:53 - 01365560 _____ () C:\Users\User\AppData\Roaming\Spotify\libglesv2.dll
2015-03-24 18:53 - 2015-03-24 18:53 - 00219192 _____ () C:\Users\User\AppData\Roaming\Spotify\libegl.dll
2015-03-24 18:54 - 2015-03-24 18:54 - 09305656 _____ () C:\Users\User\AppData\Roaming\Spotify\pdf.dll
2015-03-24 18:53 - 2015-03-24 18:53 - 00990776 _____ () C:\Users\User\AppData\Roaming\Spotify\ffmpegsumo.dll
2015-02-06 19:06 - 2015-01-22 01:47 - 03056640 _____ () C:\Program Files\Pale Moon\mozjs.dll
2015-02-06 17:45 - 2015-02-06 17:45 - 16852144 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4062459640-3492374546-2499261898-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Registry Helper => "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
MSCONFIG\startupreg: SCheck => "C:\Users\User\AppData\Roaming\SCheck\SCheck.exe" check 
MSCONFIG\startupreg: Snoozer => "C:\Users\User\AppData\Roaming\Snz\Snz.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-4062459640-3492374546-2499261898-500 - Administrator - Disabled)
Gast (S-1-5-21-4062459640-3492374546-2499261898-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-4062459640-3492374546-2499261898-1002 - Limited - Enabled)
User (S-1-5-21-4062459640-3492374546-2499261898-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2015 10:28:56 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/26/2015 10:28:56 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/26/2015 10:28:56 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/26/2015 10:28:56 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/26/2015 10:28:41 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/26/2015 10:28:41 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/26/2015 10:28:41 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/26/2015 10:28:41 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/26/2015 10:28:41 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (03/26/2015 10:28:40 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (5772) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0129B.log.


System errors:
=============
Error: (03/26/2015 10:28:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/26/2015 10:28:57 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (03/24/2015 06:57:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (03/24/2015 06:47:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/24/2015 00:52:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (03/22/2015 03:37:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (03/17/2015 10:01:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.

Error: (03/15/2015 02:46:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Power Manager DBC Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/15/2015 02:46:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Power Manager DBC Service erreicht.

Error: (03/15/2015 10:50:55 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.


Microsoft Office Sessions:
=========================
Error: (03/26/2015 10:28:56 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/26/2015 10:28:56 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/26/2015 10:28:56 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/26/2015 10:28:56 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (03/26/2015 10:28:41 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (03/26/2015 10:28:41 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/26/2015 10:28:41 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (03/26/2015 10:28:41 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (03/26/2015 10:28:41 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: 
Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (03/26/2015 10:28:40 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows5772Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0129B.log-1811


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 56%
Total physical RAM: 2968.03 MB
Available physical RAM: 1285.21 MB
Total Pagefile: 5934.35 MB
Available Pagefile: 3769.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.5 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:149.05 GB) (Free:60.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==
         
Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.03.2015
Suchlauf-Zeit: 10:40:30
Logdatei: malwarebiteslog.txt
Administrator: Nein

Version: 2.00.4.1028
Malware Datenbank: v2015.03.26.03
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 370473
Verstrichene Zeit: 28 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 1
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe, 4380, , [db402723e2a858dedc9703b60cf521df]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 24
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, , [db402723e2a858dedc9703b60cf521df], 
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, , [0f0cb7938406dc5a322dae7c11f28f71], 
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{8DAA9564-C7BF-43E1-ADB9-17B44DA980A6}, , [0f0cb7938406dc5a322dae7c11f28f71], 
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B47A69DE-9B38-4EC0-996E-99F90C0F8CA5}, , [0f0cb7938406dc5a322dae7c11f28f71], 
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{5C2DD58F-613F-4580-8AC0-F10D760AF938}\INPROCSERVER32, , [0f0cb7938406dc5a322dae7c11f28f71], 
PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, , [0f0cb7938406dc5a322dae7c11f28f71], 
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, , [0f0cb7938406dc5a322dae7c11f28f71], 
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, , [0f0cb7938406dc5a322dae7c11f28f71], 
PUP.Optional.OfferMosquito, HKLM\SOFTWARE\CLASSES\CLSID\{82B16A3D-F03E-4565-A532-666B219C9A53}, , [958653f7e5a56bcb9daf1b14f80b40c0], 
PUP.Optional.OfferMosquito, HKLM\SOFTWARE\CLASSES\TYPELIB\{A1669086-99CD-4735-9B7D-BD0ED4EF4893}, , [958653f7e5a56bcb9daf1b14f80b40c0], 
PUP.Optional.OfferMosquito, HKLM\SOFTWARE\CLASSES\INTERFACE\{E563EA8B-7C40-4E55-AD48-EF3A1463F16C}, , [958653f7e5a56bcb9daf1b14f80b40c0], 
PUP.Optional.OfferMosquito, HKLM\SOFTWARE\CLASSES\CLSID\{82B16A3D-F03E-4565-A532-666B219C9A53}\INPROCSERVER32, , [958653f7e5a56bcb9daf1b14f80b40c0], 
PUP.Optional.OfferMosquito, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{82B16A3D-F03E-4565-A532-666B219C9A53}, , [958653f7e5a56bcb9daf1b14f80b40c0], 
PUP.Optional.OfferMosquito, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82B16A3D-F03E-4565-A532-666B219C9A53}, , [958653f7e5a56bcb9daf1b14f80b40c0], 
PUP.Optional.OfferMosquito, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82B16A3D-F03E-4565-A532-666B219C9A53}, , [958653f7e5a56bcb9daf1b14f80b40c0], 
PUP.Optional.Snapdo.T, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [53c88dbd404acb6b92879accd231a65a], 
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, , [53c88dbd404acb6b92879accd231a65a], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [9586dd6d5436191ddf980f317a8b9769], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\SEARCHPROTECT, , [a378ea6092f839fd0139469e08fbe51b], 
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, , [c05be961e2a86fc7845abc213fc4d62a], 
PUP.Optional.OfferMosquito.A, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\OfferMosquito, , [031880caa7e31125fd8b7cc635d07e82], 
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SimpleNewTab, , [978403474644ad898280e30ca1626d93], 
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, , [b6654dfd1d6d9a9cb2311beb64a0d62a], 

Registrierungswerte: 9
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [1308fa507d0daf87f72c210e00036997], 
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, , [1308fa507d0daf87f72c210e00036997]
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, , [1308fa507d0daf87f72c210e00036997]
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [78a315350a80ff370122240b35cead53], 
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [ff1c24265b2fd16512288156aa599e62]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\SEARCHPROTECT|InstallDir, C:\PROGRA~1\SearchProtect, , [a378ea6092f839fd0139469e08fbe51b]
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\windows\system32\drivers\SPPD.sys, , [c05be961e2a86fc7845abc213fc4d62a]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [39e21d2df9914cea9aa38060ae558a76]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, SnapdoEMonYB, , [b6654dfd1d6d9a9cb2311beb64a0d62a]

