Meine WEB.de-Adresse verschickt automatisch Spam

schrauber · 15.10.2014, 18:25

Zitat:

Oje, reden wir lieber nicht von den Internet Explorer und deren unglaublichen Schnelligkeit...

Das hilft mir nit weiter. Zur Not Chrome installieren und testen.

magigstar · 28.10.2014, 18:53

Nachdem ich Chrome installiert habe, merke ich, dass auch Chrome ein wenig braucht um überhaupt in Erscheiniung zu treten. Das Surfen geht schnell, aber bis Chrome gestartet ist, braucht das ne Weile...

Ich surfe mit Firefox und nebenbei läuft ein Video im Chrome... dieses Video stoppt immer und manchmal sogar mit seltsamen hässlichen Tonverzerrungen.
Ist das normal? Muss man Chrome aktiv halten um das Video anzuschauen? Kann nicht sein, denn momentan läuft das Video...

schrauber · 29.10.2014, 18:21

Nö muss nit. Man sollte enfach nicht 2 Browser nebeneinander gleichzeitig betreiben. Das kann schon mal schlecht sein.

magigstar · 01.11.2014, 17:09

Ok,
ich habe den Chrome benutzt.. zugegeben, er ist beim Laden schneller.. aber als ich den Notebook eingeschaltet habe und dann ich den Chrome angeklickt habe, hat er schon auf sich warten lassen, bis er wirklich "da war"... wenn er erstmal da ist, läuft er...

Aber Chrome ist ein Datensammler hoch zwanzig, finde ich....

schrauber · 02.11.2014, 08:09

Das sollte ja auch nur ein Test ein. Also alle Browser haben das gleiche Problem?

Poste mal bitte frische FRST logs.

