Sorry, mir fehlt die Fachsprache völlig. Versuchs mal...Nachdem jetzt windows7 öfters ausgestiegen ist beim Erstellen von einfachen Textdateien, und meine mit braver Regelmäßigkeit wieder neu installierten Lieblings-Addons Adblock und Better Privacy mit genau der gleichen Regelmäßigkeit wieder verschwinden beim nächsten Start, ist nun beim Herunterladen eines "vimeo"-Video ein Bildchen erschienen: shock-waver abgestürzt. Video ging nich mehr auf. Habe den java-script-Blocker dann deaktiviert (ein addon), dann liefs doch.

Doch so fand ich diese Seite hier, dankbar. hab also Farbar Recovery Tool laufen lassen, lange Listen bekommen. Sorry, bin ein greenhorn: sind das einfache Listen oder bereits aktiv eingreifende und rettende Maßnahmen (so wie die ÜBerschriften das ankündigen)? Was ist der nächste Schritt ? Vielen Dank für jede Hilfe.

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

DANke für die prompte Antwort !das hab ich soweit erledigt, danke. Und nu ?

Und wo sind dann die Logfiles?

Also, nun sind beide im Anhang.

Ganz herzlichen Dank !

hatte mich nicht getraut. sie ohne Einladung zu schicken.
Na und vertraue drauf, dass nun alles in den richtigen Händen landet.
Hoffentlich kostet das nicht zu viel Zeit !

Grüße !

umu

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Ulrike (administrator) on FEE on 12-10-2014 23:43:42
Running from C:\Users\Ulrike\Downloads
Loaded Profiles: Ulrike & UpdatusUser (Available profiles: Ulrike & UpdatusUser)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Users\Ulrike\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
() C:\Windows\System32\dsound64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2149160 2010-05-21] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Ocs_SM] => C:\Users\Ulrike\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2011-05-20] (OCS)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SMART Board Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe [9279824 2013-01-31] (SMART Technologies ULC)
HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62800 2013-03-07] (SMART Technologies)
HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [2111824 2013-03-07] (SMART Technologies)
HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [99152 2013-03-04] (SMART Technologies)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Remote Control Editor] => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1689088 2010-06-09] (Elgato Systems)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [vProt] => C:\Program Files (x86)\GameBox\vprot.exe
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
URLSearchHook: HKLM-x32 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
URLSearchHook: HKCU - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
URLSearchHook: HKCU - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110604213404697&tb_oid=04-06-2011&tb_mrud=04-06-2011
SearchScopes: HKCU - DefaultScope Plasmoo URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - Plasmoo URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {1AAA4C45-8822-406A-A5F2-E02E11DB0F18} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {3EFCB509-A1C8-4DA3-83A2-843E54C07D9C} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {9F16F45B-8EF0-49B1-B3EE-499FAC1C28FD} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {BDC2801B-E02B-4AB4-A9AF-391950B3C993} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = 
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - No Name - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  No File
Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -  No File
Toolbar: HKCU - No Name - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\ponseu--franzsisch--deutsch.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\stupidedia-de.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\wortschatz-deutsch.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\abs@avira.com [2014-10-02]
FF Extension: Avira SafeSearch - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\safesearch@avira.com [2014-09-18]
FF Extension: DownloadHelper - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: DuckDuckGo Plus - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-10-12]
FF Extension: NoScript - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-12]
FF Extension: Adblock Plus - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-12]
FF Extension: BetterPrivacy - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-12]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-25]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKLM-x32\...\Firefox\Extensions: [{52B371F0-828A-43FB-B887-83DF5E00F635}] - C:\windows\Installer\{5219D5B4-2539-48C6-B225-EF366037A661}\{52B371F0-828A-43FB-B887-83DF5E00F635}.xpi
FF Extension: Download Protect - C:\windows\Installer\{5219D5B4-2539-48C6-B225-EF366037A661}\{52B371F0-828A-43FB-B887-83DF5E00F635}.xpi [2014-10-12]

