Google Chrome, Mozilla, Virus oder Trojaner Fehlermeldung: Java Update erforderlich, Werbung, doppelt unterstrichene Wörter

TanjaMama · 11.11.2014, 10:53

Hallo,

auch ich habe das Problem mit Google Chrome und Firefox, dass immer Ein Pop-Up Fenster mit der Meldung Java-Update erforderlich erscheint. Bei Wegklicken startet automatisch ein Download einer .exe. Ausserdem erscheint massig Werbung und einzelne Wörter sind unterstrichen.

Es wäre super, wenn ihr mir helfen könntet.

Danke schon mal und viele Grüße

Tanja

Warlord711 · 11.11.2014, 11:17

Hallo TanjaMama

Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Hier findest du die Anleitung für Hilfesuchende
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Cursor zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

TanjaMama · 11.11.2014, 11:29

Hallo Timo,

hier sind die Logfiles

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014
Ran by Selma at 2014-11-11 10:33:15
Running from C:\Selma\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sicherheitspaket 9.12 (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Sicherheitspaket 9.12 (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Sicherheitspaket 9.12 (Enabled) {2D7AC0A6-6241-D774-E168-461178D9686C}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be 

uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader 9 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avery Zweckform DesignPro 2000 (HKLM\...\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}) (Version:  - )
Bluesoleil2.6.0.9 Release 070606 (HKLM\...\{846AC73B-9394-48B9-B941-8F7F472F0047}) (Version: 2.6.0.9 Release 070606 - IVT 

Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft 

Corporation)
Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.00.0000 - Corel Corporation)
CorelDRAW Essential Edition 3 (HKLM\...\_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}) (Version:  - Corel Corporation)
CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden
CyberLink PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - PowerDVDCorp.)
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.1013 - CyberLink Corp.)
CyberLink TV Enhance (HKLM\...\{E4C891D6-6844-41B8-86E8-633CACCC644F}) (Version: 2.0.5814 - CyberLink Corp.)
DE (Version: 3.0 - Corel Corporation) Hidden
Embird 2015 (32-bit) (HKLM\...\Embird 2015 (32-bit)) (Version: Embird 2015 Build 10.4 (32-bit) - © 1997-2015 BALARAD, s.r.o.)
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.0.2.0 - )
EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version:  - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
ESCX3600 Referenzhandbuch (HKLM\...\ESCX3600 Referenzhandbuch) (Version:  - )
ESCX3600 Softwarehandbuch (HKLM\...\ESCX3600 Softwarehandbuch) (Version:  - )
Fdrawcmd.sys 1.0.1.11 (HKLM\...\fdrawcmd) (Version: 1.0.1.11 - Simon Owen)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.0906.04286 - Google)
Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}) (Version: 

22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Hilfe (HKLM\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel(R) Network Connections 13.2.8.0 (HKLM\...\PROSetDX) (Version: 13.2.8.0 - Intel)
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes 

Corporation)
Marketsplash Schnellzugriffe (HKLM\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
MC11KTools (HKLM\...\{F66B6971-2699-47B6-AAD3-D1ACA30E36B7}) (Version: 3.1.2 - Janome Sewing Machine Co., Ltd.)
MCE Software Encoder 1.1 (HKLM\...\{7655E113-C306-11D9-A373-0050BAE317E1}) (Version: 1.1.0.1918 - CyberLink Corporation)
MEDION-Navigator (HKLM\...\{6F0327B1-0B79-49BC-A0AE-4B5096E96A4D}) (Version: 4.20.000 - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft 

Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft 

Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft 

Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft 

Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - 

Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 

8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft 

Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 12.0 (x86 de) (HKLM\...\Mozilla Firefox 12.0 (x86 de)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA PhysX v8.09.19 (HKLM\...\{5079F5CA-210A-4C0C-9FBF-02CF77FB0EAC}) (Version: 8.09.19 - NVIDIA Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.6 - Frank Heindörfer, Philip Chinery)
PDFCreator Toolbar (HKLM\...\PDFCreator Toolbar) (Version: 3.3.0.1 - )
PHOTOfunSTUDIO HD Edition (HKLM\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 3.00.126 - Panasonic)
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
PIF DESIGNER2.1 (HKLM\...\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}) (Version:  - )
PixiePack Codec Pack (HKLM\...\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}) (Version: 1.0.100.0 - None)
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.0.4.0 - Ralink)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.0 - Reimage)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14013.45 - Samsung Electronics Co., 

Ltd.)
Samsung Kies3 (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden
ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version:  - )
Search Settings 1.2 (HKLM\...\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}) (Version:  - ) <==== ATTENTION
Sicherheitspaket (HKLM\...\F-Secure Product 444) (Version:  - )
Silhouette Studio (HKLM\...\{FC7EA748-4433-4CC7-9ED3-E130A4768ECF}) (Version: 3.0.531 - Silhouette America)
Software Suite (HKLM\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems 

Incorporated)
Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten (HKLM\...\{45015CD6-4E70-4D1F-811E-2906B23BF27F}) (Version: 

