Medion PC mit Windows 7 geht sehr langsam

haiflosse · 09.12.2014, 14:54

Ich habe hier einen Medion PC mit Windows 7 der in letzter Zeit sehr langsam läuft.
Ich habe Avast als Schutz installiert und wollte fragen, ob mir jemand dabei helfen kann den Computer wieder flott zu machen.
Vielen Dank für jede Antwort und Hilfe

cosinus · 09.12.2014, 15:11

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

haiflosse · 09.12.2014, 18:09

Es gibt keine weitere Funde.
Hier die Ergebnisse

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2014
Ran by Gsellmann at 2014-12-09 15:17:54
Running from C:\Users\Gsellmann\Desktop\schutz
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
aonUpdate (HKLM-x32\...\aonUpdate) (Version: 1.4.0.42 - A1 Telekom Austria AG)
aonUpdate (x32 Version: 1.4.0.42 - A1 Telekom Austria AG) Hidden
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 8.1.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 3.12.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 3.4.0 - ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{5479F9EC-5D71-CB4F-7091-3BF696F82035}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borland Delphi 5 (HKLM-x32\...\Delphi5) (Version:  - )
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Shell Extension - 64Bit (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Content (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (x32 Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM-x32\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM-x32\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (x32 Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EXPERTool v8.6 (HKLM-x32\...\{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1) (Version: 8.6.0.0 - Gainward Co. Ltd.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FotoWorks XL 2013 (HKLM-x32\...\FotoWorks XL 2013_is1) (Version: Aktuelle Version - IN MEDIA KG)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GMX Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
GMX MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Highspeed-Internet-Installation (HKLM-x32\...\Highspeed-Internet-Installation) (Version: 7.2.2.8 - A1 Telekom Austria AG)
Highspeed-Internet-Installation (x32 Version: 7.2.2.8 - A1 Telekom Austria AG) Hidden
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
LibreOffice 3.4 (HKLM-x32\...\{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}) (Version: 3.4.203 - LibreOffice)
LibreOffice 3.4 Help Pack (German) (HKLM-x32\...\{2B3D87B9-4671-4EA4-92A4-C615BE64F706}) (Version: 3.4.203 - LibreOffice)
Medion Home Cinema (HKLM-x32\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 6.0.0000 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 6.0 (HKLM-x32\...\{067B277E-F94B-4F04-B380-BA967C00377C}_is1) (Version:  - MiniTool Solution Ltd.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
ParetoLogic PC Health Advisor (HKLM-x32\...\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}) (Version: 3.1.0.0 - ParetoLogic, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
STEIG EIN! 1.2 (HKLM-x32\...\{565975F6-01B9-409E-A5FF-EA656EE0144F}_is1) (Version:  - Hubert Ebner Verlags GmbH)
STF (HKLM\...\{acf497e7-b056-42f2-9ba7-98b319b92b36}.sdb) (Version:  - )
SweetIM for Messenger 3.6 (HKLM-x32\...\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}) (Version: 3.6.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetPacks Toolbar for Internet Explorer 4.6 (HKLM-x32\...\{4183178B-4D4E-48A7-9257-454BA90A760E}) (Version: 4.6.0002 - SweetIM Technologies Ltd.) <==== ATTENTION
Update Manager for SweetPacks 1.0 (HKLM-x32\...\{FB697452-8CA4-46B4-98B1-165C922A2EF3}) (Version: 1.0.0005 - SweetIM Technologies Ltd.) <==== ATTENTION
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Wii Xploder Cheat Saves and Media Manager (HKLM-x32\...\{242B2601-AF61-42B7-B6DB-B1C34FE5830F}) (Version: 1.0.9.3 - Blaze Europe Ltd)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

09-12-2014 12:58:49 Removed LogMeIn
09-12-2014 13:15:30 Removed AVG 2015
09-12-2014 13:21:26 Removed AVG 2015
09-12-2014 13:47:02 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A71C29C-2494-4217-AEE1-CA9E0D93D1B1} - System32\Tasks\PC Health Advisor => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2011-03-30] (ParetoLogic, Inc.)
Task: {1542EFE3-8C04-4DD9-B2C5-1936886EA3C6} - System32\Tasks\{02504AA5-2D59-40D6-926A-85D0401E3808} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?source=lightinstaller&amp;page=tsProgressBar
Task: {1551CB77-678B-4DA7-BA7F-0857A01EC772} - System32\Tasks\{E92A4AA0-ADF9-4E81-94E3-BD7529962BC4} => Firefox.exe hxxp://ui.skype.com/ui/0/6.5.0.158/de/abandoninstall?page=tsProgressBar
Task: {1767544F-47FD-4D57-A1A9-2A306D6A256E} - System32\Tasks\{663B426F-AFC9-42BE-B7FE-37998BF9B896} => C:\Program Files (x86)\STF\Stf.exe
Task: {244F8FFB-601A-4CBC-9F21-916F48FA8865} - System32\Tasks\{CE04AB6B-A219-4D2D-98F2-92ED2E233CB1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsBing
Task: {2EFAF500-FCD3-4B54-A0D2-48F6C02A0533} - System32\Tasks\{6E368D5E-E237-448D-A206-65A06FAAA404} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?source=lightinstaller&amp;page=tsProgressBar
Task: {319F8AB5-6EF5-4B3A-BD99-1F646C285B4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {33498466-65C4-4E92-8395-AFDB16FBF60F} - System32\Tasks\{7EEB01CF-3872-4151-AADD-F0334FC9AEF4} => C:\Program Files\Zune\Zune.exe [2011-08-05] (Microsoft Corporation)
Task: {3B67E7A0-0B91-4327-95F4-D8E1C72EEE67} - System32\Tasks\{FF83D634-2A24-436F-A937-AA8DA5FF286D} => C:\Program Files\Zune\Zune.exe [2011-08-05] (Microsoft Corporation)
Task: {403D1428-E71F-4B63-B003-E678B32F0028} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {40BAFB45-6274-4E82-8CAB-7CED7A247A12} - System32\Tasks\{334688EF-29CD-4842-97A6-26089372B091} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {4FC3094D-53A4-4403-8A2C-6ED1E9BA5B60} - System32\Tasks\{A0488517-0223-4E41-99B3-EBD8B556444D} => C:\Program Files\Zune\Zune.exe [2011-08-05] (Microsoft Corporation)
Task: {53060EE4-93E6-4B79-921F-32D02040E1EB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-09] (AVAST Software)
Task: {681EFABE-E9B6-4B42-BDFE-C18794F64BAE} - System32\Tasks\{C85812EE-B738-403D-9DDF-890D694A0B98} => C:\Program Files\Zune\Zune.exe [2011-08-05] (Microsoft Corporation)
Task: {6A5E2FAA-8257-4D4D-AEB6-C122CAD84F6E} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-30] (ParetoLogic Inc.)
Task: {8737EB82-87E9-4F54-B3A7-A1FFCC38A264} - System32\Tasks\{03FDAF48-EBE2-439C-86B0-9158CBAF525D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.59.158/de/abandoninstall?page=tsMain
Task: {8FF61AE4-A638-4CAC-B78C-43479462F6A9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {91552112-CD4C-4FA7-B628-428E00CC6C4D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-02] (Adobe Systems Incorporated)
Task: {993FB553-DA37-43C1-9F75-1BBB9BCEF15F} - System32\Tasks\{FA1D73DC-1FB4-46A3-BF6D-2CB9B1EA81D0} => C:\Users\Gsellman\Documents\STFgsm2 access\Stf.exe
Task: {B76CFA08-B0AA-4BCD-B9AD-714673D3C7E9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C9C2A1E7-83E5-4134-8B59-6AFB2428F284} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {EA991C65-B993-4325-89E7-615595572F68} - System32\Tasks\STF => C:\Program Files (x86)\STF\Stf.exe
Task: {F00EA4CD-5041-4670-BCA6-AE619137C472} - System32\Tasks\PC Health Advisor Defrag => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2011-03-30] (ParetoLogic, Inc.)
Task: {FA1C6DD9-8AAC-411E-AF40-943AFDD26CFB} - System32\Tasks\{D5B834E2-92A7-4B19-B420-C70E947CE6F3} => C:\Program Files\Zune\Zune.exe [2011-08-05] (Microsoft Corporation)
Task: {FB350375-DDCC-4200-9859-EFC9FAE5CFBE} - System32\Tasks\{C4D16FA0-D560-4520-B37A-98D899F3450B} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.59.158/de/abandoninstall?page=tsMain
Task: {FB757F6D-D98E-46BD-82B2-63569D5C26A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\PC Health Advisor Defrag.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
Task: C:\Windows\Tasks\PC Health Advisor.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe

