Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen

Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen


Log-Analyse und Auswertung: Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 04.11.2014, 13:09   #1
qoon
 
Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen - Standard

Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen


Laptop hat gestern leider den Geist aufgegeben deshalb musste ich meinen alten medion laptop raussuchen. Vor 2jahren hab ich mich noch nicht wirklich um meine Sicherheit gekümmert. Deshalb ist der PC jetzt verseucht von Viren/adware/Trojaner/spayware/etc. Zu den Problemen: die dienste von Windows defender und Windows update lassen sich nicht starten.
Der PC ist sehr langsam.
Es dauert 10minute um den PC herunter zu fahren (wirklich!) und 2min um ihn hochzufahren.
Autoupdates laden nicht. Installationen die etwas herunterladen müssen funktionieren nicht ( wie Adobe flash, bitdefender).
Fürs erste ist das alles was mir aufgefallen ist hoffe das da nicht noch mehr kommt
Ich habe schon Malwarebytes antimalware (88 gefunden ich hoffe es war nicht falsch alles in Quarantäne zu verschieben und dann zu löschen :/ ) und CCleaner laufen lassen.
Von da an habe ich mich an die Checkliste gehalten :
Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)

Log created at 11:04 on 04/11/2014 (wolfgang)



Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.



Checking for services/drivers...





-=E.O.F=-
FRST&addition zu groß - siehe anhang

GMER
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-04 12:16:41
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC60G 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\wolfgang\AppData\Local\Temp\awdyikob.sys


---- System - GMER 2.1 ----

Code            \??\C:\Windows\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation)  KeInsertQueueApc

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeInsertQueueApc                                                                                          826BDF13 5 Bytes  JMP 9029FA0E \??\C:\Windows\system32\drivers\mbamchameleon.sys (Malwarebytes Chameleon Protection Driver/Malwarebytes Corporation)

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                               fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 2.1 ----

Alt 04.11.2014, 14:09   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen - Standard

Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 04.11.2014, 14:24   #3
qoon
 
Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen - Standard

Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen


Danke für die schnelle Antwort!
FRST :
[CODE]
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by wolfgang (administrator) on WOLFGANG-PC on 04-11-2014 11:06:19
Running from C:\Users\wolfgang\Desktop
Loaded Profiles: wolfgang & UpdatusUser (Available profiles: wolfgang & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Windows\System32\PSIService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-02-27] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2426607693-3086012762-4238772180-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2426607693-3086012762-4238772180-1000\...\Run: [Ecemr] => C:\Users\wolfgang\AppData\Roaming\Ilam\etwat.exe
HKU\S-1-5-21-2426607693-3086012762-4238772180-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2426607693-3086012762-4238772180-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2426607693-3086012762-4238772180-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-2426607693-3086012762-4238772180-1000\...\MountPoints2: {1011ded3-8973-11e1-b12f-001f16180464} - I:\setup.exe AUTORUN=1
HKU\S-1-5-21-2426607693-3086012762-4238772180-1000\...\MountPoints2: {a1ccd321-e8c2-11de-aa84-806e6f6e6963} - E:\Msetup4.exe
HKU\S-1-5-21-2426607693-3086012762-4238772180-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 10.1.8.1:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=bc25e5ee0000000000000022fa2830c6
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
URLSearchHook: HKCU - (No Name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} -  No File
SearchScopes: HKLM - Backup.Old.DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b}
SearchScopes: HKLM - {4B21386F-B87E-1E88-7EF4-1C53F5BDEC92} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1269415
SearchScopes: HKCU - Backup.Old.DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=D9B50E05D6A61D14997BE250449A7BDC&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={B83E03E9-6989-4DC3-BF6F-212CD1CAFCDC}&mid=89908f5c520c47d194e6d15650fced97-3891d7bac0645c700f1cc1427aca68052d820988&lang=de&ds=st011&pr=sa&d=2012-02-20 20:02:52&v=9.0.0.23&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1269415
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.50.5.13 10.50.5.12 10.50.5.11

