Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   wisptis 2x im Taskmanager und lässt sich nicht beenden (https://www.trojaner-board.de/166399-wisptis-2x-taskmanager-laesst-beenden.html)

mf112 24.04.2015 16:04
wisptis 2x im Taskmanager und lässt sich nicht beenden
 
Hallo
auf meinem Notebook Win 7 HP 32 bit ist seit geraumer Zeit oben genannter Prozess im Task Manager. Dieser lässt sich auch nicht löschen bzw. beenden.
Was ist das bzw. ist es schädlich?

Danke vorab

Michaela

schrauber 24.04.2015 16:13
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


mf112 24.04.2015 16:53
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2015 02
Ran by Michi (ATTENTION: The logged in user is not administrator) on BIG-SCHLAEPPI on 24-04-2015 17:12:39
Running from C:\Users\Michi\Desktop
Loaded Profiles: Michi & admin (Available profiles: Michi & admin)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> LEXBCES.EXE
Failed to access process -> LEXPPS.EXE
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> avp.exe
Failed to access process -> FABS.exe
Failed to access process -> LMS.exe
Failed to access process -> sqlservr.exe
Failed to access process -> nassvc.exe
Failed to access process -> PassThruSvr.exe
Failed to access process -> PsiService_2.exe
Failed to access process -> RichVideo.exe
Failed to access process -> SeaPort.exe
Failed to access process -> sqlwriter.exe
Failed to access process -> syncagentsrv.exe
Failed to access process -> SynoDrService.exe
Failed to access process -> UsbClientService.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WTGService.exe
Failed to access process -> X10nets.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> UNS.exe
Failed to access process -> svchost.exe
Failed to access process -> wmpnetwk.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
Failed to access process -> WisLMSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
Failed to access process -> WmiPrvSE.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
Failed to access process -> wisptis.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
Failed to access process -> taskhost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> WmiPrvSE.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\Run: [Amazon Music] => C:\Users\Michi\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\MountPoints2: {45da498c-4e4e-11e0-a569-00262df63b2e} - F:\AutoRun.exe
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\MountPoints2: {45da4993-4e4e-11e0-a569-00262df63b2e} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2403307681-2365322253-235483669-1000] => 65.49.80.156:8088
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fwhg.de/
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
URLSearchHook: [S-1-5-21-2403307681-2365322253-235483669-1008] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-2403307681-2365322253-235483669-1000 -> {73A6340A-1B04-483C-9CC2-587C4F90B070} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-23] (Kaspersky Lab ZAO)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-29] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-05] (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-05] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-28] (Kaspersky Lab ZAO)
BHO: DeLorme Send To GPS -> {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} -> C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll [2011-11-10] (DeLorme)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2403307681-2365322253-235483669-1000 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2403307681-2365322253-235483669-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\hg16e0to.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://fwhg.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-22] ()
FF Plugin: @delorme.com/SendToGPS -> C:\Program Files\DeLorme\SendToGPS\nppnplugin.dll [2011-11-10] (DeLorme)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [2010-01-06] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2009-06-09] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2009-06-09] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @mywebsearch.com/Plugin -> C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Garmin Communicator - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\hg16e0to.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-08-17]
FF Extension: Video DownloadHelper - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\hg16e0to.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-19]
FF Extension: DownThemAll! - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\hg16e0to.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-12-24]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2015-04-24]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-04-24]
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\1.bin
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-23]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [813320 2011-11-10] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3483600 2011-12-19] (Acronis)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [303104 2003-02-25] (Lexmark International, Inc.)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251256 2010-10-28] (BUFFALO INC.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [5899240 2011-11-10] (Acronis)
R2 SynoDrService; C:\Program Files\Synology Data Replicator  3\SynoDrService.exe [248704 2013-04-25] () [File not signed]
R2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 busenum; C:\Windows\System32\DRIVERS\busenum.sys [45792 2012-08-03] (Windows (R) Win 7 DDK provider)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-02-22] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-23] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-23] (Kaspersky Lab ZAO)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [621056 2011-05-23] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-07-11] (DiBcom S.A.) [File not signed]
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-05-06] () [File not signed]
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [766496 2011-12-19] (Acronis)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126144 2011-12-19] (Acronis)
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [84544 2011-12-19] (Acronis)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-23] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-23] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-23] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [295128 2009-12-01] (Microsoft Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 appliandMP; system32\DRIVERS\appliand.sys [X]
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-24 17:12 - 2015-04-24 17:17 - 00021288 _____ () C:\Users\Michi\Desktop\FRST.txt
2015-04-24 17:12 - 2015-04-24 17:12 - 00000000 ____D () C:\FRST
2015-04-24 17:11 - 2015-04-24 17:11 - 01139200 _____ (Farbar) C:\Users\Michi\Desktop\FRST.exe
2015-04-24 17:06 - 2015-04-24 17:06 - 00000000 ____D () C:\ProgramData\hsswpr
2015-04-24 16:56 - 2015-04-24 16:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-24 17:16 - 2010-03-02 07:17 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-24 17:08 - 2013-06-17 19:21 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-24 17:06 - 2010-05-09 12:21 - 01687899 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 17:06 - 2009-07-14 06:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-24 17:06 - 2009-07-14 06:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-24 17:04 - 2015-03-08 17:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2015-04-24 17:04 - 2012-05-06 14:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-24 17:01 - 2011-03-13 21:32 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-24 17:00 - 2011-03-13 21:32 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-24 16:46 - 2012-04-29 16:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-23 05:18 - 2013-11-23 22:49 - 00020033 _____ () C:\Windows\setupact.log
2015-04-23 05:18 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-22 02:46 - 2012-04-29 16:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-22 02:46 - 2011-05-17 17:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-21 20:42 - 2010-03-02 08:06 - 00000000 ____D () C:\ProgramData\X10 Settings
2015-04-21 20:37 - 2010-05-13 20:05 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\vlc
2015-04-21 20:27 - 2010-03-02 07:02 - 01681776 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-27 19:22 - 2010-05-10 19:15 - 00000000 ___RD () C:\Users\Michi\_Haushalt

