Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win7 , Laptop mit Surfstick , 95% aller Internetseiten bleiben weiß (https://www.trojaner-board.de/168570-win7-laptop-surfstick-95-aller-internetseiten-bleiben-weiss.html)

carabelli 09.07.2015 14:56
Win7 , Laptop mit Surfstick , 95% aller Internetseiten bleiben weiß
 
Hallo liebe Experten,

ich habe leider keinen "echten" Internetanschluß, gehe nur sporadisch mit einem Surfstick online. Mein Laptop hat Windows 7, mit (kostenlosem) Avira-Schutz.

Seit Monaten fällt mir auf, das der Laptop immer langsamer wird oder sich sogar ganz aufhängt, da klappte nicht mal runterfahren, da half nur noch Stecker ziehen.

Wenn ich mich per surfstick einbuche (von RTL/Vodafone) sehe ich wohl, noch bevor ich mein Paket gebucht habe, das etwas rauf- und runtergeladen wird. (Allerdings weiß ich auch nicht, ob das normal ist.)

Wie auch immer. Seit einiger Zeit bleiben aber so gut wie alle aufgerufenen Seiten weiß. Auch dieses trojaner-board. (Ich habe mir gerade den Laptop meiner Mutter geliehen, mit ihrem surstick). Mein Browser ist Mozilla. Per Internet Explorer aber dasselbe Problem. Ich habe Mozilla aktualisiert. Nix. Auf deren Hilfeseiten gestöbert. Aber alle empfohlenden Virenscanner blieben eben weiß. Nur "spybot" ließ sich runterladen. Mit dem komme ich aber nicht wirklich klar, weil der auf englisch ist (bin 'ne Dumpfbacke...). Der hatte wohl was gefunden, aber nicht sooo schlimm (??), weil das Level noch grün anzeigte (??), habe "Fix selected" geklickt (weil was anderes gab's nicht zum anklicken...), aber es half mir nicht weiter.

Verdächtigerweise funktioniert facebook einwandfrei. Ebay z.B. kann ich zwar Artikel suchen und beobachten, aber weiter einloggen zur Beobachtungsliste oder Kaufen geht wieder nicht. Mein E-Mail-Anbieter outlook funktioniert auch noch. Und das war's auch schon was ich so surfen kann, alle anderen Seiten bleiben weiß.

Vor ein paar Wochen gab es in der Computerbild den G-Data-Virenschutz, aber ich habe mich noch nicht daran getraut. Zum registrieren, Code abholen und wieder irgendwas runterladen klappt ja eh nicht. Registrieren könnte ich zwar per Handy, aber ich trau der Sache nicht...

Ihr merkt schon, ich bin bei solchem "Computerzeugs" wirklich eine Bilderbuch-Dumpfbacke :confused:

Vielleicht erbarmt sich ja hier einer und kann mir im Blondinendeutsch weiterhelfen... :wtf:

schrauber 09.07.2015 15:04
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)





Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Minidump Files
Klicke Go und poste den Inhalt der Result.txt.

carabelli 09.07.2015 16:09
Hui, das ging schnell...

Aber wie befürchtet, ich kann die Seite nicht aufrufen, sie bleibt weiß... Das Icon im Tab ist allerdings sichtbar.

Ich bin JETZT gerade mit zwei Laptops online, mit dem kaputten (der auch trojaner-board verweigert), und mit diesem von meiner Mutter. (habe Deine Links von filepony kopiert, auf Stick gezogen und am anderen Rechner übernommen, aber nix...)

schrauber 10.07.2015 08:07
Zitat:
habe Deine Links von filepony kopiert, auf Stick gezogen und am anderen Rechner übernommen, aber nix...)
Was meinst Du mit nix? Du hast die Tools am andern Laptop geladen, aber sie starten an deinem nicht?

carabelli 10.07.2015 13:16
Nein, damit meinte ich die Linkadressen, war zu faul zum abtippen... Die habe ich dann auf meinem Laptop übertragen im Browser, aber wie gesagt, die Seiten bleiben weiß. Nur facebook funktioniert, alles andere wird nicht angezeigt.

Ist es denn möglich Deine Tools auf Stick zu laden und dann auf dem "kaputten" PC zu installieren??

schrauber 11.07.2015 11:24
genau das meinte ich :)

Lade die Tools am andern Rechner, auf nen Stick, und übertrage sie auf den Laptop :)