Chrome: 
=======
CHR Profile: C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Download Protect) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmoeddnkegjhaajcemkbdfeffffbjmh [2014-03-12]
CHR Extension: (Google Docs) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-09]
CHR Extension: (Google Drive) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-09]
CHR Extension: (YouTube) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-09]
CHR Extension: (Google-Suche) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-09]
CHR Extension: (Download Protect) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljioomgcfdinaakfcgkdfnpobgmhbn [2014-01-06]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Google Mail) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-09]
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SearchAnonymizer; C:\Users\Ulrike\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2011-05-20] () [File not signed]
R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [582992 2013-03-07] (SMART Technologies)
R2 subst64; C:\windows\system32\dsound64.exe [118784 2014-03-08] () [File not signed]
S2 fosfiles; C:\windows\system32\MP3DMODd.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-12-29] (Windows (R) 2003 DDK 3790 provider)
R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-03-07] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-03-07] (SMART Technologies)
R3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [26688 2009-11-04] (DTV-DVB)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [840128 2009-11-04] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 23:43 - 2014-10-12 23:45 - 00026662 _____ () C:\Users\Ulrike\Downloads\FRST.txt
2014-10-12 23:43 - 2014-10-12 23:43 - 00000000 ____D () C:\FRST
2014-10-12 23:42 - 2014-10-12 23:42 - 02110464 _____ (Farbar) C:\Users\Ulrike\Downloads\FRST64.exe
2014-10-12 11:55 - 2014-10-11 15:00 - 00022688 _____ () C:\Users\Ulrike\Documents\D-Gruppen_Fächerwahl_2014_2015.xls_0.ods
2014-10-12 00:48 - 2014-10-12 00:48 - 00000000 ____D () C:\windows\system32\SPReview
2014-10-06 01:10 - 2014-10-06 01:10 - 09548621 _____ (HalfBaked ) C:\Users\Ulrike\Downloads\setup_hotpot_6305(2).exe
2014-10-05 23:46 - 2014-10-05 23:46 - 00002875 _____ () C:\Users\Ulrike\Desktop\CrissCross 8.40.lnk
2014-10-05 23:46 - 2014-10-05 23:46 - 00000000 ____D () C:\Users\Ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrissCross
2014-10-05 23:44 - 2014-10-05 23:44 - 00000000 ____D () C:\Users\Ulrike\Downloads\CrissCross-Kreuzworträtsel-Generator
2014-10-05 23:43 - 2014-10-05 23:43 - 00000000 ____D () C:\Users\Ulrike\AppData\Roaming\NVIDIA
2014-10-05 23:42 - 2014-10-05 23:43 - 00712432 _____ ( ) C:\Users\Ulrike\Downloads\FileOpenerSetup.exe
2014-10-05 23:42 - 2014-10-05 23:42 - 01047704 _____ () C:\Users\Ulrike\Downloads\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe
2014-09-29 14:44 - 2014-09-29 14:34 - 00052793 _____ () C:\Users\Ulrike\Documents\BPiqueNiqueErster%20Hörtext.doc_0.odt
2014-09-29 09:47 - 2014-09-29 09:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 16:11 - 2014-09-14 16:11 - 00087984 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 16:11 - 2014-09-14 16:11 - 00087984 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 16:10 - 2014-09-14 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-12 17:51 - 2014-09-05 04:01 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-12 17:51 - 2014-09-05 03:55 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 22:48 - 2013-03-02 20:36 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-12 22:47 - 2012-06-23 22:05 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 22:00 - 2010-10-26 00:18 - 02085261 _____ () C:\windows\WindowsUpdate.log
2014-10-12 21:36 - 2013-03-02 20:36 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 20:20 - 2011-04-19 18:17 - 00000000 ____D () C:\Users\Ulrike\AppData\Local\Axialis
2014-10-12 09:08 - 2011-04-16 21:08 - 00000000 ____D () C:\Users\Ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-10-12 09:01 - 2009-07-14 06:45 - 00019808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 09:01 - 2009-07-14 06:45 - 00019808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 08:56 - 2014-03-27 14:27 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-12 08:54 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-12 08:53 - 2009-07-14 06:51 - 00148717 _____ () C:\windows\setupact.log
2014-10-11 00:10 - 2012-02-14 20:08 - 00003914 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{17820771-15AD-4F22-9070-B5047305D849}
2014-10-07 22:51 - 2010-10-25 08:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-06 01:11 - 2013-02-19 11:12 - 00001027 _____ () C:\Users\Ulrike\Desktop\HotPotatoes 6.lnk
2014-10-06 01:11 - 2013-02-19 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotPotatoes 6
2014-10-06 01:11 - 2013-02-19 11:12 - 00000000 ____D () C:\Program Files (x86)\HotPotatoes6
2014-10-02 11:11 - 2011-04-16 21:08 - 00000000 ____D () C:\Users\Ulrike
2014-10-02 11:05 - 2010-10-25 09:30 - 00850236 _____ () C:\windows\PFRO.log
2014-10-02 08:43 - 2012-07-04 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-29 13:30 - 2010-10-26 00:56 - 00652274 _____ () C:\windows\system32\perfh007.dat
2014-09-29 13:30 - 2010-10-26 00:56 - 00129282 _____ () C:\windows\system32\perfc007.dat
2014-09-29 13:30 - 2009-07-14 07:13 - 01492544 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-29 09:47 - 2012-06-23 22:05 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-29 09:47 - 2012-06-23 22:05 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-29 09:47 - 2011-06-15 14:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-14 23:58 - 2011-11-02 00:21 - 00000000 ____D () C:\Users\Ulrike\Documents\Sinja
2014-09-14 16:10 - 2014-08-20 16:23 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-14 16:10 - 2014-08-20 16:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-14 16:10 - 2013-08-14 00:15 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-13 15:00 - 2014-07-10 13:56 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-13 15:00 - 2013-08-14 00:46 - 00000000 ____D () C:\windows\system32\MRT
2014-09-13 14:52 - 2012-03-03 23:06 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Ulrike\AppData\Local\Temp\avgnt.exe
C:\Users\Ulrike\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ulrike\AppData\Local\Temp\sdan.exe
C:\Users\Ulrike\AppData\Local\Temp\sdapk.exe
C:\Users\Ulrike\AppData\Local\Temp\sdaspwn.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 16:06