==================== Files in the root of some directories =======

2013-12-15 21:47 - 2013-12-15 21:47 - 49940480 _____ () C:\Program Files\GUTE1EC.tmp
2013-03-04 20:36 - 2013-03-04 20:36 - 0000054 _____ () C:\Users\Michi\AppData\Roaming\mbam.context.scan
2010-09-16 17:23 - 2015-01-13 20:27 - 0028160 _____ () C:\Users\Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-03 21:19 - 2011-02-03 21:19 - 0007606 _____ () C:\Users\Michi\AppData\Local\Resmon.ResmonCfg
2010-12-24 13:31 - 2010-12-24 13:31 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-04-2015 02
Ran by Michi at 2015-04-24 17:18:02
Running from C:\Users\Michi\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-2403307681-2365322253-235483669-1008 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2403307681-2365322253-235483669-500 - Administrator - Disabled)
fbwuser72D3 (S-1-5-21-2403307681-2365322253-235483669-1011 - Limited - Enabled)
fbwuser81B6 (S-1-5-21-2403307681-2365322253-235483669-1010 - Limited - Enabled)
fbwuserDE58 (S-1-5-21-2403307681-2365322253-235483669-1009 - Limited - Enabled)
Gast (S-1-5-21-2403307681-2365322253-235483669-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2403307681-2365322253-235483669-1013 - Limited - Enabled)
Michi (S-1-5-21-2403307681-2365322253-235483669-1000 - Limited - Enabled) => C:\Users\Michi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
ACDSee Pro 2 (HKLM\...\{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}) (Version: 2.0.219 - ACD Systems International)
Acronis*True*Image*Home 2012 (HKLM\...\{2186F2E0-7023-453B-B604-0F13C72AFF37}Visible) (Version: 15.0.6131 - Acronis)
Acronis*True*Image*Home 2012 (Version: 15.0.6131 - Acronis) Hidden
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
BUFFALO NAS Navigator2 (HKLM\...\UN060501) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Core FTP LE 2.1 (HKLM\...\Core FTP LE 2.1) (Version:  - )
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2522 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2519.00 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2609 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DeLorme Send To GPS 1.3 (HKLM\...\{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1) (Version: 1.3 - DeLorme Publishing)
Firebird SQL Server - MAGIX Edition (HKLM\...\{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}) (Version: 2.1.23.0 - MAGIX AG)
FoxTab Video Converter (HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\FoxTab Video Converter) (Version:  - ) <==== ATTENTION
Free Audio CD Burner version 2.0.21.1031 (HKLM\...\Free Audio CD Burner_is1) (Version: 2.0.21.1031 - DVDVideoSoft Ltd.)
Free FLV Converter V 6.93.0 (HKLM\...\Free FLV Converter_is1) (Version: 6.93.0.0 - Koyote Soft)
Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free Video to MP3 Converter version 3.5 (HKLM\...\Free Video to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB945282) (HKLM\...\{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB945282) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB946040) (HKLM\...\{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB946040) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB946308) (HKLM\...\{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB946308) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB946344) (HKLM\...\{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB946344) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB946581) (HKLM\...\{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB946581) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB947540) (HKLM\...\{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB947540) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB947789) (HKLM\...\{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB947789) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB951708) (HKLM\...\{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB951708) (Version: 1 - Microsoft Corporation)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2092 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
MEDION Fotos auf CD & DVD SE Sued (HKLM\...\MEDION Fotos auf CD & DVD SE Sued D) (Version: 8.0.3.4 - MAGIX AG)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1318 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1318 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Live Add-in 1.4 (HKLM\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation)
Microsoft Research AutoCollage 2008 version 1.1 (HKLM\...\{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}) (Version: 1.01.2008 - Microsoft Research)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.50106.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008-Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (HKLM\...\Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU) (Version:  - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - deu (HKLM\...\{38C7CB9E-1451-38D5-BB97-B7FC59E1A8B8}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 5.8.4 - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM\...\{089DD780-DB3F-4CDB-A0C2-111360247298}) (Version: 10.24.0.0 - Nokia)
PDF24 Creator 5.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6057 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0145 - REALTEK Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Synology Assistant (remove only) (HKLM\...\Synology Assistant) (Version:  - )
Synology Data Replicator  3 (HKLM\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.9947 - TeamViewer GmbH)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Verbindungsassistent (HKLM\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =>

==================== Loaded Modules (whitelisted) ==============

2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2011-11-10 07:51 - 2011-11-10 07:51 - 00018784 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2010-05-10 19:44 - 2008-09-16 21:18 - 00132608 _____ () C:\alter_lappi\Program Files\WinRAR\rarext.dll
2010-11-14 16:51 - 2010-11-14 16:51 - 00109056 _____ () C:\Program Files\Notepad++\NppShell_03.dll
2015-04-22 02:46 - 2015-04-22 02:46 - 16863920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Michi\Downloads\303238.m.mp4:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: TeamViewer6 => 2
MSCONFIG\startupfolder: C:^Users^Michi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BUFFALO NAS Navigator2.lnk => C:\Windows\pss\BUFFALO NAS Navigator2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Michi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NAS Scheduler.lnk => C:\Windows\pss\NAS Scheduler.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2015 05:14:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {1df4b24d-52be-4ff6-9c41-e60d8410a175}

Error: (04/24/2015 05:06:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hsswd.exe, Version: 0.0.0.0, Zeitstempel: 0x51087583
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab44
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00055b57
ID des fehlerhaften Prozesses: 0x47c
Startzeit der fehlerhaften Anwendung: 0xhsswd.exe0
Pfad der fehlerhaften Anwendung: hsswd.exe1
Pfad des fehlerhaften Moduls: hsswd.exe2
Berichtskennung: hsswd.exe3

Error: (04/23/2015 05:54:52 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/15/2015 05:55:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/12/2015 02:37:40 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/28/2015 04:20:57 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/27/2015 07:14:36 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).

Error: (03/27/2015 07:14:36 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x81000101).

Error: (03/23/2015 06:30:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hsswd.exe, Version: 0.0.0.0, Zeitstempel: 0x51087583
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab44
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00055678
ID des fehlerhaften Prozesses: 0x404
Startzeit der fehlerhaften Anwendung: 0xhsswd.exe0
Pfad der fehlerhaften Anwendung: hsswd.exe1
Pfad des fehlerhaften Moduls: hsswd.exe2
Berichtskennung: hsswd.exe3

Error: (03/22/2015 06:51:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hsswd.exe, Version: 0.0.0.0, Zeitstempel: 0x51087583
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab44
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00055d83
ID des fehlerhaften Prozesses: 0x37c
Startzeit der fehlerhaften Anwendung: 0xhsswd.exe0
Pfad der fehlerhaften Anwendung: hsswd.exe1
Pfad des fehlerhaften Moduls: hsswd.exe2
Berichtskennung: hsswd.exe3


System errors:
=============
Error: (04/24/2015 05:06:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/24/2015 05:05:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Hotspot Shield Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/24/2015 05:05:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Hotspot Shield Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/23/2015 05:20:22 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (04/23/2015 05:20:09 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/22/2015 02:13:13 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (04/22/2015 02:13:02 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/21/2015 08:24:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (04/21/2015 08:24:04 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/15/2015 05:32:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-04-23 05:51:39.244
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-23 05:51:39.244
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-23 05:51:39.229
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-23 05:51:39.213
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-23 05:51:39.213
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-23 05:51:39.213
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-23 05:51:39.182
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-23 05:51:39.182
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-23 05:51:39.182
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-23 05:51:39.151
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 54%
Total physical RAM: 3510.6 MB
Available physical RAM: 1608.21 MB
Total Pagefile: 7019.48 MB
Available Pagefile: 4849.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.22 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:424.66 GB) (Free:53.58 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:10 GB) NTFS
Drive f: () (Removable) (Total:14.83 GB) (Free:11.8 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================
ich hoffe damit kann man was anfangen :-/
Danke vorab

schrauber 25.04.2015 11:31
Bitte nochmal, unsere Tools brauchen immer Adminrechte :)

mf112 28.04.2015 05:54
So jetzt noch mal:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01
Ran by admin (administrator) on BIG-SCHLAEPPI on 27-04-2015 18:52:26
Running from C:\Users\Michi\Desktop
Loaded Profiles: Michi & admin (Available profiles: Michi & admin)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE
(Lexmark International, Inc.) C:\Windows\System32\LEXPPS.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
() C:\Program Files\Synology Data Replicator  3\SynoDrService.exe
() C:\Program Files\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Verbindungsassistent\WTGService.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Users\Michi\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\Run: [Amazon Music] => C:\Users\Michi\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\MountPoints2: {45da498c-4e4e-11e0-a569-00262df63b2e} - F:\AutoRun.exe
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\MountPoints2: {45da4993-4e4e-11e0-a569-00262df63b2e} - F:\AutoRun.exe
HKU\S-1-5-21-2403307681-2365322253-235483669-1008\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\S-1-5-21-2403307681-2365322253-235483669-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MAHJON~1.SCR