22.50.231.0 - Hewlett-Packard Co.)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Fotogalerie (HKLM\...\{A1D08B90-AE1A-4885-AC29-731496FD397E}) (Version: 12.0.1347.0718 - Microsoft Corporation)
Windows Live installer (HKLM\...\{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Live Mail (HKLM\...\{82F2B38B-1426-443D-874C-AC25675E7BEB}) (Version: 12.0.1606.1023 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{2B091530-69AA-442E-AB09-39ED06B58220}) (Version: 8.5.1302.1018 - Microsoft Corporation)
Windows Live Writer (HKLM\...\{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}) (Version: 12.0.1370.0325 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft 

Corporation)
Windows-Treiberpaket - Janome Sewing Machine Co., Ltd. (Jsmc860) USB  (05/30/2005 1.0.0.0) 

(HKLM\...\EBA32B5010E151D0D22F15A11577A394AED83BBD) (Version: 05/30/2005 1.0.0.0 - Janome Sewing Machine Co., Ltd.)
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version:  - )
Zero Assumption Recovery Version 8.5 (HKLM\...\Zero Assumption Recovery_is1) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\localserver32 

-> C:\Users\Selma\AppData\Local\CatalinaGroup\Update\1.3.25.214\CatalinaUpdateOnDemand.exe (Catalina Group Ltd.)
CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\localserver32 

-> C:\Users\Selma\AppData\Local\CatalinaGroup\Update\1.3.25.214\CatalinaUpdateOnDemand.exe (Catalina Group Ltd.)
CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\localserver32 

-> C:\Users\Selma\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe (Catalina Group Ltd.)
CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 

-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{5E2663C1-51B3-49B7-B081-70181C2AF816}\InprocServer32 

-> C:\Program Files\HomeCinema\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\InprocServer32 

-> C:\Users\Selma\AppData\Local\CatalinaGroup\Update\1.3.25.214\npCatalinaUpdate3.dll (Catalina Group Ltd.)
CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\localserver32 

-> C:\Users\Selma\AppData\Local\CatalinaGroup\Update\1.3.25.214\CatalinaUpdateOnDemand.exe (Catalina Group Ltd.)
CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{84124FF1-5D04-11D1-A575-00A0C96F2B0D}\localserver32 

-> F:\LAPTOP~1\PAINTS~1\Psp.exe No File
CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\InprocServer32 

-> C:\Users\Selma\AppData\Local\CatalinaGroup\Update\1.3.25.214\npCatalinaUpdate3.dll (Catalina Group Ltd.)
CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}\localserver32 

-> C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\Application\38.0.2125.244\delegate_execute.exe (Epom Ltd.)
CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{AFA95F79-06AC-4B9A-B261-D415063DC2B3}\InprocServer32 

-> C:\Program Files\HomeCinema\PowerDVD\AudioFilter\ComTruSurroundXT.dll (SRS Labs, Inc.)
CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\localserver32 

-> C:\Users\Selma\AppData\Local\CatalinaGroup\Update\1.3.25.214\CatalinaUpdateOnDemand.exe (Catalina Group Ltd.)
CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{E18B35E0-DEE8-4774-ABBC-C9B83A70AB17}\InprocServer32 

-> C:\Users\Selma\AppData\Local\CatalinaGroup\Update\1.3.25.214\psuser.dll (Catalina Group Ltd.)
CustomCLSID: HKU\S-1-5-21-1930070949-3091354559-3886180925-1000_Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32 

-> C:\Users\Selma\AppData\Local\CatalinaGroup\Update\1.3.25.214\psuser.dll (Catalina Group Ltd.)

==================== Restore Points  =========================

16-10-2014 20:07:51 Windows Update
17-10-2014 08:36:19 Windows Update
17-10-2014 15:49:11 Windows Update
17-10-2014 21:23:39 Windows Update
19-10-2014 01:00:29 Windows Update
19-10-2014 15:31:31 Geplanter Prüfpunkt
19-10-2014 21:41:51 Windows Update
20-10-2014 12:05:42 Geplanter Prüfpunkt
20-10-2014 14:20:33 Windows Update
20-10-2014 14:43:36 Windows Update
20-10-2014 18:10:40 Windows Update
21-10-2014 06:20:10 Windows Update
22-10-2014 06:08:14 Windows Update
22-10-2014 11:21:00 Windows Update
23-10-2014 08:29:15 Windows Update
23-10-2014 11:21:30 Windows Update
24-10-2014 06:32:00 Windows Update
24-10-2014 10:12:57 Windows Update
24-10-2014 10:43:31 Windows Update
24-10-2014 22:07:12 Windows Update
25-10-2014 14:27:50 Windows Update
26-10-2014 18:07:22 Windows Update
27-10-2014 08:56:23 Geplanter Prüfpunkt
27-10-2014 21:07:46 Windows Update
28-10-2014 10:31:23 Geplanter Prüfpunkt
28-10-2014 19:13:41 Windows Update
28-10-2014 21:55:43 Windows Update
29-10-2014 08:53:40 Geplanter Prüfpunkt
29-10-2014 21:29:58 Windows Update
30-10-2014 10:24:43 Geplanter Prüfpunkt
30-10-2014 11:57:14 Windows Update
31-10-2014 07:30:30 Windows Update
31-10-2014 11:51:35 Windows Update
01-11-2014 16:21:42 Windows Update
03-11-2014 02:00:29 Windows Update
03-11-2014 11:13:57 Windows Update
04-11-2014 06:59:13 Windows Update
04-11-2014 09:11:35 Windows Update
04-11-2014 20:25:59 Windows Update
05-11-2014 09:02:54 Windows Update
06-11-2014 02:00:28 Windows Update
06-11-2014 10:44:17 Installed Sun ODF Plugin for Microsoft Office 3.2
06-11-2014 11:20:27 Windows Update
06-11-2014 13:40:25 Windows Update
06-11-2014 21:30:22 Windows Update
07-11-2014 07:24:03 Removed Bing Bar
07-11-2014 08:13:29 Removed Bonjour
07-11-2014 23:00:06 Geplanter Prüfpunkt
08-11-2014 02:00:11 Windows Update
08-11-2014 14:30:39 Windows Update
09-11-2014 19:29:47 Removed Bonjour
09-11-2014 19:32:13 Removed Bonjour
09-11-2014 19:35:32 Konfiguriert MediaShow
09-11-2014 19:38:54 Konfiguriert PowerDirector
09-11-2014 19:43:03 Removed MSXML 4.0 SP2 (KB936181)
10-11-2014 02:00:13 Windows Update
10-11-2014 14:14:58 Geplanter Prüfpunkt
11-11-2014 02:00:29 Windows Update
11-11-2014 07:19:50 Windows Update
11-11-2014 08:27:13 Removed PixiePack Codec Pack
11-11-2014 08:31:41 Entfernt EPSON PhotoQuicker3.5
11-11-2014 08:34:14 Konfiguriert PhotoNow
11-11-2014 08:35:55 Removed Sun ODF Plugin for Microsoft Office 3.2
11-11-2014 08:37:12 Entfernt EPSON PRINT Image Framer Tool