Registrierungsdaten: 8
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL , Gut: (), Schlecht: (C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL),,[2af13416008a21159d2dbd69d431b44c]
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNiQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNiQ,,&q={searchTerms}),,[21fae862dcae7eb86a74f1fae61f8e72]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}),,[64b752f8b3d77bbb627f5596ba4b7b85]
PUP.Optional.Conduit.A, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV=),,[e536d575bdcdb581edfb3cb1887df709]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}),,[e53625250f7b023435ab5f8c0df87a86]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}),,[cf4c89c1c3c76fc716cdeffc8283a15f]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}),,[45d64bffe5a5ec4aebf925c6a263a35d]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4062459640-3492374546-2499261898-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQwbi612RKJWHCxBDMVBPQX4kSuhANOGbPwQXg1x7VadmA7H3GKTtJxtbtOBjIq7vNesuDgoUt4WU8KCJelaIDm5ZKvDBnNRYlA8Vip7RMY6zDHPfgJJdx4KVuT-DZAOnrx0RreNQuJ9R4tXjfuGkw2VFH9JgpFIALIAXfrzS3o7njBNjg,,&q={searchTerms}),,[4dce4a00b0da74c2805f1dce60a501ff]

Ordner: 47
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\rep, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\bin, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\rep, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfeggemggokijeahnacacopejaabljl_0, , [e932a4a6d4b60c2abcf07b027192b947], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl, , [6caf91b9f496b581d4e4bfbe5ea53bc5], 
PUP.Optional.SimpleNewTab.A, C:\Users\User\AppData\Local\simple_new_tab, , [8c8fcc7e7a10280e85d5f590c241c739], 
PUP.Optional.SimpleNewTab.A, C:\Users\User\AppData\Local\simple_new_tab\htmls, , [8c8fcc7e7a10280e85d5f590c241c739], 
PUP.Optional.OfferMosquito.A, C:\Users\User\AppData\Roaming\OfferMosquito, , [64b775d5424858de2b30cfb6798aa35d], 
PUP.Optional.OfferMosquito.A, C:\Users\User\AppData\Local\ext_offermosquito, , [2af17bcfd3b7de585903b0d5b1523bc5], 
PUP.Optional.OfferMosquito.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito, , [59c298b23258d75f045af68fe1226898], 
PUP.Optional.SearchProtect.A, C:\Users\Gast\AppData\Local\SearchProtect, , [94878ac00b7f0a2c555e028919eaea16], 
PUP.Optional.SearchProtect.A, C:\Users\Gast\AppData\Local\SearchProtect\SearchProtect, , [94878ac00b7f0a2c555e028919eaea16], 
PUP.Optional.SearchProtect.A, C:\Users\Gast\AppData\Local\SearchProtect\SearchProtect\rep, , [94878ac00b7f0a2c555e028919eaea16], 
PUP.Optional.SearchProtect.A, C:\Users\Gast\AppData\Local\SearchProtect\SearchProtect\STG, , [94878ac00b7f0a2c555e028919eaea16], 
PUP.Optional.SearchProtect.A, C:\Users\Gast\AppData\Local\SearchProtect\UI, , [94878ac00b7f0a2c555e028919eaea16], 
PUP.Optional.SearchProtect.A, C:\Users\Gast\AppData\Local\SearchProtect\UI\rep, , [94878ac00b7f0a2c555e028919eaea16], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\SearchProtect, , [97844ffbb3d783b3baf993f85aa945bb], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\SearchProtect\SearchProtect, , [97844ffbb3d783b3baf993f85aa945bb], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\SearchProtect\SearchProtect\rep, , [97844ffbb3d783b3baf993f85aa945bb], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\SearchProtect\SearchProtect\STG, , [97844ffbb3d783b3baf993f85aa945bb], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\SearchProtect\UI, , [97844ffbb3d783b3baf993f85aa945bb], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\SearchProtect\UI\rep, , [97844ffbb3d783b3baf993f85aa945bb], 
PUP.Optional.SearchProtect.A, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect, , [e13a202ac3c747ef169d6a2140c322de], 
PUP.Optional.SearchProtect.A, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect\SearchProtect, , [e13a202ac3c747ef169d6a2140c322de], 
PUP.Optional.SearchProtect.A, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep, , [e13a202ac3c747ef169d6a2140c322de], 
PUP.Optional.Extutil.A, C:\Users\Gast\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [081386c44446ee4870571875b44f8080], 
PUP.Optional.Managera.A, C:\Users\Gast\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [ad6ed872c4c687af15b3d4b9ea19ee12], 
PUP.Optional.Vbates.A, C:\Program Files\V-bates, , [5cbfbe8cb0dad3638baa3b542fd46f91], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaavxvyex, , [ce4dc387c5c5a88e4ade6c43699a936d], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaxvavya, , [ce4dd4764b3fbe78ab7d79369370c63a], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvaxvaa, , [100b9baf2d5d4de92107406f3bc8af51], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvxvaxc, , [d348f05a12787db950d807a8788b5da3], 