magigstar · 02.11.2014, 22:30

Ein frisches FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by XXXXX XXXXX (administrator) on ARBEITSCOMPUTER on 02-11-2014 22:24:37
Running from C:\Users\XXXXX XXXXX\Desktop
Loaded Profile: XXXXX XXXXX (Available profiles: XXXXX XXXXX & XXXXX & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Windows\snuvcdsm.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Mirko Böer) C:\Program Files (x86)\SSS\SimpleScreenshot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mirko Böer) C:\Program Files\AmP\AmP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3942216 2011-01-25] (O&O Software GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SimpleScreenshot] => C:\Program Files (x86)\SSS\SIMPLESCREENSHOT.EXE [2255360 2008-02-09] (Mirko Böer)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\1cnxqcgo.default
FF Homepage: https://www.edudip.com/webinar/3-Schritte-f%C3%BCr-sofort-mehr-Energie-%3A-%29/107888|hxxp://www.mietwagen-talk.de/unfall-schaden-panne/15971-pl-tzlicher-schaden-an-mietwagen-von-dollar/|hxxp://hartz.info/index.php?topic=83912.45|hxxp://www.trojaner-board.de/157844-web-de-adresse-verschickt-automatisch-spam-7.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\1cnxqcgo.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR Profile: C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Docs) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google-Suche) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Avira Browser Safety) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Google Mail) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 HPSLPSVC; C:\Users\XXXXX XXXXX\AppData\Local\Temp\7zS1D89\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 22:24 - 2014-11-02 22:25 - 00021664 _____ () C:\Users\XXXXX XXXXX\Desktop\FRST.txt
2014-11-02 22:24 - 2014-11-02 22:24 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\FRST-OlderVersion
2014-11-02 21:54 - 2014-11-02 21:54 - 00000000 ____D () C:\Users\XXXXX\Desktop\div. Briefe
2014-11-01 21:01 - 2014-11-01 21:01 - 00000282 _____ () C:\Users\XXXXX XXXXX\Desktop\Schäffer-Poeschel Verlag für Wirtschaft · Steuern · Recht.URL
2014-10-31 19:45 - 2014-10-31 19:45 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\PDF24
2014-10-31 19:44 - 2014-10-31 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-10-31 19:44 - 2014-10-31 19:44 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-10-31 19:43 - 2014-10-31 19:43 - 16327512 _____ (Geek Software GmbH ) C:\Users\XXXXX XXXXX\Downloads\pdf24-creator-6.8.0.exe
2014-10-31 19:39 - 2014-10-31 19:39 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Opera Software
2014-10-31 19:39 - 2014-10-31 19:39 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Opera Software
2014-10-31 19:38 - 2014-10-31 19:39 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-31 19:37 - 2014-10-31 19:37 - 00827904 _____ (CoolPDF Software, Inc) C:\Users\XXXXX XXXXX\Downloads\pdfmark_CB-DL-Manager [1].exe
2014-10-31 19:37 - 2014-10-31 19:37 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\StormFall
2014-10-31 19:36 - 2014-10-31 19:36 - 00847040 _____ ( ) C:\Users\XXXXX XXXXX\Downloads\pdfmark_CB-DL-Manager.exe
2014-10-30 22:35 - 2014-10-30 22:35 - 00014402 _____ () C:\Users\XXXXX XXXXX\AppData\Local\recently-used.xbel
2014-10-30 21:42 - 2014-10-30 21:42 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner (3)
2014-10-26 21:13 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMB111.dll
2014-10-26 21:01 - 2014-10-26 21:03 - 65671128 _____ () C:\Users\XXXXX XXXXX\Downloads\PS5520_1315-1.exe
2014-10-25 07:01 - 2014-10-25 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-25 06:48 - 2014-10-25 06:48 - 00880272 _____ (Google Inc.) C:\Users\XXXXX XXXXX\Downloads\ChromeSetup.exe
2014-10-22 19:18 - 2014-10-22 19:18 - 00001747 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-22 19:18 - 2014-10-22 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-22 19:17 - 2014-10-22 19:18 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-22 19:17 - 2014-10-22 19:18 - 00000000 ____D () C:\Program Files\iTunes
2014-10-22 19:17 - 2014-10-22 19:18 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-22 19:17 - 2014-10-22 19:17 - 00000000 ____D () C:\Program Files\iPod
2014-10-21 22:46 - 2014-10-21 23:08 - 824646136 _____ (Microsoft Corporation) C:\Users\XXXXX XXXXX\Downloads\proplussp2013-kb2817430-fullfile-x64-de-de.exe
2014-10-20 05:30 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-20 05:30 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-20 05:30 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-20 05:30 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-20 05:30 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-20 05:30 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-20 05:30 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-20 05:30 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-20 05:30 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-20 05:30 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-20 05:30 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-20 05:30 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-20 05:30 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-20 05:30 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-20 05:30 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-20 05:30 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-20 05:30 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-20 05:30 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-20 05:30 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-20 05:30 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-20 05:30 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-20 05:30 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-20 05:30 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-20 05:30 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-20 05:30 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-20 05:30 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-20 05:30 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-20 05:30 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-20 05:30 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-20 05:30 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-20 05:30 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-20 05:30 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-20 05:30 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-20 05:30 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-20 05:30 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-20 05:30 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-20 05:30 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-20 05:30 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-20 05:30 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-20 05:30 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-20 05:30 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-20 05:30 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-20 05:30 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-20 05:30 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-20 05:30 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-20 05:30 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-20 05:30 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-20 05:30 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-20 05:30 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-20 05:30 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-20 05:30 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-20 05:30 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-20 05:30 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-20 05:30 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-20 05:30 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-20 05:30 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-20 05:30 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-20 05:30 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-20 05:30 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-20 05:30 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-20 05:30 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-20 05:30 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-20 05:30 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-20 05:30 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-20 05:30 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-20 05:30 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-20 05:29 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-20 05:29 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-20 05:28 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-20 05:28 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-20 05:28 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-20 05:28 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-20 05:28 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-20 05:28 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-20 05:28 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-20 05:28 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-20 05:28 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-20 05:28 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-20 05:28 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-20 05:28 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-20 05:28 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-20 05:28 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-20 05:28 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-20 05:28 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-20 05:28 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-20 05:28 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-12 09:02 - 2014-10-12 09:03 - 00609179 _____ () C:\Users\XXXXX XXXXX\Downloads\fixkosten_tabellen.zip
2014-10-11 20:48 - 2014-10-11 20:49 - 00000000 ____D () C:\Users\XXXXX XXXXX\Downloads\NeuStart
2014-10-11 20:48 - 2014-10-11 20:49 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-10-11 20:48 - 2014-10-11 20:49 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-10-11 20:48 - 2014-10-11 20:48 - 00001101 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2014-10-11 20:48 - 2014-10-11 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-10-11 20:46 - 2014-10-11 20:49 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-10-11 20:46 - 2014-10-11 20:46 - 00693424 _____ (Yahoo! Inc.) C:\Users\XXXXX XXXXX\Downloads\msgr11de.exe
2014-10-11 11:27 - 2014-10-11 11:27 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Anolis
2014-10-11 11:25 - 2014-10-11 11:25 - 00395816 _____ () C:\Users\XXXXX XXXXX\Downloads\2009-09-01.zip
2014-10-11 11:03 - 2014-10-21 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-11 11:03 - 2014-10-11 11:03 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-11 11:03 - 2014-10-11 11:03 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-11 11:03 - 2014-10-11 11:03 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla
2014-10-11 11:03 - 2014-10-11 11:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-07 05:34 - 2014-10-07 05:34 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\2009_06_08
2014-10-06 19:59 - 2014-10-10 17:36 - 00006826 _____ () C:\Windows\DPINST.LOG
2014-10-06 19:54 - 2014-10-06 19:54 - 00000000 ____H () C:\Users\XXXXX XXXXX\Downloads\WinScan2PDF_CB-DL-Manager [1].ini
2014-10-06 19:54 - 2014-10-06 19:54 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\WorldofTanks
2014-10-04 21:30 - 2014-10-04 21:30 - 00133139 _____ () C:\Users\XXXXX XXXXX\Downloads\Details.zip
2014-10-03 10:39 - 2014-10-03 10:39 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\IsolatedStorage
2014-10-03 10:23 - 2014-09-22 19:23 - 00234605 ____N () C:\Windows\hpoins21.dat.temp
2014-10-03 10:23 - 2009-10-08 02:26 - 00005474 ____N () C:\Windows\hpomdl21.dat.temp
2014-10-03 10:10 - 2014-10-03 10:10 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-10-03 09:43 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-03 09:43 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 22:24 - 2014-09-07 19:30 - 02114560 _____ (Farbar) C:\Users\XXXXX XXXXX\Desktop\FRST64.exe
2014-11-02 22:24 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2014-11-02 22:19 - 2012-09-20 04:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 22:09 - 2014-05-31 11:35 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\aufräumen, was geht
2014-11-02 22:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 21:51 - 2014-09-27 14:08 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Musik
2014-11-02 21:30 - 2012-03-31 10:28 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\HpUpdate
2014-11-02 20:30 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 20:30 - 2011-11-13 21:43 - 01690047 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 09:30 - 2014-08-09 00:14 - 00005144 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXX XXXXX Arbeitscomputer
2014-11-02 07:16 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 07:16 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 07:10 - 2014-06-18 08:20 - 00020842 _____ () C:\Windows\setupact.log
2014-11-02 07:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 15:16 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2014-11-01 15:16 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2014-11-01 15:16 - 2009-07-14 06:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 19:41 - 2014-08-07 20:56 - 00229888 ___SH () C:\Users\XXXXX XXXXX\Desktop\Thumbs.db
2014-10-31 19:39 - 2011-11-20 15:41 - 00001425 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-30 22:36 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\XXXXX XXXXX\.gimp-2.8
2014-10-30 22:34 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\gtk-2.0
2014-10-30 06:03 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Steuerfälle
2014-10-29 22:28 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Skype
2014-10-28 06:34 - 2011-11-15 21:40 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 19:11 - 2012-03-31 10:25 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\HP
2014-10-26 21:13 - 2012-03-31 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-26 21:13 - 2012-03-31 10:27 - 00000000 ____D () C:\ProgramData\HP
2014-10-26 21:13 - 2012-03-31 10:27 - 00000000 ____D () C:\Program Files (x86)\HP
2014-10-26 21:13 - 2012-03-31 10:26 - 00000000 ____D () C:\Program Files\HP
2014-10-26 17:25 - 2014-06-20 13:07 - 00024244 _____ () C:\Windows\PFRO.log
2014-10-25 07:01 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-22 22:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-22 19:17 - 2014-09-10 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-22 19:17 - 2012-01-29 14:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-22 07:26 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Adobe
2014-10-22 07:25 - 2012-04-02 19:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-22 07:25 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-22 07:25 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-22 07:25 - 2009-11-05 01:44 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-21 23:29 - 2014-03-28 22:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-21 23:29 - 2009-11-05 04:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-21 23:15 - 2009-07-14 05:45 - 00458328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-21 23:13 - 2014-05-03 07:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-21 19:25 - 2009-07-14 03:34 - 00000648 _____ () C:\Windows\win.ini
2014-10-21 19:14 - 2011-11-13 23:22 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 19:14 - 2011-11-13 23:22 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 05:28 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-20 05:20 - 2011-11-18 19:58 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 19:50 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-14 19:50 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-14 19:50 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-14 19:44 - 2013-05-07 18:33 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 19:44 - 2013-03-29 20:10 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 19:44 - 2013-03-29 20:10 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-11 20:48 - 2012-09-15 17:03 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Yahoo!
2014-10-10 17:33 - 2014-08-08 13:36 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner
2014-10-06 19:45 - 2014-09-22 19:19 - 00008737 _____ () C:\ProgramData\hpzinstall.log
2014-10-04 13:52 - 2012-01-01 09:33 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\SZ