==================== Loaded Modules (whitelisted) =============

2013-09-07 20:57 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-12-02 11:13 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-12-09 14:48 - 2014-12-09 14:48 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-09 14:48 - 2014-12-09 14:48 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-12-09 14:49 - 2014-12-09 14:49 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14102100\algo.dll
2014-12-09 14:52 - 2014-12-09 14:52 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120900\algo.dll
2014-12-09 14:48 - 2014-12-09 14:48 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-09 14:48 - 2014-12-09 14:48 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3059467662-2371257444-3053940650-500 - Administrator - Disabled)
Gast (S-1-5-21-3059467662-2371257444-3053940650-501 - Limited - Disabled)
Gsellmann (S-1-5-21-3059467662-2371257444-3053940650-1003 - Administrator - Enabled) => C:\Users\Gsellmann
HomeGroupUser$ (S-1-5-21-3059467662-2371257444-3053940650-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-3059467662-2371257444-3053940650-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2014 03:14:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.

Error: (12/09/2014 03:14:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.

Error: (12/09/2014 03:12:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/09/2014 03:12:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/09/2014 03:06:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/09/2014 03:06:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/09/2014 02:52:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/09/2014 02:52:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/09/2014 02:47:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (12/09/2014 02:21:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (12/09/2014 02:54:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.189.1570.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (12/09/2014 02:44:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/09/2014 02:44:21 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/09/2014 02:35:27 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.189.1570.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (12/09/2014 02:27:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/09/2014 02:27:58 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/09/2014 02:13:58 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.189.1570.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (12/09/2014 02:06:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/09/2014 02:06:22 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/09/2014 02:03:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536753636.


Microsoft Office Sessions:
=========================
Error: (12/09/2014 03:14:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.

Error: (12/09/2014 03:14:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.

Error: (12/09/2014 03:12:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/09/2014 03:12:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/09/2014 03:06:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/09/2014 03:06:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/09/2014 02:52:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/09/2014 02:52:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/09/2014 02:47:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary copzfyyf.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (12/09/2014 02:21:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
Das System kann die angegebene Datei nicht finden.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 56%
Total physical RAM: 4095.29 MB
Available physical RAM: 1790.15 MB
Total Pagefile: 8188.71 MB
Available Pagefile: 5679.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:697.71 GB) (Free:615.55 GB) NTFS
Drive d: (Recover) (Fixed) (Total:698.45 GB) (Free:2.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 2BD2C32A)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=697.7 GB) - (Type=42)
Partition 4: (Not Active) - (Size=699.5 GB) - (Type=42)

==================== End Of Log ============================

sowie

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by Gsellmann (administrator) on GSELLMANN-PC on 09-12-2014 15:16:43
Running from C:\Users\Gsellmann\Desktop\schutz
Loaded Profiles: Gsellmann & UpdatusUser (Available profiles: Gsellmann & UpdatusUser)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Gainward Co. Ltd.) C:\Program Files (x86)\EXPERTool\TBPanel.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_239_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [JAVA] => C:\Windows\java.vbs [83 2010-11-17] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2010-10-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-02-16] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728 2012-02-26] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2096192 2014-11-17] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-09] (AVAST Software)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Run: [Mobile Partner] => "C:\Program Files (x86)\tele.ring\tele.ring Mobile Internet.exe"
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Run: [TBPanel] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2048368 2012-10-11] (Gainward Co. Ltd.)
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\MountPoints2: {61a13c21-3adf-11e1-bd83-6c626dc176b7} - F:\AutoRun.exe
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\MountPoints2: {c31bfda3-18dd-11e1-9c39-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\MountPoints2: {daeb98bc-18e5-11e1-8bf3-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\MountPoints2: {dcbef03c-197e-11e1-8e69-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-3059467662-2371257444-3053940650-1004\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\S-1-5-21-3059467662-2371257444-3053940650-1004\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3059467662-2371257444-3053940650-1004\Software\Microsoft\Internet Explorer\Main,Local Page = 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={EBE0EF3E-B56E-11E1-92C9-6C626DC176B7}
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=66756&babsrc=SP_def&mntrId=ca8fa289000000000000485d608b036c
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {423139CA-4758-431D-92E7-D61FFE79B306} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {66E1A955-92D1-4B01-B54C-DD4227B8B5B5} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {79D75B48-8A5C-4783-B545-36E5A540D8A7} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {DB8CFF5A-8A8F-4A36-B45E-516EFD3ACAB4} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={EBE0EF3E-B56E-11E1-92C9-6C626DC176B7}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name -> {EEE6C35C-6118-11DC-9C72-001320C79847} ->  No File
Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKLM-x32 - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.138