FireFox:
========
FF ProfilePath: C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\3fcy8na6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\3fcy8na6.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\wolfgang\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-05-03]
FF Extension: No Name - C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2012-08-03]
FF Extension: ColorfulTabs - C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\3fcy8na6.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-11-03]
FF Extension: FT DeepDark - C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\3fcy8na6.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-09-22]
FF Extension: WOT - C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\3fcy8na6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: DownloadHelper - C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\3fcy8na6.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Ghostery - C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\3fcy8na6.default\Extensions\firefox@ghostery.com.xpi [2013-10-30]
FF Extension: YouTube ALL HTML5 - C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\3fcy8na6.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2013-12-03]
FF Extension: Tile Tabs - C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\3fcy8na6.default\Extensions\tiletabs@DW-dev.xpi [2013-10-30]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\3fcy8na6.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-10-30]
FF Extension: NoScript - C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\3fcy8na6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-30]
FF Extension: Adblock Plus - C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\3fcy8na6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-25]
FF Extension: BetterPrivacy - C:\Users\wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\3fcy8na6.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-11-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-03]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-03]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\10.0.0.7
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\10.0.0.7 [2012-02-23]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-09-03]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\wolfgang\AppData\Local\Temp\ccex.crx []
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2304912 2011-07-06] (WIBU-SYSTEMS AG)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 resetWinService; C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [70656 2008-10-29] () [File not signed]
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [247152 2009-02-25] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2008-04-03] (Avanquest Software) [File not signed]
S3 DNIMp50; C:\Windows\System32\Drivers\DNIMp50.sys [21504 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 DNISp50; C:\Windows\System32\Drivers\DNISp50.sys [20480 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [114904 2014-11-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 NETwNv32; C:\Windows\System32\DRIVERS\NETwNv32.sys [6680064 2000-01-01] (Intel Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [112096 2012-02-09] (Power Software Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1753984 2008-07-10] ()
S3 WINIO; C:\Windows\system32\WinIo.sys [9336 2009-03-03] () [File not signed]
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2v.sys [432640 2008-05-31] (Atheros Communications, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 uxddrv; \??\F:\qti\uxddrv86.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 11:06 - 2014-11-04 11:06 - 00020250 _____ () C:\Users\wolfgang\Desktop\FRST.txt
2014-11-04 11:06 - 2014-11-04 11:06 - 00000000 ____D () C:\FRST
2014-11-04 11:04 - 2014-11-04 11:05 - 00000478 _____ () C:\Users\wolfgang\Desktop\defogger_disable.log
2014-11-04 11:03 - 2014-11-04 11:03 - 00000000 _____ () C:\Users\wolfgang\defogger_reenable
2014-11-04 11:02 - 2014-11-04 10:58 - 00380416 _____ () C:\Users\wolfgang\Desktop\Gmer-19357.exe
2014-11-04 11:02 - 2014-11-04 10:57 - 01106432 _____ (Farbar) C:\Users\wolfgang\Desktop\FRST.exe
2014-11-04 11:02 - 2014-11-04 10:56 - 00050477 _____ () C:\Users\wolfgang\Desktop\Defogger.exe
2014-11-04 10:11 - 2014-11-04 10:25 - 00000652 _____ () C:\Windows\setupact.log
2014-11-04 10:11 - 2014-11-04 10:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-04 09:58 - 2014-11-04 10:30 - 00004604 _____ () C:\Windows\WindowsUpdate.log