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be 

moved.)

Task: {023473B2-6CE3-4079-B8B8-6C656B23EC42} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage 

Protector\ReiGuard.exe [2014-10-30] (Reimage®)
Task: {09174C2C-B476-4E94-8100-3430F53F1BF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32

\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-09] (Adobe Systems Incorporated)
Task: {214A4D33-B504-4758-8CC3-2E502843080F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software 

Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2BFA7934-829A-4526-8E2B-E1AB77465DA6} - \5aae7526-32db-4e20-98eb-c2e4e5bac0cc-4 No Task File <==== ATTENTION
Task: {57688C23-267E-4590-B41E-313C66572EAD} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage 

Repair\ReimageReminder.exe [2014-10-23] ()
Task: {703333C3-6BAF-4160-9DCB-2CECC7DAB99B} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {79E18D3F-AE77-43AE-8CF7-287DEF79F620} - System32\Tasks\IAELWAL => C:\Users\Selma\AppData\Roaming\IAELWAL.exe <==== ATTENTION
Task: {8918FC12-E760-409C-B87C-165577B5C09F} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1930070949-3091354559-3886180925

-1000Core => C:\Users\Selma\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2014-11-11] (Catalina Group Ltd.)
Task: {A8040717-5DE6-42CB-9D29-A8D5BE244D60} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d 

sdengin2.dll,ExecuteScheduledBackup
Task: {BA6FDADD-E009-4BF6-9C13-F25005F1BA05} - \5aae7526-32db-4e20-98eb-c2e4e5bac0cc-2 No Task File <==== ATTENTION
Task: {BFF718B2-315F-47FA-B8C0-D7BE934B3E8D} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {C40850AF-AD13-437F-9CB5-A9204B4C2A1C} - \5aae7526-32db-4e20-98eb-c2e4e5bac0cc-6 No Task File <==== ATTENTION
Task: {F13BE34A-64CB-4595-A8C5-ECEE983FD16E} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program 

Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {F897CD80-06C6-455E-A3A5-213CCB21A7BB} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1930070949-3091354559-3886180925

-1000UA => C:\Users\Selma\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2014-11-11] (Catalina Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be 

moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1930070949-3091354559-3886180925-1000Core.job => 

C:\Users\Selma\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1930070949-3091354559-3886180925-1000UA.job => 

C:\Users\Selma\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
Task: C:\Windows\Tasks\IAELWAL.job => C:\Users\Selma\AppData\Roaming\IAELWAL.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-12-08 22:36 - 2001-10-28 17:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2003-07-11 02:09 - 2003-07-11 02:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031

