FF Einstellungen werden nicht gespeichert

Blackpit · 06.11.2014, 12:47

Hallo Experten!

Zuerst möchte ich erst mal ein großes Lob an alle freiwilligen Helfer hier aussprechen!
Ich verfolge dieses Forum schon ein ganze Weile und habe auch einige Tips und Hilfestellungen verwerten können. Jetzt habe ich allerdings ein für mich nicht nachvollziehbares Problem.
Seit einiger Zeit werden Einstellungen im FF nicht mehr gespeichert. Bei der Verwendung von FF kommt es auch immer wieder zu Abstürzen des Flash-Plugins.
Ein aktueller Scan mit ESET hat mir nun "Systweak" und "Thinknice" als unerwünschte Anwendungen ausgeworfen. Ich habe aktuell noch nichts weiter unternommen, da ich mal lieber auf Expertenwissen vertraue. Euere Erfahrungen mit Schadsoftware kann ich trotz meiner gut 30jährigen EDV-Erfahrung sicher nicht toppen. Schadsoftware war und ist nicht mein Metier. Ich kenne die Gefahren und weiß eigentlich mich zu schützen, aber wir laufen wohl alle nur hinterher.
Aktuell habe ich ausser MSSE keinen Scanner laufen, da ich meine Infrastruktur komplett überarbeite (neuer Modemrouter, Proxyserver mit Scanengine etc.)
Ich hoffe mal auf euere Unterstützung mich von diesem Übel zu befreien.

Vielen Dank schon mal im Vorraus für euere Bemühngen.

BP

schrauber · 06.11.2014, 12:55

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Blackpit · 06.11.2014, 13:30