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---



FRST Logfile:

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Ulrike (administrator) on FEE on 12-10-2014 23:43:42
Running from C:\Users\Ulrike\Downloads
Loaded Profiles: Ulrike & UpdatusUser (Available profiles: Ulrike & UpdatusUser)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\Rezip.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Users\Ulrike\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
() C:\Windows\System32\dsound64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2149160 2010-05-21] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Ocs_SM] => C:\Users\Ulrike\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2011-05-20] (OCS)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SMART Board Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe [9279824 2013-01-31] (SMART Technologies ULC)
HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62800 2013-03-07] (SMART Technologies)
HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [2111824 2013-03-07] (SMART Technologies)
HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [99152 2013-03-04] (SMART Technologies)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Remote Control Editor] => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1689088 2010-06-09] (Elgato Systems)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [vProt] => C:\Program Files (x86)\GameBox\vprot.exe
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1125036280-3562319748-3601731155-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
URLSearchHook: HKLM-x32 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
URLSearchHook: HKCU - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
URLSearchHook: HKCU - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
SearchScopes: HKLM-x32 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110604213404697&tb_oid=04-06-2011&tb_mrud=04-06-2011
SearchScopes: HKCU - DefaultScope Plasmoo URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - Plasmoo URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {1AAA4C45-8822-406A-A5F2-E02E11DB0F18} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {3EFCB509-A1C8-4DA3-83A2-843E54C07D9C} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {9F16F45B-8EF0-49B1-B3EE-499FAC1C28FD} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {BDC2801B-E02B-4AB4-A9AF-391950B3C993} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=6245dc2d-e7a0-4871-a851-f54e50e7f0fd&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = 
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - No Name - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  No File
Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -  No File
Toolbar: HKCU - No Name - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\ponseu--franzsisch--deutsch.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\stupidedia-de.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\wortschatz-deutsch.xml
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\abs@avira.com [2014-10-02]
FF Extension: Avira SafeSearch - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\safesearch@avira.com [2014-09-18]
FF Extension: DownloadHelper - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: DuckDuckGo Plus - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-10-12]
FF Extension: NoScript - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-12]
FF Extension: Adblock Plus - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-12]
FF Extension: BetterPrivacy - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\a1f4tpef.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-12]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-25]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKLM-x32\...\Firefox\Extensions: [{52B371F0-828A-43FB-B887-83DF5E00F635}] - C:\windows\Installer\{5219D5B4-2539-48C6-B225-EF366037A661}\{52B371F0-828A-43FB-B887-83DF5E00F635}.xpi
FF Extension: Download Protect - C:\windows\Installer\{5219D5B4-2539-48C6-B225-EF366037A661}\{52B371F0-828A-43FB-B887-83DF5E00F635}.xpi [2014-10-12]