FireFox:
========
FF ProfilePath: C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default
FF NewTab: about:newtab
FF DefaultSearchEngine,S: Search the web (Babylon)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SearchEngineOrder.1,S: Search the web (Babylon)
FF SelectedSearchEngine: Google (avast)
FF SelectedSearchEngine,S: Search the web (Babylon)
FF Homepage: https://www.google.com/?trackid=sp-006
FF DefaultSearchEngine: Google (avast)
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\searchplugins\google-avast.xml
FF SearchPlugin: C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: Avira Browser Safety - C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\Extensions\abs@avira.com [2014-12-09]
FF Extension: GMX MailCheck - C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\Extensions\toolbar@gmx.net [2014-12-02]
FF Extension: TRUSTe Tracker Protection - C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\Extensions\trusttheweb@truste.com.xpi [2013-05-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-09]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Gsellmann\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-09] (Avast Software)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-09] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-09] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2011-05-06] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2011-05-06] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-12-09] (Avast Software)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 iaStor; \SystemRoot\system32\DRIVERS\iaStor.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 15:16 - 2014-12-09 15:16 - 00000000 ____D () C:\FRST
2014-12-09 15:15 - 2014-12-09 15:16 - 00000000 ____D () C:\Users\Gsellmann\Desktop\schutz
2014-12-09 15:12 - 2014-12-09 15:12 - 00000247 _____ () C:\Windows\system32\2014-12-09-14-12-13.031-aswFe.exe-388.log
2014-12-09 15:12 - 2014-12-09 15:12 - 00000197 _____ () C:\Windows\system32\2014-12-09-14-12-29.012-AvastVBoxSVC.exe-5208.log
2014-12-09 15:06 - 2014-12-09 15:06 - 00000197 _____ () C:\Windows\system32\2014-12-09-14-06-26.017-AvastVBoxSVC.exe-4128.log
2014-12-09 15:04 - 2014-12-09 15:04 - 00000247 _____ () C:\Windows\system32\2014-12-09-14-04-25.040-aswFe.exe-4712.log
2014-12-09 15:01 - 2014-12-09 15:02 - 00000247 _____ () C:\Windows\system32\2014-12-09-14-01-33.028-aswFe.exe-4812.log
2014-12-09 15:01 - 2014-12-09 15:01 - 00000197 _____ () C:\Windows\system32\2014-12-09-14-01-25.059-AvastVBoxSVC.exe-2240.log
2014-12-09 14:51 - 2014-12-09 14:52 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-09 14:51 - 2014-12-09 14:52 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-09 14:49 - 2014-12-09 14:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-09 14:49 - 2014-12-09 14:49 - 00001968 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-09 14:49 - 2014-12-09 14:49 - 00000000 ____D () C:\Users\Gsellmann\AppData\Roaming\AVAST Software
2014-12-09 14:49 - 2014-12-09 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-09 14:49 - 2014-12-09 14:48 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-09 14:49 - 2014-12-09 14:48 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-09 14:48 - 2014-12-09 14:49 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1418132960032
2014-12-09 14:48 - 2014-12-09 14:49 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-09 14:48 - 2014-12-09 14:49 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-09 14:48 - 2014-12-09 14:48 - 01049920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1418132953746
2014-12-09 14:48 - 2014-12-09 14:48 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-09 14:48 - 2014-12-09 14:48 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-09 14:48 - 2014-12-09 14:48 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-09 14:48 - 2014-12-09 14:48 - 00082768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.1418132953746
2014-12-09 14:48 - 2014-12-09 14:48 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-09 14:48 - 2014-12-09 14:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-09 14:48 - 2014-12-09 14:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-09 14:47 - 2014-12-09 14:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-09 14:38 - 2014-12-09 14:47 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-09 14:05 - 2014-12-09 14:49 - 00000000 ____D () C:\software
2014-12-09 10:21 - 2014-12-09 10:21 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT
2014-12-09 10:15 - 2014-12-09 10:15 - 00000000 ___RD () C:\Users\Gsellmann\AppData\Roaming\Brother
2014-12-09 10:14 - 2014-12-09 13:07 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-12-09 10:14 - 2014-12-09 13:07 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-12-09 10:09 - 2014-12-09 10:12 - 00058760 _____ () C:\Windows\DPINST.LOG
2014-12-09 10:08 - 2009-07-21 07:32 - 01560064 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWia09b.dll
2014-12-09 10:08 - 2009-02-24 02:37 - 00050176 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrUsi09a.dll
2014-12-09 05:33 - 2014-12-09 05:34 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Gsellmann\Downloads\avira_de_av___ws(1).exe
2014-12-09 05:28 - 2014-12-09 05:28 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Gsellmann\Downloads\avira_de_av___ws.exe
2014-12-04 12:54 - 2014-12-04 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-02 11:35 - 2014-12-02 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX MailCheck
2014-12-02 11:35 - 2014-12-02 11:35 - 00000000 ____D () C:\Program Files\GMX MailCheck
2014-12-02 11:35 - 2014-12-02 11:35 - 00000000 ____D () C:\Program Files (x86)\GMX MailCheck
2014-12-01 07:53 - 2014-12-01 07:53 - 00000000 ____D () C:\ProgramData\UUdb
2014-11-19 19:06 - 2014-11-19 19:12 - 00000426 _____ () C:\Users\Gsellmann\Desktop\url.htm
2014-11-19 19:01 - 2014-11-19 19:01 - 00000426 _____ () C:\Users\Gsellmann\Desktop\Play on Me.htm
2014-11-13 11:07 - 2014-11-14 15:30 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 15:07 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 15:07 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 14:54 - 2011-04-10 21:36 - 01851763 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 14:51 - 2014-06-03 06:25 - 00001922 _____ () C:\Users\Gsellmann\Desktop\Amazon.lnk
2014-12-09 14:51 - 2014-06-03 06:25 - 00001918 _____ () C:\Users\Gsellmann\Desktop\eBay.lnk
2014-12-09 14:51 - 2011-05-15 10:44 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 14:51 - 2011-05-15 10:44 - 00001143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 14:43 - 2011-12-02 10:45 - 00000000 ____D () C:\Users\Gsellmann\AppData\Roaming\Skype
2014-12-09 14:42 - 2013-09-07 20:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-09 14:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 14:42 - 2009-07-14 05:51 - 00269213 _____ () C:\Windows\setupact.log
2014-12-09 14:41 - 2010-07-07 17:17 - 00250864 _____ () C:\Windows\PFRO.log
2014-12-09 14:24 - 2014-06-10 10:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-09 14:21 - 2012-05-17 20:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 13:59 - 2011-04-10 22:21 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-09 09:47 - 2010-05-12 09:18 - 00654150 _____ () C:\Windows\system32\perfh007.dat
2014-12-09 09:47 - 2010-05-12 09:18 - 00130022 _____ () C:\Windows\system32\perfc007.dat
2014-12-09 09:47 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 05:18 - 2012-06-09 06:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-02 12:21 - 2012-05-17 20:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-02 12:21 - 2012-05-17 20:12 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-02 12:21 - 2011-08-15 19:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-01 07:53 - 2014-06-03 06:24 - 00003888 _____ () C:\Windows\System32\Tasks\Registration 1und1 Task
2014-12-01 07:53 - 2014-06-03 06:24 - 00000000 ____D () C:\Program Files (x86)\1und1Softwareaktualisierung
2014-11-19 18:00 - 2014-08-27 19:39 - 00000476 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-11-18 14:48 - 2011-04-10 21:38 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-18 14:48 - 2011-04-10 21:38 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-18 14:48 - 2011-04-10 21:38 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 14:48 - 2011-04-10 21:38 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