Hallo,

FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by Andreas (administrator) on IPOWER-PC on 06-11-2014 13:21:13
Running from C:\Temp\Downtest
Loaded Profile: Andreas (Available profiles: Andreas & Andi & Admin)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Softex\OmniPass\OmniServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Softex\OmniPass\opvapp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney Business 5.0\offlagent7\offlagent.exe
() C:\Program Files\Softex\OmniPass\scureapp.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
() C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(KYOCERA MITA) C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [SMB50StarMoneyRunEntry] => C:\Program Files\StarMoney Business 5.0\app\oflagent.exe [56976 2014-02-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4186112 2007-01-09] (Realtek Semiconductor)
HKLM\...\Run: [OmniPass] => C:\Program Files\Softex\OmniPass\scureapp.exe [2519040 2006-12-20] ()
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Roxio\Media Experience\DMXLauncher.exe [109304 2007-02-12] ()
HKLM\...\Run: [ATSwpNav] => "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-33351295-1381655003-2257602971-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-33351295-1381655003-2257602971-1002\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-33351295-1381655003-2257602971-1002\...\MountPoints2: {1919ebf3-cfc1-11e1-8047-001bfcd595a3} - G:\LGAutoRun.exe
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll => c:\progra~1\google\google~2\goec62~1.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGPtray.exe.lnk
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk
ShortcutTarget: Scanner File Utility.lnk -> C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe (KYOCERA MITA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1399741344&from=irs&uid=3219913727_1783_BE92ECE9&i=psd&t=3424f9445
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PDFXChange 2012 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: WebSpeechBHO Class -> {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} -> C:\Program Files\Common Files\WebSpeech20\LgxIEBar.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: QuickNet BHO -> {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} -> C:\Program Files\RegTweaker\key.dll (QuickNet)
Toolbar: HKLM - PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\sdms2qvg.default-1364807570932
FF Homepage: hxxp://www.eu-parts.com
FF NetworkProxy: "type", 1);user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\sdms2qvg.default-1364807570932\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DOM Inspector - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\sdms2qvg.default-1364807570932\Extensions\inspector@mozilla.org [2014-11-01]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\sdms2qvg.default-1364807570932\Extensions\LogMeInClient@logmein(29).com [2014-07-02]
FF Extension: QrCodeR - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\sdms2qvg.default-1364807570932\Extensions\jid0-4deOYiOeBrYfBB9hS3xTnGoKZC4@jetpack.xpi [2013-04-17]
FF Extension: NoScript - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\sdms2qvg.default-1364807570932\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-04-17]
FF Extension: Web Developer - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\sdms2qvg.default-1364807570932\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-10-31]
FF Extension: JavaScript Debugger - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\sdms2qvg.default-1364807570932\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2013-04-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-09]
FF HKLM\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files\Fiddler2\FiddlerHook [2012-09-08]
FF Extension: No Name - fiddlerhook@fiddler2.com [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\emkocaipledfejfjiikdnojjonekalhp [2014-05-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [255904 2012-11-28] (AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [122272 2012-11-28] (AVM Berlin)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-02] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2006-12-10] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [155488 2013-06-10] (AVM Berlin)
R2 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [40960 2006-12-20] (Softex Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
S3 Roxio UPnP Renderer 9; C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [64248 2006-12-11] (Sonic Solutions)
S2 Roxio Upnp Server 9; C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe [301816 2006-12-11] (Sonic Solutions)
S2 RoxLiveShare9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [303104 2007-01-16] (Sonic Solutions) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-01-16] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2007-01-16] (Sonic Solutions) [File not signed]
R2 StarMoney Business 5.0 OnlineUpdate; C:\Program Files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S4 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2007-02-06] (MicroVision Development, Inc.) [File not signed]
S4 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] () [File not signed]
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2012-06-08] (VMware, Inc.) [File not signed]
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354456 2012-06-09] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [665200 2011-08-29] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433816 2012-06-09] (VMware, Inc.)
S3 MMGLKKIIUK; C:\Users\Andreas\AppData\Local\Temp\MMGLKKIIUK.exe [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2014-03-28] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2014-03-28] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2014-03-28] (LG Electronics Inc.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [139144 2006-12-20] (AuthenTec, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.) [File not signed]
R3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [131064 2014-05-14] (HID Global Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-18] (Microsoft Corporation)
S4 FLMCKUSB; C:\Windows\system32\drivers\flmckusb.sys [69810 2006-07-27] (AuthenTec, Inc.)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
S3 HPPLSBULK; C:\Windows\System32\drivers\hpplsbulk.sys [9344 2005-02-02] (Hewlett Packard) [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-07-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2012-06-09] () [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NWIM; C:\Windows\System32\DRIVERS\avmnwim.sys [334712 2011-07-05] (AVM Berlin)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36560 2006-08-09] (Sonic Solutions) [File not signed]
S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [50688 2006-12-02] (Sonic Solutions) [File not signed]
R3 vhdbus; C:\Windows\System32\DRIVERS\vhdbus.sys [25480 2007-05-05] (Microsoft Corporation)
S3 vhdstor; C:\Windows\System32\DRIVERS\vhdstor.sys [131472 2007-05-05] (Microsoft Corporation)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [25584 2012-04-30] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2012-04-30] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2012-04-30] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25712 2012-04-30] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [23832 2012-06-09] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [55704 2012-06-09] (VMware, Inc.)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 13:20 - 2014-11-06 13:21 - 00000000 ____D () C:\FRST
2014-11-05 13:35 - 2014-11-05 13:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-05 13:35 - 2014-11-05 13:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-05 12:40 - 2014-11-05 12:40 - 00542636 _____ () C:\Users\Andreas\Downloads\btfsniffer.zip
2014-11-05 12:40 - 2011-08-03 18:12 - 00571392 _____ (Benjamin Tobias Franz) C:\Users\Andreas\Downloads\BTF-Sniffer.exe
2014-11-05 12:14 - 2014-11-05 12:14 - 00159020 _____ () C:\Users\Andreas\Downloads\regshot-1.9.0.7z
2014-11-05 08:00 - 2014-11-05 08:00 - 01512928 _____ (Igor Pavlov) C:\Users\Andreas\Downloads\ABRbeta.exe
2014-11-04 11:15 - 2014-11-04 11:15 - 02814256 _____ () C:\Users\Andreas\Downloads\Bitser-13-JUL-2014-V110.zip
2014-11-02 16:53 - 2014-11-02 16:53 - 00062976 _____ () C:\Users\Andreas\Documents\Zahl in Text 2.xls
2014-11-02 15:36 - 2014-11-02 15:36 - 00046080 _____ () C:\Users\Andreas\Downloads\Zahl in Text 2.xls
2014-11-02 14:51 - 2014-11-02 14:51 - 00008128 _____ () C:\Users\Andreas\Downloads\zahlwort.zip
2014-11-02 12:59 - 2014-11-02 12:59 - 00126083 _____ () C:\Users\Andreas\Downloads\runassystem.zip