carabelli 12.07.2015 11:40

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by Kröti (ATTENTION: The logged in user is not administrator) on KINNT-PC on 12-07-2015 12:13:19
Running from C:\Users\Kröti\Desktop
Loaded Profiles: Kröti (Available Profiles: Kinnt & Kröti & schrauber)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> armsvc.exe
Failed to access process -> avguard.exe
Failed to access process -> devmonsrv.exe
Failed to access process -> svchost.exe
Failed to access process -> EvtEng.exe
Failed to access process -> HWDeviceService64.exe
Failed to access process -> PsiService_2.exe
Failed to access process -> rndlresolversvc.exe
Failed to access process -> RegSrvc.exe
Failed to access process -> RichVideo.exe
Failed to access process -> SDFSSvc.exe
Failed to access process -> SDUpdSvc.exe
Failed to access process -> sftvsa.exe
Failed to access process -> svchost.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
Failed to access process -> avshadow.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> X10nets.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> Avira.ServiceHost.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> obexsrv.exe
Failed to access process -> SDWSCSvc.exe
Failed to access process -> sftlist.exe
Failed to access process -> avwebg7.exe
Failed to access process -> CVHSVC.EXE
Failed to access process -> mediasrv.exe
Failed to access process -> SearchIndexer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> WisLMSvc.exe
Failed to access process -> svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
Failed to access process -> svchost.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> LMS.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> UNS.exe
Failed to access process -> taskhost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-05] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2010-12-16] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [LMgrOSD] => "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295072 2013-01-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {138fafc4-8b9c-11e1-b97e-bc77370f9465} - F:\AutoRun.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {138fafed-8b9c-11e1-b97e-bc77370f9465} - F:\AutoRun.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {21ed6151-9a1a-11e1-b8e2-bc77370f9465} - F:\AutoRun.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {2a798a25-6691-11e4-b68a-bc77370f9465} - F:\Startme.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {eeb085eb-13eb-11e2-8ef4-bc77370f9465} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2011-06-24]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-956779819-3001205292-791293429-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\S-1-5-21-956779819-3001205292-791293429-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-24] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-24] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-956779819-3001205292-791293429-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Tcpip\..\Interfaces\{068A56BD-6EB1-4B21-8D19-9DEDC5055FE3}: [NameServer] 139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{2C98CD9E-06C7-4B36-AC4B-6E3E3B0E020D}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B4482F7F-A83F-4F99-A838-ED81B63E6132}: [NameServer] 139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{C12BDE71-E96A-40D5-9BB0-7B00C6886BCB}: [NameServer] 139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\Kröti\AppData\Roaming\Mozilla\Firefox\Profiles\h0r430ur.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://wetterstationen.meteomedia.de/messnetz/forecast/190931.html
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=&locale=&apn_uid=0E34E273-7097-46CA-8FEA-D928CBABF0EC&apn_ptnrs=&apn_sauid=390A4916-3EA9-4C16-944E-55A091C92241&apn_dtid=%5E&&q=
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-24] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2011-09-07] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-01-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-12-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-12-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-01-27] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Kröti\AppData\Roaming\Mozilla\Firefox\Profiles\h0r430ur.default\Extensions\abs@avira.com [2015-07-05]
FF Extension: FireFTP - C:\Users\Kröti\AppData\Roaming\Mozilla\Firefox\Profiles\h0r430ur.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-06-14]
FF Extension: ProxTube - C:\Users\Kröti\AppData\Roaming\Mozilla\Firefox\Profiles\h0r430ur.default\Extensions\ich@maltegoetz.de.xpi [2015-05-31]
FF Extension: FireFTP button - C:\Users\Kröti\AppData\Roaming\Mozilla\Firefox\Profiles\h0r430ur.default\Extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}.xpi [2011-08-06]
FF Extension: Video DownloadHelper - C:\Users\Kröti\AppData\Roaming\Mozilla\Firefox\Profiles\h0r430ur.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-31]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-27]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-28] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-05] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-25] (Avira Operations GmbH & Co. KG)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-04-22] (Huawei Technologies Co., Ltd.)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 12:13 - 2015-07-12 12:14 - 00022219 _____ C:\Users\Kröti\Desktop\FRST.txt
2015-07-12 12:13 - 2015-07-12 12:13 - 00000000 ____D C:\FRST
2015-07-12 12:05 - 2015-07-12 12:06 - 00892928 _____ (Farbar) C:\Users\Kröti\Desktop\MiniToolBox.exe
2015-07-12 12:01 - 2015-07-12 12:01 - 02130944 _____ (Farbar) C:\Users\Kröti\Desktop\FRST64.exe
2015-07-05 22:14 - 2015-07-05 22:22 - 00034227 _____ C:\Users\Kröti\Desktop\Krankheiten2.txt
2015-07-05 21:06 - 2015-07-05 21:06 - 00001124 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-05 19:49 - 2015-07-09 17:00 - 00000000 ____D C:\Users\Kröti\AppData\Local\Mozilla Firefox
2015-06-28 13:47 - 2015-07-09 19:45 - 00036563 _____ C:\Users\Kröti\Desktop\Andrea.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 12:05 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 12:05 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 12:04 - 2011-06-25 03:54 - 01154118 _____ C:\Windows\WindowsUpdate.log
2015-07-12 11:58 - 2013-11-01 15:56 - 00000294 _____ C:\Windows\Tasks\DigitalSite.job
2015-07-12 11:56 - 2012-11-25 11:32 - 00000000 ____D C:\ProgramData\Avira
2015-07-12 11:56 - 2011-06-24 18:56 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 11:56 - 2010-11-21 05:47 - 00486698 _____ C:\Windows\PFRO.log
2015-07-12 11:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 11:56 - 2009-07-14 06:51 - 00080060 _____ C:\Windows\setupact.log
2015-07-09 19:45 - 2011-06-24 18:56 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-09 17:05 - 2011-04-24 01:02 - 00700134 _____ C:\Windows\system32\perfh007.dat
2015-07-09 17:05 - 2011-04-24 01:02 - 00149984 _____ C:\Windows\system32\perfc007.dat
2015-07-09 17:05 - 2009-07-14 07:13 - 01622300 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 21:06 - 2014-11-23 19:10 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-05 21:06 - 2012-11-25 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-05 21:06 - 2012-11-25 11:32 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-05 19:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-05 19:33 - 2012-12-02 20:19 - 00158161 _____ C:\Users\Kröti\Desktop\Geschreibsel.txt
2015-06-28 18:12 - 2011-06-25 14:31 - 00000000 ____D C:\Users\Kröti\AppData\Roaming\SoftGrid Client
2015-06-28 15:06 - 2011-06-24 19:56 - 00093224 _____ C:\Users\Kröti\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-28 15:02 - 2013-07-20 12:26 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-28 15:02 - 2013-07-20 12:26 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-14 15:40 - 2011-06-28 11:43 - 00000000 ____D C:\Users\Kröti\Desktop\deskmüll

==================== Files in the root of some directories =======

2013-11-01 16:58 - 2014-11-23 15:58 - 0000200 _____ () C:\Users\Kröti\AppData\Roaming\WB.CFG
2013-11-01 16:58 - 2013-12-31 02:58 - 0000006 _____ () C:\Users\Kröti\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-11-01 16:58 - 2014-01-06 13:58 - 0000005 _____ () C:\Users\Kröti\AppData\Roaming\WBPU-TTL.DAT
2011-08-24 21:36 - 2015-05-31 18:11 - 0016896 _____ () C:\Users\Kröti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Kinnt\AppData\Local\Temp\AskSLib.dll
C:\Users\Kinnt\AppData\Local\Temp\avgnt.exe
C:\Users\Kinnt\AppData\Local\Temp\rnupdate0.exe
C:\Users\Kinnt\AppData\Local\Temp\setup.exe
C:\Users\Kinnt\AppData\Local\Temp\stubhelper.dll
C:\Users\Kinnt\AppData\Local\Temp\_isCC85.exe
C:\Users\Kröti\AppData\Local\Temp\avgnt.exe
C:\Users\schrauber\AppData\Local\Temp\AskSLib.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by Kröti at 2015-07-12 12:14:49
Running from C:\Users\Kröti\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-956779819-3001205292-791293429-500 - Administrator - Disabled)
Gast (S-1-5-21-956779819-3001205292-791293429-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-956779819-3001205292-791293429-1004 - Limited - Enabled)
Kinnt (S-1-5-21-956779819-3001205292-791293429-1000 - Administrator - Enabled) => C:\Users\Kinnt
Kröti (S-1-5-21-956779819-3001205292-791293429-1001 - Limited - Enabled) => C:\Users\Kröti
schrauber (S-1-5-21-956779819-3001205292-791293429-1002 - Limited - Enabled) => C:\Users\schrauber

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.159.1 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.7 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{EC1369CF-15BD-4FAF-BA84-65E4788C682E}) (Version: 1.1 - American Megatrends Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 8.3.2 - ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 3.12.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 3.4.1 - ashampoo GmbH & Co. KG)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.18.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.1.26360 - Ask.com) <==== ATTENTION
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2731.02 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
ElsterFormular (HKLM-x32\...\ElsterFormular 13.0.0.8086p) (Version: 13.0.0.8086p - Landesfinanzdirektion Thüringen)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 7.0.517.43 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{C7B40C35-85AE-4303-9EEA-1A1EA779664D}) (Version: 1.0.2.0518 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{794E5C90-96E5-4413-B3F5-C803205AE30C}) (Version: 14.0.3000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KompoZer 0.8b3 (HKLM-x32\...\{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1) (Version:  - KompoZer)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.3 - Wistron Corp.)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.35 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 12.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla)
Mozilla Firefox 38.0.1 (x86 de) (HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Passbild-Generator v3.6b (HKLM-x32\...\Passbild-Generator_is1) (Version:  - Passbild-Generator)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.5.201304180917 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Update for Zip Extractor (HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\DigitalSite) (Version:  - ) <==== ATTENTION
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
X10 Hardware(TM) (HKLM-x32\...\X10Hardware) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: C:\Windows\Tasks\DigitalSite.job => 0x01060100E7FCE2583A2C4D46B3227EAE7630EF144600F4000000000044440000200000000014730F020007800013040000208021DF07070000000C000B003A0000005E0100003F0043003A005C00550073006500720073005C004B005200540049007E0031005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004400490047004900540041007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B000000000006004B007200F6007400690000000000000008000000000000000000010030000000D207030007000000000000000E003A00A00500003C0000000000000001000000010000000000000000000000 <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =>