\nsextint.dll
2008-10-17 16:15 - 2008-10-14 01:52 - 00127080 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
2008-10-17 16:15 - 2008-10-14 01:52 - 00032768 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
2008-10-17 16:15 - 2008-10-14 01:52 - 00299118 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
2008-10-17 16:15 - 2008-10-14 01:52 - 00339968 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
2010-01-17 10:30 - 2009-11-18 17:06 - 00442792 _____ () C:\Program Files\Sicherheitspaket\FSGUI\about.dll
2010-01-17 10:30 - 2009-11-18 17:06 - 00090536 _____ () C:\Program Files\Sicherheitspaket\FSGUI\aboutres.dll
2010-01-17 10:30 - 2009-11-18 17:07 - 00086016 _____ () C:\Program Files\Sicherheitspaket\FSGUI\strres.eng
2010-01-17 10:30 - 2009-11-18 17:07 - 00553384 _____ () C:\Program Files\Sicherheitspaket\FSGUI\gres.dll
2010-01-17 10:30 - 2009-11-18 17:06 - 00045056 _____ () C:\Program Files\Sicherheitspaket\FSGUI\fsavures.eng
2010-01-17 10:30 - 2009-11-18 17:06 - 00143360 _____ () C:\Program Files\Sicherheitspaket\FSGUI\flyerres.eng
2010-01-17 10:30 - 2009-11-18 17:08 - 00001536 _____ () C:\Program Files\Sicherheitspaket\FSPC\fspcfsm.eng
2007-06-05 12:20 - 2007-06-05 12:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2008-10-17 16:14 - 2008-10-14 01:53 - 00241734 _____ () C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2008-10-17 16:15 - 2008-10-14 01:52 - 00376937 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
2008-10-17 16:15 - 2008-10-14 01:52 - 00094208 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchRecordMonitor.dll
2014-03-17 11:07 - 2014-03-17 11:07 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2008-10-17 16:15 - 2008-10-14 01:52 - 00184423 _____ () C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
2011-06-10 08:23 - 2011-06-10 08:23 - 00030888 _____ () C:\Program Files\Sicherheitspaket\Anti-Virus\minifilter\hashlib_x86.dll
2010-01-17 10:31 - 2010-11-25 13:31 - 00211264 _____ () c:\program files\sicherheitspaket\daas2\daas2.dll
2010-01-17 10:30 - 2014-01-15 17:14 - 00213048 _____ () C:\Program Files\Sicherheitspaket\Spam Control\fsas.dll
2010-01-17 10:30 - 2009-11-18 17:06 - 00036864 _____ () C:\Program Files\Sicherheitspaket\Anti-Virus\FSAVHRES.eng
2014-10-30 18:33 - 2014-10-30 18:33 - 05559648 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2014-11-11 10:16 - 2014-09-29 20:51 - 09148728 _____ () 

C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\Application\37.0.2062.242\pdf.dll
2014-11-11 10:16 - 2014-09-29 20:51 - 00369464 _____ () 

C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\Application\37.0.2062.242\ppGoogleNaClPluginChrome.dll
2014-11-11 10:16 - 2014-09-29 20:51 - 01995064 _____ () 

C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\Application\37.0.2062.242\ffmpegsumo.dll
2014-11-11 10:18 - 2014-05-21 11:29 - 08068096 _____ () C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\User 

Data\Default\Extensions\dcagnhpbnggmbihndfkkhfjojgbaaedo\1.2.6_0\binaries\win\QtGui4.dll
2014-11-11 10:18 - 2014-09-17 12:25 - 02248704 _____ () C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\User 

Data\Default\Extensions\dcagnhpbnggmbihndfkkhfjojgbaaedo\1.2.6_0\binaries\win\QtCore4.dll
2014-11-11 10:18 - 2014-06-11 14:33 - 00973312 _____ () C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\User 

Data\Default\Extensions\dcagnhpbnggmbihndfkkhfjojgbaaedo\1.2.6_0\binaries\win\QtNetwork4.dll
2014-11-11 10:18 - 2014-07-28 17:37 - 00028672 _____ () C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\User 

Data\Default\Extensions\dcagnhpbnggmbihndfkkhfjojgbaaedo\1.2.6_0\binaries\win\imageformats\qico4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:C895616B

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1930070949-3091354559-3886180925-500 - Administrator - Disabled)
Gast (S-1-5-21-1930070949-3091354559-3886180925-501 - Limited - Enabled)
Notebook Ayhan (S-1-5-21-1930070949-3091354559-3886180925-1006 - Limited - Enabled)
Selma (S-1-5-21-1930070949-3091354559-3886180925-1000 - Administrator - Enabled) => C:\Users\Selma

==================== Faulty Device Manager Devices =============

Name: 802.11b/g/n USB Wireless Network Adapter
Description: 802.11b/g/n USB Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer:  
Service: netr28u
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2014 10:30:47 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2014-11-11  10:30:46+02:00  SELMA-PC  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\selma\downloads\frst.exe
 File hash: f023183324410feb6a809e239078c6a5df283c52

Error: (11/11/2014 09:43:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches 

Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten 

Datei.

Error: (11/11/2014 09:43:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 

TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 09:42:26 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (45:248:1) passed to log scan in database 'model' is not valid. This error may indicate data 

corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create 

the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (11/11/2014 09:37:12 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter 

Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: 

System Writer
   Generatorinstanz-ID: {f0e5182d-fed8-42b3-bfed-4554028bb3ff}

Error: (11/11/2014 09:34:14 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter 

Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: 

System Writer
   Generatorinstanz-ID: {f0e5182d-fed8-42b3-bfed-4554028bb3ff}

Error: (11/11/2014 09:31:41 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter 

Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: 

System Writer
   Generatorinstanz-ID: {f0e5182d-fed8-42b3-bfed-4554028bb3ff}

Error: (11/11/2014 08:39:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches 

Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten 

Datei.

Error: (11/11/2014 08:38:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 

TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 08:37:34 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: The log scan number (45:248:1) passed to log scan in database 'model' is not valid. This error may indicate data 

corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create 

the publication. Otherwise, restore from backup if the problem results in a failure during startup.