2014-11-01 11:46 - 2014-11-01 11:48 - 11421240 _____ (Bitcoin Core project) C:\Users\Andreas\Downloads\bitcoin-0.9.3-win32-setup.exe
2014-10-31 18:39 - 2014-10-31 18:39 - 06126536 _____ (Tim Kosse) C:\Users\Andreas\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-10-31 06:39 - 2014-10-31 06:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-28 07:45 - 2014-10-28 07:45 - 00052812 _____ () C:\Users\Andreas\Downloads\ps4_176_poc.rar
2014-10-26 07:08 - 2014-10-26 07:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODF Add-in for Microsoft Office
2014-10-25 06:36 - 2014-10-25 06:36 - 00000000 ____D () C:\Users\Andreas\Documents\MSDN
2014-10-25 06:31 - 2014-10-25 06:32 - 00000000 ____D () C:\Users\Andreas\Downloads\XML
2014-10-22 07:06 - 2014-10-22 07:06 - 00713728 _____ () C:\Users\Andreas\Downloads\PHPManagerForIIS-1.2.0-x86.msi
2014-10-22 06:58 - 2014-10-22 06:58 - 00125855 _____ () C:\Users\Andreas\Downloads\vbalogger-34817.zip
2014-10-21 16:07 - 2014-10-21 16:44 - 00000000 ____D () C:\Users\Andreas\Downloads\RST
2014-10-20 09:07 - 2014-10-20 09:07 - 00000000 ____D () C:\Users\Andreas\Downloads\ZEN Cart (WebShop)
2014-10-17 06:58 - 2014-10-17 06:57 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-17 06:57 - 2014-10-17 06:57 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-17 06:57 - 2014-10-17 06:57 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-17 06:57 - 2014-10-17 06:57 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-17 06:57 - 2014-10-17 06:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-16 05:25 - 2014-06-15 23:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 05:25 - 2014-06-13 19:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 05:25 - 2014-06-13 19:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 05:23 - 2014-09-28 00:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 05:16 - 2014-09-05 00:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-16 05:14 - 2014-09-16 17:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 18:37 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 18:37 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 18:37 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 18:37 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 18:37 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 18:37 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 18:37 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 18:37 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 18:37 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 18:37 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 18:37 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 18:37 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 18:37 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 18:37 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 18:37 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 18:37 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 18:37 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 18:37 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 18:37 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 18:37 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 18:37 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 09:31 - 2014-10-14 09:44 - 00000000 ____D () C:\Users\Andreas\Downloads\Jabra
2014-10-12 09:39 - 2014-10-12 09:49 - 202065642 _____ () C:\Users\Andreas\Downloads\%5bDave Gordon%5d Computer Vision 101 Detecting Faces.zip
2014-10-12 08:20 - 2014-10-12 08:20 - 00107506 _____ () C:\Users\Andreas\Downloads\GPSExifReader.zip
2014-10-07 13:37 - 2014-10-07 13:41 - 00000000 ____D () C:\Users\Andreas\Downloads\BadUSB
2014-10-07 12:44 - 2014-10-07 12:44 - 00000000 ____D () C:\Users\Andreas\Downloads\c39hr
2014-10-07 12:43 - 2014-10-07 12:43 - 00019469 _____ () C:\Users\Andreas\Downloads\c39hr.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 13:14 - 2012-06-08 11:34 - 01929998 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 12:19 - 2006-11-02 13:46 - 00002128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 12:19 - 2006-11-02 13:46 - 00002128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 11:55 - 2014-05-12 06:36 - 00000000 ____D () C:\Users\Andreas\AppData\Local\CrashDumps
2014-11-06 11:26 - 2012-06-13 05:47 - 00001768 ____H () C:\Users\Andreas\Documents\Default.rdp
2014-11-06 11:07 - 2010-08-02 17:32 - 00000000 ____D () C:\Temp
2014-11-05 22:33 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\tracing
2014-11-05 13:36 - 2012-06-10 12:02 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Adobe
2014-11-05 11:15 - 2014-01-07 17:39 - 00000000 ____D () C:\Program Files (x86)
2014-11-05 11:04 - 2006-11-02 13:35 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-05 09:36 - 2014-05-17 12:51 - 00001523 _____ () C:\Windows\setupact.log
2014-11-05 09:36 - 2013-01-12 10:16 - 00001905 _____ () C:\Windows\diagwrn.xml
2014-11-05 09:36 - 2013-01-12 10:16 - 00001905 _____ () C:\Windows\diagerr.xml
2014-11-05 09:35 - 2014-05-17 12:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-04 13:03 - 2012-07-04 06:53 - 00000000 ____D () C:\Users\Andreas\.zenmap
2014-11-04 11:13 - 2014-04-27 10:18 - 00000000 ____D () C:\Users\Andreas\divers
2014-11-04 09:59 - 2012-12-29 10:45 - 00000000 ____D () C:\Users\Andreas\Downloads\PHP
2014-11-04 08:58 - 2013-10-27 00:05 - 00000000 ____D () C:\Users\Andreas\AppData\Local\TSVNCache
2014-11-04 08:50 - 2014-01-07 08:40 - 00000000 ____D () C:\Users\Andi\AppData\Local\TSVNCache
2014-11-04 08:50 - 2012-08-01 10:13 - 00001716 ____H () C:\Users\Andi\Documents\Default.rdp
2014-11-04 08:31 - 2006-11-02 11:33 - 01611112 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 08:20 - 2012-07-19 22:02 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-04 08:20 - 2009-03-09 10:04 - 00000000 ____D () C:\ProgramData\VMware
2014-11-04 08:19 - 2006-11-02 14:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 08:17 - 2014-03-11 16:17 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-04 08:17 - 2006-11-02 14:00 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-04 08:15 - 2012-06-10 14:26 - 00086488 _____ () C:\Users\Andi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-03 06:52 - 2012-10-07 16:48 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Aptana Studio 3
2014-11-03 06:43 - 2012-06-10 06:54 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\FileZilla
2014-11-02 13:14 - 2012-06-25 05:50 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-01 12:10 - 2012-07-04 06:16 - 00000000 ____D () C:\Users\Andreas\Downloads\Security
2014-10-31 18:41 - 2012-07-28 06:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-10-31 18:41 - 2011-05-20 14:53 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-10-30 12:24 - 2012-06-08 17:02 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 08:57 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-26 08:30 - 2012-07-26 12:41 - 00000000 ___RD () C:\Users\Andreas\Documents\EU-Parts
2014-10-26 07:09 - 2011-08-04 14:03 - 00000000 ____D () C:\Program Files\OpenXML-ODF Translator
2014-10-25 07:12 - 2014-06-27 09:20 - 00000000 ____D () C:\Users\Andreas\Downloads\Programmierung
2014-10-24 14:05 - 2012-07-04 06:16 - 00000000 ____D () C:\Users\Andreas\Downloads\Access
2014-10-24 11:42 - 2011-10-07 08:31 - 00000000 ____D () C:\ProgramData\jtl-software
2014-10-24 09:29 - 2012-11-17 11:17 - 00000000 ____D () C:\Users\Andreas\Downloads\JTL
2014-10-23 12:39 - 2014-05-07 07:22 - 00000000 ____D () C:\Users\Andreas\Documents\SQL Server Management Studio Express
2014-10-21 08:53 - 2013-04-28 10:18 - 00000000 ____D () C:\Users\Andreas\Downloads\PDF
2014-10-17 10:42 - 2011-12-13 12:50 - 00000000 ____D () C:\ACCESS
2014-10-17 06:59 - 2013-10-21 07:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 06:57 - 2009-11-09 15:11 - 00000000 ____D () C:\Program Files\Java
2014-10-17 06:41 - 2006-11-02 13:46 - 00356112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 06:40 - 2014-06-26 10:24 - 00006802 _____ () C:\Windows\PFRO.log
2014-10-16 05:23 - 2013-08-16 21:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 05:16 - 2006-11-02 11:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-13 15:18 - 2014-07-28 06:50 - 00000000 ____D () C:\Users\Andreas\Downloads\mailpv
2014-10-10 11:47 - 2013-09-07 20:22 - 01363968 _____ () C:\Users\Andreas\Desktop\Treeview_Access.mdb
2014-10-08 06:33 - 2012-06-11 16:30 - 00000000 ____D () C:\Users\Andreas\AppData\Local\FreePDF_XP
2014-10-08 06:33 - 2012-06-10 06:55 - 00000000 ____D () C:\EU-Parts
2014-10-07 14:44 - 2012-06-08 16:59 - 00086488 _____ () C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT

Files to move or delete:
====================
C:\Users\Andreas\CompClean1.dat
C:\Users\Public\adwcleaner_3.213.exe
C:\Users\Public\dpc20.EXE
C:\Users\Public\dpc30.EXE
C:\Users\Public\NethydraSetup.exe
C:\Users\Public\NethydraSetup1181.exe
C:\Users\Public\TopAufmass.exe


Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Andreas\AppData\Local\Temp\CMInstaller.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Andreas\AppData\Local\Temp\Update.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-06 09:14

==================== End Of Log ============================

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by Andreas at 2014-11-06 13:24:18
Running from C:\Temp\Downtest
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Advanced Office Password Recovery (remove only) (HKLM\...\Advanced Office Password Recovery) (Version: 3.14 - Elcomsoft Co.Ltd.)
ApiViewer 2004 (HKLM\...\{A25947EB-D9C2-4D6E-8051-810C913211B5}_is1) (Version:  - )
Aptana Studio 3 (HKLM\...\Aptana Studio 3) (Version: 3.0.0 - Appcelerator, Inc.)
ATNavigation (Version: 7.6.1.18 - Authentec, Inc.) Hidden
AuthenTec Windows Fingerprint Software (Version: 7.6.1.18 - AuthenTec, Inc.) Hidden
AutoScan8400 (HKLM\...\AutoScan8400) (Version:  - )
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AVM FRITZ!fax für FRITZ!Box (HKLM\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AVM FRITZ!Fernzugang (HKLM\...\{F2B03BB1-D679-4FFF-951D-3058A669A823}) (Version: 1.3.1 - AVM Berlin)
Bitser (HKLM\...\{C87EC17A-7357-4FD3-B1CC-3B96BF0873C0}) (Version: 1.0.0 - Bitser)
BIXOLON SRP-350 Windows Driver V3.1.9E (HKLM\...\BIXOLON_SRP-350) (Version:  - )
Canon RAW Codec (HKLM\...\Canon RAW Codec) (Version: 1.8.0.68 - Canon Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}) (Version: 5.0.6 - Cisco Systems, Inc.)
CM Installer (HKLM\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.60.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Database Browser (HKLM\...\Database Browser_is1) (Version:  - )
DDBACSDK (HKLM\...\{E602081A-26A3-44BD-A14F-EF399B1C55A3}) (Version: 5.3.5 - DataDesign)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Disk Checker (HKLM\...\Disk Checker) (Version:  - )
DivX (Version: 6.0 - DivXNetworks, Inc.) Hidden
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.44.000 - Runtime Software)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Fakturama (HKLM\...\Fakturama) (Version: 1.5.0 - sebulli.com)
Fiddler (HKLM\...\Fiddler2) (Version: 2.4.1.0 - Eric Lawrence)
FileZilla Client 3.9.0.6 (HKLM\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
FTP_Uploader (HKCU\...\882b5d46ffc95344) (Version: 1.6.0.9 - FTP_Uploader)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
HDClone 4.3 Free Edition (HKLM\...\HDClone.Free.4.3.4.1031-{FC54CBAC-F744-4595-BC75-FEB394AE4FE4}) (Version: 4.3 - Miray Software AG)
HHD Software Hex Editor Neo 5.14 (HKCU\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 5.14.0.4787 - HHD Software, Ltd.)
HP USB Disk Storage Format Tool (HKLM\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
hppFonts (Version: 001.001.00056 - Hewlett-Packard) Hidden
hppIOFiles (Version: 002.000.00030 - Hewlett-Packard) Hidden
hppTLBX2840 (Version: 001.000.00002 - Hewlett-Packard) Hidden
Imagerunner 2.0 (HKLM\...\Imagerunner {4d0b5c11-73a5-49bd-a2ff-557a96362316}_is1) (Version: 2.0.1.14 - Alexander Käser)
Inst5657 (Version: 5.00.12 - Softex Inc.) Hidden
iSpy (HKLM\...\{B95EFFDD-DB3E-4307-AF39-F05802AAA53B}) (Version: 5.4.8 - iSpy)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JTL-Wawi (HKLM\...\JTL-Wawi_is1) (Version: 0.99779 - )
KM-2050TWAIN (HKLM\...\{D3C42C6D-8548-4E76-8D11-17026287BA65}) (Version: 1.20 - KyoceraMita)
KMnet Viewer (HKLM\...\KMnet Viewer) (Version: 5.3.1922 - Kyocera Mita Corporation)
LG PC Suite (HKLM\...\LG PC Suite) (Version: 5.3.17.20140521 - LG Electronics)
LG United Mobile Drivers (HKLM\...\{73EAAF2F-9A69-409B-832F-2DCD0371CD44}) (Version: 3.11.3.0 - LG Electronics)
Logitech Eyetoy Webcam (HKLM\...\Logitech Eyetoy Webcam) (Version:  - )
Logox WebSpeech 2.0 (HKLM\...\{96BB4980-D4B2-11D3-B13A-006097368FF7}) (Version:  - )
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware Version 1.65.0.1400 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.0.1400 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2003 Web Services Toolkit (HKLM\...\{46395060-B733-4964-A6F8-253FB1F8B2C4}) (Version: 11.0.9969 - Microsoft)
Microsoft Office Access 2.0 Converter (HKLM\...\Converter) (Version:  - )
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.00.3003.0 - Microsoft Corporation)
Microsoft SQL Server Management Studio Express (HKLM\...\{3CBA73A5-F9B8-4E6A-B96D-8585590F57F5}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Tool Web Package : OLEVIEW.EXE (HKLM\...\{F8C366C2-66A9-4F5C-A8A7-5108A0251F58}) (Version: 1.00.0.1 - Microsoft Corporation)
Microsoft Virtual Server 2005 R2 SP1 (HKLM\...\{84FAA867-8743-44C3-B22E-B5A152456D77}) (Version: 1.1.603.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 de) (HKLM\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDVD-VR Recorder (Version: 1.0 - Mediostream) Hidden
MySQL Connector/ODBC 5.2 32bit (community edition) (HKLM\...\{12A47162-DE00-4A9D-A82B-2EC881139B10}) (Version: 5.2.5 - Oracle Corporation)
MySQL Workbench 6.0 CE (HKLM\...\{0BBFADE9-0CA5-4AA3-BC90-629CE53952CF}) (Version: 6.0.6 - Oracle Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nmap 6.01 (HKLM\...\Nmap) (Version:  - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
ODF Add-in for Microsoft Office (HKLM\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
Omnipass 5 (HKLM\...\OMNIPASS) (Version:  - )
OmniPass 5.00.12 (Version: 5.00.12 - Softex Inc.) Hidden
Oracle VM VirtualBox 4.1.18 (HKLM\...\{D3F9003B-7D17-4317-B61B-0694FF5333F8}) (Version: 4.1.18 - Oracle Corporation)
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.86 - ASUSTeK Computer Inc.)
PDF-Tools 4 SDK (HKLM\...\{F2992A18-4AE0-42E1-A493-1B85641BED06}_is1) (Version: 4.0.214.2 - Tracker Software)
PDF-XChange 2012 Pro (HKLM\...\{F92F0AAB-2EF6-412C-8BF4-0B11EB535280}_is1) (Version: 5.0.269.0 - Tracker Software Products Ltd)
Pinnacle PCTV MCE (HKLM\...\{FD54066C-59C6-475B-B8A0-A0D26969D8E2}) (Version: 3.00.0066 - Ihr Firmenname)
RealSpeak Solo fur Deutsch - Steffi (HKLM\...\{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}) (Version: 4.00.0000 - ScanSoft)
Realtek HD Audio V6.0.1.5334 (HKLM\...\AUDIO_REALTEK) (Version:  - )
Realtek High Definition Audio Driver (Version: 6.0.1.5334 - Realtek Semiconductor Corp.) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
RegTweaker version 3.2.2.1 (HKLM\...\RegTweaker_is1) (Version:  - )
RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
SDFormatter (HKLM\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Skype 2.5.2.151 (HKLM\...\SKYPE) (Version:  - )
Softerra LDAP Browser 4.5 (HKLM\...\{5A3B2909-0CF3-4F8A-95AB-0A00222DCAA3}) (Version: 4.5.10625.0 - Softerra, Ltd.)
Sonic MyDVD-VR (Version: 1.0 - Mediostream) Hidden
StarMoney (Version: 3.0.3.21 - StarFinanz) Hidden
StarMoney Business 5.0  (HKLM\...\{A9FA5B6B-A70B-4972-B093-4EFEE6071C1F}) (Version: 5.0 - Star Finanz GmbH)
System Update kb70007 (Version: 1.0.0 - MSR) Hidden <==== ATTENTION
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TortoiseSVN 1.8.2.24708 (32 bit) (HKLM\...\{575C65F5-CF47-4ED9-AAC4-10E5B52A39E2}) (Version: 1.8.24708 - TortoiseSVN)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Visual Basic 5.0 Control Creation Edition (HKLM\...\VB5CCE) (Version:  - )
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Player (HKLM\...\VMware_Player) (Version: 4.0.4.30409 - VMware, Inc)
VMware Player (Version: 4.0.4.30409 - VMware, Inc.) Hidden
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Win on CD 9 (HKLM\...\WINONCD9_DE) (Version:  - )
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Philips Pinnacle Systems PCTV 3010ix, 7010ix (10/27/2006 1.0.3.3) (HKLM\...\4E3BF7FD630F565F3423DA7C016E43994CC8D7E4) (Version: 10/27/2006 1.0.3.3 - Philips)
Windows-Treiberpaket - Pinnacle Systems PCTV 100e/320e Audio (01/29/2007 5.7.0129.0) (HKLM\...\4E50AC748A67E145854BF89F01D9640FBFEA2BB2) (Version: 01/29/2007 5.7.0129.0 - Pinnacle Systems)
Windows-Treiberpaket - Pinnacle Systems PCTV 100i,110i,300i,310i, MCE (11/22/2006 1.3.3.5) (HKLM\...\2F1218566494524A8A4A228EEEE1396420761D7E) (Version: 11/22/2006 1.3.3.5 - Pinnacle Systems)
Windows-Treiberpaket - Pinnacle Systems PCTV 320cx (02/26/2007 3.0.3.3) (HKLM\...\D3827EB3731CF44604C832D4A67F17DF0133BB29) (Version: 02/26/2007 3.0.3.3 - Pinnacle Systems)
Windows-Treiberpaket - Pinnacle Systems PCTV 320cx Infrared receiver (11/03/2006 2.0.1) (HKLM\...\447F1087A5C73D3A12A0105CB6918651AE5CC362) (Version: 11/03/2006 2.0.1 - Pinnacle Systems)
Windows-Treiberpaket - Pinnacle Systems PCTV 70e/100e/160e/170e/320e/330e/800e (01/29/2007 5.7.0129.0) (HKLM\...\B3D45A72740EB563AAE49887AA6DE31CEC42E8EB) (Version: 01/29/2007 5.7.0129.0 - Pinnacle Systems)
Windows-Treiberpaket - Pinnacle Systems PCTV 71e (09/28/2006 6.9.28.4) (HKLM\...\A58DABEDB035CF52920F0199F5850350300844E2) (Version: 09/28/2006 6.9.28.4 - Pinnacle Systems)
Windows-Treiberpaket - Pinnacle Systems Pinnacle Systems PCTV 310c (06/02/2006 3.0.1.1) (HKLM\...\3F9484CFCDACBBC989A5F253A2892BB0733FE274) (Version: 06/02/2006 3.0.1.1 - Pinnacle Systems)
Windows-Treiberpaket - Pinnacle Systems Pinnacle Systems PCTV 310c (06/02/2006 3.0.1.1) (HKLM\...\B04597DBD1DAD3EB7E493C897E0C67AE1B37153D) (Version: 06/02/2006 3.0.1.1 - Pinnacle Systems)
WinHTTrack Website Copier 3.45-4 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.45.4 - HTTrack)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.1 (HKLM\...\winscp3_is1) (Version: 5.1 - Martin Prikryl)
Wireshark 1.10.0 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.0 - The Wireshark developer community, hxxp://www.wireshark.org)
XML Sample Generator (HKLM\...\{0A51181C-238F-4287-A59F-97C796E04B75}) (Version: 1.0.0 - MSDN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-33351295-1381655003-2257602971-1002_Classes\CLSID\{112EA537-7AB9-4e22-8BFB-7FD5FCB19849}\localserver32 -> C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe (GlobalSCAPE Texas, LP.)
CustomCLSID: HKU\S-1-5-21-33351295-1381655003-2257602971-1002_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> C:\Users\Andreas\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-33351295-1381655003-2257602971-1002_Classes\CLSID\{28D8ABA0-4B78-11CE-B27D-00AA001F73C1}\InprocServer32 -> C:\Users\Andreas\Downloads\Microsoft\Server2003_rktools\iviewers.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-33351295-1381655003-2257602971-1002_Classes\CLSID\{57EFBF49-4A8B-11CE-870B-0800368D2302}\InprocServer32 -> C:\Users\Andreas\Downloads\Microsoft\Server2003_rktools\iviewers.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-33351295-1381655003-2257602971-1002_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> C:\Users\Andreas\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-33351295-1381655003-2257602971-1002_Classes\CLSID\{7CE551EA-F85C-11CE-9059-080036F12502}\InprocServer32 -> C:\Users\Andreas\Downloads\Microsoft\Server2003_rktools\iviewers.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-33351295-1381655003-2257602971-1002_Classes\CLSID\{7CE551EB-F85C-11CE-9059-080036F12502}\InprocServer32 -> C:\Users\Andreas\Downloads\Microsoft\Server2003_rktools\iviewers.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-33351295-1381655003-2257602971-1002_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\Andreas\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-33351295-1381655003-2257602971-1002_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\Andreas\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-33351295-1381655003-2257602971-1002_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> C:\Users\Andreas\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-33351295-1381655003-2257602971-1002_Classes\CLSID\{D2AF7A60-4C42-11CE-B27D-00AA001F73C1}\InprocServer32 -> C:\Users\Andreas\Downloads\Microsoft\Server2003_rktools\iviewers.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-33351295-1381655003-2257602971-1002_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> C:\Users\Andreas\AppData\Local\HHD Software\Hex Editor Neo\PatchAPI\dll\x86\hexpatch32.dll (HHD Software Ltd.)