Some content of TEMP:
====================
C:\Users\XXXXX XXXXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\Quarantine.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\sfamcc00001.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\SkypeSetup.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\vsdel.exe
C:\Users\Versuch\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 18:45

==================== End Of Log ============================

--- --- ---

Dazu noch das frische Additional....

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by XXXXXX XXXXXX at 2014-11-02 22:26:11
Running from C:\Users\XXXXXX XXXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-10-2014 17:57:08 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-08-24 12:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B1337E7-FD4D-4E97-B323-C196EC76BB3E} - System32\Tasks\At1 => C:\Windows\system32\msddt.exe <==== ATTENTION
Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6CD89185-CD28-476C-8761-8B7DECCD7EDA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7B158A6A-42B2-4CCD-92C6-82A29FC974C5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-22] (Adobe Systems Incorporated)
Task: {D1476F7C-6AC0-4421-98CC-E5B95676B7DD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXXX XXXXXX Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {F5F2E42F-66A1-4A27-AF82-45A9767CF81D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2013-11-25 16:24 - 2013-10-10 11:23 - 00182784 _____ () C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
2013-01-24 19:12 - 2013-01-24 19:12 - 00011264 _____ () C:\Program Files (x86)\No-IP\ducservice.exe
2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-11-13 22:52 - 2011-11-13 22:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2011-01-13 09:04 - 2011-01-13 09:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 21:44 - 2011-11-13 21:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-24 07:34 - 2013-01-24 07:34 - 00067584 _____ () C:\Program Files (x86)\No-IP\ducapi.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-06-10 11:58 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-10 11:58 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-10 11:58 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-10 11:58 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-10 11:58 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OODefragTray => C:\Program Files\OO Software\Defrag\oodtray.exe
MSCONFIG\startupreg: PLFSetL => C:\Windows\PLFSetL.exe
MSCONFIG\startupreg: SAFE14 Browser Monitor => "C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe"
MSCONFIG\startupreg: SAFE14 File Redirection Starter => "C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe"
MSCONFIG\startupreg: Steganos HotKeys => "C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
XXXXXX XXXXXX (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\XXXXXX XXXXXX
XXXXXX (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\XXXXXX
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2014 05:44:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23364504