Some content of TEMP:
====================
C:\Users\Gsellmann\AppData\Local\Temp\avgnt.exe
C:\Users\Gsellmann\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Gsellmann\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Gsellmann\AppData\Local\Temp\Fchipsbank.dll
C:\Users\Gsellmann\AppData\Local\Temp\FLoginTool.exe
C:\Users\Gsellmann\AppData\Local\Temp\gmx_mediacenter_setup_a201412.exe
C:\Users\Gsellmann\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe
C:\Users\Gsellmann\AppData\Local\Temp\ose00000.exe
C:\Users\Gsellmann\AppData\Local\Temp\ResetDevice.exe
C:\Users\Gsellmann\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Gsellmann\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Gsellmann\AppData\Local\Temp\vlc-2.0.8-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-09 09:41

==================== End Of Log ============================

--- --- ---

Bitte um weitere Instruktionen
Danke

cosinus · 09.12.2014, 18:18

Zitat:

Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9

Wie lange läuft der Rechner so schon?
Kein SP1 (seit fast vier Jahren verfügbar!) kein IE11

Hat das einen triftigen Grund dass die Updates fehlen?

haiflosse · 09.12.2014, 19:28

Zitat:

Zitat von cosinus

Wie lange läuft der Rechner so schon?
Kein SP1 (seit fast vier Jahren verfügbar!) kein IE11

Hat das einen triftigen Grund dass die Updates fehlen?

Nein es gibt keinen Grund.
Werde somit mal dies updaten - oder!

Danke für den Hinweis.
Gibt es sonst noch etwas zu beachten oder durchecken.
Danke

cosinus · 09.12.2014, 22:41

Ja, aber vorher noch Junkware entfernen:

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

haiflosse · 10.12.2014, 00:43

Vielen Dank für die Antwort.
Hier meine Ergebnisse:

Code:

ATTFilter

# AdwCleaner v4.105 - Bericht erstellt am 10/12/2014 um 00:17:08
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-08.2 [Live]
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Gsellmann - GSELLMANN-PC
# Gestartet von : C:\Users\Gsellmann\Desktop\schutz\AdwCleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[x] Nicht Gelöscht : C:\Software
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\ParetoLogic
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Common Files\ParetoLogic
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Users\Gsellmann\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Gsellmann\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Gsellmann\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Gsellmann\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Gsellmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Datei Gelöscht : C:\Users\GSELLM~1\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Gsellmann\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\invalidprefs.js
Datei Gelöscht : C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ Tasks ] *****

Task Gelöscht : paretologic registration3
Task Gelöscht : paretologic update version3
Task Gelöscht : PC Health Advisor Defrag
Task Gelöscht : PC Health Advisor

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4183178B-4D4E-48A7-9257-454BA90A760E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\758F5690DAAD39F40845E0E23C8C5C0B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\B8713814E4D47A84297554B49AA067E0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\758F5690DAAD39F40845E0E23C8C5C0B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\B8713814E4D47A84297554B49AA067E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\758F5690DAAD39F40845E0E23C8C5C0B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B8713814E4D47A84297554B49AA067E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v34.0 (x86 de)

[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab,s", "search.babylon.com");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "Search the web (Babylon)");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1,S", "Search the web (Babylon)");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "Search the web (Babylon)");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage,h", "h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h[...]
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=66756");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "ca8fa289000000000000485d608b036c");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.id", "ca8fa289000000000000485d608b036c");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15480");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=66756&babsrc=NT_def");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "def");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:11:07");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.babylon.com/home?affID=66756");
[5fnhibiv.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={EBE0EF3E-B56E-11E1-92C9-6C626DC176B7}");

*************************

AdwCleaner[R0].txt - [24903 octets] - [10/12/2014 00:10:19]
AdwCleaner[S0].txt - [24094 octets] - [10/12/2014 00:17:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24155 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gsellmann on 10.12.2014 at  0:26:39,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Gsellmann\appdata\local\{425547FB-766D-4857-995C-DCAD0AB35B54}
Successfully deleted: [Empty Folder] C:\Users\Gsellmann\appdata\local\{54C9D60A-7CF3-453B-BB94-4AA50CBD99B8}
Successfully deleted: [Empty Folder] C:\Users\Gsellmann\appdata\local\{5B833403-1937-4EE0-97BA-F4DAF8DD9EF6}
Successfully deleted: [Empty Folder] C:\Users\Gsellmann\appdata\local\{6BC29115-7C3B-4797-ADE2-6FB4FB2E93AF}
Successfully deleted: [Empty Folder] C:\Users\Gsellmann\appdata\local\{A12743EF-0BE7-4BFD-BCF2-212E1ACAB645}
Successfully deleted: [Empty Folder] C:\Users\Gsellmann\appdata\local\{B6753149-525A-467E-984C-1C00FF7F2151}
Successfully deleted: [Empty Folder] C:\Users\Gsellmann\appdata\local\{B9AC0ADC-8B90-40E7-9A7B-AF22C1C32CF6}
Successfully deleted: [Empty Folder] C:\Users\Gsellmann\appdata\local\{D14E8F3D-99E1-4945-8C97-B4FC68D387E3}
Successfully deleted: [Empty Folder] C:\Users\Gsellmann\appdata\local\{D25438A9-A708-41D0-9633-6C8189023E65}
Successfully deleted: [Empty Folder] C:\Users\Gsellmann\appdata\local\{E12FD78F-7937-40DB-840A-DE00EAFABFCE}
Successfully deleted: [Empty Folder] C:\Users\Gsellmann\appdata\local\{E42D844E-4F6F-4941-897C-8E3D11598EC1}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Gsellmann\AppData\Roaming\mozilla\firefox\profiles\5fnhibiv.default\extensions\toolbar@gmx.net
Emptied folder: C:\Users\Gsellmann\AppData\Roaming\mozilla\firefox\profiles\5fnhibiv.default\minidumps [102 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.12.2014 at  0:32:17,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by Gsellmann (administrator) on GSELLMANN-PC on 10-12-2014 00:41:42
Running from C:\Users\Gsellmann\Desktop\schutz
Loaded Profile: Gsellmann (Available profiles: Gsellmann & UpdatusUser)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Gainward Co. Ltd.) C:\Program Files (x86)\EXPERTool\TBPanel.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [JAVA] => C:\Windows\java.vbs [83 2010-11-17] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2010-10-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2096192 2014-11-17] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-09] (AVAST Software)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Run: [Mobile Partner] => "C:\Program Files (x86)\tele.ring\tele.ring Mobile Internet.exe"
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Run: [TBPanel] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2048368 2012-10-11] (Gainward Co. Ltd.)
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\MountPoints2: {61a13c21-3adf-11e1-bd83-6c626dc176b7} - F:\AutoRun.exe
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\MountPoints2: {c31bfda3-18dd-11e1-9c39-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\MountPoints2: {daeb98bc-18e5-11e1-8bf3-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\MountPoints2: {dcbef03c-197e-11e1-8e69-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {423139CA-4758-431D-92E7-D61FFE79B306} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {66E1A955-92D1-4B01-B54C-DD4227B8B5B5} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {79D75B48-8A5C-4783-B545-36E5A540D8A7} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {DB8CFF5A-8A8F-4A36-B45E-516EFD3ACAB4} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.138