2014-11-04 09:54 - 2014-11-04 09:54 - 00001086 _____ () C:\Windows\PFRO.log
2014-11-04 09:37 - 2014-11-04 09:37 - 00000000 ____D () C:\Users\wolfgang\Desktop\PRE
2014-11-04 09:24 - 2014-11-04 09:24 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-11-04 09:20 - 2014-11-04 09:20 - 02849160 _____ () C:\Users\wolfgang\Downloads\bitdefender_tsecurity.exe
2014-11-04 09:08 - 2014-11-04 09:08 - 00000808 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-04 09:06 - 2014-11-04 10:44 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 09:06 - 2014-11-04 09:06 - 04974864 _____ (Piriform Ltd) C:\Users\wolfgang\Downloads\ccsetup419.exe
2014-11-04 09:06 - 2014-11-04 09:06 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-04 09:06 - 2014-11-04 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-04 09:06 - 2014-11-04 09:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-04 09:06 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-04 09:06 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-04 09:06 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-04 08:44 - 2014-11-04 08:44 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\wolfgang\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-04 08:44 - 2014-11-04 08:44 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\wolfgang\Downloads\mbam-setup-2.0.3.1025(1).exe
2014-11-04 08:39 - 2014-11-04 08:39 - 00002214 _____ () C:\Users\wolfgang\Desktop\Use case.dia
2014-11-04 08:39 - 2014-11-04 08:39 - 00000728 _____ () C:\Users\wolfgang\AppData\Local\recently-used.xbel
2014-11-04 08:18 - 2014-11-04 08:39 - 00000000 ____D () C:\Users\wolfgang\.dia
2014-11-04 08:17 - 2014-11-04 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia
2014-11-04 08:16 - 2014-11-04 08:17 - 00000000 ____D () C:\Program Files\Dia
2014-11-04 08:15 - 2014-11-04 08:16 - 19620143 _____ (The Dia Developers) C:\Users\wolfgang\Downloads\dia-setup-0.97.2-2-unsigned.exe
2014-10-26 16:46 - 2014-11-04 09:32 - 00000000 ____D () C:\Users\wolfgang\AppData\Roaming\Ilam
2014-10-26 16:46 - 2014-10-26 16:47 - 00000000 ____D () C:\Users\wolfgang\AppData\Roaming\Qauhy
2014-10-26 16:46 - 2014-10-26 16:46 - 00000000 ____D () C:\Users\wolfgang\AppData\Roaming\Atifwi
2014-10-26 16:03 - 2014-10-26 16:05 - 303625288 _____ ( ) C:\Users\wolfgang\Downloads\HappyFoto-Designer.exe
2014-10-24 15:21 - 2014-10-24 15:21 - 01054912 _____ (Adobe) C:\Users\wolfgang\Downloads\install_flashplayer15x32au_mssa_aaa_aih.exe
2014-10-07 08:20 - 2014-10-14 14:47 - 00000000 ____D () C:\Users\wolfgang\AppData\Roaming\Canon
2014-10-07 08:19 - 2014-10-07 08:19 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 11:03 - 2009-12-14 16:31 - 00000000 ____D () C:\Users\wolfgang
2014-11-04 11:01 - 2006-11-02 11:33 - 01453138 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 10:48 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 10:48 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 10:42 - 2014-03-04 09:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-04 10:42 - 2010-03-23 22:16 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-04 10:42 - 2009-03-03 07:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-04 10:42 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 10:33 - 2014-03-15 19:48 - 00008586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-04 09:41 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-11-04 09:40 - 2009-03-03 08:38 - 00000000 ____D () C:\Program Files\Adobe
2014-11-04 09:39 - 2010-03-23 22:16 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-04 09:36 - 2012-02-20 20:00 - 00000000 ____D () C:\Users\wolfgang\AppData\Roaming\BitTorrent
2014-11-04 09:36 - 2011-07-29 09:53 - 00000000 ____D () C:\Windows\Minidump
2014-11-04 09:32 - 2014-03-11 18:40 - 00000000 ____D () C:\Users\wolfgang\AppData\Roaming\Elahyg
2014-11-04 09:32 - 2014-03-10 15:57 - 00000000 ____D () C:\Users\wolfgang\AppData\Roaming\Lunei
2014-11-04 09:08 - 2013-10-25 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-04 09:08 - 2013-10-25 13:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-04 09:07 - 2013-12-08 23:07 - 00000130 _____ () C:\Users\wolfgang\AppData\Roaming\wklnhst.dat
2014-11-04 09:06 - 2013-10-25 13:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-04 08:39 - 2014-09-28 11:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-03 15:10 - 2009-03-07 13:59 - 00000974 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-10-07 08:18 - 2012-05-14 18:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-04 10:49