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2403307681-2365322253-235483669-1000] => 65.49.80.156:8088
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fwhg.de/
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKU\S-1-5-21-2403307681-2365322253-235483669-1000 -> {73A6340A-1B04-483C-9CC2-587C4F90B070} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-23] (Kaspersky Lab ZAO)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-29] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-05] (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-05] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-28] (Kaspersky Lab ZAO)
BHO: DeLorme Send To GPS -> {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} -> C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll [2011-11-10] (DeLorme)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2403307681-2365322253-235483669-1000 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2403307681-2365322253-235483669-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-22] ()
FF Plugin: @delorme.com/SendToGPS -> C:\Program Files\DeLorme\SendToGPS\nppnplugin.dll [2011-11-10] (DeLorme)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [2010-01-06] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2009-06-09] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2009-06-09] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @mywebsearch.com/Plugin -> C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2015-04-24]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-04-24]
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\1.bin
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-23]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [813320 2011-11-10] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3483600 2011-12-19] (Acronis)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [303104 2003-02-25] (Lexmark International, Inc.)
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251256 2010-10-28] (BUFFALO INC.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [5899240 2011-11-10] (Acronis)
R2 SynoDrService; C:\Program Files\Synology Data Replicator  3\SynoDrService.exe [248704 2013-04-25] () [File not signed]
R2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 busenum; C:\Windows\System32\DRIVERS\busenum.sys [45792 2012-08-03] (Windows (R) Win 7 DDK provider)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-02-22] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-23] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-23] (Kaspersky Lab ZAO)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [621056 2011-05-23] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-07-11] (DiBcom S.A.) [File not signed]
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-05-06] () [File not signed]
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [766496 2011-12-19] (Acronis)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126144 2011-12-19] (Acronis)
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [84544 2011-12-19] (Acronis)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-23] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-23] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-23] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [295128 2009-12-01] (Microsoft Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 appliandMP; system32\DRIVERS\appliand.sys [X]
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 18:46 - 2015-04-27 18:46 - 00000000 ____D () C:\Users\Michi\Desktop\FRST-OlderVersion
2015-04-24 17:51 - 2015-04-24 17:51 - 00000000 ____D () C:\Users\admin\AppData\Local\Microsoft Help
2015-04-24 17:12 - 2015-04-27 18:52 - 00019708 _____ () C:\Users\Michi\Desktop\FRST.txt
2015-04-24 17:12 - 2015-04-27 18:52 - 00000000 ____D () C:\FRST
2015-04-24 17:11 - 2015-04-27 18:46 - 01140736 _____ (Farbar) C:\Users\Michi\Desktop\FRST.exe
2015-04-24 17:06 - 2015-04-24 17:06 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2015-04-24 16:56 - 2015-04-24 16:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 18:46 - 2012-04-29 16:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-27 18:45 - 2013-06-17 19:21 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-27 18:45 - 2011-03-13 21:32 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-27 18:01 - 2011-03-13 21:32 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-27 18:01 - 2009-07-14 06:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-27 18:01 - 2009-07-14 06:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-27 17:57 - 2010-05-09 12:21 - 01691729 _____ () C:\Windows\WindowsUpdate.log
2015-04-27 17:54 - 2013-11-23 22:49 - 00020089 _____ () C:\Windows\setupact.log
2015-04-27 17:54 - 2012-05-06 14:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-27 17:54 - 2011-11-20 01:00 - 00173302 _____ () C:\Windows\PFRO.log
2015-04-27 17:54 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-24 17:52 - 2010-11-22 21:54 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2015-04-24 17:52 - 2010-03-02 07:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-24 17:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-24 17:42 - 2012-11-22 22:09 - 00033186 _____ () C:\Windows\DPINST.LOG
2015-04-24 17:16 - 2010-03-02 07:17 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-24 17:04 - 2015-03-08 17:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2015-04-22 02:46 - 2012-04-29 16:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-22 02:46 - 2011-05-17 17:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-21 20:42 - 2010-03-02 08:06 - 00000000 ____D () C:\ProgramData\X10 Settings
2015-04-21 20:37 - 2010-05-13 20:05 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\vlc
2015-04-21 20:27 - 2010-03-02 07:02 - 01681776 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-07 18:23 - 2014-11-07 23:01 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe

==================== Files in the root of some directories =======

2013-12-15 21:47 - 2013-12-15 21:47 - 49940480 _____ () C:\Program Files\GUTE1EC.tmp
2010-12-24 13:31 - 2010-12-24 13:31 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-27 18:24

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2015 01
Ran by admin at 2015-04-27 18:53:02
Running from C:\Users\Michi\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-2403307681-2365322253-235483669-1008 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2403307681-2365322253-235483669-500 - Administrator - Disabled)
fbwuser72D3 (S-1-5-21-2403307681-2365322253-235483669-1011 - Limited - Enabled)
fbwuser81B6 (S-1-5-21-2403307681-2365322253-235483669-1010 - Limited - Enabled)
fbwuserDE58 (S-1-5-21-2403307681-2365322253-235483669-1009 - Limited - Enabled)
Gast (S-1-5-21-2403307681-2365322253-235483669-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2403307681-2365322253-235483669-1013 - Limited - Enabled)
Michi (S-1-5-21-2403307681-2365322253-235483669-1000 - Limited - Enabled) => C:\Users\Michi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
ACDSee Pro 2 (HKLM\...\{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}) (Version: 2.0.219 - ACD Systems International)
Acronis*True*Image*Home 2012 (HKLM\...\{2186F2E0-7023-453B-B604-0F13C72AFF37}Visible) (Version: 15.0.6131 - Acronis)
Acronis*True*Image*Home 2012 (Version: 15.0.6131 - Acronis) Hidden
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
BUFFALO NAS Navigator2 (HKLM\...\UN060501) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Core FTP LE 2.1 (HKLM\...\Core FTP LE 2.1) (Version:  - )
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2522 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2519.00 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2609 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DeLorme Send To GPS 1.3 (HKLM\...\{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1) (Version: 1.3 - DeLorme Publishing)
Firebird SQL Server - MAGIX Edition (HKLM\...\{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}) (Version: 2.1.23.0 - MAGIX AG)
FoxTab Video Converter (HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\FoxTab Video Converter) (Version:  - ) <==== ATTENTION
Free Audio CD Burner version 2.0.21.1031 (HKLM\...\Free Audio CD Burner_is1) (Version: 2.0.21.1031 - DVDVideoSoft Ltd.)
Free FLV Converter V 6.93.0 (HKLM\...\Free FLV Converter_is1) (Version: 6.93.0.0 - Koyote Soft)
Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free Video to MP3 Converter version 3.5 (HKLM\...\Free Video to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2092 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
MEDION Fotos auf CD & DVD SE Sued (HKLM\...\MEDION Fotos auf CD & DVD SE Sued D) (Version: 8.0.3.4 - MAGIX AG)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1318 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1318 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Live Add-in 1.4 (HKLM\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation)
Microsoft Research AutoCollage 2008 version 1.1 (HKLM\...\{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}) (Version: 1.01.2008 - Microsoft Research)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.50106.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008-Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - deu (HKLM\...\{38C7CB9E-1451-38D5-BB97-B7FC59E1A8B8}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 5.8.4 - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDF24 Creator 5.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6057 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0145 - REALTEK Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Skype™ 6.1 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Synology Assistant (remove only) (HKLM\...\Synology Assistant) (Version:  - )
Synology Data Replicator  3 (HKLM\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.9947 - TeamViewer GmbH)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Verbindungsassistent (HKLM\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