==================== Loaded Modules (Whitelisted) ==============

2011-02-05 00:42 - 2011-02-05 00:42 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-04-24 13:35 - 2011-04-04 19:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-12-06 12:52 - 2010-12-06 12:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 12:52 - 2010-12-06 12:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2011-06-24 18:59 - 2011-06-24 18:59 - 00061952 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-956779819-3001205292-791293429-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kröti\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C22FFA11-EAC9-41E0-9701-4D7B7833B5D0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{33558809-8BEA-48B3-ACBC-9DDD237D251E}] => (Allow) LPort=2869
FirewallRules: [{50BFD9F3-2E43-4A8B-B542-F5149A550C3F}] => (Allow) LPort=1900
FirewallRules: [{F60F67FC-0DD0-4EC8-8BDF-B819D5D1C7CE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DCE2AA94-7FC1-4ED2-A514-7482685ED4B9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1EF1795D-298A-495F-AF7A-17DC47A38807}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{8FF0C88E-B9FF-43B1-8883-AAA486309812}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{7C3349F3-2021-46CE-927E-56817FBFD1F5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{40FB5519-C8ED-42F7-92FC-739BF579F754}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{ED30EE92-7B5E-4DD7-9627-C96373256F19}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [TCP Query User{F4CEAA77-543D-4C2C-917C-D8119B01BDEE}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{CFA823A7-0429-4180-A00E-DD5F0BBA3EF0}C:\program files (x86)\java\jre6\bin\java.exe] => (Block) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [{51306B6F-FB6E-401A-B284-813EE0AF11B4}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{89D74DB0-A58F-41FC-AEEC-75A62A020BAF}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2015 12:08:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/12/2015 11:57:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2015 04:54:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/05/2015 10:23:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 910

Startzeit: 01d0b71ceb633379

Endzeit: 93

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: bb59c8a0-2353-11e5-912f-bc77370f9465

Error: (07/05/2015 03:29:55 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (07/05/2015 02:31:28 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/05/2015 02:20:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 06:12:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/28/2015 04:55:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 954

Startzeit: 01d0a6a72711f881

Endzeit: 32

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: a3b4d96c-1da5-11e5-b3c2-bc77370f9465

Error: (06/28/2015 12:56:39 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:


System errors:
=============
Error: (07/12/2015 11:57:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/12/2015 11:57:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.

Error: (07/05/2015 02:20:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/05/2015 02:20:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.

Error: (06/14/2015 03:37:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/14/2015 03:37:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (05/14/2015 10:57:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/14/2015 10:57:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.

Error: (05/14/2015 10:57:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/14/2015 10:57:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.


Microsoft Office:
=========================
Error: (07/12/2015 12:08:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/12/2015 11:57:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2015 04:54:16 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/05/2015 10:23:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756791001d0b71ceb63337993C:\Windows\Explorer.EXEbb59c8a0-2353-11e5-912f-bc77370f9465

Error: (07/05/2015 03:29:55 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (07/05/2015 02:31:28 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/05/2015 02:20:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 06:12:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (06/28/2015 04:55:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756795401d0a6a72711f88132C:\Windows\Explorer.EXEa3b4d96c-1da5-11e5-b3c2-bc77370f9465

Error: (06/28/2015 12:56:39 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 30%
Total physical RAM: 4003.01 MB
Available physical RAM: 2790.19 MB
Total Virtual: 8004.21 MB
Available Virtual: 6178.75 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:657.54 GB) (Free:518.96 GB) NTFS
Drive d: (Recover) (Fixed) (Total:37.99 GB) (Free:0.2 GB) NTFS
Drive h: (Transcend) (Removable) (Total:7.47 GB) (Free:7.06 GB) FAT32

==================== MBR & Partition Table ==================

==================== End of log ============================
--- --- ---



Code:
MiniToolBox by Farbar  Version: 01-07-2015
Ran by Kröti (ATTENTION: The logged in user is not administrator) on 12-07-2015 at 12:26:57
Running from "C:\Users\Kröti\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: E7218 Manufacturer: MEDION
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows-IP-Konfiguration

Der DNS-Aufl?sungscache wurde geleert.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Bluetooth Device (Personal Area Network) = Bluetooth-Netzwerkverbindung (Media disconnected)
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = LAN-Verbindung (Media disconnected)
Intel(R) Centrino(R) Wireless-N 1030 = Drahtlosnetzwerkverbindung (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Drahtlosnetzwerkverbindung 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Drahtlosnetzwerkverbindung 3 (Media disconnected)


# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# Ende der IPv4-Konfiguration



Windows-IP-Konfiguration

  Hostname  . . . . . . . . . . . . : Kinnt-PC
  Prim?res DNS-Suffix . . . . . . . :
  Knotentyp . . . . . . . . . . . . : Hybrid
  IP-Routing aktiviert  . . . . . . : Nein
  WINS-Proxy aktiviert  . . . . . . : Nein

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 3:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix:
  Beschreibung. . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
  Physikalische Adresse . . . . . . : BC-77-37-0F-94-62
  DHCP aktiviert. . . . . . . . . . : Ja
  Autokonfiguration aktiviert . . . : Ja

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 2:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix:
  Beschreibung. . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
  Physikalische Adresse . . . . . . : BC-77-37-0F-94-62
  DHCP aktiviert. . . . . . . . . . : Ja
  Autokonfiguration aktiviert . . . : Ja

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix: fritz.box
  Beschreibung. . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 1030
  Physikalische Adresse . . . . . . : BC-77-37-0F-94-61
  DHCP aktiviert. . . . . . . . . . : Ja
  Autokonfiguration aktiviert . . . : Ja

Ethernet-Adapter LAN-Verbindung:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix:
  Beschreibung. . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  Physikalische Adresse . . . . . . : 00-26-2D-C6-C7-54
  DHCP aktiviert. . . . . . . . . . : Ja
  Autokonfiguration aktiviert . . . : Ja

Ethernet-Adapter Bluetooth-Netzwerkverbindung:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix:
  Beschreibung. . . . . . . . . . . : Bluetooth Device (Personal Area Network)
  Physikalische Adresse . . . . . . : BC-77-37-0F-94-65
  DHCP aktiviert. . . . . . . . . . : Ja
  Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 4:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix:
  Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
  Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP aktiviert. . . . . . . . . . : Nein
  Autokonfiguration aktiviert . . . : Ja
Server:  UnKnown
Address:  127.0.0.1

Ping-Anforderung konnte Host "google.com" nicht finden. ?berpr?fen Sie den Namen, und versuchen Sie es erneut.
Server:  UnKnown
Address:  127.0.0.1

Ping-Anforderung konnte Host "yahoo.com" nicht finden. ?berpr?fen Sie den Namen, und versuchen Sie es erneut.