Error: (10/31/2014 05:44:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23364504

Error: (10/31/2014 05:44:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2014 11:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RescueTime.exe, Version: 2.2.1.722, Zeitstempel: 0x4bbe0958
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0xe0c3d027
ID des fehlerhaften Prozesses: 0x10d8
Startzeit der fehlerhaften Anwendung: 0xRescueTime.exe0
Pfad der fehlerhaften Anwendung: RescueTime.exe1
Pfad des fehlerhaften Moduls: RescueTime.exe2
Berichtskennung: RescueTime.exe3

Error: (10/11/2014 11:34:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40077

Error: (10/11/2014 11:34:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40077

Error: (10/11/2014 11:34:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2014 11:34:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39079

Error: (10/11/2014 11:34:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39079

Error: (10/11/2014 11:34:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/02/2014 07:11:12 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (11/01/2014 02:02:07 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (11/01/2014 02:02:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (10/31/2014 08:34:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (10/31/2014 06:54:26 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (10/31/2014 03:52:18 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (10/30/2014 07:01:15 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (10/30/2014 07:00:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NO-IP DUC v4" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/30/2014 07:00:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NO-IP DUC v4 erreicht.

Error: (10/30/2014 05:56:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (10/31/2014 05:44:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23364504

Error: (10/31/2014 05:44:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23364504

Error: (10/31/2014 05:44:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2014 11:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RescueTime.exe2.2.1.7224bbe0958unknown0.0.0.000000000c0000005e0c3d02710d801cfe53ca162eb27C:\Program Files (x86)\RescueTime\RescueTime.exeunknownc784747e-5192-11e4-b674-00262d8cabd9

Error: (10/11/2014 11:34:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40077

Error: (10/11/2014 11:34:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40077

Error: (10/11/2014 11:34:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2014 11:34:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39079

Error: (10/11/2014 11:34:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39079

Error: (10/11/2014 11:34:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.330
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.010
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.633
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.446
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 42%
Total physical RAM: 3956.5 MB
Available physical RAM: 2257.77 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 5658.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:115.29 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:284.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 03.11.2014, 16:49

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Task: {0B1337E7-FD4D-4E97-B323-C196EC76BB3E} - System32\Tasks\At1 => C:\Windows\system32\msddt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Deinstalliere Spybot. Deaktiviere Avira komplett und teste die Browser nochmal.

magigstar · 03.11.2014, 21:34

Ich mach zuerst das mit der Code-Box, dann deinstalliere ich Spybot und deaktiviere ich AntiVir.

Wobei eigentlich, ob ich das vorher oder nachher mache ist es eh egal...

Mal eine neugierige Frage: Was bewirkt denn dieser Code?

Und ist Spybot nicht eine Software, die gerade davor schützen sollte.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by XXXXX XXXXX at 2014-11-03 21:52:07 Run:1
Running from C:\Users\XXXXX XXXXX\Desktop
Loaded Profile: XXXXX XXXXX (Available profiles: XXXXX XXXXX & XXXXX & Versuch)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {0B1337E7-FD4D-4E97-B323-C196EC76BB3E} - System32\Tasks\At1 => C:\Windows\system32\msddt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B1337E7-FD4D-4E97-B323-C196EC76BB3E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B1337E7-FD4D-4E97-B323-C196EC76BB3E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

==== End of Fixlog ====

Es geht aber hier doch um den Internet Explorer? Aber ich nutze doch den Firefox..

schrauber · 04.11.2014, 11:02

Da sind grundlegende Policies gefixt worden, die da nicht hingehören.

Und die Probleme hast Du nach eigener Aussage ja in allen browsern. Spybot ist Müll und ewig alt, wird nicht mehr empfohlen.

magigstar · 04.11.2014, 19:46

Sorry für meine Neugier.. sind aber Policies nicht gut?? Klingt nämlich ganz nach Sicherheitseinstellungen oder so...

schrauber · 05.11.2014, 14:47

Klar sind das Sicherheitseinstellungen. Aber wenn ich dir mit ner Policy ab sofort Youtube verbiete als Beispiel, findest Du das gut?