System errors:
=============
Error: (07/30/2014 11:48:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.07.2014 um 12:44:25 unerwartet heruntergefahren.

Error: (07/30/2014 07:12:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070490Sicherheitsupdate für .NET Framework 3.5 SP1 unter Windows Vista SP1 und Windows Server 2008 x86 

(KB2478659){E0C82A76-18DA-4F24-B17C-DFBC62FCF343}101

Error: (07/30/2014 07:12:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070490Sicherheitsupdate für .NET Framework 3.5 SP1 unter Windows Vista SP1 und Windows Server 2008 x86 

(KB2518865){2F740764-DF8D-46E5-AB19-8E36710FE538}101

Error: (07/30/2014 07:11:07 AM) (Source: RemoteAccess) (EventID: 20013) (User: )
Description: Das an Anschluss "VPN10-0" angeschlossene Kommunikationsgerät funktioniert nicht.

Error: (07/30/2014 07:11:07 AM) (Source: RemoteAccess) (EventID: 20013) (User: )
Description: Das an Anschluss "VPN10-1" angeschlossene Kommunikationsgerät funktioniert nicht.

Error: (07/29/2014 02:04:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070490Sicherheitsupdate für .NET Framework 3.5 SP1 unter Windows Vista SP1 und Windows Server 2008 x86 

(KB2478659){E0C82A76-18DA-4F24-B17C-DFBC62FCF343}101

Error: (07/29/2014 02:04:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070490Sicherheitsupdate für .NET Framework 3.5 SP1 unter Windows Vista SP1 und Windows Server 2008 x86 

(KB2518865){2F740764-DF8D-46E5-AB19-8E36710FE538}101

Error: (07/28/2014 07:52:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (07/28/2014 07:52:07 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: SQL Server (SQLEXPRESS)3414 (0xD56)

Error: (07/28/2014 07:52:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee SiteAdvisor Service%%3


Microsoft Office Sessions:
=========================
Error: (11/11/2014 10:30:47 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2014-11-11  10:30:46+02:00  SELMA-PC  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\selma\downloads\frst.exe
 File hash: f023183324410feb6a809e239078c6a5df283c52

Error: (11/11/2014 09:43:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches 

Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten 

Datei.

Error: (11/11/2014 09:43:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 

TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 09:42:26 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: (45:248:1)model

Error: (11/11/2014 09:37:12 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-

1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {f0e5182d-fed8-42b3-bfed-4554028bb3ff}

Error: (11/11/2014 09:34:14 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-

1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {f0e5182d-fed8-42b3-bfed-4554028bb3ff}

Error: (11/11/2014 09:31:41 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-

1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {f0e5182d-fed8-42b3-bfed-4554028bb3ff}

Error: (11/11/2014 08:39:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches 

Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten 

Datei.

Error: (11/11/2014 08:38:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 

TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 08:37:34 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
Description: (45:248:1)model


CodeIntegrity Errors:
===================================
  Date: 2014-11-11 10:33:11.302
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft 

werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-11 10:33:11.199
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft 

werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-11 10:33:11.099
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft 

werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-11 10:33:10.999
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft 

werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-11 10:33:10.783
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht 

überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-11 10:33:10.684
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht 

überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-11 10:33:10.584
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht 

überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-11 10:33:10.473
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht 

überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-11 10:32:57.545
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft 

werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-11 10:32:57.446
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft 

werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 61%
Total physical RAM: 3325.27 MB
Available physical RAM: 1290.08 MB
Total Pagefile: 6854.55 MB
Available Pagefile: 4577.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1872.94 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:911.5 GB) (Free:730.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:20 GB) (Free:8.33 GB) FAT32
Drive f: (HDDRIVE2GO) (Fixed) (Total:596.02 GB) (Free:146.75 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 025BE2ED)
Partition 1: (Active) - (Size=911.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: DD05CBBF)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=0C)