Chrome: 
=======
CHR Profile: C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Download Protect) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmoeddnkegjhaajcemkbdfeffffbjmh [2014-03-12]
CHR Extension: (Google Docs) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-09]
CHR Extension: (Google Drive) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-09]
CHR Extension: (YouTube) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-09]
CHR Extension: (Google-Suche) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-09]
CHR Extension: (Download Protect) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\niljioomgcfdinaakfcgkdfnpobgmhbn [2014-01-06]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Google Mail) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-09]
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SearchAnonymizer; C:\Users\Ulrike\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2011-05-20] () [File not signed]
R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [582992 2013-03-07] (SMART Technologies)
R2 subst64; C:\windows\system32\dsound64.exe [118784 2014-03-08] () [File not signed]
S2 fosfiles; C:\windows\system32\MP3DMODd.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-12-29] (Windows (R) 2003 DDK 3790 provider)
R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-03-07] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-03-07] (SMART Technologies)
R3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [26688 2009-11-04] (DTV-DVB)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [840128 2009-11-04] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 23:43 - 2014-10-12 23:45 - 00026662 _____ () C:\Users\Ulrike\Downloads\FRST.txt
2014-10-12 23:43 - 2014-10-12 23:43 - 00000000 ____D () C:\FRST
2014-10-12 23:42 - 2014-10-12 23:42 - 02110464 _____ (Farbar) C:\Users\Ulrike\Downloads\FRST64.exe
2014-10-12 11:55 - 2014-10-11 15:00 - 00022688 _____ () C:\Users\Ulrike\Documents\D-Gruppen_Fächerwahl_2014_2015.xls_0.ods
2014-10-12 00:48 - 2014-10-12 00:48 - 00000000 ____D () C:\windows\system32\SPReview
2014-10-06 01:10 - 2014-10-06 01:10 - 09548621 _____ (HalfBaked ) C:\Users\Ulrike\Downloads\setup_hotpot_6305(2).exe
2014-10-05 23:46 - 2014-10-05 23:46 - 00002875 _____ () C:\Users\Ulrike\Desktop\CrissCross 8.40.lnk
2014-10-05 23:46 - 2014-10-05 23:46 - 00000000 ____D () C:\Users\Ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrissCross
2014-10-05 23:44 - 2014-10-05 23:44 - 00000000 ____D () C:\Users\Ulrike\Downloads\CrissCross-Kreuzworträtsel-Generator
2014-10-05 23:43 - 2014-10-05 23:43 - 00000000 ____D () C:\Users\Ulrike\AppData\Roaming\NVIDIA
2014-10-05 23:42 - 2014-10-05 23:43 - 00712432 _____ ( ) C:\Users\Ulrike\Downloads\FileOpenerSetup.exe
2014-10-05 23:42 - 2014-10-05 23:42 - 01047704 _____ () C:\Users\Ulrike\Downloads\CrissCross-Kreuzwortrtsel-Generator-lnstall.exe
2014-09-29 14:44 - 2014-09-29 14:34 - 00052793 _____ () C:\Users\Ulrike\Documents\BPiqueNiqueErster%20Hörtext.doc_0.odt
2014-09-29 09:47 - 2014-09-29 09:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 16:11 - 2014-09-14 16:11 - 00087984 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 16:11 - 2014-09-14 16:11 - 00087984 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 16:10 - 2014-09-14 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-12 17:51 - 2014-09-05 04:01 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-12 17:51 - 2014-09-05 03:55 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-12 22:48 - 2013-03-02 20:36 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-12 22:47 - 2012-06-23 22:05 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 22:00 - 2010-10-26 00:18 - 02085261 _____ () C:\windows\WindowsUpdate.log