Dateien: 163
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe, , [db402723e2a858dedc9703b60cf521df], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe, , [13086fdb1179cd69aec54b6ef50ce41c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\bin\cltmngui.exe, , [8299ed5d226891a5a6cdaf0a24dde818], 
PUP.Optional.SimpleNewTab.A, C:\Users\User\AppData\Local\simple_new_tab\simple_new_tab.dll, , [0f0cb7938406dc5a322dae7c11f28f71], 
PUP.Optional.OfferMosquito, C:\Users\User\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll, , [958653f7e5a56bcb9daf1b14f80b40c0], 
PUP.Optional.ClientConnect, C:\Users\User\Downloads\wlsetup-web.exe, , [58c3064428622f071544daf2818012ee], 
PUP.Optional.AnyProtect.A, C:\Users\User\AppData\Local\nso3399.tmp, , [1902c1897a1074c2904cdc55778fd828], 
PUP.Optional.SearchProtect, C:\Users\User\AppData\Local\avaavxvyex\avaavxvyex.exe, , [8b9080ca94f653e320ca7a9e23df43bd], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaavxvyex\pbqrmvbub, , [83980545147694a2284b318817ea7f81], 
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\nbin\VC32Loader.dll, , [bd5e1c2e84061d19c0b38336837e36ca], 
PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\avaavxvyex, , [53c8b4964f3ba98d3f95c1f9788bf20e], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpfeggemggokijeahnacacopejaabljl_0.localstorage, , [8b9089c16228f0464d878178ba49629e], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\EULA.txt, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\CRASH_REPORT_P13748_T10032_D2015_02_06_T17_27_40.txt, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\SPtool.dll, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\sptool.dll_1422951837574, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\sptool.dll_1423571552544, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\sptool.dll_1426748088199, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\sptool.dll_1427212629143, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\uninstall.exe, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\uninstall.pun, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\cfi.bin, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\edk.bin, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\pni.bin, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\SystemRepository.dat, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\trn.bin, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\RN32.dll, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPtool64.exe, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\VC32.dll, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\VC32.dll_1419939367542, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\VC64.dll, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\VC64Loader.dll, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings.html, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\style.css, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.css, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.html, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\defaults.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgUninstall.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def-grey.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-default.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-onclick.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-dia.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-uninstall.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-with-logo.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgNotif.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettings.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnBlue.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnClose.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnSilver.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\button-bg.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_checked.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_def.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-def.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-over-click.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\gray-bg.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-selected.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\icon-win.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\info-icon.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-rollover.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-selected.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-def.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-selected.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button2.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Settings-icon.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\text-field.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\v.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\x.png, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\defaults.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\DialogAPI.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\dialogUtils.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\json2.min.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\main.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\defaults.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.css, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.html, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\defaults.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\defaults.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.css, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.html, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\defaults.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.css, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.html, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.js, , [2af13416008a21159d2dbd69d431b44c], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfeggemggokijeahnacacopejaabljl_0\1, , [e932a4a6d4b60c2abcf07b027192b947], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\000575.ldb, , [6caf91b9f496b581d4e4bfbe5ea53bc5], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\000577.ldb, , [6caf91b9f496b581d4e4bfbe5ea53bc5], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\000580.ldb, , [6caf91b9f496b581d4e4bfbe5ea53bc5], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\000581.log, , [6caf91b9f496b581d4e4bfbe5ea53bc5], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\CURRENT, , [6caf91b9f496b581d4e4bfbe5ea53bc5], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\LOCK, , [6caf91b9f496b581d4e4bfbe5ea53bc5], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\LOG, , [6caf91b9f496b581d4e4bfbe5ea53bc5], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\LOG.old, , [6caf91b9f496b581d4e4bfbe5ea53bc5], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\MANIFEST-000579, , [6caf91b9f496b581d4e4bfbe5ea53bc5], 
PUP.Optional.SimpleNewTab.A, C:\Users\User\AppData\Local\simple_new_tab\htmls\index.html, , [8c8fcc7e7a10280e85d5f590c241c739], 
PUP.Optional.OfferMosquito.A, C:\Users\User\AppData\Local\ext_offermosquito\atl100.dll, , [2af17bcfd3b7de585903b0d5b1523bc5], 
PUP.Optional.OfferMosquito.A, C:\Users\User\AppData\Local\ext_offermosquito\msvcr100d.dll, , [2af17bcfd3b7de585903b0d5b1523bc5], 
PUP.Optional.OfferMosquito.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx, , [59c298b23258d75f045af68fe1226898], 
PUP.Optional.SearchProtect.A, C:\Users\Gast\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, , [94878ac00b7f0a2c555e028919eaea16], 
PUP.Optional.SearchProtect.A, C:\Users\Gast\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [94878ac00b7f0a2c555e028919eaea16], 
PUP.Optional.SearchProtect.A, C:\Users\Gast\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, , [94878ac00b7f0a2c555e028919eaea16], 
PUP.Optional.SearchProtect.A, C:\Users\Gast\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, , [94878ac00b7f0a2c555e028919eaea16], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, , [97844ffbb3d783b3baf993f85aa945bb], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [97844ffbb3d783b3baf993f85aa945bb], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, , [97844ffbb3d783b3baf993f85aa945bb], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, , [97844ffbb3d783b3baf993f85aa945bb], 
PUP.Optional.SearchProtect.A, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [e13a202ac3c747ef169d6a2140c322de], 
PUP.Optional.Extutil.A, C:\Users\Gast\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [081386c44446ee4870571875b44f8080], 
PUP.Optional.Extutil.A, C:\Users\Gast\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [081386c44446ee4870571875b44f8080], 
PUP.Optional.Extutil.A, C:\Users\Gast\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [081386c44446ee4870571875b44f8080], 
PUP.Optional.Managera.A, C:\Users\Gast\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [ad6ed872c4c687af15b3d4b9ea19ee12], 
PUP.Optional.Managera.A, C:\Users\Gast\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [ad6ed872c4c687af15b3d4b9ea19ee12], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaavxvyex\bahvxfk, , [ce4dc387c5c5a88e4ade6c43699a936d], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaavxvyex\mkfvxfk, , [ce4dc387c5c5a88e4ade6c43699a936d], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaavxvyex\pvpqbjobmlpfqlovvawq, , [ce4dc387c5c5a88e4ade6c43699a936d], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaavxvyex\qokvxfk, , [ce4dc387c5c5a88e4ade6c43699a936d], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaavxvyex\rfobmlpfqlovvawq, , [ce4dc387c5c5a88e4ade6c43699a936d], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaavxvyex\rpboobmlpfqlovvawq, , [ce4dc387c5c5a88e4ade6c43699a936d], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaavxvyex\stb.dat, , [ce4dc387c5c5a88e4ade6c43699a936d], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaavxvyex\ycfvxfk, , [ce4dc387c5c5a88e4ade6c43699a936d], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaxvavya\bahvxfk, , [ce4dd4764b3fbe78ab7d79369370c63a], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaxvavya\mkfvxfk, , [ce4dd4764b3fbe78ab7d79369370c63a], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaxvavya\pvpqbjobmlpfqlovvawq, , [ce4dd4764b3fbe78ab7d79369370c63a], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaxvavya\qokvxfk, , [ce4dd4764b3fbe78ab7d79369370c63a], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaxvavya\rfobmlpfqlovvawq, , [ce4dd4764b3fbe78ab7d79369370c63a], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaxvavya\rpboobmlpfqlovvawq, , [ce4dd4764b3fbe78ab7d79369370c63a], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaxvavya\stb.dat, , [ce4dd4764b3fbe78ab7d79369370c63a], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avaxvavya\ycfvxfk, , [ce4dd4764b3fbe78ab7d79369370c63a], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvaxvaa\bahvxfk, , [100b9baf2d5d4de92107406f3bc8af51], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvaxvaa\mkfvxfk, , [100b9baf2d5d4de92107406f3bc8af51], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvaxvaa\pvpqbjobmlpfqlovvawq, , [100b9baf2d5d4de92107406f3bc8af51], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvaxvaa\qokvxfk, , [100b9baf2d5d4de92107406f3bc8af51], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvaxvaa\rfobmlpfqlovvawq, , [100b9baf2d5d4de92107406f3bc8af51], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvaxvaa\rpboobmlpfqlovvawq, , [100b9baf2d5d4de92107406f3bc8af51], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvaxvaa\stb.dat, , [100b9baf2d5d4de92107406f3bc8af51], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvaxvaa\ycfvxfk, , [100b9baf2d5d4de92107406f3bc8af51], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvxvaxc\bahvxfk, , [d348f05a12787db950d807a8788b5da3], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvxvaxc\mkfvxfk, , [d348f05a12787db950d807a8788b5da3], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvxvaxc\pvpqbjobmlpfqlovvawq, , [d348f05a12787db950d807a8788b5da3], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvxvaxc\qokvxfk, , [d348f05a12787db950d807a8788b5da3], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvxvaxc\rfobmlpfqlovvawq, , [d348f05a12787db950d807a8788b5da3], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvxvaxc\rpboobmlpfqlovvawq, , [d348f05a12787db950d807a8788b5da3], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvxvaxc\stb.dat, , [d348f05a12787db950d807a8788b5da3], 
PUP.Optional.SearchProtect.A, C:\Users\User\AppData\Local\avayvxvaxc\ycfvxfk, , [d348f05a12787db950d807a8788b5da3], 
PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV=",), ,[7e9dc585e9a192a49c887db9b4525ca4]
PUP.Optional.Trovi.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: (         "new_tab_url": "https://www.trovi.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SAT=CNTS",), ,[021989c1414911252b6efa3c1aecea16]
PUP.Optional.NativeSearch.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fh14k260.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://native-search.com/?channel=deg");), ,[d54623275f2b38fee23f999c56b0d729]
PUP.Optional.NativeSearch.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fh14k260.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://native-search.com/search.php?channel=deg&q=");), ,[001bde6cdcae013570b3181d897d43bd]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
__________________