==================== End Of Log ============================

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014
Ran by Selma (administrator) on SELMA-PC on 11-11-2014 10:32:37
Running from C:\Selma\Desktop
Loaded Profile: Selma (Available profiles: Selma)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(F-Secure Corporation) C:\Program Files\Sicherheitspaket\Anti-Virus\fsgk32st.exe
(F-Secure Corporation) C:\Program Files\Sicherheitspaket\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files\Sicherheitspaket\Anti-Virus\fsgk32.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
(Google) C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
(F-Secure Corporation) C:\Program Files\Sicherheitspaket\Common\FSHDLL32.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Vendio Services, Inc.) C:\Program Files\Search Settings\SearchSettings.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(F-Secure Corporation) C:\Program Files\Sicherheitspaket\Common\FSM32.EXE
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Panasonic Corporation) C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
(Microsoft Corporation) C:\Windows\System32\iashost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(F-Secure Corporation) C:\Program Files\Sicherheitspaket\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files\Sicherheitspaket\FWES\program\fsdfwd.exe
(F-Secure Corporation) C:\Program Files\Sicherheitspaket\ORSP Client\fsorsp.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(F-Secure Corporation) C:\Program Files\Sicherheitspaket\Anti-Virus\fsav32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Epom Ltd.) C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Epom Ltd.) C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(Epom Ltd.) C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(Epom Ltd.) C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(Epom Ltd.) C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(Epom Ltd.) C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(Epom Ltd.) C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(Epom Ltd.) C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Epom Ltd.) C:\Users\Selma\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-09] (Intel Corporation)
HKLM\...\Run: [TVEService] => C:\Program Files\HomeCinema\TV Enhance\TVEService.exe [180224 2008-10-14] (CyberLink Corp.)
HKLM\...\Run: [Google EULA Launcher] => C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-10-14] (Google)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SearchSettings] => C:\Program Files\Search Settings\SearchSettings.exe [991584 2008-06-12] (Vendio Services, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [98616 2008-04-17] (ArcSoft Inc.)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\Sicherheitspaket\Common\FSM32.EXE [201128 2009-11-18] (F-Secure Corporation)
HKLM\...\Run: [F-Secure TNB] => C:\Program Files\Sicherheitspaket\FSGUI\TNBUtil.exe [1655464 2011-08-27] (F-Secure Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2014-03-17] (Google)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1930070949-3091354559-3886180925-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1930070949-3091354559-3886180925-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1930070949-3091354559-3886180925-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKU\S-1-5-21-1930070949-3091354559-3886180925-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1930070949-3091354559-3886180925-1000\...\Run: [CatalinaGroup Update] => C:\Users\Selma\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [133104 2014-11-11] (Catalina Group Ltd.)
HKU\S-1-5-21-1930070949-3091354559-3886180925-1000\...\MountPoints2: {7db94bde-57eb-11de-9dbc-0021857560e8} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1930070949-3091354559-3886180925-1000\...\MountPoints2: {acfd7c6a-08d4-11de-9257-0021857560e8} - K:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [125952 2014-03-17] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
URLSearchHook: HKCU - SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
SearchScopes: HKLM - {2896495D-3682-48B2-9738-9B3F41F1E321} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {51B89DED-EC67-4BE9-9725-1F0A9F4825C2} URL = hxxp://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vdio2&p={searchTerms}
SearchScopes: HKCU - {2896495D-3682-48B2-9738-9B3F41F1E321} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {31CF9EBE-5755-4a1d-AC25-2834D952D9B4} URL = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
SearchScopes: HKCU - {51B89DED-EC67-4BE9-9725-1F0A9F4825C2} URL = hxxp://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vdio2&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: No Name -> {7E853D72-626A-48EC-A868-BA8D5E23E045} ->  No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: PDFCreator Toolbar Helper -> {C451C08A-EC37-45DF-AAAD-18B51AB5E837} -> C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
BHO: Browsing Protection Class -> {C6867EB7-8350-4856-877F-93CF8AE3DC9C} -> C:\Program Files\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SearchSettings Class -> {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
BHO: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
Toolbar: HKLM - Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation)
Winsock: Catalog9 02 C:\Program Files\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation)
Winsock: Catalog9 03 C:\Program Files\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation)
Winsock: Catalog9 04 C:\Program Files\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation)
Winsock: Catalog9 05 C:\Program Files\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation)
Winsock: Catalog9 06 C:\Program Files\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation)
Winsock: Catalog9 07 C:\Program Files\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation)
Winsock: Catalog9 08 C:\Program Files\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation)
Winsock: Catalog9 09 C:\Program Files\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation)
Winsock: Catalog9 10 C:\Program Files\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation)
Winsock: Catalog9 21 C:\Program Files\Sicherheitspaket\FSPS\program\FSLSP.DLL [189352] (F-Secure Corporation)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Selma\AppData\Roaming\Mozilla\Firefox\Profiles\uiasmute.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.3088 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.3146 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\Selma\AppData\Roaming\Mozilla\Firefox\Profiles\uiasmute.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: easytoshop - C:\Users\Selma\AppData\Roaming\Mozilla\Firefox\Profiles\uiasmute.default\Extensions\bv@n9zbP.net [2014-11-09]