==================== Restore Points  =========================

25-09-2014 09:02:30 Windows Update
26-09-2014 22:00:14 Geplanter Prüfpunkt
28-09-2014 18:24:22 Geplanter Prüfpunkt
29-09-2014 17:53:40 Windows Update
02-10-2014 18:49:40 Geplanter Prüfpunkt
03-10-2014 15:13:53 Windows Update
05-10-2014 22:00:10 Geplanter Prüfpunkt
07-10-2014 15:11:04 Windows Update
11-10-2014 15:10:04 Windows Update
14-10-2014 16:01:56 Geplanter Prüfpunkt
15-10-2014 15:24:30 Windows Update
16-10-2014 04:14:01 Windows Update
17-10-2014 05:55:42 Installed Java 7 Update 71
17-10-2014 22:00:11 Geplanter Prüfpunkt
19-10-2014 06:08:38 Windows Update
19-10-2014 22:00:10 Geplanter Prüfpunkt
22-10-2014 09:13:02 Geplanter Prüfpunkt
23-10-2014 04:41:35 Windows Update
24-10-2014 22:00:15 Geplanter Prüfpunkt
25-10-2014 05:34:46 Installed XML Sample Generator
26-10-2014 06:08:15 Installed ODF Add-in for Microsoft Office
27-10-2014 06:55:06 Windows Update
30-10-2014 00:41:48 Windows Update
30-10-2014 23:44:02 Geplanter Prüfpunkt
31-10-2014 05:22:56 Windows Update
02-11-2014 16:47:40 Geplanter Prüfpunkt
03-11-2014 12:33:06 Windows Update
04-11-2014 02:36:38 Geplanter Prüfpunkt
05-11-2014 10:14:41 Installed Microsoft Tool Web Package : OLEVIEW.EXE