Ping wird ausgef?hrt f?r 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128

Ping-Statistik f?r 127.0.0.1:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
 17...bc 77 37 0f 94 62 ......Microsoft Virtual WiFi Miniport Adapter #2
 16...bc 77 37 0f 94 62 ......Microsoft Virtual WiFi Miniport Adapter
 15...bc 77 37 0f 94 61 ......Intel(R) Centrino(R) Wireless-N 1030
 13...00 26 2d c6 c7 54 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
 12...bc 77 37 0f 94 65 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
    Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
        127.0.0.0        255.0.0.0  Auf Verbindung        127.0.0.1    306
        127.0.0.1  255.255.255.255  Auf Verbindung        127.0.0.1    306
  127.255.255.255  255.255.255.255  Auf Verbindung        127.0.0.1    306
        224.0.0.0        240.0.0.0  Auf Verbindung        127.0.0.1    306
  255.255.255.255  255.255.255.255  Auf Verbindung        127.0.0.1    306
===========================================================================
St?ndige Routen:
  Keine

IPv6-Routentabelle
===========================================================================
Aktive Routen:
 If Metrik Netzwerkziel            Gateway
  1    306 ::1/128                  Auf Verbindung
  1    306 ff00::/8                Auf Verbindung
===========================================================================
St?ndige Routen:
  Keine
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/12/2015 00:08:01 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/12/2015 11:57:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2015 04:54:16 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/05/2015 10:23:50 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 910

Startzeit: 01d0b71ceb633379

Endzeit: 93

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: bb59c8a0-2353-11e5-912f-bc77370f9465

Error: (07/05/2015 03:29:55 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (07/05/2015 02:31:28 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/05/2015 02:20:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 06:12:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/28/2015 04:55:06 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 954

Startzeit: 01d0a6a72711f881

Endzeit: 32

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: a3b4d96c-1da5-11e5-b3c2-bc77370f9465

Error: (06/28/2015 00:56:39 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:


System errors:
=============
Error: (07/12/2015 11:57:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/12/2015 11:57:15 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.

Error: (07/05/2015 02:20:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/05/2015 02:20:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.

Error: (06/14/2015 03:37:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/14/2015 03:37:08 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (05/14/2015 10:57:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/14/2015 10:57:46 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.

Error: (05/14/2015 10:57:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/14/2015 10:57:11 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.


Microsoft Office Sessions:
=========================
Error: (07/12/2015 00:08:01 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/12/2015 11:57:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2015 04:54:16 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/05/2015 10:23:50 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756791001d0b71ceb63337993C:\Windows\Explorer.EXEbb59c8a0-2353-11e5-912f-bc77370f9465

Error: (07/05/2015 03:29:55 PM) (Source: Windows Backup)(User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (07/05/2015 02:31:28 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/05/2015 02:20:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 06:12:06 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (06/28/2015 04:55:06 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756795401d0a6a72711f88132C:\Windows\Explorer.EXEa3b4d96c-1da5-11e5-b3c2-bc77370f9465

Error: (06/28/2015 00:56:39 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:


=========================== Installed Programs ============================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.159.1 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.7 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
AMI VR-pulse OS Switcher (HKLM\...\{EC1369CF-15BD-4FAF-BA84-65E4788C682E}) (Version: 1.1 - American Megatrends Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 8.3.2 - ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 3.12.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 3.4.1 - ashampoo GmbH & Co. KG)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.18.0 - Ask.com)
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.1.26360 - Ask.com)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{65EBED55-4B58-4583-88EC-8190D776BFBB}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}) (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (HKLM-x32\...\{D0BEB150-2046-4F94-AE7B-EA76772592F6}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (HKLM-x32\...\{4433CEC6-DA32-4D7B-BA95-B47C68498287}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (HKLM-x32\...\{2F14F550-0FFC-4285-B673-880744D428A3}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (HKLM-x32\...\{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (HKLM-x32\...\{85E8F38F-0303-401E-A518-0302DF88EB07}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (HKLM-x32\...\{FA6AF809-9A80-423A-A57A-C7D726A04E4C}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (HKLM-x32\...\{E7BE4D1A-B529-448B-8407-889705B65185}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (HKLM-x32\...\{E4BE9367-168B-4B30-B198-EE37C99FB147}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (HKLM-x32\...\{D7E60152-6C65-4982-8840-B6D28BF881BD}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (HKLM-x32\...\{666D7CED-12E0-4BA3-B594-5681961E7B02}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (HKLM-x32\...\{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (HKLM-x32\...\{89BA6E81-B60A-49BC-B283-80560A9E60DF}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (HKLM-x32\...\{34809713-7886-4F6A-B9D5-CC74DBC1C77E}) (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (HKLM-x32\...\{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (HKLM-x32\...\{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}) (Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (HKLM-x32\...\{834F4E2F-E9DF-4FA9-8499-FF6B91012898}) (Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.0.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2731.02 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
ElsterFormular (HKLM-x32\...\ElsterFormular 13.0.0.8086p) (Version: 13.0.0.8086p - Landesfinanzdirektion Thüringen)
Fotogalerija Windows Live (HKLM-x32\...\{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 7.0.517.43 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{C7B40C35-85AE-4303-9EEA-1A1EA779664D}) (Version: 1.0.2.0518 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{794E5C90-96E5-4413-B3F5-C803205AE30C}) (Version: 14.0.3000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KompoZer 0.8b3 (HKLM-x32\...\{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1) (Version:  - KompoZer)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.3 - Wistron Corp.)
Medion Home Cinema (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.35 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 12.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla)
Mozilla Firefox 38.0.1 (x86 de) (HKCU\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Passbild-Generator v3.6b (HKLM-x32\...\Passbild-Generator_is1) (Version:  - Passbild-Generator)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pošta Windows Live (HKLM-x32\...\{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (HKLM-x32\...\{ED16B700-D91F-44B0-867C-7EB5253CA38D}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (HKLM-x32\...\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}) (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.5.201304180917 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Update for Zip Extractor (HKCU\...\DigitalSite) (Version:  - )
Versandhelfer (HKLM-x32\...\{9C8A84AE-BCE5-E696-3DC2-D30BE2C7AA59}) (Version: 0.9.511 - Deutsche Post AG) Hidden
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VR-pulse Installer (HKLM\...\{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}) (Version: 1.4.0 - American Megatrends Inc.)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
X10 Hardware(TM) (HKLM-x32\...\X10Hardware) (Version:  - )

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 4003.01 MB
Available physical RAM: 2801.16 MB
Total Virtual: 8004.21 MB
Available Virtual: 6128.42 MB

========================= Partitions: =====================================

1 Drive c: (Boot) (Fixed) (Total:657.54 GB) (Free:518.96 GB) NTFS
2 Drive d: (Recover) (Fixed) (Total:37.99 GB) (Free:0.2 GB) NTFS
4 Drive h: (Transcend) (Removable) (Total:7.47 GB) (Free:7.06 GB) FAT32

========================= Users: ========================================

Benutzerkonten fr \\KINNT-PC

Administrator            Gast                    Kinnt                   
Kr”ti                    schrauber               
Der Befehl wurde erfolgreich ausgefhrt.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

Ich hoffe, Du kannst daraus schlau werden... :-)

schrauber 12.07.2015 16:10
Unsere Tools brauchen immer Adminrechte!