FireFox:
========
FF ProfilePath: C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default
FF NewTab: about:newtab
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF DefaultSearchEngine: Google (avast)
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\searchplugins\google-avast.xml
FF Extension: Avira Browser Safety - C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\Extensions\abs@avira.com [2014-12-09]
FF Extension: TRUSTe Tracker Protection - C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\Extensions\trusttheweb@truste.com.xpi [2013-05-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-09]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Gsellmann\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-09] (Avast Software)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-09] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2011-05-06] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2011-05-06] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-12-09] (Avast Software)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 iaStor; \SystemRoot\system32\DRIVERS\iaStor.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 00:32 - 2014-12-10 00:32 - 00002403 _____ () C:\Users\Gsellmann\Desktop\JRT.txt
2014-12-10 00:26 - 2014-12-10 00:26 - 00000000 ____D () C:\Windows\ERUNT
2014-12-10 00:10 - 2014-12-10 00:17 - 00000000 ____D () C:\AdwCleaner
2014-12-09 15:22 - 2014-12-09 15:22 - 00000247 _____ () C:\Windows\system32\2014-12-09-14-22-33.071-aswFe.exe-1176.log
2014-12-09 15:16 - 2014-12-10 00:41 - 00000000 ____D () C:\FRST
2014-12-09 15:15 - 2014-12-10 00:41 - 00000000 ____D () C:\Users\Gsellmann\Desktop\schutz
2014-12-09 15:12 - 2014-12-09 15:12 - 00000247 _____ () C:\Windows\system32\2014-12-09-14-12-13.031-aswFe.exe-388.log
2014-12-09 15:12 - 2014-12-09 15:12 - 00000197 _____ () C:\Windows\system32\2014-12-09-14-12-29.012-AvastVBoxSVC.exe-5208.log
2014-12-09 15:06 - 2014-12-09 15:06 - 00000197 _____ () C:\Windows\system32\2014-12-09-14-06-26.017-AvastVBoxSVC.exe-4128.log
2014-12-09 15:04 - 2014-12-09 15:04 - 00000247 _____ () C:\Windows\system32\2014-12-09-14-04-25.040-aswFe.exe-4712.log
2014-12-09 15:01 - 2014-12-09 15:02 - 00000247 _____ () C:\Windows\system32\2014-12-09-14-01-33.028-aswFe.exe-4812.log
2014-12-09 15:01 - 2014-12-09 15:01 - 00000197 _____ () C:\Windows\system32\2014-12-09-14-01-25.059-AvastVBoxSVC.exe-2240.log
2014-12-09 14:51 - 2014-12-09 14:52 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-09 14:51 - 2014-12-09 14:52 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-09 14:49 - 2014-12-10 00:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-09 14:49 - 2014-12-09 14:49 - 00001968 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-09 14:49 - 2014-12-09 14:49 - 00000000 ____D () C:\Users\Gsellmann\AppData\Roaming\AVAST Software
2014-12-09 14:49 - 2014-12-09 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-09 14:49 - 2014-12-09 14:48 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-09 14:49 - 2014-12-09 14:48 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-09 14:48 - 2014-12-09 14:49 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1418132960032
2014-12-09 14:48 - 2014-12-09 14:49 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-09 14:48 - 2014-12-09 14:49 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-09 14:48 - 2014-12-09 14:48 - 01049920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1418132953746
2014-12-09 14:48 - 2014-12-09 14:48 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-09 14:48 - 2014-12-09 14:48 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-09 14:48 - 2014-12-09 14:48 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-09 14:48 - 2014-12-09 14:48 - 00082768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.1418132953746
2014-12-09 14:48 - 2014-12-09 14:48 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-09 14:48 - 2014-12-09 14:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-09 14:48 - 2014-12-09 14:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-09 14:47 - 2014-12-09 14:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-09 14:38 - 2014-12-09 14:47 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-09 14:05 - 2014-12-09 14:49 - 00000000 ____D () C:\software
2014-12-09 10:21 - 2014-12-09 10:21 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT
2014-12-09 10:15 - 2014-12-09 10:15 - 00000000 ___RD () C:\Users\Gsellmann\AppData\Roaming\Brother
2014-12-09 10:14 - 2014-12-09 13:07 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-12-09 10:14 - 2014-12-09 13:07 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-12-09 10:09 - 2014-12-09 10:12 - 00058760 _____ () C:\Windows\DPINST.LOG
2014-12-09 10:08 - 2009-07-21 07:32 - 01560064 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWia09b.dll
2014-12-09 10:08 - 2009-02-24 02:37 - 00050176 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrUsi09a.dll
2014-12-09 05:33 - 2014-12-09 05:34 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Gsellmann\Downloads\avira_de_av___ws(1).exe
2014-12-09 05:28 - 2014-12-09 05:28 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Gsellmann\Downloads\avira_de_av___ws.exe
2014-12-04 12:54 - 2014-12-04 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-02 11:35 - 2014-12-02 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX MailCheck
2014-12-02 11:35 - 2014-12-02 11:35 - 00000000 ____D () C:\Program Files\GMX MailCheck
2014-12-02 11:35 - 2014-12-02 11:35 - 00000000 ____D () C:\Program Files (x86)\GMX MailCheck
2014-12-01 07:53 - 2014-12-01 07:53 - 00000000 ____D () C:\ProgramData\UUdb
2014-11-19 19:06 - 2014-11-19 19:12 - 00000426 _____ () C:\Users\Gsellmann\Desktop\url.htm
2014-11-19 19:01 - 2014-11-19 19:01 - 00000426 _____ () C:\Users\Gsellmann\Desktop\Play on Me.htm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 00:33 - 2011-04-10 21:36 - 01854474 _____ () C:\Windows\WindowsUpdate.log
2014-12-10 00:30 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 00:30 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 00:23 - 2013-09-07 20:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-10 00:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 00:23 - 2009-07-14 05:51 - 00269325 _____ () C:\Windows\setupact.log
2014-12-10 00:22 - 2010-07-07 17:17 - 00252212 _____ () C:\Windows\PFRO.log
2014-12-10 00:21 - 2012-05-17 20:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 00:05 - 2011-12-02 10:45 - 00000000 ____D () C:\Users\Gsellmann\AppData\Roaming\Skype
2014-12-09 14:51 - 2014-06-03 06:25 - 00001922 _____ () C:\Users\Gsellmann\Desktop\Amazon.lnk
2014-12-09 14:51 - 2011-05-15 10:44 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 14:51 - 2011-05-15 10:44 - 00001143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 14:24 - 2014-06-10 10:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-09 13:59 - 2011-04-10 22:21 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-09 09:47 - 2010-05-12 09:18 - 00654150 _____ () C:\Windows\system32\perfh007.dat
2014-12-09 09:47 - 2010-05-12 09:18 - 00130022 _____ () C:\Windows\system32\perfc007.dat
2014-12-09 09:47 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 05:18 - 2012-06-09 06:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-02 12:21 - 2012-05-17 20:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-02 12:21 - 2012-05-17 20:12 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-02 12:21 - 2011-08-15 19:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-01 07:53 - 2014-06-03 06:24 - 00003888 _____ () C:\Windows\System32\Tasks\Registration 1und1 Task
2014-12-01 07:53 - 2014-06-03 06:24 - 00000000 ____D () C:\Program Files (x86)\1und1Softwareaktualisierung
2014-11-18 14:48 - 2011-04-10 21:38 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-18 14:48 - 2011-04-10 21:38 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-18 14:48 - 2011-04-10 21:38 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 14:48 - 2011-04-10 21:38 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