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3292CE8D-A804-47A6-B2BC-2C56F4E63BE8} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Andreas => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
Task: {A4EE1E63-EFFE-4DEA-9610-C6688B0FC03B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {D63AFF09-D06E-43DE-B82C-EA21C4B7CB55} - System32\Tasks\{CF16C207-4567-4AB5-8A9A-00C6A396B6D2} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?page=tsProgressBar
Task: {F241DEBC-B051-40E7-A5F0-DD9A3BDB20CA} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files\ASUS\AASP\1.01.02\AsLoader.exe [2009-12-28] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2007-02-23 08:22 - 2006-12-20 16:27 - 00532480 _____ () C:\Program Files\Softex\OmniPass\storeng.dll
2007-02-23 08:22 - 2006-12-20 16:27 - 00013824 _____ () C:\Program Files\Softex\OmniPass\ssplogon.dll
2007-02-23 08:22 - 2006-12-20 16:27 - 00425984 _____ () C:\Program Files\Softex\OmniPass\userdata.dll
2007-02-23 08:22 - 2006-12-20 16:27 - 00016896 _____ () C:\Program Files\Softex\OmniPass\cryptodll.dll
2007-02-23 08:22 - 2006-12-20 16:27 - 00991232 _____ () C:\Program Files\Softex\OmniPass\autheng.dll
2007-02-23 08:22 - 2006-12-20 16:33 - 00047552 _____ () C:\Program Files\Softex\OmniPass\hdddrv.dll
2007-02-23 08:22 - 2006-12-20 16:14 - 02563040 _____ () C:\Program Files\Softex\OmniPass\sftxtgp.dll
2012-06-09 19:06 - 2010-06-17 20:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2013-02-07 16:13 - 2011-01-13 09:44 - 00232800 _____ () C:\Program Files\StarMoney Business 5.0\ouservice\PATCHW32.dll
2012-06-09 01:36 - 2012-06-09 01:36 - 01229464 _____ () C:\Program Files\VMware\VMware Player\libxml2.dll
2007-02-23 08:22 - 2006-12-20 16:27 - 00061440 _____ () C:\Program Files\Softex\OmniPass\SCUREDLL.dll
2007-02-23 08:22 - 2006-12-20 16:33 - 00069632 _____ () C:\Program Files\Softex\OmniPass\opvapp.exe
2007-02-23 08:22 - 2006-12-20 16:27 - 00016896 _____ () C:\Program Files\Softex\OmniPass\Cryptodll.dll
2013-08-27 21:05 - 2013-08-27 21:05 - 00065264 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2013-08-27 21:04 - 2013-08-27 21:04 - 00070896 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2007-02-23 08:29 - 2006-11-01 08:58 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2014-05-20 18:13 - 2000-09-15 12:16 - 00192512 _____ () C:\Program Files\Common Files\WebSpeech20\LgxIEBar.dll
2003-07-11 01:09 - 2003-07-11 01:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2007-02-23 08:22 - 2006-12-20 16:27 - 00065536 _____ () C:\Program Files\Softex\OmniPass\opfsdll.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2006-12-13 23:25 - 2006-12-13 23:25 - 00013312 _____ () C:\Program Files\Roxio\Virtual Drive 9\1031\DC_ShellExt.loc
2009-01-04 12:16 - 2009-01-04 12:16 - 00045568 _____ () C:\Windows\system32\chckshll.dll
2007-02-23 08:22 - 2006-12-20 16:32 - 02519040 _____ () C:\Program Files\Softex\OmniPass\scureapp.exe
2007-02-12 03:24 - 2007-02-12 03:24 - 00109304 _____ () C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
2010-11-29 09:35 - 2000-11-09 11:17 - 00190464 _____ () C:\Program Files\Kyocera Mita\FileUtility\HgTiff2Pdf.dll
2012-07-31 02:08 - 2012-07-31 02:08 - 00016872 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll
2014-10-31 06:39 - 2014-10-31 06:39 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Public\DRM:احتضان

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-33351295-1381655003-2257602971-1008 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-33351295-1381655003-2257602971-500 - Administrator - Disabled)
Andi (S-1-5-21-33351295-1381655003-2257602971-1004 - Limited - Enabled) => C:\Users\Andi
Andreas (S-1-5-21-33351295-1381655003-2257602971-1002 - Administrator - Enabled) => C:\Users\Andreas
ASPNET (S-1-5-21-33351295-1381655003-2257602971-1001 - Limited - Disabled)
Gast (S-1-5-21-33351295-1381655003-2257602971-501 - Limited - Enabled)
Test (S-1-5-21-33351295-1381655003-2257602971-1007 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2014 11:55:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_15_0_0_189.exe, Version 15.0.0.189, Zeitstempel 0x54233581, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x72f44618,
Prozess-ID 0xae4, Anwendungsstartzeit FlashPlayerPlugin_15_0_0_189.exe0.

Error: (11/06/2014 11:39:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_15_0_0_189.exe, Version 15.0.0.189, Zeitstempel 0x54233581, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x72f44618,
Prozess-ID 0x18d8, Anwendungsstartzeit FlashPlayerPlugin_15_0_0_189.exe0.

Error: (11/06/2014 11:30:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_15_0_0_189.exe, Version 15.0.0.189, Zeitstempel 0x54233581, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x72f44618,
Prozess-ID 0x11a8, Anwendungsstartzeit FlashPlayerPlugin_15_0_0_189.exe0.

Error: (11/06/2014 11:24:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_15_0_0_189.exe, Version 15.0.0.189, Zeitstempel 0x54233581, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x72f44618,
Prozess-ID 0x14f0, Anwendungsstartzeit FlashPlayerPlugin_15_0_0_189.exe0.

Error: (11/06/2014 11:24:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_15_0_0_189.exe, Version 15.0.0.189, Zeitstempel 0x54233581, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x72f44618,
Prozess-ID 0x1e44, Anwendungsstartzeit FlashPlayerPlugin_15_0_0_189.exe0.

Error: (11/06/2014 11:14:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_15_0_0_189.exe, Version 15.0.0.189, Zeitstempel 0x54233581, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x72f44618,
Prozess-ID 0x1684, Anwendungsstartzeit FlashPlayerPlugin_15_0_0_189.exe0.

Error: (11/06/2014 11:14:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_15_0_0_189.exe, Version 15.0.0.189, Zeitstempel 0x54233581, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x72f44618,
Prozess-ID 0x1dcc, Anwendungsstartzeit FlashPlayerPlugin_15_0_0_189.exe0.