==================== End Of Log ============================
--- --- ---

Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by wolfgang at 2014-11-04 11:07:15
Running from C:\Users\wolfgang\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510nz_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Authorizer Ignition Key Support (Version: 1.0.3.0 - Propellerhead Software AB) Hidden
AVG 2012 (Version: 12.0.2437 - AVG Technologies) Hidden
BitTorrent (HKLM\...\BitTorrent) (Version: 7.6.0 - BitTorrent Inc.)
bl (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG2500 series Benutzerregistrierung (HKLM\...\Canon MG2500 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
CorelDRAW Essential Edition 3 (HKLM\...\_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}) (Version:  - Corel Corporation)
CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.2325 - CyberLink Corp.)
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5615 - CyberLink Corp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1412 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2521 - CyberLink Corp.)
DE (Version: 3.0 - Corel Corporation) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
Dia (nur entfernen) (HKLM\...\Dia) (Version:  - )
DivX Plus Pro (HKLM\...\DivX Plus Pro8.2) (Version: 8.2 - DivX Plus Pro)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DocMgr (Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Foxlink Webcam (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.48000.201_WHQL - Sonix)
Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}) (Version: 1.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
LEGO® Star Wars™ III: The Clone Wars™ (HKLM\...\{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}) (Version: 1.0.0.0 - LucasArts)
Lenovo Drivers Update Utility (HKLM\...\Lenovo Drivers Update Utility_is1) (Version:  - DGTSoft Inc.)
Line 6 Uninstaller (HKLM\...\Line 6 Uninstaller) (Version:  - Line 6)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Battery 3 (HKLM\...\Native Instruments Battery 3) (Version:  - Native Instruments)
Native Instruments FM8 (HKLM\...\Native Instruments FM8) (Version:  - Native Instruments)
Native Instruments Guitar Rig 4 (HKLM\...\Native Instruments Guitar Rig 4) (Version:  - Native Instruments)
Native Instruments Komplete 6 (HKLM\...\Native Instruments Komplete 6) (Version:  - Native Instruments)
Native Instruments Kontakt 4 (HKLM\...\Native Instruments Kontakt 4) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version:  - Native Instruments)
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
NETGEAR WN121T wireless USB 2.0 adapter (HKLM\...\InstallShield_{2A17F4DB-C3B7-4E45-AECC-7F9FF6909C4B}) (Version: 1.00 - NETGEAR)
NETGEAR WN121T wireless USB 2.0 adapter (Version: 1.00 - NETGEAR) Hidden
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Treiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
ph (Version: 1.0.0 - Your Company Name) Hidden
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PowerISO (HKLM\...\PowerISO) (Version: 5.0 - Power Software Ltd)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RangeMax Wireless-N USB Adapter WN111v2 (HKLM\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 1.00.0000 - NETGEAR)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5730 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20111 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.2.12064_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3971 - Skype Technologies S.A.)
Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SweetIM for Messenger 3.6 (HKLM\...\{A81A974F-8A22-43E6-9243-5198FF758DA1}) (Version: 3.6.0002 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetIM Toolbar for Internet Explorer 4.2 (HKLM\...\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}) (Version: 4.2.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.3.3 - Synaptics Incorporated)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WN111v2 (Version: 1.00.0000 - NETGEAR) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-09-2014 15:23:17 Geplanter Prüfpunkt
09-09-2014 16:48:36 Geplanter Prüfpunkt
20-09-2014 09:18:48 Geplanter Prüfpunkt
22-09-2014 13:45:07 Geplanter Prüfpunkt
24-09-2014 14:21:30 Geplanter Prüfpunkt
25-09-2014 18:08:33 Geplanter Prüfpunkt
27-09-2014 10:57:09 Geplanter Prüfpunkt
28-09-2014 09:51:06 Gerätetreiber-Paketinstallation: Canon Drucker
28-09-2014 09:51:37 Gerätetreiber-Paketinstallation: Canon Bildverarbeitungsgeräte
14-10-2014 15:22:44 Geplanter Prüfpunkt
16-10-2014 17:05:52 Geplanter Prüfpunkt
17-10-2014 14:28:31 Geplanter Prüfpunkt
19-10-2014 18:06:18 Geplanter Prüfpunkt
24-10-2014 17:40:24 Geplanter Prüfpunkt
25-10-2014 08:59:04 Geplanter Prüfpunkt
26-10-2014 17:20:55 Geplanter Prüfpunkt
27-10-2014 12:45:54 Geplanter Prüfpunkt
03-11-2014 14:47:31 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03ADDB1B-80FA-4928-A33E-311B92F5D771} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {1E38C4C4-1DCC-46C8-827E-82D2DC5855D3} - System32\Tasks\{4B0051C8-CA01-45A0-8229-651943D35994} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {2A40382C-1468-44F1-B87D-CC619C6D1F20} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {566C8FDD-FA44-4997-A10D-FB0CEF4E5084} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {6D912C84-4C81-4C6E-B71A-73A211C6DDF3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {94DD685F-FC45-4F66-97D3-CE278638BFC8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9A575ED4-8562-4050-98D1-8A71AF168139} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-28] (Google)
Task: {A7CC0960-060D-4E5C-870A-472A3DD0573D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {ACC2650F-8DAC-403F-8AD2-3D59CB33F1CB} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - wolfgang => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2009-03-03 07:28 - 2008-10-29 16:20 - 00070656 _____ () C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
2009-03-04 04:17 - 2009-02-25 09:13 - 00247152 _____ () C:\Program Files\Cyberlink\Shared files\RichVideo.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Ecemr => C:\Users\wolfgang\AppData\Roaming\Ilam\etwat.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: tsnp2uvc => C:\Windows\tsnp2uvc.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: {5EFF6A61-E1D7-49DC-2481-15C5CB7E3531} => C:\Users\wolfgang\AppData\Roaming\Template\Templatewin.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2426607693-3086012762-4238772180-500 - Administrator - Disabled)
Gast (S-1-5-21-2426607693-3086012762-4238772180-501 - Limited - Enabled)
UpdatusUser (S-1-5-21-2426607693-3086012762-4238772180-1001 - Limited - Enabled) => C:\Users\UpdatusUser
wolfgang (S-1-5-21-2426607693-3086012762-4238772180-1000 - Administrator - Enabled) => C:\Users\wolfgang