Alt 26.03.2015, 10:33   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



Hi,

bitte mit MBAR fortfahren:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
__________________

Alt 26.03.2015, 12:04   #4
adonisierend
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



es kam folgende Fehlermeldung, das Tool läuft aber immerhin
Angehängte Grafiken
Dateityp: png rootkit.png (23,4 KB, 192x aufgerufen)

Alt 26.03.2015, 12:51   #5
adonisierend
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



erster Scan erfolgreich und gecleaned
Nummer 2 läuft
Problem tritt weiterhin auf


Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17691
User :: USER-PC [administrator]

26.03.2015 13:06:49
mbar-log-2015-03-26 (13-06-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 336383
Time elapsed: 24 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\TeamViewer\TeamViewer_Resource_sv.dll (Trojan.FakeSIG) -> Delete on reboot. [162748f597e553e34fd5e3dca0642ed2]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Alt 26.03.2015, 12:56   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



Zitat:
main: v2014.11.18.05
So bringt das nix, du hast die Signaturen vorher nicht aktualisiert...
__________________
--> .exe - ungültiges Bild

Alt 26.03.2015, 13:11   #7
adonisierend
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



Update failed
Angehängte Grafiken
Dateityp: png failedupdate.png (152,9 KB, 145x aufgerufen)

Alt 26.03.2015, 13:48   #8
adonisierend
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



jetzt hat es aus unerklärlichen Gründen nach dem vierten Versuch geklappt.
Scan läuft erneut. Entschuldigung

nach dem Update: neuer gehts wirklich nicht..
keine Malware gefunden

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.26.04
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17691
User :: USER-PC [administrator]

26.03.2015 14:16:22
mbar-log-2015-03-26 (14-16-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 364537
Time elapsed: 27 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 26.03.2015, 14:21   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.03.2015, 07:30   #10
adonisierend
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



Windows Firewall aus, Avira aus, ADW deinstalliert

Code:
ATTFilter
# AdwCleaner v4.113 - Bericht erstellt 26/03/2015 um 16:13:52
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-23.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : User - USER-PC
# Gestarted von : C:\Users\User\Desktop\AdwCleaner_4.113.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : CltMngSvc
Dienst Gelöscht : SPPD

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\Program Files\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files\SearchProtect
Ordner Gelöscht : C:\Program Files\V-bates
Ordner Gelöscht : C:\Program Files\Common Files\ParetoLogic
Ordner Gelöscht : C:\Users\User\AppData\Local\ext_offermosquito
Ordner Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito
Ordner Gelöscht : C:\Users\User\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\User\AppData\Local\simple_new_tab
Ordner Gelöscht : C:\Users\User\AppData\Local\avaxvavya
Ordner Gelöscht : C:\Users\User\AppData\Local\avayvaxvaa
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\User\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Fifth
Ordner Gelöscht : C:\Users\User\AppData\Roaming\OfferMosquito
Ordner Gelöscht : C:\Users\User\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\User\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\User\Documents\PC Speed Maximizer
Datei Gelöscht : C:\windows\AppPatch\nbin\VC32Loader.dll
Datei Gelöscht : C:\windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Datei Gelöscht : C:\windows\system32\RegistryHelperLM.ocx
Datei Gelöscht : C:\Users\User\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fh14k260.default\searchplugins\search.xml

***** [ Geplante Tasks ] *****

Task Gelöscht : Fifth
Task Gelöscht : OMESupervisor
Task Gelöscht : paretologic registration3
Task Gelöscht : paretologic update version3

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Schlüssel Gelöscht : HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledsDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C2DD58F-613F-4580-8AC0-F10D760AF938}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82B16A3D-F03E-4565-A532-666B219C9A53}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C2DD58F-613F-4580-8AC0-F10D760AF938}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B16A3D-F03E-4565-A532-666B219C9A53}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C2DD58F-613F-4580-8AC0-F10D760AF938}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82B16A3D-F03E-4565-A532-666B219C9A53}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5C2DD58F-613F-4580-8AC0-F10D760AF938}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82B16A3D-F03E-4565-A532-666B219C9A53}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\foxydeal
Schlüssel Gelöscht : HKCU\Software\AppDataLow\foxydeal
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\Registry Helper
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v35.0.1 (x86 de)

[fh14k260.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaulturl", "hxxp://native-search.com/search.php?channel=deg&q=");
[fh14k260.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://native-search.com/?channel=deg");
[fh14k260.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://native-search.com/search.php?channel=deg&q=");
[fh14k260.default\prefs.js] - Zeile Gelöscht : user_pref("simplenewtab.url", "hxxp://native-search.com/?channel=deg_nt");

-\\ Pale Moon v25.2.1 (en-US)


-\\ Google Chrome v41.0.2272.101

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=58&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=58&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&q={searchTerms}&SSPV=

*************************

AdwCleaner[R1].txt - [9350 Bytes] - [26/03/2015 16:00:10]
AdwCleaner[S1].txt - [7713 Bytes] - [26/03/2015 16:13:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7772  Bytes] ##########
         

Die Fehlermeldungen bleiben jetzt aus

und der JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Home Premium x86
Ran by User on 26.03.2015 at 16:27:12,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341140}



~~~ Files

Successfully deleted: [File] C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"



~~~ FireFox

Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\fh14k260.default\prefs.js

user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.Resources_resource_354663.value", "%22%3F%20Optional%20-%20add
user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.Resources_resource_354678.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.Resources_resource_354680.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.Resources_resource_354681.value", "%22data%3Aimage/png%3Bbase6
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\fh14k260.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.03.2015 at 16:31:49,75
End of JRT log
         
ich schalte Avira und die Firewall nun wieder an...

Ist das Problem somit behoben?
Die Fehlermeldungen sind soweit weg, nicht dass sich im Hintergrund noch etwas versteckt hält?