FF Extension: jid1OesGFwaQGIBASwjetpack - C:\Users\Selma\AppData\Roaming\Mozilla\Firefox\Profiles\uiasmute.default\Extensions\jid1-OesGFwaQGIBASw@jetpack [2014-11-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Selma\AppData\Roaming\Mozilla\Firefox\Profiles\uiasmute.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-05]
FF Extension: Yahoo! Toolbar - C:\Users\Selma\AppData\Roaming\Mozilla\Firefox\Profiles\uiasmute.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-08-03]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2008-12-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-03]
FF HKLM\...\Firefox\Extensions: [litmus-ff@f-secure.com] - C:\Program Files\Sicherheitspaket\NRS\litmus-ff@f-secure.com
FF Extension: Browsing Protection - C:\Program Files\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2010-01-17]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.) [File not signed]
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 F-Secure Gatekeeper Handler Starter; C:\Program Files\Sicherheitspaket\Anti-Virus\fsgk32st.exe [221608 2009-11-18] (F-Secure Corporation)
R3 FSDFWD; C:\Program Files\Sicherheitspaket\FWES\Program\fsdfwd.exe [524712 2009-11-18] (F-Secure Corporation)
R2 FSMA; C:\Program Files\Sicherheitspaket\Common\FSMA32.EXE [188840 2009-11-18] (F-Secure Corporation)
R3 FSORSPClient; C:\Program Files\Sicherheitspaket\ORSP Client\fsorsp.exe [60352 2014-01-15] (F-Secure Corporation)
S3 GoogleDesktopManager-060409-093314; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2014-03-17] (Google)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [5875048 2014-10-30] (Reimage®)
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [241734 2008-10-14] () [File not signed]
R2 TVECapSvc; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [376937 2008-10-14] () [File not signed]
R2 TVESched; C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [184423 2008-10-14] () [File not signed]
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
S2 McAfee SiteAdvisor Service; "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [16272 2007-05-23] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [36496 2007-05-23] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) [File not signed]
R3 F-Secure Gatekeeper; C:\Program Files\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys [145856 2014-01-15] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\Sicherheitspaket\HIPS\drivers\fshs.sys [69928 2009-11-18] (F-Secure Corporation)
S3 fdrawcmd; C:\Windows\system32\drivers\fdrawcmd.sys [27896 2010-04-24] (simonowen.com)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2012-12-20] ()
R1 FSES; C:\Windows\System32\drivers\fses.sys [36792 2010-11-25] (F-Secure Corporation)
R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [72904 2009-11-18] (F-Secure Corporation)
R1 fsvista; C:\Program Files\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys [14248 2009-11-18] ()
S3 Jsmc860; C:\Windows\System32\Drivers\Jsmc860.sys [77304 2005-05-30] (J.S.M.C.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [645120 2008-08-21] (Ralink Technology Corp.)
R3 NxpCap; C:\Windows\System32\DRIVERS\NxpCap.sys [1332576 2008-09-25] (NXP Semiconductors Germany GmbH)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [44320 2008-11-04] (RapidSolution Software AG)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
R3 cpuz134; \??\C:\Users\Selma\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 10:32 - 2014-11-11 10:32 - 00000000 ____D () C:\FRST
2014-11-11 10:16 - 2014-11-11 10:19 - 00000000 ____D () C:\rei
2014-11-11 10:16 - 2014-11-11 10:18 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-11-11 10:16 - 2014-11-11 10:17 - 00000000 ____D () C:\Program Files\Reimage
2014-11-11 10:16 - 2014-11-11 10:16 - 00001893 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2014-11-11 10:16 - 2014-11-11 10:16 - 00000000 ____D () C:\Users\Selma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrio
2014-11-11 10:16 - 2014-11-11 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-11-11 10:15 - 2014-11-11 10:30 - 00000938 _____ () C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1930070949-3091354559-3886180925-1000UA.job
2014-11-11 10:15 - 2014-11-11 10:20 - 00000886 _____ () C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1930070949-3091354559-3886180925-1000Core.job
2014-11-11 10:15 - 2014-11-11 10:19 - 00000137 _____ () C:\Windows\Reimage.ini
2014-11-11 10:15 - 2014-11-11 10:16 - 00000000 ____D () C:\Users\Selma\AppData\Local\CatalinaGroup
2014-11-11 07:59 - 2014-11-11 09:44 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 07:58 - 2014-11-11 07:58 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-11 07:58 - 2014-11-11 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-11 07:58 - 2014-11-11 07:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-11 07:58 - 2014-11-11 07:58 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-11 07:58 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-11 07:58 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-11 07:58 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-09 22:14 - 2014-11-11 09:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-09 22:14 - 2014-11-09 22:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-09 22:14 - 2014-11-09 22:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-09 20:44 - 2014-11-09 20:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-09 14:54 - 2014-11-09 14:55 - 00000000 ____D () C:\ProgramData\f2d0add9db5446bd
2014-11-07 11:58 - 2014-11-07 11:58 - 00017452 _____ () C:\Users\Selma\AppData\Local\recently-used.xbel
2014-11-06 11:45 - 2014-11-06 11:45 - 00000000 ____D () C:\Program Files\Sun
2014-11-06 08:25 - 2014-11-06 08:25 - 00138440 _____ () C:\Windows\Minidump\Mini110614-01.dmp
2014-11-05 08:29 - 2014-11-05 08:29 - 00000872 _____ () C:\Users\Public\Desktop\Embird Quick Searcher (32-bit).lnk
2014-11-05 08:29 - 2014-11-05 08:29 - 00000869 _____ () C:\Users\Public\Desktop\Embird Clip Image (32-bit).lnk
2014-11-05 08:29 - 2014-11-05 08:29 - 00000862 _____ () C:\Users\Public\Desktop\Embird 2015 (32-bit).lnk
2014-11-05 08:29 - 2014-11-05 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embird 2015 (32-bit)
2014-11-05 08:29 - 2004-06-13 14:00 - 00000165 _____ () C:\Windows\WINRSEAZ.INI
2014-11-05 08:29 - 2004-06-13 14:00 - 00000137 _____ () C:\Windows\WINKLOES.TXT
2014-11-04 20:34 - 2014-11-11 07:38 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-11-04 20:32 - 2014-11-11 09:42 - 00001684 _____ () C:\Windows\Tasks\IAELWAL.job
2014-11-04 20:31 - 2014-11-11 08:28 - 00000000 ____D () C:\Program Files\globalUpdate
2014-11-04 20:31 - 2014-11-04 20:31 - 00000000 ____D () C:\Users\Selma\AppData\Local\globalUpdate