Some content of TEMP:
====================
C:\Users\Gsellmann\AppData\Local\Temp\avgnt.exe
C:\Users\Gsellmann\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Gsellmann\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Gsellmann\AppData\Local\Temp\Fchipsbank.dll
C:\Users\Gsellmann\AppData\Local\Temp\FLoginTool.exe
C:\Users\Gsellmann\AppData\Local\Temp\gmx_mediacenter_setup_a201412.exe
C:\Users\Gsellmann\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe
C:\Users\Gsellmann\AppData\Local\Temp\ose00000.exe
C:\Users\Gsellmann\AppData\Local\Temp\Quarantine.exe
C:\Users\Gsellmann\AppData\Local\Temp\ResetDevice.exe
C:\Users\Gsellmann\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Gsellmann\AppData\Local\Temp\sqlite3.dll
C:\Users\Gsellmann\AppData\Local\Temp\vlc-2.0.8-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-09 09:41

==================== End Of Log ============================

--- --- ---

Vielen Dank und Bitte um eine Rückantwort
Danke

cosinus · 10.12.2014, 00:44

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

haiflosse · 10.12.2014, 02:07

Sorry, habe ich vergessen.
Hier nun nochmals ein neues frst und addition File.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by Gsellmann (administrator) on GSELLMANN-PC on 10-12-2014 02:03:49
Running from C:\Users\Gsellmann\Desktop\schutz
Loaded Profile: Gsellmann (Available profiles: Gsellmann & UpdatusUser)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Gainward Co. Ltd.) C:\Program Files (x86)\EXPERTool\TBPanel.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [JAVA] => C:\Windows\java.vbs [83 2010-11-17] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2010-10-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2096192 2014-11-17] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-09] (AVAST Software)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Run: [Mobile Partner] => "C:\Program Files (x86)\tele.ring\tele.ring Mobile Internet.exe"
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Run: [TBPanel] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2048368 2012-10-11] (Gainward Co. Ltd.)
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\MountPoints2: {61a13c21-3adf-11e1-bd83-6c626dc176b7} - F:\AutoRun.exe
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\MountPoints2: {c31bfda3-18dd-11e1-9c39-806e6f6e6963} - I:\AutoRun.exe
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\MountPoints2: {daeb98bc-18e5-11e1-8bf3-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\...\MountPoints2: {dcbef03c-197e-11e1-8e69-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3059467662-2371257444-3053940650-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {423139CA-4758-431D-92E7-D61FFE79B306} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {66E1A955-92D1-4B01-B54C-DD4227B8B5B5} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {79D75B48-8A5C-4783-B545-36E5A540D8A7} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {DB8CFF5A-8A8F-4A36-B45E-516EFD3ACAB4} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3059467662-2371257444-3053940650-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.138