magigstar · 05.11.2014, 22:51

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by XXXXX XXXXX at 2014-11-05 22:38:33
Running from C:\Users\XXXXX XXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version:  - Mirko Böer)
Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
Avira (HKLM-x32\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden
BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation)
Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version:  - )
ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version:  - )
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles)
Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin)
FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation)
Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Random Dresser (HKLM-x32\...\RandomDresser) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version:  - )
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH)
Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version:  - 3.23.2010-0313)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-10-2014 17:57:08 Windows Update
04-11-2014 18:51:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-08-24 12:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {23CEA58C-8E99-49B6-96E0-E0033F148659} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9C395D30-C0E5-4B3A-A232-E38DA71A3827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {CE5325CF-BB63-4751-AB56-BD427BEAA0D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-22] (Adobe Systems Incorporated)
Task: {D1476F7C-6AC0-4421-98CC-E5B95676B7DD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXX XXXXX Arbeitscomputer => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-10-04 14:32 - 2007-10-04 14:32 - 00122880 _____ () C:\Program Files (x86)\Common Files\AAV\aavus.exe
2013-11-25 16:24 - 2013-10-10 11:23 - 00182784 _____ () C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
2013-01-24 19:12 - 2013-01-24 19:12 - 00011264 _____ () C:\Program Files (x86)\No-IP\ducservice.exe
2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-11-13 22:52 - 2011-11-13 22:51 - 00200704 _____ () C:\Windows\PLFSetI.exe
2011-01-13 09:04 - 2011-01-13 09:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-13 21:44 - 2011-11-13 21:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-24 07:34 - 2013-01-24 07:34 - 00067584 _____ () C:\Program Files (x86)\No-IP\ducapi.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OODefragTray => C:\Program Files\OO Software\Defrag\oodtray.exe
MSCONFIG\startupreg: PLFSetL => C:\Windows\PLFSetL.exe
MSCONFIG\startupreg: SAFE14 Browser Monitor => "C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe"
MSCONFIG\startupreg: SAFE14 File Redirection Starter => "C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe"
MSCONFIG\startupreg: Steganos HotKeys => "C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled)
XXXXX XXXXX (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\XXXXX XXXXX
XXXXX (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\XXXXX
Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled)
Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2014 09:30:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/03/2014 09:30:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/31/2014 05:44:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23364504

Error: (10/31/2014 05:44:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23364504

Error: (10/31/2014 05:44:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2014 11:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RescueTime.exe, Version: 2.2.1.722, Zeitstempel: 0x4bbe0958
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0xe0c3d027
ID des fehlerhaften Prozesses: 0x10d8
Startzeit der fehlerhaften Anwendung: 0xRescueTime.exe0
Pfad der fehlerhaften Anwendung: RescueTime.exe1
Pfad des fehlerhaften Moduls: RescueTime.exe2
Berichtskennung: RescueTime.exe3

Error: (10/11/2014 11:34:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40077

Error: (10/11/2014 11:34:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40077

Error: (10/11/2014 11:34:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2014 11:34:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39079


System errors:
=============
Error: (11/03/2014 08:36:58 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070420

Error: (11/03/2014 06:05:54 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (11/02/2014 07:11:12 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (11/01/2014 02:02:07 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (11/01/2014 02:02:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (10/31/2014 08:34:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (10/31/2014 06:54:26 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (10/31/2014 03:52:18 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (10/30/2014 07:01:15 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (10/30/2014 07:00:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NO-IP DUC v4" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (11/03/2014 09:30:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (11/03/2014 09:30:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (10/31/2014 05:44:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23364504

Error: (10/31/2014 05:44:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23364504

Error: (10/31/2014 05:44:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2014 11:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RescueTime.exe2.2.1.7224bbe0958unknown0.0.0.000000000c0000005e0c3d02710d801cfe53ca162eb27C:\Program Files (x86)\RescueTime\RescueTime.exeunknownc784747e-5192-11e4-b674-00262d8cabd9

Error: (10/11/2014 11:34:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40077

Error: (10/11/2014 11:34:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40077

Error: (10/11/2014 11:34:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2014 11:34:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39079