Alt 27.03.2015, 08:13   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



Ich warte immer noch auf den 3. Schritt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.03.2015, 22:51   #12
adonisierend
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



Entschuldige hier der FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by User (administrator) on USER-PC on 28-03-2015 23:39:45
Running from C:\Users\User\Desktop
Loaded Profiles: User & Gast (Available profiles: User & Gast)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIJJE.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Mozilla Corporation) C:\Program Files\Pale Moon\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [65016 2013-01-17] (Lenovo)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\windows\system32\TpShocks.exe [186248 2012-09-20] (Lenovo.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-01-29] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379064 2012-10-17] (Synaptics Incorporated)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [4507208 2015-03-17] (SoftPerfect Research)
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-24] (Spotify Ltd)
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIJJE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [6701624 2015-03-24] (Spotify Ltd)
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\...\MountPoints2: {d92b8e66-f6c6-11e2-a0c0-00234df2186e} - E:\MotoCastSetup.exe -a
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-03-16] (Client Connect LTD)
Lsa: [Notification Packages] scecli ACGina

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV=
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fh14k260.default
FF SelectedSearchEngine: Search
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-08-09] (Cisco WebEx LLC)
FF Extension: Avira Browser Safety - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fh14k260.default\Extensions\abs@avira.com [2015-02-05]

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV="
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR DefaultSearchURL: Default -> hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=58&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&q={searchTerms}&SSPV=
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SAT=CNTS
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira Browser Safety) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [134648 2013-01-17] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [273912 2013-01-17] (Lenovo)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [3251472 2015-03-16] (Client Connect LTD)
R2 EpsonScanSvc; C:\windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-10-17] (Macrovision Europe Ltd.) [File not signed]
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [44024 2013-01-29] (Lenovo Group Limited)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [127072 2012-08-24] (Lenovo Group Limited)
R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [62456 2013-01-29] (Lenovo Group Limited)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1664296 2013-01-09] (Lenovo Group Limited)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [116368 2012-12-18] (Lenovo Group Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-10] (Avira Operations GmbH & Co. KG)
R3 LenovoRd; C:\windows\System32\Drivers\LenovoRd.sys [88832 2009-05-11] (Lenovo)
R3 NETwNs32; C:\windows\System32\DRIVERS\NETwNs32.sys [7523840 2012-01-23] (Intel Corporation)
R1 networx; C:\windows\System32\drivers\networx.sys [56128 2015-03-17] (NetFilterSDK.com)
R3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [38200 2012-10-17] (Synaptics Incorporated)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH)
R3 PCDSRVC{3037D694-FD904ACA-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
R3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 23:39 - 2015-03-28 23:39 - 01135104 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-03-28 23:28 - 2015-03-28 23:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\PCDr
2015-03-28 23:27 - 2015-03-28 23:28 - 00000000 ____D () C:\ProgramData\PCDr
2015-03-27 09:01 - 2015-03-27 09:01 - 00039312 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2015-03-26 19:21 - 2015-03-26 19:21 - 00000000 ____D () C:\Users\User\AppData\Local\SearchProtect
2015-03-26 19:21 - 2015-03-26 19:21 - 00000000 ____D () C:\Program Files\SearchProtect
2015-03-26 16:31 - 2015-03-26 16:31 - 00002077 _____ () C:\Users\User\Desktop\JRT.txt
2015-03-26 16:26 - 2015-03-26 16:26 - 01388782 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-03-26 16:00 - 2015-03-26 16:14 - 00000000 ____D () C:\AdwCleaner
2015-03-26 15:55 - 2015-03-26 15:55 - 02168320 _____ () C:\Users\User\Desktop\AdwCleaner_4.113.exe
2015-03-26 13:05 - 2015-03-26 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-26 12:59 - 2015-03-26 14:50 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-03-26 12:57 - 2015-03-26 12:58 - 16502728 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.09.1.1004.exe
2015-03-26 11:06 - 2015-03-26 11:07 - 00027948 _____ () C:\Users\User\Desktop\Addition.txt
2015-03-26 11:04 - 2015-03-28 23:39 - 00016821 _____ () C:\Users\User\Desktop\FRST.txt
2015-03-26 11:04 - 2015-03-28 23:39 - 00000000 ____D () C:\FRST
2015-03-26 10:37 - 2015-03-26 14:14 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 10:10 - 2015-03-26 16:46 - 00000468 _____ () C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-03-26 10:08 - 2015-03-26 10:08 - 05813872 _____ (ParetoLogic Inc.) C:\Users\User\Desktop\ParetoLogic PC Health Advisor_de.exe
2015-03-25 10:56 - 2015-03-11 04:30 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-25 10:56 - 2015-03-11 04:30 - 00534528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-25 10:56 - 2015-03-11 04:29 - 00818176 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-25 10:56 - 2015-03-11 04:29 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-25 10:56 - 2015-03-11 04:29 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-25 10:56 - 2015-03-11 04:29 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-25 10:56 - 2015-03-11 04:29 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-03-25 10:56 - 2015-03-11 04:26 - 00892928 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-24 16:57 - 2015-03-25 09:45 - 00000000 ____D () C:\Users\User\AppData\Local\avaavxvyex
2015-03-18 11:33 - 2015-03-18 11:33 - 00000000 ____D () C:\ProgramData\SoftPerfect
2015-03-18 11:33 - 2015-03-18 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2015-03-18 11:33 - 2015-03-18 11:33 - 00000000 ____D () C:\Program Files\NetWorx
2015-03-18 11:33 - 2015-03-17 14:00 - 00056128 _____ (NetFilterSDK.com) C:\windows\system32\Drivers\networx.sys
2015-03-11 08:33 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 08:33 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-11 08:33 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 08:33 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 08:33 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 08:33 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 08:33 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 08:33 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 08:33 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-11 08:33 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 08:33 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-11 08:33 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-11 08:33 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-11 08:33 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 08:33 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 08:33 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-11 08:33 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-11 08:33 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-11 08:33 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-11 08:33 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-11 08:33 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:33 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:33 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-11 08:33 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 08:33 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 08:33 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 08:33 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-11 08:33 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-11 08:33 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 08:33 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 08:33 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-11 08:33 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 08:33 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 08:33 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 08:32 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:32 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-11 08:32 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-11 08:32 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-11 08:32 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-11 08:32 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-11 08:32 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-11 08:32 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-11 08:32 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-11 08:32 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 08:32 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 08:32 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 08:32 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 08:32 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 08:32 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 08:32 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 08:31 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-03-11 08:31 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 08:31 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-11 08:31 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-11 08:31 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-11 08:31 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-11 08:31 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-11 08:31 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-11 08:31 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-11 08:31 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-11 08:31 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-11 08:31 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-11 08:31 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-11 08:31 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-11 08:31 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-11 08:31 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 08:31 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-10 23:38 - 2015-03-10 23:38 - 10165597 _____ () C:\Users\User\VID-20150310-WA0001.mp4
2015-03-03 11:05 - 2015-03-03 11:05 - 00027648 ____H () C:\Users\User\Downloads\photothumb.db
2015-02-27 14:02 - 2015-02-27 18:00 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-26 08:24 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-26 08:23 - 2015-02-26 08:23 - 00000000 ____D () C:\Users\User\AppData\Local\avayvxvaxc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 23:27 - 2013-05-21 13:32 - 00000466 _____ () C:\windows\Tasks\SystemToolsDailyTest.job
2015-03-28 23:26 - 2010-11-20 21:58 - 01372292 _____ () C:\windows\WindowsUpdate.log
2015-03-28 23:00 - 2015-02-06 17:45 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-28 22:45 - 2013-05-25 11:47 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 22:04 - 2013-05-25 11:47 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-27 12:19 - 2013-07-29 20:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-03-27 11:05 - 2014-02-09 14:12 - 00000000 ____D () C:\Users\User\Desktop\Originals
2015-03-27 10:36 - 2013-05-31 10:06 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2015-03-27 10:31 - 2013-05-31 10:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2015-03-27 09:14 - 2013-07-07 22:56 - 00000000 ____D () C:\Users\User\.gimp-2.8
2015-03-27 08:51 - 2014-04-29 17:48 - 00413696 ___SH () C:\Users\User\Thumbs.db
2015-03-27 08:41 - 2009-07-14 05:34 - 00028944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 08:41 - 2009-07-14 05:34 - 00028944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 08:40 - 2014-03-04 16:49 - 00075776 ____H () C:\Users\User\Documents\photothumb.db
2015-03-26 16:46 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-26 16:46 - 2009-07-14 05:39 - 00069339 _____ () C:\windows\setupact.log
2015-03-26 16:17 - 2010-11-20 22:48 - 00120344 _____ () C:\windows\PFRO.log
2015-03-26 14:50 - 2014-08-12 21:05 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-26 14:30 - 2013-09-22 15:02 - 00116736 ____H () C:\Users\User\photothumb.db
2015-03-26 14:30 - 2013-06-01 12:59 - 00044032 ____H () C:\Users\User\Desktop\photothumb.db
2015-03-26 13:38 - 2009-07-14 05:52 - 00000000 ____D () C:\windows\addins
2015-03-26 13:31 - 2013-09-23 22:05 - 00000000 ____D () C:\Program Files\TeamViewer
2015-03-26 10:39 - 2014-08-12 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-26 10:39 - 2014-08-12 21:05 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-26 10:39 - 2014-03-17 09:28 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-26 09:34 - 2014-12-12 18:14 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-26 09:34 - 2014-05-07 08:31 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-25 15:04 - 2014-05-01 23:08 - 00467456 ___SH () C:\Users\User\Documents\Thumbs.db
2015-03-24 18:50 - 2013-05-21 13:32 - 00000528 _____ () C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-03-18 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache
2015-03-15 10:53 - 2013-05-26 10:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-15 10:53 - 2009-07-14 05:33 - 01634584 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-15 10:49 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-03-13 08:14 - 2014-04-16 23:23 - 00000000 ____D () C:\windows\system32\MRT
2015-03-13 08:06 - 2014-04-16 23:23 - 119837696 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-11 18:45 - 2009-07-14 05:52 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-03-09 20:19 - 2013-10-20 22:36 - 00020869 _____ () C:\Users\User\Desktop\Pingelingeling.odt
2015-03-08 14:31 - 2010-11-20 22:01 - 01619284 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-05 12:34 - 2014-08-06 11:44 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 12:34 - 2013-08-07 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 12:34 - 2013-08-07 22:12 - 00000000 ____D () C:\Program Files\Avira
2015-03-03 18:31 - 2013-07-01 15:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-03-03 10:56 - 2014-01-08 17:57 - 00000000 ____D () C:\Users\User\Documents\WICHTIGES