09-03-2015 02:20:08 Geplanter Prüfpunkt
10-03-2015 23:34:21 Windows Update
20-03-2015 07:34:25 Geplanter Prüfpunkt
27-03-2015 18:43:46 Geplanter Prüfpunkt
12-04-2015 14:40:15 Geplanter Prüfpunkt
22-04-2015 02:48:32 Geplanter Prüfpunkt
24-04-2015 17:14:52 Entfernt Launch Manager V1.5.0.8
24-04-2015 17:38:50 PC Connectivity Solution wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11F4D60B-AEBC-45E0-B7AD-6A6CD6D40CEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
Task: {7F95F283-F50C-45A5-B745-B7F601257D63} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {85087ED5-956E-468D-BF44-82EACB01AB23} - System32\Tasks\{B8528256-CDC5-44CB-8846-E9C83EB250A8} => pcalua.exe -a C:\Users\Michi\Downloads\irfanview_plugins_427_setup.exe -d "C:\Program Files\Mozilla Firefox"
Task: {8FF3313E-D56C-4855-866D-AFE52B66EC4A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {A904E406-CF94-47B1-9F1F-8D55245D0338} - System32\Tasks\{ABC1F464-554C-45A9-A8D1-0CC897C76925} => C:\Program Files\Skype\\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: {D1477812-F376-4746-A081-B22C8EA39AAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-22] (Adobe Systems Incorporated)
Task: {EBCBB8EC-544B-4C00-ACD5-62D2F8248F73} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {F18F150E-F04A-4B84-A967-9012B8D208F9} - System32\Tasks\{F278C490-09F4-44E0-AAF6-8F1DA324CE35} => pcalua.exe -a "C:\Program Files\Nokia\Nokia PC Suite 7\ApplicationInstaller.exe" -c "C:\Users\Michi\AppData\Local\Temp\Temp1_Mediathek_2.5.0.zip\Mediathek.jar"
Task: {F322285F-624D-4666-91E0-51969C2DD85F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-05-22 10:38 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2012-03-23 15:25 - 2012-03-23 15:25 - 00087040 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2010-03-02 07:59 - 2010-02-10 13:34 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2011-11-10 07:16 - 2011-11-10 07:16 - 00435552 _____ () C:\Program Files\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2013-04-25 08:41 - 2013-04-25 08:41 - 00248704 _____ () C:\Program Files\Synology Data Replicator  3\SynoDrService.exe
2013-04-30 05:47 - 2013-04-30 05:47 - 00248704 _____ () C:\Program Files\Synology\Assistant\UsbClientService.exe
2011-05-23 12:34 - 2009-03-03 12:45 - 00296400 ____N () C:\Program Files\Verbindungsassistent\WTGService.exe
2010-03-02 07:17 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-11-10 07:51 - 2011-11-10 07:51 - 00018784 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2010-05-10 19:44 - 2008-09-16 21:18 - 00132608 _____ () C:\alter_lappi\Program Files\WinRAR\rarext.dll
2010-11-14 16:51 - 2010-11-14 16:51 - 00109056 _____ () C:\Program Files\Notepad++\NppShell_03.dll
2014-08-25 14:36 - 2014-10-15 07:35 - 06281024 _____ () C:\Users\Michi\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-04-22 02:46 - 2015-04-22 02:46 - 16863920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Michi\Downloads\303238.m.mp4:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2403307681-2365322253-235483669-1008\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: TeamViewer6 => 2
MSCONFIG\startupfolder: C:^Users^Michi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BUFFALO NAS Navigator2.lnk => C:\Windows\pss\BUFFALO NAS Navigator2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Michi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NAS Scheduler.lnk => C:\Windows\pss\NAS Scheduler.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{0279E00E-CD83-4A3E-BAEC-D7E255689D09}] => (Allow) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{10D1D10C-B65D-45FD-AA03-B2BE23F1DD87}] => (Allow) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{27AAC826-7232-4C47-86A4-3B1152A6AB7E}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{3C3E8896-3C94-4A28-B0F5-2177F7195E09}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{A67A5D45-2F07-4C54-A947-4B91FA1FD198}] => (Allow) C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{195AED33-F8E7-4840-BA1C-8665F62FA499}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{B6F5E725-233E-4A05-879B-6CBB20E9F59A}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EA979150-7EF3-4085-AC29-87905B360D02}] => (Allow) svchost.exe
FirewallRules: [{45DDD9B6-988A-4157-A9CC-C586F66B752C}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{2D368839-E3F6-437C-85EA-94EC54A7BCF8}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{C1539842-724C-4325-82D7-AEED594968A4}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{03493258-788A-4587-84E7-55E8D706E865}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe
FirewallRules: [{914BF429-DB9C-4604-AD04-0DAEB7C7FE63}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe
FirewallRules: [{C0FCC310-F500-4498-AC1A-280C219F4DA3}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{14FD52A9-8B3F-404F-B192-E89F2A8B8087}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{66536D04-D58A-4E09-9F5E-0663710C59F6}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [{64D73DAE-CF9C-4119-94A9-2FED905804EE}] => (Allow) C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [{4771C8A3-5C08-4845-B0E8-0949A9ABD1B5}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{2AEB0E1F-1140-45AD-961B-2BB360733212}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{8B4A1203-277C-4E6F-84E2-B9173A601C23}] => (Allow) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{97F2A10B-7ACC-42B2-927F-30A8EA556CA6}] => (Allow) C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{7361B1AF-635A-4952-9474-9EB9DB1E76E6}] => (Allow) C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{35AAB9DE-394A-446A-A406-9B87C2794AD4}] => (Allow) C:\Program Files\Microsoft Office\Office12\outlook.exe
FirewallRules: [{0F8E8E54-38A1-4079-AB14-19FFDA4AE582}] => (Allow) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [{7C1A8B96-2F0B-4B0B-BA92-E18794A6AE63}] => (Allow) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [{A311CA9D-4253-47A8-8CB6-E716EE3135F3}] => (Allow) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [{A766F773-9320-4EDD-A887-F03A63F747B4}] => (Allow) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [{47292C47-6C6E-4949-8B93-974E67281919}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5E287148-0933-4F59-80A9-6A9F1182DE05}C:\program files\icq7.2\icq.exe] => (Block) C:\program files\icq7.2\icq.exe
FirewallRules: [UDP Query User{54B8EDF1-BD1A-4F1E-AB8D-765721F28A4E}C:\program files\icq7.2\icq.exe] => (Block) C:\program files\icq7.2\icq.exe
FirewallRules: [TCP Query User{CA514CD0-D831-4397-8C15-6F47400FABEA}C:\program files\orbitdownloader\orbitnet.exe] => (Block) C:\program files\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{0365AB7C-E812-4E8C-9A92-283B687D166D}C:\program files\orbitdownloader\orbitnet.exe] => (Block) C:\program files\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{2687F318-8B03-4DA1-A7F3-F7F26206A51B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{457084BE-AE89-45DF-892B-6EC3D42DA6E4}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{A26B50BC-DC6F-40E2-9ADF-CA44AE7D4617}] => (Allow) C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{A1474462-452E-4F09-A5C6-80D52735C780}] => (Allow) C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [TCP Query User{EB90ABC9-B7C5-4D22-B504-F373D3661F18}C:\program files\buffalo\nasnavi\nasnavi.exe] => (Allow) C:\program files\buffalo\nasnavi\nasnavi.exe
FirewallRules: [UDP Query User{CCAD5AEB-1676-4544-B8E2-F0EB78A90C49}C:\program files\buffalo\nasnavi\nasnavi.exe] => (Allow) C:\program files\buffalo\nasnavi\nasnavi.exe
FirewallRules: [TCP Query User{60B0BBA0-14D5-482D-8825-C345940910FC}C:\program files\synology\assistant\dsassistant.exe] => (Allow) C:\program files\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{EEA8341E-243C-4ECC-A0EF-424485082AAE}C:\program files\synology\assistant\dsassistant.exe] => (Allow) C:\program files\synology\assistant\dsassistant.exe
FirewallRules: [{D4F56A91-4BA4-4507-B064-A61CB10C7AF7}] => (Block) C:\program files\synology\assistant\dsassistant.exe
FirewallRules: [{D0D98AD6-A40F-4850-A4F7-0EF75AA79F6F}] => (Block) C:\program files\synology\assistant\dsassistant.exe
FirewallRules: [{B0CCC245-5AED-4BF6-98CF-756A8EFA7007}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D5ECD84D-0462-445D-87BC-14CCD2E939B9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BA745DAA-604B-4DB8-ACC4-B5FB0FD62C63}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{21095407-F985-48D0-BC0B-86F9DE1C4D23}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2015 06:34:27 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/24/2015 05:14:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {1df4b24d-52be-4ff6-9c41-e60d8410a175}

Error: (04/24/2015 05:06:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hsswd.exe, Version: 0.0.0.0, Zeitstempel: 0x51087583
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab44
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00055b57
ID des fehlerhaften Prozesses: 0x47c
Startzeit der fehlerhaften Anwendung: 0xhsswd.exe0
Pfad der fehlerhaften Anwendung: hsswd.exe1
Pfad des fehlerhaften Moduls: hsswd.exe2
Berichtskennung: hsswd.exe3

Error: (04/23/2015 05:54:52 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/15/2015 05:55:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/12/2015 02:37:40 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/28/2015 04:20:57 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/27/2015 07:14:36 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).