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Ask Toolbar

    Ask Toolbar Updater

    Update for Zip Extractor


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

carabelli 12.07.2015 17:53
Hallo schrauber,

beim Punkt Revo Uninstaller habe ich das "Update for Zip Extractor" nicht gefunden...??

Dafür habe ich dann gleich den "spybot" mit gelöscht, weil ich ja eh nicht damit klar kam.

Hier der Combofix:

Code:
ComboFix 15-07-12.01 - Kinnt 12.07.2015  18:15:10.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4003.1793 [GMT 2:00]
ausgeführt von:: c:\users\Kinnt\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Kinnt\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\msdownld.tmp
c:\windows\SysWow64\SET7538.tmp
c:\windows\SysWow64\SET7CBA.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-06-12 bis 2015-07-12  ))))))))))))))))))))))))))))))
.
.
2015-07-12 16:30 . 2015-07-12 16:30        --------        d-----w-        c:\users\schrauber\AppData\Local\temp
2015-07-12 15:45 . 2015-07-12 15:45        --------        d-----w-        c:\users\Kinnt\Revo Uninstaller
2015-07-12 10:13 . 2015-07-12 10:15        --------        d-----w-        C:\FRST
2015-07-05 17:49 . 2015-07-09 15:00        --------        d-----w-        c:\users\Kröti\AppData\Local\Mozilla Firefox
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-28 13:02 . 2013-07-20 10:26        153256        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2015-06-28 13:02 . 2013-07-20 10:26        132656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2015-05-14 15:47 . 2015-05-14 15:47        0        ----a-w-        c:\windows\SysWow64\sho25DA.tmp
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-10-31 449760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2010-12-15 207400]
"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2010-06-21 436264]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-06-28 730416]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-01-27 295072]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-05-21 130864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-6-24 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 mod7764;Tv Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys;c:\windows\SYSNATIVE\DRIVERS\mod77-64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe;c:\program files (x86)\Launch Manager\WisLMSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe;c:\program files (x86)\watchmi\TvdService.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys;c:\windows\SYSNATIVE\Drivers\x10hid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 10:08]
.
2015-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 10:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-28 2207848]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-02-11 10361616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.startfenster.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{068A56BD-6EB1-4B21-8D19-9DEDC5055FE3}: NameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{B4482F7F-A83F-4F99-A838-ED81B63E6132}: NameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{C12BDE71-E96A-40D5-9BB0-7B00C6886BCB}: NameServer = 139.7.30.125 139.7.30.126
FF - ProfilePath - c:\users\Kinnt\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vnqvb.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.startfenster.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-LMgrOSD - c:\program files (x86)\Launch Manager\OSDCtrl.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\progra~2\COMMON~1\X10\Common\x10nets.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-07-12  18:45:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-07-12 16:45
.
Vor Suchlauf: 8 Verzeichnis(se), 560.939.028.480 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 561.793.957.888 Bytes frei
.
- - End Of File - - AC4BC927BA906E9057D01FD0F91B2664
Mir ein Rätsel was Du aus solchen Zifferkolonnen erkennen kannst :daumenhoc

schrauber 13.07.2015 08:59
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

carabelli 15.07.2015 14:35
Hallo schrauber,

[CODE][Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 13.07.2015
Suchlauf-Zeit: 22:17:18
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Kinnt

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 456189
Verstrichene Zeit: 35 Min, 21 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 1
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-956779819-3001205292-791293429-1001\SOFTWARE\DSiteProducts, In Quarantäne, [6f0a152e602a75c1a0d854dfa56045bb],

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 1
PUP.Optional.DigitalSite.A, C:\Users\Kröti\AppData\Roaming\DigitalSite\UpdateProc, In Quarantäne, [d6a3a2a196f41a1c9e47ba3d2ed5a55b],

Dateien: 6
PUP.Optional.DigitalSite.A, C:\Users\Kröti\AppData\Roaming\DigitalSite\UpdateProc\config.dat, In Quarantäne, [d6a3a2a196f41a1c9e47ba3d2ed5a55b],
PUP.Optional.DigitalSite.A, C:\Users\Kröti\AppData\Roaming\DigitalSite\UpdateProc\info.dat, In Quarantäne, [d6a3a2a196f41a1c9e47ba3d2ed5a55b],
PUP.Optional.DigitalSite.A, C:\Users\Kröti\AppData\Roaming\DigitalSite\UpdateProc\prod.dat, In Quarantäne, [d6a3a2a196f41a1c9e47ba3d2ed5a55b],
PUP.Optional.DigitalSite.A, C:\Users\Kröti\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT, In Quarantäne, [d6a3a2a196f41a1c9e47ba3d2ed5a55b],
PUP.Optional.DigitalSite.A, C:\Users\Kröti\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT, In Quarantäne, [d6a3a2a196f41a1c9e47ba3d2ed5a55b],
PUP.Optional.Ask.A, C:\Users\Kröti\AppData\Roaming\Mozilla\Firefox\Profiles\h0r430ur.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=&locale=&apn_uid=0E34E273-7097-46CA-8FEA-D928CBABF0EC&apn_ptnrs=&apn_sauid=390A4916-3EA9-4C16-944E-55A091C92241&apn_dtid=Ersetzt,[df9a4201aedca4923e9b9985b056a957]E&&q=");), Ersetzt,[df9a4201aedca4923e9b9985b056a957]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)/CODE]

Code:
# AdwCleaner v4.208 - Bericht erstellt 14/07/2015 um 19:52:51
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-09.2 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Kinnt - KINNT-PC
# Gestarted von : C:\Users\Kinnt\Desktop\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Kröti\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Kröti\AppData\Roaming\digitalsite
Datei Gelöscht : C:\Users\Kröti\AppData\Roaming\WBPU-Q5-TTL.DAT
Datei Gelöscht : C:\Users\Kröti\AppData\Roaming\WBPU-TTL.DAT
Datei Gelöscht : C:\Users\Kröti\AppData\Roaming\Mozilla\Firefox\Profiles\h0r430ur.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Kinnt\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vnqvb.default\searchplugins\Askcom.xml

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31E0EB79-DC54-4E07-BD10-D4305AF0E4D1}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17728

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v12.0 (de)

[hj1vnqvb.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");
[hj1vnqvb.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
[hj1vnqvb.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.startfenster.com");
[hj1vnqvb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledAddons", "toolbar@ask.com:3.15.18.100015,{972ce4c6-7e08-4474-a285-3208198ce6fd}:12.0");
[h0r430ur.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[h0r430ur.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");
[h0r430ur.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
[8ll4b157.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.tweaktube.addit.remoteInstallItems", "{ \"software\": {\"20\": {\"id\": \"20\",\"title\": \"Babylon\",\"type\": \"EXE\",\"url\": \"hxxps://www.softpublisher.com/partners/rd/babyl[...]
[8ll4b157.default\prefs.js] - Zeile Gelöscht : user_pref("tweaktube.pref.cacheInfo", "({'hxxp://wedata.net/databases/AutoPagerize/items.json':{url:\"hxxp://wedata.net/databases/AutoPagerize/items.json\", expire:(new Date(1322250070394)), info:[{ur[...]