FireFox:
========
FF ProfilePath: C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default
FF NewTab: about:newtab
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF DefaultSearchEngine: Google (avast)
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\searchplugins\google-avast.xml
FF Extension: Avira Browser Safety - C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\Extensions\abs@avira.com [2014-12-09]
FF Extension: TRUSTe Tracker Protection - C:\Users\Gsellmann\AppData\Roaming\Mozilla\Firefox\Profiles\5fnhibiv.default\Extensions\trusttheweb@truste.com.xpi [2013-05-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-09]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Gsellmann\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-09] (Avast Software)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-09] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2011-05-06] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2011-05-06] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [270728 2014-12-09] (Avast Software)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 iaStor; \SystemRoot\system32\DRIVERS\iaStor.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 00:32 - 2014-12-10 00:32 - 00002403 _____ () C:\Users\Gsellmann\Desktop\JRT.txt
2014-12-10 00:26 - 2014-12-10 00:26 - 00000000 ____D () C:\Windows\ERUNT
2014-12-10 00:10 - 2014-12-10 00:17 - 00000000 ____D () C:\AdwCleaner
2014-12-09 15:22 - 2014-12-09 15:22 - 00000247 _____ () C:\Windows\system32\2014-12-09-14-22-33.071-aswFe.exe-1176.log
2014-12-09 15:16 - 2014-12-10 02:03 - 00000000 ____D () C:\FRST
2014-12-09 15:15 - 2014-12-10 02:03 - 00000000 ____D () C:\Users\Gsellmann\Desktop\schutz
2014-12-09 15:12 - 2014-12-09 15:12 - 00000247 _____ () C:\Windows\system32\2014-12-09-14-12-13.031-aswFe.exe-388.log
2014-12-09 15:12 - 2014-12-09 15:12 - 00000197 _____ () C:\Windows\system32\2014-12-09-14-12-29.012-AvastVBoxSVC.exe-5208.log
2014-12-09 15:06 - 2014-12-09 15:06 - 00000197 _____ () C:\Windows\system32\2014-12-09-14-06-26.017-AvastVBoxSVC.exe-4128.log
2014-12-09 15:04 - 2014-12-09 15:04 - 00000247 _____ () C:\Windows\system32\2014-12-09-14-04-25.040-aswFe.exe-4712.log
2014-12-09 15:01 - 2014-12-09 15:02 - 00000247 _____ () C:\Windows\system32\2014-12-09-14-01-33.028-aswFe.exe-4812.log
2014-12-09 15:01 - 2014-12-09 15:01 - 00000197 _____ () C:\Windows\system32\2014-12-09-14-01-25.059-AvastVBoxSVC.exe-2240.log
2014-12-09 14:51 - 2014-12-09 14:52 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-09 14:51 - 2014-12-09 14:52 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-09 14:49 - 2014-12-10 00:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-09 14:49 - 2014-12-09 14:49 - 00001968 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-09 14:49 - 2014-12-09 14:49 - 00000000 ____D () C:\Users\Gsellmann\AppData\Roaming\AVAST Software
2014-12-09 14:49 - 2014-12-09 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-09 14:49 - 2014-12-09 14:48 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-09 14:49 - 2014-12-09 14:48 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-09 14:48 - 2014-12-09 14:49 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1418132960032
2014-12-09 14:48 - 2014-12-09 14:49 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-09 14:48 - 2014-12-09 14:49 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-09 14:48 - 2014-12-09 14:48 - 01049920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1418132953746
2014-12-09 14:48 - 2014-12-09 14:48 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-09 14:48 - 2014-12-09 14:48 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-09 14:48 - 2014-12-09 14:48 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-09 14:48 - 2014-12-09 14:48 - 00082768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.1418132953746
2014-12-09 14:48 - 2014-12-09 14:48 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-09 14:48 - 2014-12-09 14:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-09 14:48 - 2014-12-09 14:48 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-09 14:47 - 2014-12-09 14:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-09 14:38 - 2014-12-09 14:47 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-09 14:05 - 2014-12-09 14:49 - 00000000 ____D () C:\software
2014-12-09 10:21 - 2014-12-09 10:21 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT
2014-12-09 10:15 - 2014-12-09 10:15 - 00000000 ___RD () C:\Users\Gsellmann\AppData\Roaming\Brother
2014-12-09 10:14 - 2014-12-09 13:07 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-12-09 10:14 - 2014-12-09 13:07 - 00000027 _____ () C:\Windows\BRPP2KA.INI
2014-12-09 10:09 - 2014-12-09 10:12 - 00058760 _____ () C:\Windows\DPINST.LOG
2014-12-09 10:08 - 2009-07-21 07:32 - 01560064 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWia09b.dll
2014-12-09 10:08 - 2009-02-24 02:37 - 00050176 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrUsi09a.dll
2014-12-09 05:33 - 2014-12-09 05:34 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Gsellmann\Downloads\avira_de_av___ws(1).exe
2014-12-09 05:28 - 2014-12-09 05:28 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Gsellmann\Downloads\avira_de_av___ws.exe
2014-12-04 12:54 - 2014-12-04 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-02 11:35 - 2014-12-02 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX MailCheck
2014-12-02 11:35 - 2014-12-02 11:35 - 00000000 ____D () C:\Program Files\GMX MailCheck
2014-12-02 11:35 - 2014-12-02 11:35 - 00000000 ____D () C:\Program Files (x86)\GMX MailCheck
2014-12-01 07:53 - 2014-12-01 07:53 - 00000000 ____D () C:\ProgramData\UUdb
2014-11-19 19:06 - 2014-11-19 19:12 - 00000426 _____ () C:\Users\Gsellmann\Desktop\url.htm
2014-11-19 19:01 - 2014-11-19 19:01 - 00000426 _____ () C:\Users\Gsellmann\Desktop\Play on Me.htm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 02:01 - 2011-12-02 10:45 - 00000000 ____D () C:\Users\Gsellmann\AppData\Roaming\Skype
2014-12-10 02:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 02:00 - 2013-09-07 20:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-10 02:00 - 2009-07-14 05:51 - 00269381 _____ () C:\Windows\setupact.log
2014-12-10 00:33 - 2011-04-10 21:36 - 01854474 _____ () C:\Windows\WindowsUpdate.log
2014-12-10 00:30 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 00:30 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 00:22 - 2010-07-07 17:17 - 00252212 _____ () C:\Windows\PFRO.log
2014-12-10 00:21 - 2012-05-17 20:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 14:51 - 2014-06-03 06:25 - 00001922 _____ () C:\Users\Gsellmann\Desktop\Amazon.lnk
2014-12-09 14:51 - 2011-05-15 10:44 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 14:51 - 2011-05-15 10:44 - 00001143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 14:24 - 2014-06-10 10:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-09 13:59 - 2011-04-10 22:21 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-09 09:47 - 2010-05-12 09:18 - 00654150 _____ () C:\Windows\system32\perfh007.dat
2014-12-09 09:47 - 2010-05-12 09:18 - 00130022 _____ () C:\Windows\system32\perfc007.dat
2014-12-09 09:47 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 05:18 - 2012-06-09 06:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-02 12:21 - 2012-05-17 20:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-02 12:21 - 2012-05-17 20:12 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-02 12:21 - 2011-08-15 19:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-01 07:53 - 2014-06-03 06:24 - 00003888 _____ () C:\Windows\System32\Tasks\Registration 1und1 Task
2014-12-01 07:53 - 2014-06-03 06:24 - 00000000 ____D () C:\Program Files (x86)\1und1Softwareaktualisierung
2014-11-18 14:48 - 2011-04-10 21:38 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-18 14:48 - 2011-04-10 21:38 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-18 14:48 - 2011-04-10 21:38 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 14:48 - 2011-04-10 21:38 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

Some content of TEMP:
====================
C:\Users\Gsellmann\AppData\Local\Temp\avgnt.exe
C:\Users\Gsellmann\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Gsellmann\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Gsellmann\AppData\Local\Temp\Fchipsbank.dll
C:\Users\Gsellmann\AppData\Local\Temp\FLoginTool.exe
C:\Users\Gsellmann\AppData\Local\Temp\gmx_mediacenter_setup_a201412.exe
C:\Users\Gsellmann\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe
C:\Users\Gsellmann\AppData\Local\Temp\ose00000.exe
C:\Users\Gsellmann\AppData\Local\Temp\Quarantine.exe
C:\Users\Gsellmann\AppData\Local\Temp\ResetDevice.exe
C:\Users\Gsellmann\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Gsellmann\AppData\Local\Temp\sqlite3.dll
C:\Users\Gsellmann\AppData\Local\Temp\vlc-2.0.8-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-09 09:41