Error: (03/27/2015 07:14:36 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x81000101).

Error: (03/23/2015 06:30:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hsswd.exe, Version: 0.0.0.0, Zeitstempel: 0x51087583
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab44
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00055678
ID des fehlerhaften Prozesses: 0x404
Startzeit der fehlerhaften Anwendung: 0xhsswd.exe0
Pfad der fehlerhaften Anwendung: hsswd.exe1
Pfad des fehlerhaften Moduls: hsswd.exe2
Berichtskennung: hsswd.exe3


System errors:
=============
Error: (04/27/2015 05:55:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (04/27/2015 05:55:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/24/2015 05:06:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/24/2015 05:05:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Hotspot Shield Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/24/2015 05:05:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Hotspot Shield Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/23/2015 05:20:22 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (04/23/2015 05:20:09 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/22/2015 02:13:13 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (04/22/2015 02:13:02 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/21/2015 08:24:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-04-27 18:28:41.288
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-27 18:28:41.273
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-27 18:28:41.273
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-27 18:28:41.257
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-27 18:28:41.242
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-27 18:28:41.242
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-27 18:28:41.195
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-27 18:28:41.195
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-27 18:28:41.195
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-27 18:28:41.179
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 43%
Total physical RAM: 3510.6 MB
Available physical RAM: 1999.84 MB
Total Pagefile: 7019.48 MB
Available Pagefile: 5124.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.59 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:424.66 GB) (Free:52.7 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:10 GB) NTFS
Drive f: () (Removable) (Total:14.83 GB) (Free:11.8 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 50BFC7F2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=424.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---


Ist das so O.k.?:confused:

schrauber 28.04.2015 14:11
Der Prozess ist legitim, trotzdem ist da Arbeit.


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    FoxTab Video Converter


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

mf112 30.04.2015 19:30
ZU Punkt eins kann ich berichten, dass der Revo Uninstaller FoxTab nicht findet.
Das andere läuft bereits..ich melde mich

Hier der Log von Malwarebytes

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 30.04.2015
Suchlauf-Zeit: 19:36:50
Logdatei: MB.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.04.30.05
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: admin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 366006
Verstrichene Zeit: 28 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 3
PUP.Optional.MyWebSearch.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@mywebsearch.com/Plugin, In Quarantäne, [813cda982763270f78c3202df2137e82],
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-2403307681-2365322253-235483669-1000\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, In Quarantäne, [7e3fcda57b0f40f61d21748ce12334cc],
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-2403307681-2365322253-235483669-1000\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, In Quarantäne, [9f1ed59d107ac472ae91847ca163fd03],

Registrierungswerte: 1
PUP.Optional.Mindspark.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|m3ffxtbr@mywebsearch.com, C:\Program Files\MyWebSearch\bar\1.bin, In Quarantäne, [5b62145e90fa91a54cbb59aa52b2bf41]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 12
PUP.Optional.FunWebProducts.A, C:\Users\Michi\AppData\LocalLow\FunWebProducts, In Quarantäne, [427b99d9dfabb2843b74970b11f28e72],
PUP.Optional.FunWebProducts.A, C:\Users\Michi\AppData\LocalLow\FunWebProducts\Installr, In Quarantäne, [427b99d9dfabb2843b74970b11f28e72],
PUP.Optional.FunWebProducts.A, C:\Users\Michi\AppData\LocalLow\FunWebProducts\Installr\Cache, In Quarantäne, [427b99d9dfabb2843b74970b11f28e72],
PUP.Optional.FunWebProducts.A, C:\Users\Michi\AppData\LocalLow\FunWebProducts\Shared, In Quarantäne, [427b99d9dfabb2843b74970b11f28e72],
PUP.Optional.FunWebProducts.A, C:\Users\Michi\AppData\LocalLow\FunWebProducts\Shared\Cache, In Quarantäne, [427b99d9dfabb2843b74970b11f28e72],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Cache, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\History, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Settings, In Quarantäne, [af0e452d2763f640e7784270f013ab55],

Dateien: 57
PUP.Optional.FunWebProducts.A, C:\Users\Michi\AppData\LocalLow\FunWebProducts\Installr\Cache\0034BEDC.exe, In Quarantäne, [427b99d9dfabb2843b74970b11f28e72],
PUP.Optional.FunWebProducts.A, C:\Users\Michi\AppData\LocalLow\FunWebProducts\Installr\Cache\files.ini, In Quarantäne, [427b99d9dfabb2843b74970b11f28e72],
PUP.Optional.FunWebProducts.A, C:\Users\Michi\AppData\LocalLow\FunWebProducts\Shared\Cache\CursorManiaBtn.html, In Quarantäne, [427b99d9dfabb2843b74970b11f28e72],
PUP.Optional.FunWebProducts.A, C:\Users\Michi\AppData\LocalLow\FunWebProducts\Shared\Cache\SmileyCentralBtn.html, In Quarantäne, [427b99d9dfabb2843b74970b11f28e72],
PUP.Optional.FunWebProducts.A, C:\Users\Michi\AppData\LocalLow\FunWebProducts\Shared\Cache\temp.html, In Quarantäne, [427b99d9dfabb2843b74970b11f28e72],
PUP.Optional.FunWebProducts.A, C:\Users\Michi\AppData\LocalLow\FunWebProducts\Shared\Cache\WebfettiBtn.html, In Quarantäne, [427b99d9dfabb2843b74970b11f28e72],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Cache\00350963, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Cache\00350D78, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Cache\00350F3D.bin, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Cache\00351036.bmp, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Cache\003510C3.bin, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Cache\00351111.bin, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Cache\0035117E.bin, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Cache\003511FB.bin, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Cache\0082ECE0.bin, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Cache\0082ED7C.bin, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Cache\0082EDBA.bin, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\History\search3, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\8_step1.gif, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.gif, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.htm, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkez.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkgr.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkgs.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bklf.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkrg.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzc.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzl.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzn.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzq.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzr.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzu.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzv.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzw.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn2d.png, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn2r.png, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn3d.png, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn3r.png, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\center.htm, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\index.htm, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\mid_dots.gif, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\protect.htm, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut4.htm, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut4b.htm, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut4c.htm, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\shield.png, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\shocked.gif, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\stop.gif, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systray.htm, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systrayp.htm, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\tp_grad.gif, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\warn.gif, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.MyWebSearch.A, C:\Users\Michi\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm, In Quarantäne, [af0e452d2763f640e7784270f013ab55],
PUP.Optional.Conduit.A, C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\hg16e0to.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");), Ersetzt,[0db0482aa8e2280e9d66aba40ff7817f]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Hier der AdwCleaner:
Code:
# AdwCleaner v4.202 - Logfile created 30/04/2015 at 20:17:23
# Updated 23/04/2015 by Xplode
# Database : 2015-04-27.1 [Server]
# Operating system : Windows 7 Home Premium  (x86)
# Username : admin - BIG-SCHLAEPPI
# Running from : C:\Users\Michi\Downloads\AdwCleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\admin\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Michi\AppData\Local\iMesh
Folder Deleted : C:\Users\Michi\AppData\Roaming\GrabPro
Folder Deleted : C:\Users\Michi\AppData\Roaming\ProgSense
Folder Deleted : C:\Users\Michi\AppData\Roaming\download Manager

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKU\.DEFAULT\Software\APN
Key Deleted : HKU\.DEFAULT\Software\Ask.com
Key Deleted : HKU\.DEFAULT\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7600.16930


*************************

AdwCleaner[R0].txt - [4114 bytes] - [30/04/2015 20:13:24]
AdwCleaner[R1].txt - [4173 bytes] - [30/04/2015 20:16:07]
AdwCleaner[S0].txt - [4186 bytes] - [30/04/2015 20:17:23]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4245  bytes] ##########
Und hier das von Junkware..