Error: (11/05/2014 00:53:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm oleview.exe, Version 2.1.0.59 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 6c0
Anfangszeit: 01cff8d417734c82
Zeitpunkt der Beendigung: 0

Error: (11/05/2014 09:42:11 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag\NPS VSS Writer,...)". hr = 0x80070005.


Vorgang:
   Generator wird initialisiert

Kontext:
   Generatorklassen-ID: {35e81631-13e1-48db-97fc-d5bc721bb18a}
   Generatorname: NPS VSS Writer
   Generatorinstanz-ID: {e2ac60ed-a9f5-4dea-bfa3-5f6bf9fcc243}

Error: (11/05/2014 09:41:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <MAPI://{S-1-5-21-33351295-1381655003-2257602971-1002}/PERSÖNLICHE ORDNER($B15F36EC)/X/POSTAUSGANG/가가가가갢겁겣곩건갦갫걋겯곰걥걅겊걂과계갤갾곺갇> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (11/04/2014 08:46:26 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie chkdsk auf Volume "HDD" aus.

Error: (11/04/2014 08:46:23 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie chkdsk auf Volume "HDD" aus.

Error: (11/04/2014 08:27:53 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}

Error: (11/04/2014 08:27:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7007ACD1-3202-11D1-AAD2-00805FC1270E}

Error: (11/04/2014 08:27:18 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (11/04/2014 08:23:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (11/04/2014 08:22:50 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie chkdsk auf Volume "HDD" aus.

Error: (11/04/2014 08:22:49 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie chkdsk auf Volume "HDD" aus.

Error: (11/04/2014 08:21:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (11/04/2014 08:21:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037


Microsoft Office Sessions:
=========================
Error: (11/06/2014 11:55:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_189.exe15.0.0.18954233581unknown0.0.0.000000000c000000572f44618ae401cff9b02a93f302

Error: (11/06/2014 11:39:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_189.exe15.0.0.18954233581unknown0.0.0.000000000c000000572f4461818d801cff9ade7bc0ce2

Error: (11/06/2014 11:30:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_189.exe15.0.0.18954233581unknown0.0.0.000000000c000000572f4461811a801cff9aca20ca752

Error: (11/06/2014 11:24:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_189.exe15.0.0.18954233581unknown0.0.0.000000000c000000572f4461814f001cff9abdf75e532

Error: (11/06/2014 11:24:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_189.exe15.0.0.18954233581unknown0.0.0.000000000c000000572f446181e4401cff9abd8324e82

Error: (11/06/2014 11:14:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_189.exe15.0.0.18954233581unknown0.0.0.000000000c000000572f44618168401cff9aa7a524872

Error: (11/06/2014 11:14:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_15_0_0_189.exe15.0.0.18954233581unknown0.0.0.000000000c000000572f446181dcc01cff9aa73020792

Error: (11/05/2014 00:53:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: oleview.exe2.1.0.596c001cff8d417734c820

Error: (11/05/2014 09:42:11 AM) (Source: VSS) (EventID: 12289) (User: )
Description: RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag\NPS VSS Writer,...)0x80070005

Vorgang:
   Generator wird initialisiert

Kontext:
   Generatorklassen-ID: {35e81631-13e1-48db-97fc-d5bc721bb18a}
   Generatorname: NPS VSS Writer
   Generatorinstanz-ID: {e2ac60ed-a9f5-4dea-bfa3-5f6bf9fcc243}

Error: (11/05/2014 09:41:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
MAPI://{S-1-5-21-33351295-1381655003-2257602971-1002}/PERSÖNLICHE ORDNER($B15F36EC)/X/POSTAUSGANG/가가가가갢겁겣곩건갦갫걋겯곰걥걅겊걂과계갤갾곺갇


CodeIntegrity Errors:
===================================
  Date: 2014-07-03 22:56:36.627
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-03 22:56:36.453
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-03 22:56:36.284
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-03 22:56:36.120
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-03 22:56:35.815
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-03 22:56:35.639
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-03 22:56:35.472
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-03 22:56:35.300
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-03 22:51:41.321
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-03 22:51:41.157
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz
Percentage of memory in use: 54%
Total physical RAM: 3325.63 MB
Available physical RAM: 1497.83 MB
Total Pagefile: 6860.25 MB
Available Pagefile: 4433.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1876.13 MB

==================== Drives ================================

Drive c: (HDD) (Fixed) (Total:923.52 GB) (Free:425.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive r: () (Network) (Total:101.73 GB) (Free:11.24 GB) 
Drive s: () (Network) (Total:101.73 GB) (Free:11.24 GB) 

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9A28ABD7)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=923.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Vielen Dank im vorraus!

Gruß

BP

schrauber · 07.11.2014, 07:49

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

System Update kb70007
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Blackpit · 07.11.2014, 08:54

Hallo,
folgende Fehlermeldung:

Deiinstallation wird abgebrochen.
Das Verzeichnis existiert auch nicht (oder nicht mehr)
Soll ich diesen Weg versuchen:
hxxp://www.overclock.net/t/1490256/raising-awareness-about-the-kb70007-privoxy-port-8118-ip-address-127-0-0-1-virus-that-is-going-around

Gruß

BP

Blackpit · 07.11.2014, 11:36

Hallo,
ich habe die Reste von "kB70007" nun aus dem System entfernt und ComboFix laufen lassen.
Hier das Ergebnis:

Code:

ATTFilter

ComboFix 14-10-29.01 - Andreas 07.11.2014  10:36:19.1.4 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.49.1031.18.3326.1335 [GMT 1:00]
ausgeführt von:: c:\temp\Downtest\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\INSTALL.LOG
c:\programdata\DragToDiscUserNameD.txt
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PGPtray.exe.lnk
c:\users\Andreas\ncftp
c:\users\Andreas\ncftp\firewall.txt
c:\users\Public\TopAufmass.exe
c:\windows\Fonts\M4.FON
c:\windows\IsUn0407.exe
c:\windows\MICROSOFT
c:\windows\unin0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_System_Update_kb70007
-------\Service_System Update kb70007
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-07 bis 2014-11-07  ))))))))))))))))))))))))))))))
.
.
2014-11-06 12:20 . 2014-11-06 14:06	--------	d-----w-	C:\FRST
2014-11-06 07:31 . 2014-10-14 20:13	8901368	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AC79E1D-0FE9-4206-AA1C-D637DBA8688E}\mpengine.dll
2014-11-05 12:35 . 2014-11-05 12:35	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-05 12:35 . 2014-11-05 12:35	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-11-05 07:35 . 2014-09-17 08:16	908840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96C79D94-ED49-43FA-ACD1-E8955C794A05}\gapaengine.dll
2014-11-05 07:33 . 2014-10-14 20:13	8901368	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-17 05:57 . 2014-10-17 05:57	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-10-16 04:25 . 2014-06-15 22:18	1131664	----a-w-	c:\windows\system32\dfshim.dll
2014-10-16 04:25 . 2014-06-13 18:22	81560	----a-w-	c:\windows\system32\mscories.dll
2014-10-16 04:25 . 2014-06-13 18:22	156824	----a-w-	c:\windows\system32\mscorier.dll
2014-10-16 04:23 . 2014-09-27 23:29	2054656	----a-w-	c:\windows\system32\win32k.sys
2014-10-16 04:16 . 2014-09-04 23:27	143360	----a-w-	c:\windows\system32\drivers\fastfat.sys
2014-10-16 04:14 . 2014-09-16 16:56	66560	----a-w-	c:\windows\system32\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:24 . 2012-06-08 16:02	229000	------w-	c:\windows\system32\MpSigStub.exe
2014-09-17 08:16 . 2013-03-12 09:44	908840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-23 01:03 . 2014-08-31 08:08	297984	----a-w-	c:\windows\system32\gdi32.dll
1998-02-10 17:34 . 2010-02-21 15:22	128000	----a-w-	c:\program files\UNWISE.EXE
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"SMB50StarMoneyRunEntry"="c:\program files\StarMoney Business 5.0\app\oflagent.exe" [2014-02-21 56976]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-09 4186112]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2006-12-20 2519040]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2007-02-12 109304]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scanner File Utility.lnk - c:\program files\Kyocera Mita\FileUtility\NsCatCom.exe [2010-11-29 315392]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico -user_logon [2012-6-13 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\google\google~2\goec62~1.dll 
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
hpdevmgmt	REG_MULTI_SZ   	hpqddsvc hpqcxs08
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
bthsvcs	REG_MULTI_SZ   	BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\program files\Common Files\WebSpeech20\LgxIEBar.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-11-07 11:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{42DFA04F-0F16-418E-B80C-AB97A5AFAD3A}"=hex:51,66,7a,6c,4c,1d,38,12,21,a3,cc,
   46,24,41,e0,04,c7,1a,e8,d7,a0,f1,e9,2e
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}"=hex:51,66,7a,6c,4c,1d,38,12,d7,cb,80,
   31,2a,c0,25,0e,c8,c5,88,cb,ee,44,e0,38
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{83A30C59-3A50-49E6-9DAF-4923C4EA3C23}"=hex:51,66,7a,6c,4c,1d,38,12,37,0f,b0,
   87,62,74,88,0c,e2,b9,0a,63,c1,b4,78,37
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}"=hex:51,66,7a,6c,4c,1d,38,12,d8,ab,4f,
   ee,ae,d5,fa,0c,d8,b7,d7,3b,69,3d,5f,f3
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{2D9700CB-A777-4DB0-96E1-1EBEBB7D1510}"=hex:51,66,7a,6c,4c,1d,38,12,a5,03,84,
   29,45,e9,de,08,e9,f7,5d,fe,be,23,51,04
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0f,6a,45,1e,79,84,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,87,c4,16,a4,3f,30,49,a1,3e,75,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,87,c4,16,a4,3f,30,49,a1,3e,75,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5620)
c:\program files\Softex\OmniPass\SCUREDLL.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Softex\OmniPass\OmniServ.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\FRITZ!Fernzugang\avmike.exe
c:\program files\FRITZ!Fernzugang\certsrv.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\FRITZ!Fernzugang\nwtsrv.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe
c:\program files\TeamViewer\Version9\TeamViewer_Service.exe
c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Fingerprint Sensor\ATSwpNav.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\StarMoney Business 5.0\offlagent7\offlagent.exe
c:\windows\ehome\ehmsas.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-07  11:15:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-11-07 10:15
.
Vor Suchlauf: 50 Verzeichnis(se), 445.130.989.568 Bytes frei
Nach Suchlauf: 54 Verzeichnis(se), 445.764.489.216 Bytes frei
.
- - End Of File - - B3A3EC3D51AC784ABD9DD8DB19E5BB75
08B26729634452D0C2889C002B1BB97C

Vermutlich brauchen wir jetzt einen neuen Scan mit FRST oder?
Das FF-Problem konnte ich nun weiter eingrenzen und habe das Profil gefixed.
Soweit ist mit FF scheinbar wieder alles i.O.
Trotzdem habe ich noch ein paar unerklärliche Phänomene:
Nach Neustart kommt eine Meldung bezgl. MBR
("Press any Key to load previous MBR") mit Timer
Beim Neustart startet immer wieder mal CHKDSK.
Nach Systemstart habe ich 16 "svchost.exe" Prozesse wobei ich keine mir unbekannten Prozesse in der Liste habe (könnte das normal sein?).
Was mich auch wundert, wo dieser Eintrag noch drin steckt:

Code:

ATTFilter

uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118

Sowohl IE wie auch FF haben keinen Eintrag! (BTW privox ist nicht auf dem System)

Danke schon mal für die bisherige Hilfe, Ihr seid hier ja ganz schön eingespannt.

Gruß

BP

Update:
Oopps!
Jetzt wurden alle Einträge von Starfinanz aus der Registry gelöscht!

Jetzt wird's brenzlig

Blackpit · 07.11.2014, 14:39

Hallo,
habe die Systemwiederherstellung auf den letzten Punkt vor der missglückten Softwaredeinstallation gemacht (und somit auch vor Combofix).
FF zickte und wollte nicht mehr, nach einer Aktualisierung (33.0.3) startete er wieder.
Er ist halbwegs OK, der Proxyeintrag war jetzt auch vorhanden und wurde rausgenommen.

Werde jetzt nochmal explizit Combofix starten und das Log erneut posten.
Die MBR-Geschichte (Grub) bekomme ich selbst gefixt, ich hoffe der CHDSK-Wahn hat damit auch ein Ende

Ich will das System nur in einen Zustand bringen um ein "ordentliches" Backup zu erstellen.
Anschließend werde ich es neu aufsetzen.
Combo-Log folgt!

Gruß

BP

schrauber · 08.11.2014, 07:51

Zitat:

Anschließend werde ich es neu aufsetzen.

Neuaufsetzen? Dann brauchen wir hier auch nit weiter machen und bereinigen wenn Du eh Neuaufsetzen willst

FF Einstellungen werden nicht gespeichert

Plagegeister aller Art und deren Bekämpfung: FF Einstellungen werden nicht gespeichert