==================== Faulty Device Manager Devices =============

Name: HP LaserJet P2015 Series
Description: HP LaserJet P2015 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2014 10:44:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 10:08:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 09:57:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 09:38:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\WOLFGANG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3FCY8NA6.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (11/04/2014 09:38:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\WOLFGANG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3FCY8NA6.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (11/04/2014 09:38:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\WOLFGANG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3FCY8NA6.DEFAULT\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (11/04/2014 09:38:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\WOLFGANG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3FCY8NA6.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (11/04/2014 09:37:58 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\WOLFGANG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3FCY8NA6.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (11/04/2014 09:37:58 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\WOLFGANG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3FCY8NA6.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (11/04/2014 08:02:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32295810


System errors:
=============
Error: (11/04/2014 10:45:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (11/04/2014 10:09:23 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (11/04/2014 10:08:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (11/04/2014 10:06:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 04.11.2014 um 10:05:03 unerwartet heruntergefahren.

Error: (11/04/2014 09:57:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (11/04/2014 09:57:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (11/04/2014 09:57:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (11/04/2014 09:57:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (11/04/2014 08:09:00 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse 0022FA2830C6 wurde durch den DHCP-Server 1.3.3.7 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (11/04/2014 08:02:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: WINIO%%193


Microsoft Office Sessions:
=========================
Error: (11/04/2014 10:44:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 10:08:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 09:57:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 09:38:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\WOLFGANG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3FCY8NA6.DEFAULT\SAFEBROWSING-TO_DELETE

Error: (11/04/2014 09:38:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\WOLFGANG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3FCY8NA6.DEFAULT\SAFEBROWSING

Error: (11/04/2014 09:38:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\WOLFGANG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3FCY8NA6.DEFAULT\SAFEBROWSING

Error: (11/04/2014 09:38:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\WOLFGANG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3FCY8NA6.DEFAULT\SAFEBROWSING-BACKUP

Error: (11/04/2014 09:37:58 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\WOLFGANG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3FCY8NA6.DEFAULT\SAFEBROWSING-TO_DELETE

Error: (11/04/2014 09:37:58 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\WOLFGANG\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3FCY8NA6.DEFAULT\SAFEBROWSING-BACKUP