2014-10-12 21:36 - 2013-03-02 20:36 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 20:20 - 2011-04-19 18:17 - 00000000 ____D () C:\Users\Ulrike\AppData\Local\Axialis
2014-10-12 09:08 - 2011-04-16 21:08 - 00000000 ____D () C:\Users\Ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-10-12 09:01 - 2009-07-14 06:45 - 00019808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 09:01 - 2009-07-14 06:45 - 00019808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 08:56 - 2014-03-27 14:27 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-12 08:54 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-12 08:53 - 2009-07-14 06:51 - 00148717 _____ () C:\windows\setupact.log
2014-10-11 00:10 - 2012-02-14 20:08 - 00003914 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{17820771-15AD-4F22-9070-B5047305D849}
2014-10-07 22:51 - 2010-10-25 08:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-06 01:11 - 2013-02-19 11:12 - 00001027 _____ () C:\Users\Ulrike\Desktop\HotPotatoes 6.lnk
2014-10-06 01:11 - 2013-02-19 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotPotatoes 6
2014-10-06 01:11 - 2013-02-19 11:12 - 00000000 ____D () C:\Program Files (x86)\HotPotatoes6
2014-10-02 11:11 - 2011-04-16 21:08 - 00000000 ____D () C:\Users\Ulrike
2014-10-02 11:05 - 2010-10-25 09:30 - 00850236 _____ () C:\windows\PFRO.log
2014-10-02 08:43 - 2012-07-04 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-29 13:30 - 2010-10-26 00:56 - 00652274 _____ () C:\windows\system32\perfh007.dat
2014-09-29 13:30 - 2010-10-26 00:56 - 00129282 _____ () C:\windows\system32\perfc007.dat
2014-09-29 13:30 - 2009-07-14 07:13 - 01492544 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-29 09:47 - 2012-06-23 22:05 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-29 09:47 - 2012-06-23 22:05 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-29 09:47 - 2011-06-15 14:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-14 23:58 - 2011-11-02 00:21 - 00000000 ____D () C:\Users\Ulrike\Documents\Sinja
2014-09-14 16:10 - 2014-08-20 16:23 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-14 16:10 - 2014-08-20 16:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-14 16:10 - 2013-08-14 00:15 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-13 15:00 - 2014-07-10 13:56 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-13 15:00 - 2013-08-14 00:46 - 00000000 ____D () C:\windows\system32\MRT
2014-09-13 14:52 - 2012-03-03 23:06 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Ulrike\AppData\Local\Temp\avgnt.exe
C:\Users\Ulrike\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ulrike\AppData\Local\Temp\sdan.exe
C:\Users\Ulrike\AppData\Local\Temp\sdapk.exe
C:\Users\Ulrike\AppData\Local\Temp\sdaspwn.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 16:06

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---

Lieber Schrauber,

Danke für die umgehende Antwort mit gleichzeitiger Schulung ! (die Raute hätte ich nich gefunden). Sorry, dass Dir zusätzliche Arbeit entstanden ist ! Es tut mir echt leid... weiß doch, wie man sich zwischen 1000 Jobs einklemmen kann und keine überflüssigen Sekunden hat.

So herzlichen Dank fürs Durchsehen. Ist nvidia tray vielleicht schuld (kling so böse) ?

Inzwischen habe ich ecosia wieder als Suchmaschine, und da meldet sich nun better privacy brav wieder. Vielleicht sollte man einfach nicht mehr googeln...

Also herzlichen Dank !
Und nimm Dir Zeit,

umu

Du hast jetzt zweimal die FRST.txt gepostet und die Addition.txt vergessen.

Um es zu beschleunigen. Deinstalliere alles an Software wo in der Addition.txt ein <===ATTENTION dahinter steht.

Dann:

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.