==================== Files in the root of some directories =======

2014-04-29 10:12 - 2014-04-29 10:12 - 1107768 _____ (AnyProtect.com) C:\Users\User\AppData\Local\nso3399.tmp
2015-03-27 09:01 - 2015-03-27 09:01 - 0039312 _____ () C:\Users\User\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\User\avg_tuht_stf_de_2015_185_15cmp16.exe
C:\Users\User\FSCaptureSetup53.exe
C:\Users\User\gimp-2.8.6-setup.exe
C:\Users\User\mbam-setup-1.75.0.1300.exe
C:\Users\User\pdf24-creator-6.0.1.exe
C:\Users\User\phase562install.exe
C:\Users\User\wrar500.exe


Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-26 19:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---


und Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by User at 2015-03-28 23:45:27
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (HKLM\...\Adobe_67a7fb1e97aa14ee9ef0950eb6fd757) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.67.10 - )
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.12.0 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Druckerdeinstallation für EPSON WF-3520 Series (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.40 - )
Epson Benutzerhandbuch WF-3520 Series (HKLM\...\WF-3520 Series Useg) (Version:  - )
Epson Connect Guide (HKLM\...\Epson Connect Guide) (Version:  - )
Epson Event Manager (HKLM\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3520 Series (HKLM\...\WF-3520 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Fallen Shadows - Schatten der Kindheit (HKLM\...\{AE2893E9-145A-41AC-85C6-ED046B13572E}) (Version: 1.0.0 - Happy Muffin Top)
FastStone Capture 5.3 (HKLM\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
Firefox Browser (remove only) (HKLM\...\Firefox Browser) (Version:  - )
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.32.327 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Chrome Frame (HKLM\...\{7455D86F-5295-389C-AA29-18D2BDAF8DD8}) (Version: 65.169.102 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lenovo Patch Utility (HKLM\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.21 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5802.24 - PC-Doctor, Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movavi Video Suite 12 (HKLM\...\Movavi Video Suite 12) (Version: 12.2.1 - Movavi)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
NetWorx 5.3.4 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Pale Moon 25.2.1 (x86 en-US) (HKLM\...\Pale Moon 25.2.1 (x86 en-US)) (Version: 25.2.1 - Moonchild Productions)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.0.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pflanzen gegen Zombies (HKLM\...\{38541171-2520-8420-4707-482373142242}) (Version: 1.0 - Bluefish Games)
Pflanzen gegen Zombies (HKLM\...\{3F0356D7-2C0A-4284-B6D3-BD04972FE2F7}}_is1) (Version:  - Gamesload)
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Plants vs. Zombies (HKLM\...\Plants vs. Zombies) (Version:  - PopCap Games)
RCT3 Soaked (HKLM\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
RecordPad Sound Recorder (HKLM\...\Recordpad) (Version: 5.15 - NCH Software)
Rescue and Recovery (HKLM\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.50.0025.00 - Lenovo Group Limited)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
RollerCoaster Tycoon 2 (HKLM\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
RollerCoaster Tycoon 3 (HKLM\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
Search Protect (HKLM\...\SearchProtect) (Version: 2.22.0.160 - Client Connect LTD) <==== ATTENTION
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Software Updater (HKLM\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.2 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.98 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.0.10.0 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.9 - Lenovo)
Tinypic 3.18 (HKLM\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
TopStyle Lite (Version 3) (HKLM\...\TopStyle Lite (Version 3.0)) (Version:  - )
TopStyle Lite (Version 3) (HKLM\...\TSLite3_is1) (Version:  - )
Twisted Lands - Insomniac (HKLM\...\Twisted Lands - Insomniac) (Version:  - )
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Intel (e1yexpress) Net  (10/20/2011 10.1.17.0) (HKLM\...\133F9046FF7A87F5692D42D459416781366A9496) (Version: 10/20/2011 10.1.17.0 - Intel)
Windows-Treiberpaket - Intel hdc  (10/05/2012 9.1.9.1002) (HKLM\...\4A2944E186251A41773D639F1FB1C31B9642332C) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\1AF5F143058CA8C5C954BD408C48232FAF21A69F) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\2528966896853AC8DEC09D148A501604155972BD) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\AC2EE0A9AD3E95C0C675C31C13CF653A6CB3A598) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel USB  (10/05/2012 9.1.9.1002) (HKLM\...\48EC18D43DCBA26BDC1D4FFB660F86792AB475D2) (Version: 10/05/2012 9.1.9.1002 - Intel)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-03-2015 07:57:43 Windows Update
17-03-2015 08:02:53 Windows Update
20-03-2015 09:07:59 Windows Update
24-03-2015 14:43:16 Windows Update
26-03-2015 09:22:32 Windows Update
26-03-2015 13:31:33 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15850CEF-34CD-4E6B-B49A-EC1F5B6B77AC} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {1C54C99A-AC30-4A70-985C-A1AA32EC93EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
Task: {1C87D32B-A7BC-4BEF-AC3F-4F5AFF1CA19A} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {5687C881-2490-4CF6-B471-5FB7293F1C4E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {77208E3F-C7F5-4464-B949-1A1B8CB2069A} - System32\Tasks\{D4D8593A-5F7C-455B-9F44-4A82470B0A9C} => C:\Users\User\Documents\Firefox Browser\FirefoxPortable.exe [2013-03-08] (PortableApps.com)
Task: {80CE352F-80A2-4184-A1B7-3C9F996316A4} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {8192C99B-FBD1-4FAD-83A0-FC187ECFF19E} - System32\Tasks\{4493926D-CDA7-4F19-8DE6-D30C81608AF8} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-26] (SEIKO EPSON CORP.)
Task: {9105B51B-3077-47FC-B8A2-E00679EC77E4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9A71B82F-5099-45CC-9C2E-DCAA7A134049} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
Task: {C59C9647-1E87-4E40-880F-170DC2987BDD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {C6A8F75D-61DB-4C62-8824-9A1B07FB7C96} - System32\Tasks\{7F1B0606-156D-49B9-A655-155AE011A89B} => pcalua.exe -a C:\Users\User\Desktop\PlantsvsZombiesSetup.exe -d C:\Users\User\Desktop
Task: {CCE8FD0C-579B-4FB0-B222-F9C919B76A8A} - System32\Tasks\avaavxvyex => C:\Users\User\AppData\Local\avaavxvyex\avaavxvyex.exe [2015-03-16] () <==== ATTENTION
Task: {D393032F-08CE-4E33-A3B7-E93DB32222E6} - System32\Tasks\{3F4D803F-4F34-4A1F-A67C-C7AB63F8E68B} => C:\Users\User\Documents\Firefox Browser\FirefoxPortable.exe [2013-03-08] (PortableApps.com)
Task: {DE287C34-C5CF-4C22-AF31-012B2D781ED2} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {E01E2680-3178-4741-8B2F-6D9BE61E3CDF} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {E438CB44-1FAE-4359-9D8F-A7053FD5C569} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {E94F41F8-312D-46D9-A623-AB6DE1470327} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F6F2C829-B43C-43C1-8965-164730992482} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {FCA4D225-6735-4384-A922-0BDCA81E5BAF} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) ==============