Error: (11/04/2014 08:02:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32295810


CodeIntegrity Errors:
===================================
  Date: 2014-11-04 10:45:05.727
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-04 10:08:48.970
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-04 09:57:50.071
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-04 09:07:14.458
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-04 09:07:14.021
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-04 09:07:13.572
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-04 09:07:13.095
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-04 09:06:48.232
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-04 09:06:47.634
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-04 09:06:47.029
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 3065.95 MB
Available physical RAM: 1808.41 MB
Total Pagefile: 22336.16 MB
Available Pagefile: 21194.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.59 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:440.37 GB) (Free:132.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:25.38 GB) (Free:9.09 GB) FAT32
Drive f: (XIAOMI) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: A89BC304)
Partition 1: (Active) - (Size=440.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=25.4 GB) - (Type=0C)

==================== End Of Log ============================
__________________
Alt 04.11.2014, 20:58   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen - Standard

Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    SweetIM for Messenger 3.6

    SweetIM Toolbar for Internet Explorer 4.2 (HKLM\...\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}) (Version: 4.2.0004 - SweetIM Technologies Ltd.) <==== ATTENTION


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen
adobe, alter laptop, antimalware, appdata, aufgegeben, autostart, bitdefender, checkliste, defender, falsch, geblockt, harddisk, internet, laptop, löschen, malwarebytes, probleme, scan, services, sicherheit, system, system32, temp, update, verseucht, virus, vista, windows, windows update, windows vista


« Win8.1 x64 - Browser ist überflutet mir Werbung und öffnet Tabs | Windows 7: Adware downloaded ständig Programme »


Ähnliche Themen: Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen


  1. weisser bildschirm bei windows vista 32bit
    Alles rund um Windows - 18.02.2015 (10)
  2. Alter Vista Laptop ist extrem Langsam geworden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2014 (3)
  3. Windows Vista - Laptop läuft auf Hochtouren besonders im Internet
    Log-Analyse und Auswertung - 31.07.2014 (35)
  4. Windows Vista Pro 32Bit: Internet (insb. Downloads) funktioniert nicht mehr
    Log-Analyse und Auswertung - 28.05.2014 (9)
  5. Windows Vista 32bit: static.icmwebserv entfernen
    Log-Analyse und Auswertung - 24.03.2014 (17)
  6. Windows Vista 32Bit Interpol-Trojaner, Österr.
    Log-Analyse und Auswertung - 05.03.2014 (21)
  7. windows-vista,32bit,cmd.exe
    Alles rund um Windows - 21.02.2014 (7)
  8. Virus "incredibar" bei Windows Vista, 32bit
    Log-Analyse und Auswertung - 24.10.2013 (9)
  9. Win7 32bit-Alter Laptop: Malewarebytes zeigt an die 100 Funde an
    Log-Analyse und Auswertung - 02.10.2013 (7)
  10. Windows Vista (Laptop) Gvu-Trojaner; vermutlich noch mehr
    Log-Analyse und Auswertung - 22.09.2013 (11)
  11. Laptop / Windows Vista Home 32bit/ System Care Antivirus Befall
    Log-Analyse und Auswertung - 20.08.2013 (13)
  12. Laptop mit Windows Vista (32bit) infiziert mit JS/Agent.480412 (BKA-Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (12)
  13. GVU-Trojaner auf Laptop (Windows Vista / 32bit System)
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (7)
  14. Wie entferne ich Windows Vista 32bit
    Alles rund um Windows - 17.07.2012 (6)
  15. Bundespolizeiverwarnung Pop Up blockt Windows Vista
    Log-Analyse und Auswertung - 21.11.2011 (4)
  16. Windows Vista 32bit von Bundespolizei uKash infiziert.
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (10)
  17. Virus blockt Inet für einige Programme...
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen - Laptop hat gestern leider den Geist aufgegeben deshalb musste ich meinen alten medion laptop raussuchen. Vor 2jahren hab ich mich noch nicht wirklich um meine Sicherheit gekümmert. Deshalb ist der - Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen...
Archiv
Du betrachtest: Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131