CodeIntegrity Errors:
===================================
  Date: 2014-08-24 13:21:32.971
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.769
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.550
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 13:21:32.332
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:01.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.711
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\DANIEL~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.330
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-28 08:07:00.010
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.633
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 15:18:48.446
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 52%
Total physical RAM: 3956.5 MB
Available physical RAM: 1872.77 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 5566.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:114.6 GB) NTFS
Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:285.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by XXXXX XXXXX (administrator) on ARBEITSCOMPUTER on 05-11-2014 22:37:02
Running from C:\Users\XXXXX XXXXX\Desktop
Loaded Profile: XXXXX XXXXX (Available profiles: XXXXX XXXXX & XXXXX & Versuch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\AAV\aavus.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Windows\snuvcdsm.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Mirko Böer) C:\Program Files (x86)\SSS\SimpleScreenshot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] ()
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] ()
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3942216 2011-01-25] (O&O Software GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SimpleScreenshot] => C:\Program Files (x86)\SSS\SIMPLESCREENSHOT.EXE [2255360 2008-02-09] (Mirko Böer)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\1cnxqcgo.default
FF Homepage: https://www.edudip.com/webinar/3-Schritte-f%C3%BCr-sofort-mehr-Energie-%3A-%29/107888|hxxp://www.mietwagen-talk.de/unfall-schaden-panne/15971-pl-tzlicher-schaden-an-mietwagen-von-dollar/|hxxp://hartz.info/index.php?topic=83912.45|hxxp://www.trojaner-board.de/157844-web-de-adresse-verschickt-automatisch-spam-7.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\1cnxqcgo.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome: 
=======
CHR Profile: C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Docs) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google-Suche) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Avira Browser Safety) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Google Mail) - C:\Users\XXXXX XXXXX\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 HPSLPSVC; C:\Users\XXXXX XXXXX\AppData\Local\Temp\7zS1D89\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 19:14 - 2014-11-05 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-05 19:11 - 2014-11-05 19:11 - 00001809 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-05 19:11 - 2014-11-05 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-05 19:11 - 2014-11-05 19:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-05 10:39 - 2014-11-05 10:39 - 00010184 _____ () C:\Users\XXXXX XXXXX\Desktop\München.xlsx
2014-11-05 08:51 - 2014-11-05 08:51 - 00000268 _____ () C:\Users\XXXXX XXXXX\Desktop\karrierebibel.de.URL
2014-11-04 22:38 - 2014-11-04 22:38 - 00000229 _____ () C:\Users\XXXXX XXXXX\Desktop\IXXXXXXX.URL
2014-11-04 22:19 - 2014-11-04 22:19 - 00000263 _____ () C:\Users\XXXXX XXXXX\Desktop\arrierebibel.de.URL
2014-11-04 22:06 - 2014-11-04 22:06 - 00000275 _____ () C:\Users\XXXXX XXXXX\Desktop\karrierebibel.de.URL
2014-11-04 21:41 - 2014-11-04 21:41 - 00000290 _____ () C:\Users\XXXXX XXXXX\Desktop\FAZ.URL
2014-11-04 21:40 - 2014-11-04 21:40 - 00000230 _____ () C:\Users\XXXXX XXXXX\Desktop\XXXXXXX.URL
2014-11-03 21:32 - 2014-11-03 21:32 - 00000085 _____ () C:\Windows\wininit.ini
2014-11-03 21:25 - 2014-11-03 21:25 - 00000225 _____ () C:\Users\XXXXX XXXXX\Desktop\XXXXXX e.V..URL
2014-11-02 22:35 - 2014-11-03 21:12 - 00008263 _____ () C:\Users\XXXXX XXXXX\Desktop\Mappe1.xlsx
2014-11-02 22:26 - 2014-11-02 22:31 - 00042780 _____ () C:\Users\XXXXX XXXXX\Desktop\Addition.txt
2014-11-02 22:24 - 2014-11-05 22:37 - 00021204 _____ () C:\Users\XXXXX XXXXX\Desktop\FRST.txt
2014-11-02 22:24 - 2014-11-03 21:51 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\FRST-OlderVersion
2014-11-02 21:54 - 2014-11-02 21:54 - 00000000 ____D () C:\Users\XXXXX\Desktop\div. Briefe
2014-10-31 19:45 - 2014-10-31 19:45 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\PDF24
2014-10-31 19:44 - 2014-10-31 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-10-31 19:44 - 2014-10-31 19:44 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-10-31 19:43 - 2014-10-31 19:43 - 16327512 _____ (Geek Software GmbH ) C:\Users\XXXXX XXXXX\Downloads\pdf24-creator-6.8.0.exe
2014-10-31 19:39 - 2014-10-31 19:39 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Opera Software
2014-10-31 19:39 - 2014-10-31 19:39 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Opera Software
2014-10-31 19:38 - 2014-10-31 19:39 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-31 19:37 - 2014-10-31 19:37 - 00827904 _____ (CoolPDF Software, Inc) C:\Users\XXXXX XXXXX\Downloads\pdfmark_CB-DL-Manager [1].exe
2014-10-31 19:37 - 2014-10-31 19:37 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\StormFall
2014-10-31 19:36 - 2014-10-31 19:36 - 00847040 _____ ( ) C:\Users\XXXXX XXXXX\Downloads\pdfmark_CB-DL-Manager.exe
2014-10-30 22:35 - 2014-10-30 22:35 - 00014402 _____ () C:\Users\XXXXX XXXXX\AppData\Local\recently-used.xbel
2014-10-30 21:42 - 2014-10-30 21:42 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner (3)
2014-10-26 21:13 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMB111.dll
2014-10-26 21:01 - 2014-10-26 21:03 - 65671128 _____ () C:\Users\XXXXX XXXXX\Downloads\PS5520_1315-1.exe
2014-10-25 07:01 - 2014-10-25 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-25 06:48 - 2014-10-25 06:48 - 00880272 _____ (Google Inc.) C:\Users\XXXXX XXXXX\Downloads\ChromeSetup.exe
2014-10-22 19:18 - 2014-10-22 19:18 - 00001747 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-22 19:18 - 2014-10-22 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-22 19:17 - 2014-10-22 19:18 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-22 19:17 - 2014-10-22 19:18 - 00000000 ____D () C:\Program Files\iTunes
2014-10-22 19:17 - 2014-10-22 19:18 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-22 19:17 - 2014-10-22 19:17 - 00000000 ____D () C:\Program Files\iPod
2014-10-21 22:46 - 2014-10-21 23:08 - 824646136 _____ (Microsoft Corporation) C:\Users\XXXXX XXXXX\Downloads\proplussp2013-kb2817430-fullfile-x64-de-de.exe
2014-10-20 05:30 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-20 05:30 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-20 05:30 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-20 05:30 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-20 05:30 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-20 05:30 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-20 05:30 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-20 05:30 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-20 05:30 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-20 05:30 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-20 05:30 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-20 05:30 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-20 05:30 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-20 05:30 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-20 05:30 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-20 05:30 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-20 05:30 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-20 05:30 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-20 05:30 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-20 05:30 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-20 05:30 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-20 05:30 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-20 05:30 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-20 05:30 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-20 05:30 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-20 05:30 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-20 05:30 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-20 05:30 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-20 05:30 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-20 05:30 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-20 05:30 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-20 05:30 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-20 05:30 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-20 05:30 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-20 05:30 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-20 05:30 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-20 05:30 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-20 05:30 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-20 05:30 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-20 05:30 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-20 05:30 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-20 05:30 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-20 05:30 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-20 05:30 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-20 05:30 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-20 05:30 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-20 05:30 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-20 05:30 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-20 05:30 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-20 05:30 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-20 05:30 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-20 05:30 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-20 05:30 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-20 05:30 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-20 05:30 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-20 05:30 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-20 05:30 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-20 05:30 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-20 05:30 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-20 05:30 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-20 05:30 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-20 05:30 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-20 05:30 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-20 05:30 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-20 05:30 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-20 05:30 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-20 05:29 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-20 05:29 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-20 05:28 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-20 05:28 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-20 05:28 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-20 05:28 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-20 05:28 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-20 05:28 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-20 05:28 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-20 05:28 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-20 05:28 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-20 05:28 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-20 05:28 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-20 05:28 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-20 05:28 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-20 05:28 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-20 05:28 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-20 05:28 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-20 05:28 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-20 05:28 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-12 09:02 - 2014-10-12 09:03 - 00609179 _____ () C:\Users\XXXXX XXXXX\Downloads\fixkosten_tabellen.zip
2014-10-11 20:48 - 2014-10-11 20:49 - 00000000 ____D () C:\Users\XXXXX XXXXX\Downloads\NeuStart
2014-10-11 20:48 - 2014-10-11 20:49 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-10-11 20:48 - 2014-10-11 20:49 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-10-11 20:48 - 2014-10-11 20:48 - 00001101 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2014-10-11 20:48 - 2014-10-11 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-10-11 20:46 - 2014-10-11 20:49 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-10-11 20:46 - 2014-10-11 20:46 - 00693424 _____ (Yahoo! Inc.) C:\Users\XXXXX XXXXX\Downloads\msgr11de.exe
2014-10-11 11:27 - 2014-10-11 11:27 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Anolis
2014-10-11 11:25 - 2014-10-11 11:25 - 00395816 _____ () C:\Users\XXXXX XXXXX\Downloads\2009-09-01.zip
2014-10-11 11:03 - 2014-10-21 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-11 11:03 - 2014-10-11 11:03 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-11 11:03 - 2014-10-11 11:03 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-11 11:03 - 2014-10-11 11:03 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Mozilla
2014-10-11 11:03 - 2014-10-11 11:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-07 05:34 - 2014-10-07 05:34 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\2009_06_08
2014-10-06 19:59 - 2014-10-10 17:36 - 00006826 _____ () C:\Windows\DPINST.LOG
2014-10-06 19:54 - 2014-10-06 19:54 - 00000000 ____H () C:\Users\XXXXX XXXXX\Downloads\WinScan2PDF_CB-DL-Manager [1].ini
2014-10-06 19:54 - 2014-10-06 19:54 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\WorldofTanks