2013-01-09 11:33 - 2013-01-09 11:33 - 00086016 _____ () C:\Program Files\Lenovo\Access Connections\AcWrpc.dll
2013-05-21 13:22 - 2013-01-09 06:40 - 00095232 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2015-03-18 11:33 - 2015-03-03 15:49 - 00582656 _____ () C:\Program Files\NetWorx\sqlite.dll
2015-02-06 19:06 - 2015-01-22 01:47 - 03056640 _____ () C:\Program Files\Pale Moon\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4062459640-3492374546-2499261898-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Registry Helper => "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
MSCONFIG\startupreg: SCheck => "C:\Users\User\AppData\Roaming\SCheck\SCheck.exe" check 
MSCONFIG\startupreg: Snoozer => "C:\Users\User\AppData\Roaming\Snz\Snz.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-4062459640-3492374546-2499261898-500 - Administrator - Disabled)
Gast (S-1-5-21-4062459640-3492374546-2499261898-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-4062459640-3492374546-2499261898-1002 - Limited - Enabled)
User (S-1-5-21-4062459640-3492374546-2499261898-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2015 11:28:25 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:25:3020)(8184) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = de, customer = lenovo, variant = ltt

Error: (03/28/2015 11:28:25 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:25:3010)(8184) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (03/28/2015 11:28:25 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:25:3010)(8184) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.body locale: PCDLocale: language = de, customer = lenovo, variant = ltt

Error: (03/28/2015 11:28:25 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:25:3000)(8184) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.title locale: PCDLocale: language = de, customer = lenovo, variant = ltt

Error: (03/28/2015 11:28:15 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:15:5320)(8184) libMatrix.profiler.ProfilerSnapshots - Error -- 447 getDirectoryContents(C:\ProgramData\PCDr\5802/performance) failed

Error: (03/28/2015 11:28:15 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:15:5320)(8184) libMatrix.profiler.ProfilerSnapshots - Error -- 349 getDirectoryContents(C:\ProgramData\PCDr\5802/performance) failed

Error: (03/28/2015 11:28:15 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:15:4680)(8184) libMatrix.profiler.ProfilerSnapshots - Error -- 447 getDirectoryContents(C:\ProgramData\PCDr\5802/smartdata) failed

Error: (03/28/2015 11:28:15 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:15:4630)(8184) libMatrix.profiler.ProfilerSnapshots - Error -- 349 getDirectoryContents(C:\ProgramData\PCDr\5802/smartdata) failed

Error: (03/28/2015 11:28:15 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:15:3350)(8184) libMatrix.profiler.ProfilerSnapshots - Error -- 447 getDirectoryContents(C:\ProgramData\PCDr\5802/software) failed

Error: (03/28/2015 11:28:15 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:15:3260)(8184) libMatrix.profiler.ProfilerSnapshots - Error -- 349 getDirectoryContents(C:\ProgramData\PCDr\5802/software) failed


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (03/28/2015 11:28:25 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:25:3020)(8184) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = de, customer = lenovo, variant = ltt

Error: (03/28/2015 11:28:25 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:25:3010)(8184) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (03/28/2015 11:28:25 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:25:3010)(8184) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.body locale: PCDLocale: language = de, customer = lenovo, variant = ltt

Error: (03/28/2015 11:28:25 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:25:3000)(8184) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.title locale: PCDLocale: language = de, customer = lenovo, variant = ltt

Error: (03/28/2015 11:28:15 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:15:5320)(8184) libMatrix.profiler.ProfilerSnapshots - Error -- 447 getDirectoryContents(C:\ProgramData\PCDr\5802/performance) failed

Error: (03/28/2015 11:28:15 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:15:5320)(8184) libMatrix.profiler.ProfilerSnapshots - Error -- 349 getDirectoryContents(C:\ProgramData\PCDr\5802/performance) failed

Error: (03/28/2015 11:28:15 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:15:4680)(8184) libMatrix.profiler.ProfilerSnapshots - Error -- 447 getDirectoryContents(C:\ProgramData\PCDr\5802/smartdata) failed

Error: (03/28/2015 11:28:15 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:15:4630)(8184) libMatrix.profiler.ProfilerSnapshots - Error -- 349 getDirectoryContents(C:\ProgramData\PCDr\5802/smartdata) failed

Error: (03/28/2015 11:28:15 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:15:3350)(8184) libMatrix.profiler.ProfilerSnapshots - Error -- 447 getDirectoryContents(C:\ProgramData\PCDr\5802/software) failed