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Windows 7 Home Premium x86
Ran by admin on 30.04.2015 at 20:24:40,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2403307681-2365322253-235483669-1008\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.04.2015 at 20:26:54,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und noch mal ein neues FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01
Ran by admin (administrator) on BIG-SCHLAEPPI on 30-04-2015 20:28:27
Running from C:\Users\Michi\Desktop
Loaded Profiles: Michi & admin (Available profiles: Michi & admin)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE
(Lexmark International, Inc.) C:\Windows\System32\LEXPPS.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\Synology Data Replicator  3\SynoDrService.exe
() C:\Program Files\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmi32.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\Run: [Amazon Music] => C:\Users\Michi\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\MountPoints2: {45da498c-4e4e-11e0-a569-00262df63b2e} - F:\AutoRun.exe
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\MountPoints2: {45da4993-4e4e-11e0-a569-00262df63b2e} - F:\AutoRun.exe
HKU\S-1-5-21-2403307681-2365322253-235483669-1008\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\S-1-5-21-2403307681-2365322253-235483669-1008\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [4323 2015-04-30] ()
HKU\S-1-5-21-2403307681-2365322253-235483669-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MAHJON~1.SCR

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2403307681-2365322253-235483669-1000] => 65.49.80.156:8088
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fwhg.de/
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2403307681-2365322253-235483669-1000 -> {73A6340A-1B04-483C-9CC2-587C4F90B070} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-23] (Kaspersky Lab ZAO)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-29] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-05] (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-05] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-28] (Kaspersky Lab ZAO)
BHO: DeLorme Send To GPS -> {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} -> C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll [2011-11-10] (DeLorme)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2403307681-2365322253-235483669-1000 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2403307681-2365322253-235483669-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-22] ()
FF Plugin: @delorme.com/SendToGPS -> C:\Program Files\DeLorme\SendToGPS\nppnplugin.dll [2011-11-10] (DeLorme)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [2010-01-06] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2009-06-09] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2009-06-09] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2015-04-24]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-04-24]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-23]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [813320 2011-11-10] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3483600 2011-12-19] (Acronis)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [303104 2003-02-25] (Lexmark International, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251256 2010-10-28] (BUFFALO INC.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [5899240 2011-11-10] (Acronis)
R2 SynoDrService; C:\Program Files\Synology Data Replicator  3\SynoDrService.exe [248704 2013-04-25] () [File not signed]
R2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 busenum; C:\Windows\System32\DRIVERS\busenum.sys [45792 2012-08-03] (Windows (R) Win 7 DDK provider)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-02-22] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-23] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [621056 2011-05-23] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-07-11] (DiBcom S.A.) [File not signed]
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-05-06] () [File not signed]
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [766496 2011-12-19] (Acronis)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126144 2011-12-19] (Acronis)
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [84544 2011-12-19] (Acronis)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-23] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-23] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-23] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [295128 2009-12-01] (Microsoft Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 appliandMP; system32\DRIVERS\appliand.sys [X]
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-30 20:26 - 2015-04-30 20:26 - 00001327 _____ () C:\Users\admin\Desktop\JRT.txt
2015-04-30 20:24 - 2015-04-30 20:24 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BIG-SCHLAEPPI-Windows-7-Home-Premium-(32-bit).dat
2015-04-30 20:24 - 2015-04-30 20:24 - 00000000 ____D () C:\RegBackup
2015-04-30 20:23 - 2015-04-30 20:24 - 02716306 _____ (Thisisu) C:\Users\Michi\Desktop\JRT.exe
2015-04-30 20:12 - 2015-04-30 20:17 - 00000000 ____D () C:\AdwCleaner
2015-04-30 20:11 - 2015-04-30 20:11 - 02224640 _____ () C:\Users\Michi\Downloads\AdwCleaner_4.202.exe
2015-04-30 20:00 - 2015-04-30 20:02 - 00000000 ____D () C:\Users\Michi\Eva
2015-04-30 19:36 - 2015-04-30 19:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-30 19:35 - 2015-04-30 19:35 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-30 19:35 - 2015-04-30 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-30 19:35 - 2015-04-30 19:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-30 19:35 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-30 19:35 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-30 19:35 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-30 19:33 - 2015-04-30 19:34 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Michi\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-30 19:28 - 2015-04-30 19:28 - 00001226 _____ () C:\Users\admin\Desktop\Revo Uninstaller.lnk
2015-04-30 19:28 - 2015-04-30 19:28 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-30 19:27 - 2015-04-30 19:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Michi\Downloads\revosetup95.exe
2015-04-27 18:53 - 2015-04-27 18:54 - 00041319 _____ () C:\Users\Michi\Desktop\Addition.txt
2015-04-24 17:51 - 2015-04-24 17:51 - 00000000 ____D () C:\Users\admin\AppData\Local\Microsoft Help
2015-04-24 17:12 - 2015-04-30 20:28 - 00018630 _____ () C:\Users\Michi\Desktop\FRST.txt
2015-04-24 17:12 - 2015-04-30 20:28 - 00000000 ____D () C:\FRST
2015-04-24 17:11 - 2015-04-27 18:46 - 01140736 _____ (Farbar) C:\Users\Michi\Desktop\FRST.exe
2015-04-24 17:06 - 2015-04-24 17:06 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2015-04-24 16:56 - 2015-04-24 16:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-30 20:27 - 2013-06-17 19:21 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-30 20:25 - 2009-07-14 06:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-30 20:25 - 2009-07-14 06:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-30 20:22 - 2010-05-09 12:21 - 01703054 _____ () C:\Windows\WindowsUpdate.log
2015-04-30 20:20 - 2011-03-13 21:32 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-30 20:18 - 2013-11-23 22:49 - 00020257 _____ () C:\Windows\setupact.log
2015-04-30 20:18 - 2011-11-20 01:00 - 00173666 _____ () C:\Windows\PFRO.log
2015-04-30 20:18 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-30 20:01 - 2011-03-13 21:32 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-30 20:01 - 2010-05-09 12:22 - 00000000 ____D () C:\Users\Michi
2015-04-30 19:46 - 2012-04-29 16:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-30 19:35 - 2012-05-09 17:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-30 19:18 - 2010-03-02 07:02 - 01681776 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-27 17:54 - 2012-05-06 14:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-24 17:52 - 2010-11-22 21:54 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2015-04-24 17:52 - 2010-03-02 07:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-24 17:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-24 17:42 - 2012-11-22 22:09 - 00033186 _____ () C:\Windows\DPINST.LOG
2015-04-24 17:16 - 2010-03-02 07:17 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-24 17:04 - 2015-03-08 17:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2015-04-22 02:46 - 2012-04-29 16:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-22 02:46 - 2011-05-17 17:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-21 20:42 - 2010-03-02 08:06 - 00000000 ____D () C:\ProgramData\X10 Settings
2015-04-21 20:37 - 2010-05-13 20:05 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\vlc
2015-04-07 18:23 - 2014-11-07 23:01 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe

==================== Files in the root of some directories =======

2013-12-15 21:47 - 2013-12-15 21:47 - 49940480 _____ () C:\Program Files\GUTE1EC.tmp
2010-12-24 13:31 - 2010-12-24 13:31 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-27 18:24

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 01.05.2015 15:46

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

mf112 07.05.2015 06:12
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ea9a5c4439df774eb9976a1bfb4954ec
# engine=23663
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-04 03:49:13
# local_time=2015-05-04 05:49:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 267515 62228975 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 267370 183193296 0 0
# scanned=91909
# found=2
# cleaned=0
# scan_time=84731
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=697C40E977B95512BA8B7A52808DE33FE7755F64 ft=1 fh=c55307af840dfc87 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ea9a5c4439df774eb9976a1bfb4954ec
# engine=23705
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=false
# utc_time=2015-05-06 09:19:33
# local_time=2015-05-06 11:19:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 105523 62421595 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 459990 183385916 0 0
# scanned=438788
# found=16
# cleaned=0
# scan_time=17569
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=697C40E977B95512BA8B7A52808DE33FE7755F64 ft=1 fh=c55307af840dfc87 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir"
sh=E88952A7C68BC64AD84A88AB73A4DAFBDAB80580 ft=1 fh=bc7fcb22b92a1d08 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\admin\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll.vir"
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\FoxTabVideoConverter\VideoConverter.exe"
sh=4505566684FE95CCB1A3798F29865F9A10A84081 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Ask.L potenziell unsichere Anwendung" ac=I fn="C:\Users\admin\AppData\Local\Temp\Hotspot Shield\html\scripts\AskToolbar.js"
sh=E88952A7C68BC64AD84A88AB73A4DAFBDAB80580 ft=1 fh=bc7fcb22b92a1d08 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll"
sh=47B19AB97028D8925579BED54EFEE88C8107D6B6 ft=1 fh=34f71966959b3eb8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\AppData\Local\Temp\DMR\dmr_72.exe"
sh=11471D2DFD15E32C9881F97C4E3D6B61BDE6B5B1 ft=1 fh=7572d94eb023ac82 vn="Win32/HackTool.WinActivator.I potenziell unsichere Anwendung" ac=I fn="C:\Users\Michi\Desktop\Neuer Ordner\Windows 7 Activation.exe"
sh=55550707ED9254B3298B8790BD0488287515B464 ft=0 fh=0000000000000000 vn="Win32/HackTool.WinActivator.I potenziell unsichere Anwendung" ac=I fn="C:\Users\Michi\Desktop\Neuer Ordner\Windows_7_Starter_32_Bit.iso"
sh=5D9531B7E284E0F4A73A9EB2ABDA0FB8885E5215 ft=1 fh=b15ad016abf51a36 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michi\Downloads\ophcrack-vista-livecd-3.6.0 - CHIP-Installer.exe"
sh=55550707ED9254B3298B8790BD0488287515B464 ft=0 fh=0000000000000000 vn="Win32/HackTool.WinActivator.I potenziell unsichere Anwendung" ac=I fn="C:\Users\Michi\Downloads\Windows_7_Starter_32_Bit.iso"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2X3ZGROH\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E8EJH842\ApnIC[1].0"
sh=F01099E4422FDED0661CF4A526DA68E5E68A3DDD ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\AskToolbar\avira.cab"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\Temp\AskSLib.dll"
sh=ED27119AA8AB9725850A41D748F91BCED8EA7C5A ft=1 fh=4c5d9e858c71cb92 vn="Win32/Bundled.Toolbar.Ask.L potenziell unsichere Anwendung" ac=I fn="C:\Windows\Temp\hss_update.exe"
Code:
Results of screen317's Security Check version 1.001 
 Windows 7  x86 (UAC is enabled) 
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 60 
 Java version 32-bit out of Date!
 Adobe Flash Player        17.0.0.169 
 Adobe Reader XI 
 Mozilla Firefox (37.0.2)
````````Process Check: objlist.exe by Laurent```````` 
 ESET ESET Online Scanner OnlineScannerUninstaller.exe 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by admin (administrator) on BIG-SCHLAEPPI on 07-05-2015 07:10:16
Running from C:\Users\Michi\Desktop
Loaded Profiles: Michi & admin (Available profiles: Michi & admin)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE
(Lexmark International, Inc.) C:\Windows\System32\LEXPPS.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
() C:\Program Files\Synology Data Replicator  3\SynoDrService.exe
() C:\Program Files\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Verbindungsassistent\WTGService.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Users\Michi\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
() C:\Users\Michi\Downloads\SecurityCheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [360448 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\Run: [Amazon Music] => C:\Users\Michi\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\MountPoints2: {45da498c-4e4e-11e0-a569-00262df63b2e} - F:\AutoRun.exe
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\...\MountPoints2: {45da4993-4e4e-11e0-a569-00262df63b2e} - F:\AutoRun.exe
HKU\S-1-5-21-2403307681-2365322253-235483669-1008\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\S-1-5-21-2403307681-2365322253-235483669-1008\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [4323 2015-04-30] ()
HKU\S-1-5-21-2403307681-2365322253-235483669-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MAHJON~1.SCR

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2403307681-2365322253-235483669-1000] => 65.49.80.156:8088
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fwhg.de/
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKU\S-1-5-21-2403307681-2365322253-235483669-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2403307681-2365322253-235483669-1000 -> {73A6340A-1B04-483C-9CC2-587C4F90B070} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-23] (Kaspersky Lab ZAO)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-29] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-05] (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-05] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-28] (Kaspersky Lab ZAO)
BHO: DeLorme Send To GPS -> {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} -> C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll [2011-11-10] (DeLorme)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2403307681-2365322253-235483669-1000 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2403307681-2365322253-235483669-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-22] ()
FF Plugin: @delorme.com/SendToGPS -> C:\Program Files\DeLorme\SendToGPS\nppnplugin.dll [2011-11-10] (DeLorme)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [2010-01-06] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2009-06-09] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2009-06-09] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2015-04-24]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-04-24]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-23]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-23]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [813320 2011-11-10] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3483600 2011-12-19] (Acronis)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [303104 2003-02-25] (Lexmark International, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251256 2010-10-28] (BUFFALO INC.)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [5899240 2011-11-10] (Acronis)
R2 SynoDrService; C:\Program Files\Synology Data Replicator  3\SynoDrService.exe [248704 2013-04-25] () [File not signed]
R2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 busenum; C:\Windows\System32\DRIVERS\busenum.sys [45792 2012-08-03] (Windows (R) Win 7 DDK provider)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-02-22] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-23] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [621056 2011-05-23] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-07-11] (DiBcom S.A.) [File not signed]
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-05-06] () [File not signed]
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [766496 2011-12-19] (Acronis)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126144 2011-12-19] (Acronis)
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [84544 2011-12-19] (Acronis)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-23] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-23] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-23] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [295128 2009-12-01] (Microsoft Corporation)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 appliandMP; system32\DRIVERS\appliand.sys [X]