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 22:37 - 2014-08-21 20:10 - 00000000 ____D () C:\FRST
2014-11-05 22:37 - 2011-11-13 21:43 - 01800033 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 22:35 - 2014-08-09 00:14 - 00005144 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Arbeitscomputer-XXXXX XXXXX Arbeitscomputer
2014-11-05 22:33 - 2012-09-20 04:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 22:31 - 2014-06-18 08:20 - 00021290 _____ () C:\Windows\setupact.log
2014-11-05 22:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 19:20 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 19:20 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 19:19 - 2012-09-20 04:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 19:05 - 2012-08-14 18:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-03 21:51 - 2014-09-07 19:30 - 02114560 _____ (Farbar) C:\Users\XXXXX XXXXX\Desktop\FRST64.exe
2014-11-03 21:37 - 2014-06-20 13:07 - 00027906 _____ () C:\Windows\PFRO.log
2014-11-03 21:37 - 2014-06-10 11:58 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-03 20:43 - 2014-08-06 10:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-03 20:43 - 2013-02-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-03 20:43 - 2013-02-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-02 22:09 - 2014-05-31 11:35 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\aufräumen, was geht
2014-11-02 21:51 - 2014-09-27 14:08 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Musik
2014-11-02 21:30 - 2012-03-31 10:28 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\HpUpdate
2014-11-01 15:16 - 2011-11-14 06:34 - 00702664 _____ () C:\Windows\system32\perfh007.dat
2014-11-01 15:16 - 2011-11-14 06:34 - 00151424 _____ () C:\Windows\system32\perfc007.dat
2014-11-01 15:16 - 2009-07-14 06:13 - 01629998 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 19:41 - 2014-08-07 20:56 - 00229888 ___SH () C:\Users\XXXXX XXXXX\Desktop\Thumbs.db
2014-10-31 19:39 - 2011-11-20 15:41 - 00001425 _____ () C:\Users\XXXXX XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-30 22:36 - 2012-08-29 10:11 - 00000000 ____D () C:\Users\XXXXX XXXXX\.gimp-2.8
2014-10-30 22:34 - 2014-06-15 19:34 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\gtk-2.0
2014-10-30 06:03 - 2012-03-25 11:40 - 00000000 ____D () C:\Users\XXXXX XXXXX\Documents\Steuerfälle
2014-10-29 22:28 - 2013-11-02 09:43 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Skype
2014-10-28 06:34 - 2011-11-15 21:40 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 19:11 - 2012-03-31 10:25 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\HP
2014-10-26 21:13 - 2012-03-31 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-26 21:13 - 2012-03-31 10:27 - 00000000 ____D () C:\ProgramData\HP
2014-10-26 21:13 - 2012-03-31 10:27 - 00000000 ____D () C:\Program Files (x86)\HP
2014-10-26 21:13 - 2012-03-31 10:26 - 00000000 ____D () C:\Program Files\HP
2014-10-25 07:01 - 2009-11-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-22 22:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-22 19:17 - 2014-09-10 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-22 19:17 - 2012-01-29 14:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-22 07:26 - 2014-08-15 15:44 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Local\Adobe
2014-10-22 07:25 - 2012-04-02 19:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-22 07:25 - 2012-04-02 19:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-22 07:25 - 2011-11-15 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-22 07:25 - 2009-11-05 01:44 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-21 23:29 - 2014-03-28 22:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-21 23:29 - 2009-11-05 04:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-21 23:15 - 2009-07-14 05:45 - 00458328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-21 23:13 - 2014-05-03 07:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-21 19:25 - 2009-07-14 03:34 - 00000648 _____ () C:\Windows\win.ini
2014-10-21 19:14 - 2011-11-13 23:22 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 19:14 - 2011-11-13 23:22 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 05:28 - 2013-07-13 08:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-20 05:20 - 2011-11-18 19:58 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 19:44 - 2013-05-07 18:33 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 19:44 - 2013-03-29 20:10 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 19:44 - 2013-03-29 20:10 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-11 20:48 - 2012-09-15 17:03 - 00000000 ____D () C:\Users\XXXXX XXXXX\AppData\Roaming\Yahoo!
2014-10-10 17:33 - 2014-08-08 13:36 - 00000000 ____D () C:\Users\XXXXX XXXXX\Desktop\Neuer Ordner
2014-10-06 19:45 - 2014-09-22 19:19 - 00008737 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\XXXXX XXXXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\Quarantine.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\sfamcc00001.dll
C:\Users\XXXXX XXXXX\AppData\Local\Temp\SkypeSetup.exe
C:\Users\XXXXX XXXXX\AppData\Local\Temp\vsdel.exe
C:\Users\Versuch\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 18:45