-\\ Google Chrome v7.0.517.43


*************************

AdwCleaner[R0].txt - [4050 Bytes] - [14/07/2015 19:50:11]
AdwCleaner[S0].txt - [3896 Bytes] - [14/07/2015 19:52:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3955  Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.6 (07.12.2015:2)
OS: Windows 7 Home Premium x64
Ran by Kinnt on 14.07.2015 at 20:00:54,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho24A4.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho25DA.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho57EB.tmp



~~~ Folders



~~~ Chrome


[C:\Users\Kinnt\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Kinnt\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Kinnt\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Kinnt\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.07.2015 at 20:04:13,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by Kinnt (administrator) on KINNT-PC on 14-07-2015 20:36:56
Running from C:\Users\Kröti\Desktop
Loaded Profiles: Kinnt & Kröti (Available Profiles: Kinnt & Kröti & schrauber)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-05] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2010-12-16] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295072 2013-01-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-956779819-3001205292-791293429-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {138fafc4-8b9c-11e1-b97e-bc77370f9465} - F:\AutoRun.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {138fafed-8b9c-11e1-b97e-bc77370f9465} - F:\AutoRun.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {21ed6151-9a1a-11e1-b8e2-bc77370f9465} - F:\AutoRun.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {2a798a25-6691-11e4-b68a-bc77370f9465} - F:\Startme.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {eeb085eb-13eb-11e2-8ef4-bc77370f9465} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2011-06-24]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-956779819-3001205292-791293429-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-956779819-3001205292-791293429-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-956779819-3001205292-791293429-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\S-1-5-21-956779819-3001205292-791293429-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-24] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-24] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-956779819-3001205292-791293429-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-956779819-3001205292-791293429-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Tcpip\..\Interfaces\{068A56BD-6EB1-4B21-8D19-9DEDC5055FE3}: [NameServer] 139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{2C98CD9E-06C7-4B36-AC4B-6E3E3B0E020D}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B4482F7F-A83F-4F99-A838-ED81B63E6132}: [NameServer] 139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{C12BDE71-E96A-40D5-9BB0-7B00C6886BCB}: [NameServer] 139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\Kinnt\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vnqvb.default
FF DefaultSearchEngine: Google
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-24] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2011-09-07] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-01-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-12-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-12-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-01-27] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-27]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-28] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-05] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [File not signed]
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-25] (Avira Operations GmbH & Co. KG)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-04-22] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 20:04 - 2015-07-14 20:04 - 00001247 _____ C:\Users\Kinnt\Desktop\JRT.txt
2015-07-14 20:01 - 2015-07-14 20:01 - 00000207 _____ C:\Windows\tweaking.com-regbackup-KINNT-PC-Windows-7-Home-Premium-(64-bit).dat
2015-07-14 20:00 - 2015-07-14 20:00 - 00000000 ____D C:\RegBackup
2015-07-14 19:57 - 2015-07-14 19:57 - 00004047 _____ C:\Users\Kinnt\Desktop\adwcleaner.txt
2015-07-14 19:49 - 2015-07-14 19:52 - 00000000 ____D C:\AdwCleaner
2015-07-13 23:31 - 2015-07-13 23:31 - 00002550 _____ C:\Users\Kinnt\Desktop\mbam.txt
2015-07-13 22:16 - 2015-07-13 22:16 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 22:15 - 2015-07-13 22:15 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-13 22:15 - 2015-07-13 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-13 22:15 - 2015-07-13 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 22:15 - 2015-07-13 22:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-13 22:15 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-13 22:15 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-13 22:15 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-13 16:00 - 2015-07-13 16:00 - 03034492 _____ (Malwarebytes Corporation) C:\Users\Kinnt\Desktop\JRT.exe
2015-07-13 15:59 - 2015-07-13 15:59 - 02248704 _____ C:\Users\Kinnt\Desktop\AdwCleaner_4.208.exe
2015-07-13 15:58 - 2015-07-13 15:58 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Kinnt\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-12 18:45 - 2015-07-12 18:45 - 00021059 _____ C:\ComboFix.txt
2015-07-12 18:10 - 2015-07-12 18:46 - 00000000 ____D C:\Qoobox
2015-07-12 18:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-12 18:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-12 18:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-12 18:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-12 18:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-12 18:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-12 18:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-12 18:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-12 18:09 - 2015-07-12 18:43 - 00000000 ____D C:\Windows\erdnt
2015-07-12 17:45 - 2015-07-12 17:45 - 00000919 _____ C:\Users\Kinnt\Desktop\Revo Uninstaller.lnk
2015-07-12 17:33 - 2015-07-12 17:34 - 05632449 ____R (Swearware) C:\Users\Kinnt\Desktop\ComboFix.exe
2015-07-12 12:26 - 2015-07-12 12:27 - 00033786 _____ C:\Users\Kröti\Desktop\Result.txt
2015-07-12 12:14 - 2015-07-12 12:15 - 00029782 _____ C:\Users\Kröti\Desktop\Addition.txt
2015-07-12 12:13 - 2015-07-14 20:37 - 00000000 ____D C:\FRST
2015-07-12 12:13 - 2015-07-14 20:36 - 00022248 _____ C:\Users\Kröti\Desktop\FRST.txt
2015-07-12 12:05 - 2015-07-12 12:06 - 00892928 _____ (Farbar) C:\Users\Kröti\Desktop\MiniToolBox.exe
2015-07-12 12:01 - 2015-07-12 12:01 - 02130944 _____ (Farbar) C:\Users\Kröti\Desktop\FRST64.exe
2015-07-05 22:14 - 2015-07-05 22:22 - 00034227 _____ C:\Users\Kröti\Desktop\Krankheiten2.txt
2015-07-05 21:06 - 2015-07-05 21:06 - 00001124 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-05 19:49 - 2015-07-09 17:00 - 00000000 ____D C:\Users\Kröti\AppData\Local\Mozilla Firefox
2015-06-28 13:47 - 2015-07-09 19:45 - 00036563 _____ C:\Users\Kröti\Desktop\Andrea.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 20:37 - 2011-04-24 01:02 - 00700134 _____ C:\Windows\system32\perfh007.dat
2015-07-14 20:37 - 2011-04-24 01:02 - 00149984 _____ C:\Windows\system32\perfc007.dat
2015-07-14 20:37 - 2009-07-14 07:13 - 01622300 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 20:36 - 2011-06-25 03:54 - 01208569 _____ C:\Windows\WindowsUpdate.log
2015-07-14 20:34 - 2011-06-24 18:56 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 20:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 20:30 - 2009-07-14 06:51 - 00081135 _____ C:\Windows\setupact.log
2015-07-14 20:08 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 20:08 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-14 19:46 - 2011-06-24 18:56 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 19:43 - 2010-11-21 05:47 - 00490720 _____ C:\Windows\PFRO.log
2015-07-12 18:46 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-12 18:33 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-12 17:59 - 2015-05-14 19:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-12 17:57 - 2015-05-14 19:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-12 17:49 - 2011-06-24 19:11 - 00000000 ____D C:\Users\Kinnt\AppData\Local\Google
2015-07-12 17:47 - 2012-12-22 16:20 - 00000000 ____D C:\Users\Kinnt\AppData\Roaming\Avira
2015-07-12 17:45 - 2011-06-24 20:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-12 17:45 - 2011-06-24 19:02 - 00000000 ____D C:\Users\Kinnt
2015-07-12 14:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-07-12 11:56 - 2012-11-25 11:32 - 00000000 ____D C:\ProgramData\Avira
2015-07-05 21:06 - 2014-11-23 19:10 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-05 21:06 - 2012-11-25 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-05 21:06 - 2012-11-25 11:32 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-05 19:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-05 19:33 - 2012-12-02 20:19 - 00158161 _____ C:\Users\Kröti\Desktop\Geschreibsel.txt
2015-06-28 18:12 - 2011-06-25 14:31 - 00000000 ____D C:\Users\Kröti\AppData\Roaming\SoftGrid Client
2015-06-28 15:06 - 2011-06-24 19:56 - 00093224 _____ C:\Users\Kröti\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-28 15:02 - 2013-07-20 12:26 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-28 15:02 - 2013-07-20 12:26 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-14 15:40 - 2011-06-28 11:43 - 00000000 ____D C:\Users\Kröti\Desktop\deskmüll
2015-06-14 15:37 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