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 10:30 - 2008-10-15 11:50 - 00000438 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
2014-11-11 09:59 - 2008-12-01 20:57 - 00000000 ____D () C:\Users\Selma\AppData\Local\Google
2014-11-11 09:59 - 2008-10-20 10:27 - 00000000 ____D () C:\Program Files\Google
2014-11-11 09:48 - 2008-01-21 08:16 - 01580570 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 09:46 - 2008-12-01 20:48 - 01811573 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 09:43 - 2009-10-11 14:49 - 00000000 ____D () C:\Users\Selma\AppData\Temp
2014-11-11 09:42 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 09:42 - 2006-11-02 13:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 09:42 - 2006-11-02 13:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 09:41 - 2008-12-01 22:51 - 00000000 ____D () C:\Program Files\epson
2014-11-11 09:41 - 2008-01-21 03:47 - 00316230 _____ () C:\Windows\PFRO.log
2014-11-11 09:40 - 2006-11-02 14:01 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-11 09:39 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32
2014-11-11 09:37 - 2008-12-01 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON PhotoQuicker
2014-11-11 09:37 - 2008-10-08 11:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-11 09:34 - 2008-10-17 16:10 - 00000000 ____D () C:\Program Files\HomeCinema
2014-11-11 09:30 - 2009-03-03 13:51 - 00000000 ____D () C:\Program Files\VOX3DPlaner
2014-11-11 09:29 - 2008-10-08 12:01 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-11-11 09:29 - 2008-10-08 12:01 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-11-11 08:36 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-11-09 22:17 - 2008-12-01 21:34 - 00000000 ____D () C:\Users\Selma\AppData\Local\Adobe
2014-11-07 12:08 - 2014-02-13 23:25 - 00000000 ____D () C:\Users\Selma\.gimp-2.8
2014-11-07 11:58 - 2014-02-13 23:28 - 00000000 ____D () C:\Users\Selma\AppData\Local\gtk-2.0
2014-11-06 14:35 - 2008-12-01 23:12 - 00007592 _____ () C:\Users\Selma\AppData\Local\d3d9caps.dat
2014-11-06 09:17 - 2013-03-30 13:00 - 00000000 ____D () C:\Program Files\EMBIRD32
2014-11-06 09:17 - 2006-11-02 11:23 - 00000254 _____ () C:\Windows\win.ini
2014-11-06 08:25 - 2009-02-07 11:56 - 00000000 ____D () C:\Windows\Minidump
2014-11-06 08:24 - 2009-02-07 11:55 - 268639010 _____ () C:\Windows\MEMORY.DMP
2014-11-05 10:02 - 2013-03-30 13:16 - 00000217 _____ () C:\Windows\password.klc
2014-11-05 09:17 - 2013-03-30 13:22 - 00000000 ____D () C:\Users\Selma\AppData\Roaming\EMBIRD_STUDIO_(32-bit)
2014-11-05 08:30 - 2013-03-30 12:55 - 00000000 ____D () C:\Users\Selma\AppData\Roaming\EMBIRD32
2014-11-05 08:28 - 2014-04-02 20:21 - 00000217 _____ () C:\password.klc
2014-11-01 11:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-28 06:35 - 2009-10-05 07:54 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-19 22:41 - 2014-07-06 17:17 - 00000000 ____D () C:\Users\Selma\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
2014-10-19 21:17 - 2014-07-06 17:17 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-10-16 21:14 - 2014-02-03 19:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 21:08 - 2006-11-02 11:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-16 15:15 - 2012-01-07 18:45 - 00000000 ____D () C:\ProgramData\HP
2014-10-12 19:07 - 2008-12-06 01:19 - 00165376 _____ () C:\Users\Selma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Selma\AppData\Local\Temp\bwf8D69.exe
C:\Users\Selma\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Selma\AppData\Local\Temp\fsprod.dll
C:\Users\Selma\AppData\Local\Temp\fssfm.dll
C:\Users\Selma\AppData\Local\Temp\optprosetup.exe
C:\Users\Selma\AppData\Local\Temp\PicasaUpdater_1765.exe
C:\Users\Selma\AppData\Local\Temp\preconfig.exe
C:\Users\Selma\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Selma\AppData\Local\Temp\ytb.exe
C:\Users\Selma\AppData\Local\Temp\_is4C4D.exe
C:\Users\Selma\AppData\Local\Temp\_isB5A9.exe
C:\Users\Selma\AppData\Local\Temp\_isD0C8.exe
C:\Users\Selma\AppData\Local\Temp\_isF1E.exe
C:\Users\Selma\AppData\Local\Temp\_isF825.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-11 09:48

==================== End Of Log ============================

--- --- ---

Vielen Dank

Warlord711 · 11.11.2014, 11:45

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Search Settings 1.2
Adobe Reader 9
Java(TM) 6 Update 22
Java(TM) 6 Update 7
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Google Chrome, Mozilla, Virus oder Trojaner Fehlermeldung: Java Update erforderlich, Werbung, doppelt unterstrichene Wörter

Plagegeister aller Art und deren Bekämpfung: Google Chrome, Mozilla, Virus oder Trojaner Fehlermeldung: Java Update erforderlich, Werbung, doppelt unterstrichene Wörter