==================== End Of Log ============================

--- --- ---

Firefox scheint auch jetzt leichter zu funktionieren, viel einfacher...

schrauber · 06.11.2014, 14:43

sonst noch Probleme?

magigstar · 07.11.2014, 20:28

Mich nervt jetzt ein wenig eine Sache.
Ich hab den FF gestartet, da kam "Update..." und seit da an braucht etwas länger, bis ich schreiben kann, was ich schreiben möchte. Habe ich mich verschrieben und lösche die drei letzten Buchstabe, so lösche ich ausversehen die letzten vier Buchstaben.. es läuft ein wenig verzögert... jetzt ein bisschen weniger als vor dem Herunterfahren....

Und beim Anklicken mit der Maus habe ich auch irgendwie diese Probleme... ich verklick dann leicht... wegen der Verzögerung.

schrauber · 08.11.2014, 08:16

Nur in Firefox oder der ganze Rechner? Deinstalliere das Update von Ff und geh wieder zurück auf ne ältere Version.

29.10.2014, 18:21	#63
schrauber /// the machine /// TB-Ausbilder	Meine WEB.de-Adresse verschickt automatisch Spam Nö muss nit. Man sollte enfach nicht 2 Browser nebeneinander gleichzeitig betreiben. Das kann schon mal schlecht sein. __________________ __________________

02.11.2014, 08:09	#65
schrauber /// the machine /// TB-Ausbilder	Meine WEB.de-Adresse verschickt automatisch Spam Das sollte ja auch nur ein Test ein. Also alle Browser haben das gleiche Problem? Poste mal bitte frische FRST logs. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

05.11.2014, 14:47	#71
schrauber /// the machine /// TB-Ausbilder	Meine WEB.de-Adresse verschickt automatisch Spam Klar sind das Sicherheitseinstellungen. Aber wenn ich dir mit ner Policy ab sofort Youtube verbiete als Beispiel, findest Du das gut? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

06.11.2014, 14:43	#73
schrauber /// the machine /// TB-Ausbilder	Meine WEB.de-Adresse verschickt automatisch Spam sonst noch Probleme? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

08.11.2014, 08:16	#75
schrauber /// the machine /// TB-Ausbilder	Meine WEB.de-Adresse verschickt automatisch Spam Nur in Firefox oder der ganze Rechner? Deinstalliere das Update von Ff und geh wieder zurück auf ne ältere Version. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Meine WEB.de-Adresse verschickt automatisch Spam

Plagegeister aller Art und deren Bekämpfung: Meine WEB.de-Adresse verschickt automatisch Spam