Error: (03/28/2015 11:28:15 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (8184) Asapi: (23:28:15:3260)(8184) libMatrix.profiler.ProfilerSnapshots - Error -- 349 getDirectoryContents(C:\ProgramData\PCDr\5802/software) failed


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 40%
Total physical RAM: 2968.03 MB
Available physical RAM: 1765.52 MB
Total Pagefile: 5934.35 MB
Available Pagefile: 4318.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.34 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:149.05 GB) (Free:59.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 63242DF7)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 29.03.2015, 01:39   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV="
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR DefaultSearchURL: Default -> hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=58&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&q={searchTerms}&SSPV=
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SAT=CNTS
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
R3 PCDSRVC{3037D694-FD904ACA-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
C:\Users\User\AppData\Local\avaavxvyex
C:\Users\User\avg_tuht_stf_de_2015_185_15cmp16.exe
C:\Users\User\FSCaptureSetup53.exe
C:\Users\User\gimp-2.8.6-setup.exe
C:\Users\User\mbam-setup-1.75.0.1300.exe
C:\Users\User\pdf24-creator-6.0.1.exe
C:\Users\User\phase562install.exe
C:\Users\User\wrar500.exe
Task: {CCE8FD0C-579B-4FB0-B222-F9C919B76A8A} - System32\Tasks\avaavxvyex => C:\Users\User\AppData\Local\avaavxvyex\avaavxvyex.exe [2015-03-16] () <==== ATTENTION
Task: {E438CB44-1FAE-4359-9D8F-A7053FD5C569} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.03.2015, 20:10   #14
adonisierend
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by User at 2015-03-29 21:02:17 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User & Gast (Available profiles: User & Gast)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=55&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SSPV="
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR DefaultSearchURL: Default -> hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M91EA0434-214B-45B5-8F29-BB89B8C0B484&SearchSource=58&CUI=&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&q={searchTerms}&SSPV=
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SAT=CNTS
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
R3 PCDSRVC{3037D694-FD904ACA-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
C:\Users\User\AppData\Local\avaavxvyex
C:\Users\User\avg_tuht_stf_de_2015_185_15cmp16.exe
C:\Users\User\FSCaptureSetup53.exe
C:\Users\User\gimp-2.8.6-setup.exe
C:\Users\User\mbam-setup-1.75.0.1300.exe
C:\Users\User\pdf24-creator-6.0.1.exe
C:\Users\User\phase562install.exe
C:\Users\User\wrar500.exe
Task: {CCE8FD0C-579B-4FB0-B222-F9C919B76A8A} - System32\Tasks\avaavxvyex => C:\Users\User\AppData\Local\avaavxvyex\avaavxvyex.exe [2015-03-16] () <==== ATTENTION
Task: {E438CB44-1FAE-4359-9D8F-A7053FD5C569} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
EmptyTemp:
         
*****************

HKU\S-1-5-21-4062459640-3492374546-2499261898-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=5&UP=SP5641944F-53E9-4264-B799-CCC5CDA3584E&SAT=CNTS => Error: No automatic fix found for this entry.
Chrome DefaultSuggestURL deleted successfully.
PCDSRVC{3037D694-FD904ACA-06020101}_0 => Service stopped successfully.
PCDSRVC{3037D694-FD904ACA-06020101}_0 => Service deleted successfully.
C:\Users\User\AppData\Local\avaavxvyex => Moved successfully.
C:\Users\User\avg_tuht_stf_de_2015_185_15cmp16.exe => Moved successfully.
C:\Users\User\FSCaptureSetup53.exe => Moved successfully.
C:\Users\User\gimp-2.8.6-setup.exe => Moved successfully.
C:\Users\User\mbam-setup-1.75.0.1300.exe => Moved successfully.
C:\Users\User\pdf24-creator-6.0.1.exe => Moved successfully.
C:\Users\User\phase562install.exe => Moved successfully.
C:\Users\User\wrar500.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCE8FD0C-579B-4FB0-B222-F9C919B76A8A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCE8FD0C-579B-4FB0-B222-F9C919B76A8A}" => Key deleted successfully.
C:\Windows\System32\Tasks\avaavxvyex => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaavxvyex" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E438CB44-1FAE-4359-9D8F-A7053FD5C569}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E438CB44-1FAE-4359-9D8F-A7053FD5C569}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => Key deleted successfully.
EmptyTemp: => Removed 201.3 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 21:02:45 ====
         

Alt 29.03.2015, 20:56   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
.exe - ungültiges Bild - Standard

.exe - ungültiges Bild



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu .exe - ungültiges Bild
.exe, avira, bild, cleaner, erschein, erscheint, fehlermeldung, folge, folgende, gestern, guten, irgendetwas, meldung, programm, quara, quarantäne, trojan.fakesig, ungültiges, ungültiges bild, öffnen



Ähnliche Themen: .exe - ungültiges Bild


  1. CCC.exe Ungültiges Bild
    Plagegeister aller Art und deren Bekämpfung - 18.10.2015 (17)
  2. Windows7: Excel.EXE ungültiges Bild
    Log-Analyse und Auswertung - 31.07.2015 (13)
  3. NvBackend.exe Ungültiges Bild
    Plagegeister aller Art und deren Bekämpfung - 01.07.2015 (28)
  4. ... .exe - Ungültiges Bild
    Log-Analyse und Auswertung - 25.04.2015 (3)
  5. WIN 7: NvBackend.exe - Ungültiges Bild
    Log-Analyse und Auswertung - 14.04.2015 (6)
  6. Ungültiges Bild, wieder einmal
    Log-Analyse und Auswertung - 12.04.2015 (15)
  7. Schon wieder ccc.exe ungültiges bild
    Plagegeister aller Art und deren Bekämpfung - 10.04.2015 (9)
  8. Meldung ...EXE - Ungültiges Bild
    Log-Analyse und Auswertung - 31.03.2015 (4)
  9. Windows 7: .exe ungültiges Bild
    Log-Analyse und Auswertung - 31.03.2015 (9)
  10. Windows-Fehlermeldung: ...\...\..dll: Ungültiges Bild
    Log-Analyse und Auswertung - 21.03.2015 (16)
  11. Windows 7 / Fehlermeldung - Ungültiges Bild
    Plagegeister aller Art und deren Bekämpfung - 19.03.2015 (5)
  12. xxx.exe ungültiges Bild
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (9)
  13. Ungültiges Bild (Fehlermeldung)
    Log-Analyse und Auswertung - 03.02.2015 (1)
  14. Ungültiges Bild
    Log-Analyse und Auswertung - 24.12.2014 (3)
  15. Die Meldung ungültiges Bild und Wsys
    Plagegeister aller Art und deren Bekämpfung - 18.11.2013 (13)
  16. Ungültiges Bild - Win7
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (23)
  17. Ungültiges Bild - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (12)

Zum Thema .exe - ungültiges Bild - Guten Mittag zusammen. Nachdem gestern mein Avira eine Meldung brachte setze ich irgendetwas in Quarantäne und sollte etwas löschen. Nun erscheint bei jedem Programm, welches ich öffnen möchte folgende Fehlermeldung: - .exe - ungültiges Bild...
Archiv
Du betrachtest: .exe - ungültiges Bild auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.