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-07 07:10 - 2015-05-07 07:10 - 00000000 ____D () C:\Users\Michi\Desktop\FRST-OlderVersion
2015-05-07 07:06 - 2015-05-07 07:08 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Notepad++
2015-05-07 06:56 - 2015-05-07 06:57 - 00852630 _____ () C:\Users\Michi\Downloads\SecurityCheck.exe
2015-05-05 18:00 - 2015-05-05 18:00 - 401529090 _____ () C:\Windows\MEMORY.DMP
2015-05-05 18:00 - 2015-05-05 18:00 - 00165944 _____ () C:\Windows\Minidump\050515-29250-01.dmp
2015-05-02 18:06 - 2015-05-02 18:06 - 00000000 ____D () C:\Program Files\ESET
2015-05-02 18:05 - 2015-05-02 18:05 - 02347384 _____ (ESET) C:\Users\Michi\Downloads\esetsmartinstaller_deu.exe
2015-05-01 15:39 - 2015-05-01 15:57 - 680525824 _____ () C:\Users\admin\Downloads\ophcrack-vista-livecd-3.6.0.iso
2015-05-01 15:39 - 2015-05-01 15:39 - 00135256 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-01 15:36 - 2015-05-01 15:36 - 01203488 _____ () C:\Users\Michi\Downloads\ophcrack-vista-livecd-3.6.0 - CHIP-Installer.exe
2015-04-30 20:26 - 2015-04-30 20:26 - 00001327 _____ () C:\Users\admin\Desktop\JRT.txt
2015-04-30 20:24 - 2015-04-30 20:24 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BIG-SCHLAEPPI-Windows-7-Home-Premium-(32-bit).dat
2015-04-30 20:24 - 2015-04-30 20:24 - 00000000 ____D () C:\RegBackup
2015-04-30 20:23 - 2015-04-30 20:24 - 02716306 _____ (Thisisu) C:\Users\Michi\Desktop\JRT.exe
2015-04-30 20:12 - 2015-04-30 20:17 - 00000000 ____D () C:\AdwCleaner
2015-04-30 20:11 - 2015-04-30 20:11 - 02224640 _____ () C:\Users\Michi\Downloads\AdwCleaner_4.202.exe
2015-04-30 20:00 - 2015-04-30 20:02 - 00000000 ____D () C:\Users\Michi\Eva
2015-04-30 19:36 - 2015-04-30 19:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-30 19:35 - 2015-04-30 19:35 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-30 19:35 - 2015-04-30 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-30 19:35 - 2015-04-30 19:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-30 19:35 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-30 19:35 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-30 19:35 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-30 19:33 - 2015-04-30 19:34 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Michi\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-30 19:28 - 2015-04-30 19:28 - 00001226 _____ () C:\Users\admin\Desktop\Revo Uninstaller.lnk
2015-04-30 19:28 - 2015-04-30 19:28 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-30 19:27 - 2015-04-30 19:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Michi\Downloads\revosetup95.exe
2015-04-27 18:53 - 2015-04-27 18:54 - 00041319 _____ () C:\Users\Michi\Desktop\Addition.txt
2015-04-24 17:51 - 2015-04-24 17:51 - 00000000 ____D () C:\Users\admin\AppData\Local\Microsoft Help
2015-04-24 17:12 - 2015-05-07 07:10 - 00020108 _____ () C:\Users\Michi\Desktop\FRST.txt
2015-04-24 17:12 - 2015-05-07 07:10 - 00000000 ____D () C:\FRST
2015-04-24 17:11 - 2015-05-07 07:10 - 01141248 _____ (Farbar) C:\Users\Michi\Desktop\FRST.exe
2015-04-24 17:06 - 2015-04-24 17:06 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2015-04-24 16:56 - 2015-04-24 16:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-07 07:09 - 2013-06-17 19:21 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-07 07:01 - 2011-03-13 21:32 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-07 06:50 - 2012-04-29 16:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-07 06:50 - 2010-05-09 12:21 - 01713866 _____ () C:\Windows\WindowsUpdate.log
2015-05-06 18:57 - 2011-03-13 21:32 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-05 18:08 - 2009-07-14 06:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-05 18:08 - 2009-07-14 06:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 18:00 - 2013-11-23 22:49 - 00020369 _____ () C:\Windows\setupact.log
2015-05-05 18:00 - 2011-06-26 22:56 - 00000000 ____D () C:\Windows\Minidump
2015-05-05 18:00 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-30 20:18 - 2011-11-20 01:00 - 00173666 _____ () C:\Windows\PFRO.log
2015-04-30 20:01 - 2010-05-09 12:22 - 00000000 ____D () C:\Users\Michi
2015-04-30 19:35 - 2012-05-09 17:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-30 19:18 - 2010-03-02 07:02 - 01681776 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-27 17:54 - 2012-05-06 14:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-24 17:52 - 2010-11-22 21:54 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2015-04-24 17:52 - 2010-03-02 07:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-24 17:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-24 17:42 - 2012-11-22 22:09 - 00033186 _____ () C:\Windows\DPINST.LOG
2015-04-24 17:16 - 2010-03-02 07:17 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-24 17:04 - 2015-03-08 17:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2015-04-22 02:46 - 2012-04-29 16:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-22 02:46 - 2011-05-17 17:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-21 20:42 - 2010-03-02 08:06 - 00000000 ____D () C:\ProgramData\X10 Settings
2015-04-21 20:37 - 2010-05-13 20:05 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\vlc
2015-04-07 18:23 - 2014-11-07 23:01 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe

==================== Files in the root of some directories =======

2013-12-15 21:47 - 2013-12-15 21:47 - 49940480 _____ () C:\Program Files\GUTE1EC.tmp
2010-12-24 13:31 - 2010-12-24 13:31 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-27 18:24

==================== End Of Log ============================
--- --- ---

--- --- ---


Hoffe es passt alles

schrauber 07.05.2015 09:39
Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program Files\FoxTabVideoConverter\VideoConverter.exe

C:\Users\admin\AppData\Local\Temp\Hotspot Shield\html\scripts\AskToolbar.js

C:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll

C:\Users\Michi\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\Michi\Desktop\Neuer Ordner\Windows 7 Activation.exe

C:\Users\Michi\Desktop\Neuer Ordner\Windows_7_Starter_32_Bit.iso

C:\Users\Michi\Downloads\ophcrack-vista-livecd-3.6.0 - CHIP-Installer.exe

C:\Users\Michi\Downloads\Windows_7_Starter_32_Bit.iso

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2X3ZGROH\ApnIC[1].0

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E8EJH842\ApnIC[1].0

C:\Windows\System32\config\systemprofile\AppData\LocalLow\AskToolbar\avira.cab

C:\Windows\Temp\AskSLib.dll

C:\Windows\Temp\hss_update.exe
ProxyServer: [S-1-5-21-2403307681-2365322253-235483669-1000] => 65.49.80.156:8088
RemoveProxy:
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Und jetzt erstmal Windows updaten, da fehlen 4 Jahre Updates und ein Servicepack.

mf112 07.05.2015 18:18
Hallo schrauber
Alle deine Schritte habe ich ausgeführt.
Jetzt komme ich weder mit dem IE noch mit dem Firefox ins Internet. Bzw er lässt sich nicht mehr öffnen.
Zitat Fehlermeldung
Durch die Internetsicherheitseinstellungen wurde verhindert, dass eineoder mehrere Dateien geöffnet wurden.
Gesendet vom smartphone

Korrigiere.
Kein Programm geht mehr auf

schrauber 08.05.2015 16:37
Seit wann genau? Dem Fix, oder hast Du auch schon Updates gemacht?

mf112 08.05.2015 18:49
Nach dem Neustart von dem fix

schrauber 09.05.2015 16:27
Lass bitte nochmal nen FRST Fix laufen.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
RemoveProxy:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


mf112 12.05.2015 12:53
An das Fix bin ich über meinen Standardbenutzer nicht mehr dran gekommen. (auch nicht mit rechter Maustaste als Admin ausführen.)
Mit dem Admin konnte ich es ausführen.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-05-2015 01
Ran by admin at 2015-05-12 13:49:49 Run:3
Running from C:\Users\Michi\Desktop
Loaded Profiles: admin (Available profiles: Michi & admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
RemoveProxy:
*****************


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2403307681-2365322253-235483669-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2403307681-2365322253-235483669-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========


==== End of Fixlog 13:49:50 ====
Jedoch komme ich unter meinem Standarduser nicht mehr an die Programme heran.
Windows Updates liefen auch nur unter dem Adminaccount direkt


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:10 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131