Some files in TEMP:
====================
C:\Users\Kinnt\AppData\Local\Temp\avgnt.exe
C:\Users\Kinnt\AppData\Local\Temp\Quarantine.exe
C:\Users\Kinnt\AppData\Local\Temp\sqlite3.dll
C:\Users\Kröti\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 23:10

==================== End of log ============================
:crazy:

schrauber 16.07.2015 07:36

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

carabelli 18.07.2015 10:47
Hallo schrauber,

eset hat zwei Bedrohungen gefunden

Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8ea935044df76b4ebca8df19afc41444
# end=init
# utc_time=2015-07-16 06:40:52
# local_time=2015-07-16 08:40:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24836
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8ea935044df76b4ebca8df19afc41444
# end=updated
# utc_time=2015-07-16 06:47:05
# local_time=2015-07-16 08:47:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=8ea935044df76b4ebca8df19afc41444
# engine=24836
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-16 08:51:49
# local_time=2015-07-16 10:51:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 60864650 188709759 0 0
# scanned=297167
# found=2
# cleaned=0
# scan_time=7484
sh=C8021421B644A33957E2332002DA544D70947E54 ft=1 fh=16a434f7182a6edd vn="Win32/StartPage.OPH Trojaner" ac=I fn="C:\Users\Kröti\Downloads\vlc-2.0.1-win32.exe"
sh=2153D234D166D72F04F9870D9541869CCADAB151 ft=1 fh=67447e761e537db3 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\TOOLS\Medion MediaPack\medion_mediapack_ext.exe"
Code:
Results of screen317's Security Check version 1.004 
 Windows 7 Service Pack 1 x64 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus 
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java(TM) 6 Update 24 
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 10.1.1 Adobe Reader out of Date! 
 Mozilla Firefox 12.0 Firefox out of Date! 
 Google Chrome 7.0.517.43 Google Chrome out of date! 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by Kinnt (administrator) on KINNT-PC on 18-07-2015 10:01:04
Running from C:\Users\Kröti\Desktop
Loaded Profiles: Kinnt & Kröti (Available Profiles: Kinnt & Kröti & schrauber)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-05] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2010-12-16] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295072 2013-01-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-956779819-3001205292-791293429-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {138fafc4-8b9c-11e1-b97e-bc77370f9465} - F:\AutoRun.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {138fafed-8b9c-11e1-b97e-bc77370f9465} - F:\AutoRun.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {21ed6151-9a1a-11e1-b8e2-bc77370f9465} - F:\AutoRun.exe
HKU\S-1-5-21-956779819-3001205292-791293429-1001\...\MountPoints2: {2a798a25-6691-11e4-b68a-bc77370f9465} - F:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2011-06-24]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-956779819-3001205292-791293429-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-956779819-3001205292-791293429-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-956779819-3001205292-791293429-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\S-1-5-21-956779819-3001205292-791293429-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-24] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-24] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-956779819-3001205292-791293429-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-956779819-3001205292-791293429-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Tcpip\..\Interfaces\{068A56BD-6EB1-4B21-8D19-9DEDC5055FE3}: [NameServer] 139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{2C98CD9E-06C7-4B36-AC4B-6E3E3B0E020D}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B4482F7F-A83F-4F99-A838-ED81B63E6132}: [NameServer] 139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{C12BDE71-E96A-40D5-9BB0-7B00C6886BCB}: [NameServer] 139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\Kinnt\AppData\Roaming\Mozilla\Firefox\Profiles\hj1vnqvb.default
FF DefaultSearchEngine: Google
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-24] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2011-09-07] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-01-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-12-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-12-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-01-27] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-27]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-28] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-05] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] () [File not signed]
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-25] (Avira Operations GmbH & Co. KG)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-04-22] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 20:27 - 2015-07-16 20:27 - 00852662 _____ C:\Users\Kinnt\Desktop\SecurityCheck.exe
2015-07-16 20:17 - 2015-07-16 20:18 - 02870984 _____ (ESET) C:\Users\Kröti\Desktop\esetsmartinstaller_deu.exe
2015-07-14 20:04 - 2015-07-14 20:04 - 00001247 _____ C:\Users\Kinnt\Desktop\JRT.txt
2015-07-14 20:01 - 2015-07-14 20:01 - 00000207 _____ C:\Windows\tweaking.com-regbackup-KINNT-PC-Windows-7-Home-Premium-(64-bit).dat
2015-07-14 20:00 - 2015-07-14 20:00 - 00000000 ____D C:\RegBackup
2015-07-14 19:57 - 2015-07-14 19:57 - 00004047 _____ C:\Users\Kinnt\Desktop\adwcleaner.txt
2015-07-14 19:49 - 2015-07-14 19:52 - 00000000 ____D C:\AdwCleaner
2015-07-13 23:31 - 2015-07-13 23:31 - 00002550 _____ C:\Users\Kinnt\Desktop\mbam.txt
2015-07-13 22:16 - 2015-07-13 22:16 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 22:15 - 2015-07-13 22:15 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-13 22:15 - 2015-07-13 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-13 22:15 - 2015-07-13 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 22:15 - 2015-07-13 22:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-13 22:15 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-13 22:15 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-13 22:15 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-13 16:00 - 2015-07-13 16:00 - 03034492 _____ (Malwarebytes Corporation) C:\Users\Kinnt\Desktop\JRT.exe
2015-07-13 15:59 - 2015-07-13 15:59 - 02248704 _____ C:\Users\Kinnt\Desktop\AdwCleaner_4.208.exe
2015-07-13 15:58 - 2015-07-13 15:58 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Kinnt\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-12 18:45 - 2015-07-12 18:45 - 00021059 _____ C:\ComboFix.txt
2015-07-12 18:10 - 2015-07-12 18:46 - 00000000 ____D C:\Qoobox
2015-07-12 18:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-12 18:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-12 18:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-12 18:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-12 18:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-12 18:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-12 18:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-12 18:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-12 18:09 - 2015-07-12 18:43 - 00000000 ____D C:\Windows\erdnt
2015-07-12 17:45 - 2015-07-12 17:45 - 00000919 _____ C:\Users\Kinnt\Desktop\Revo Uninstaller.lnk
2015-07-12 17:33 - 2015-07-12 17:34 - 05632449 ____R (Swearware) C:\Users\Kinnt\Desktop\ComboFix.exe
2015-07-12 12:26 - 2015-07-12 12:27 - 00033786 _____ C:\Users\Kröti\Desktop\Result.txt
2015-07-12 12:14 - 2015-07-12 12:15 - 00029782 _____ C:\Users\Kröti\Desktop\Addition.txt
2015-07-12 12:13 - 2015-07-18 10:01 - 00021976 _____ C:\Users\Kröti\Desktop\FRST.txt
2015-07-12 12:13 - 2015-07-18 10:01 - 00000000 ____D C:\FRST
2015-07-12 12:05 - 2015-07-12 12:06 - 00892928 _____ (Farbar) C:\Users\Kröti\Desktop\MiniToolBox.exe
2015-07-12 12:01 - 2015-07-12 12:01 - 02130944 _____ (Farbar) C:\Users\Kröti\Desktop\FRST64.exe
2015-07-05 22:14 - 2015-07-05 22:22 - 00034227 _____ C:\Users\Kröti\Desktop\Krankheiten2.txt
2015-07-05 21:06 - 2015-07-16 20:45 - 00001124 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-05 19:49 - 2015-07-09 17:00 - 00000000 ____D C:\Users\Kröti\AppData\Local\Mozilla Firefox
2015-06-28 13:47 - 2015-07-09 19:45 - 00036563 _____ C:\Users\Kröti\Desktop\Andrea.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-18 09:59 - 2011-06-25 03:54 - 01248229 _____ C:\Windows\WindowsUpdate.log
2015-07-18 09:59 - 2011-06-24 18:56 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-18 09:51 - 2011-06-24 18:56 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-18 09:46 - 2011-04-24 01:02 - 00700134 _____ C:\Windows\system32\perfh007.dat
2015-07-18 09:46 - 2011-04-24 01:02 - 00149984 _____ C:\Windows\system32\perfc007.dat
2015-07-18 09:46 - 2009-07-14 07:13 - 01622300 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 20:46 - 2011-06-24 18:56 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 20:46 - 2011-06-24 18:56 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 20:45 - 2014-11-23 19:10 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-16 20:45 - 2012-11-25 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-16 20:45 - 2012-11-25 11:32 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-16 20:45 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-16 20:45 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-14 20:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 20:49 - 2009-07-14 06:51 - 00081191 _____ C:\Windows\setupact.log
2015-07-14 19:43 - 2010-11-21 05:47 - 00490720 _____ C:\Windows\PFRO.log
2015-07-12 18:46 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-12 18:33 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-12 17:59 - 2015-05-14 19:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-12 17:57 - 2015-05-14 19:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-12 17:49 - 2011-06-24 19:11 - 00000000 ____D C:\Users\Kinnt\AppData\Local\Google
2015-07-12 17:47 - 2012-12-22 16:20 - 00000000 ____D C:\Users\Kinnt\AppData\Roaming\Avira
2015-07-12 17:45 - 2011-06-24 20:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-12 17:45 - 2011-06-24 19:02 - 00000000 ____D C:\Users\Kinnt
2015-07-12 14:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-07-12 11:56 - 2012-11-25 11:32 - 00000000 ____D C:\ProgramData\Avira
2015-07-05 19:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-05 19:33 - 2012-12-02 20:19 - 00158161 _____ C:\Users\Kröti\Desktop\Geschreibsel.txt
2015-06-28 18:12 - 2011-06-25 14:31 - 00000000 ____D C:\Users\Kröti\AppData\Roaming\SoftGrid Client
2015-06-28 15:06 - 2011-06-24 19:56 - 00093224 _____ C:\Users\Kröti\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-28 15:02 - 2013-07-20 12:26 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-28 15:02 - 2013-07-20 12:26 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

Some files in TEMP:
====================
C:\Users\Kinnt\AppData\Local\Temp\avgnt.exe
C:\Users\Kinnt\AppData\Local\Temp\Quarantine.exe
C:\Users\Kinnt\AppData\Local\Temp\sqlite3.dll
C:\Users\Kröti\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 23:10

==================== End of log ============================
Was mich wundert, das da an die 300.000 Dateien geprüft wurden... ich hab doch eigentlich nur selbstgeschossene Fotos drauf. Kann ein Virus quasi selbstständig vervielfältigen bis die Festplatte "platzt"??

Und ich habe vor der Anmeldung hier meine Bilder nochmal auf einer externen Festplatte kopiert. Falls ich die beim nächsten Mal andocke, tappe ich da wieder in eine Falle? Wie finde ich heraus das der Intenso sauber ist? Alles löschen, formatieren und eine frische Sicherung vom sauberen Laptop drauf ziehen?

Ich danke Dir bis hierher schon mal für Deine Hilfe und Mühe :applaus:

edit: aaach, Mist, ich hatte da wohl was falsch verstanden, den eset-scanner hätte ich MIT externe Festplatte laufen lassen sollen, richtig??

schrauber 18.07.2015 13:40
Eigentlich schon :).

Kannst aber auch die PLatte jetzt anklemmen, mit MBAM scannen, und hiermit:

Lade Dir bitte von hier Emsisoft Emergency Kit Download Emsisoft Emergency Kit herunter.
  • Bitte installiere das Programm in den vorgegebenen Pfad.
  • Starte das Programm durch Doppelklick der Desktopverknüpfung.
  • Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
  • Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.


carabelli 19.07.2015 11:19
Also alle Sticks, externe Festplatte nochmal mit mbam gescannt:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 19.07.2015
Suchlauf-Zeit: 11:03:30
Logdatei: mbam2.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Kinnt

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 457731
Verstrichene Zeit: 33 Min, 19 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
und mit emsisoft, der hat 7 Sachen gefunden:

Code:
Emsisoft Emergency Kit - Version 10.0
Letztes Update: 7/19/2015 12:02:23 PM
Benutzerkonto: Kinnt-PC\Kinnt

Scan-Einstellungen:

Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Traces, Dateien

PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn:        7/19/2015 12:05:37 PM
Value: HKEY_USERS\S-1-5-21-956779819-3001205292-791293429-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        Gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-956779819-3001205292-791293429-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        Gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-956779819-3001205292-791293429-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        Gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-956779819-3001205292-791293429-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-956779819-3001205292-791293429-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-956779819-3001205292-791293429-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Gefunden: Setting.DisableRegistryTools (A)

Gescannt:        71883
Gefunden        7

Scan-Ende:        7/19/2015 12:10:04 PM
Scan-Zeit:        0:04:27

Value: HKEY_USERS\S-1-5-21-956779819-3001205292-791293429-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-956779819-3001205292-791293429-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-956779819-3001205292-791293429-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS        Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-956779819-3001205292-791293429-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        Quarantäne Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-956779819-3001205292-791293429-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        Quarantäne Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-956779819-3001205292-791293429-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR        Quarantäne Setting.DisableTaskMgr (A)

Quarantäne        7
Kann eigentlich auch der surfstick mit infiziert sein? (benutze momentan den von meiner Mutter...)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:33 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131