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2014
Ran by Gsellmann at 2014-12-10 02:04:54
Running from C:\Users\Gsellmann\Desktop\schutz
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
aonUpdate (HKLM-x32\...\aonUpdate) (Version: 1.4.0.42 - A1 Telekom Austria AG)
aonUpdate (x32 Version: 1.4.0.42 - A1 Telekom Austria AG) Hidden
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 8.1.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 3.12.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 3.4.0 - ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{5479F9EC-5D71-CB4F-7091-3BF696F82035}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borland Delphi 5 (HKLM-x32\...\Delphi5) (Version:  - )
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Shell Extension - 64Bit (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Content (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (x32 Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (x32 Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM-x32\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM-x32\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (x32 Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EXPERTool v8.6 (HKLM-x32\...\{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1) (Version: 8.6.0.0 - Gainward Co. Ltd.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FotoWorks XL 2013 (HKLM-x32\...\FotoWorks XL 2013_is1) (Version: Aktuelle Version - IN MEDIA KG)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GMX Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
GMX MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Highspeed-Internet-Installation (HKLM-x32\...\Highspeed-Internet-Installation) (Version: 7.2.2.8 - A1 Telekom Austria AG)
Highspeed-Internet-Installation (x32 Version: 7.2.2.8 - A1 Telekom Austria AG) Hidden
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
LibreOffice 3.4 (HKLM-x32\...\{F1161EC6-7CC1-4D9F-83F6-8839C17019C2}) (Version: 3.4.203 - LibreOffice)
LibreOffice 3.4 Help Pack (German) (HKLM-x32\...\{2B3D87B9-4671-4EA4-92A4-C615BE64F706}) (Version: 3.4.203 - LibreOffice)
Medion Home Cinema (HKLM-x32\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 6.0.0000 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 6.0 (HKLM-x32\...\{067B277E-F94B-4F04-B380-BA967C00377C}_is1) (Version:  - MiniTool Solution Ltd.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
STEIG EIN! 1.2 (HKLM-x32\...\{565975F6-01B9-409E-A5FF-EA656EE0144F}_is1) (Version:  - Hubert Ebner Verlags GmbH)
STF (HKLM\...\{acf497e7-b056-42f2-9ba7-98b319b92b36}.sdb) (Version:  - )
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Wii Xploder Cheat Saves and Media Manager (HKLM-x32\...\{242B2601-AF61-42B7-B6DB-B1C34FE5830F}) (Version: 1.0.9.3 - Blaze Europe Ltd)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

09-12-2014 14:51:59 Sprachpaketdeinstallation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1542EFE3-8C04-4DD9-B2C5-1936886EA3C6} - System32\Tasks\{02504AA5-2D59-40D6-926A-85D0401E3808} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?source=lightinstaller&amp;page=tsProgressBar
Task: {1551CB77-678B-4DA7-BA7F-0857A01EC772} - System32\Tasks\{E92A4AA0-ADF9-4E81-94E3-BD7529962BC4} => Firefox.exe hxxp://ui.skype.com/ui/0/6.5.0.158/de/abandoninstall?page=tsProgressBar
Task: {1767544F-47FD-4D57-A1A9-2A306D6A256E} - System32\Tasks\{663B426F-AFC9-42BE-B7FE-37998BF9B896} => C:\Program Files (x86)\STF\Stf.exe
Task: {244F8FFB-601A-4CBC-9F21-916F48FA8865} - System32\Tasks\{CE04AB6B-A219-4D2D-98F2-92ED2E233CB1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsBing
Task: {2EFAF500-FCD3-4B54-A0D2-48F6C02A0533} - System32\Tasks\{6E368D5E-E237-448D-A206-65A06FAAA404} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?source=lightinstaller&amp;page=tsProgressBar
Task: {319F8AB5-6EF5-4B3A-BD99-1F646C285B4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {33498466-65C4-4E92-8395-AFDB16FBF60F} - System32\Tasks\{7EEB01CF-3872-4151-AADD-F0334FC9AEF4} => C:\Program Files\Zune\Zune.exe [2011-08-05] (Microsoft Corporation)
Task: {3B67E7A0-0B91-4327-95F4-D8E1C72EEE67} - System32\Tasks\{FF83D634-2A24-436F-A937-AA8DA5FF286D} => C:\Program Files\Zune\Zune.exe [2011-08-05] (Microsoft Corporation)
Task: {403D1428-E71F-4B63-B003-E678B32F0028} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH)
Task: {40BAFB45-6274-4E82-8CAB-7CED7A247A12} - System32\Tasks\{334688EF-29CD-4842-97A6-26089372B091} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {4FC3094D-53A4-4403-8A2C-6ED1E9BA5B60} - System32\Tasks\{A0488517-0223-4E41-99B3-EBD8B556444D} => C:\Program Files\Zune\Zune.exe [2011-08-05] (Microsoft Corporation)
Task: {53060EE4-93E6-4B79-921F-32D02040E1EB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-09] (AVAST Software)
Task: {681EFABE-E9B6-4B42-BDFE-C18794F64BAE} - System32\Tasks\{C85812EE-B738-403D-9DDF-890D694A0B98} => C:\Program Files\Zune\Zune.exe [2011-08-05] (Microsoft Corporation)
Task: {8737EB82-87E9-4F54-B3A7-A1FFCC38A264} - System32\Tasks\{03FDAF48-EBE2-439C-86B0-9158CBAF525D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.59.158/de/abandoninstall?page=tsMain
Task: {8FF61AE4-A638-4CAC-B78C-43479462F6A9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {91552112-CD4C-4FA7-B628-428E00CC6C4D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-02] (Adobe Systems Incorporated)
Task: {993FB553-DA37-43C1-9F75-1BBB9BCEF15F} - System32\Tasks\{FA1D73DC-1FB4-46A3-BF6D-2CB9B1EA81D0} => C:\Users\Gsellman\Documents\STFgsm2 access\Stf.exe
Task: {B76CFA08-B0AA-4BCD-B9AD-714673D3C7E9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {EA991C65-B993-4325-89E7-615595572F68} - System32\Tasks\STF => C:\Program Files (x86)\STF\Stf.exe
Task: {FA1C6DD9-8AAC-411E-AF40-943AFDD26CFB} - System32\Tasks\{D5B834E2-92A7-4B19-B420-C70E947CE6F3} => C:\Program Files\Zune\Zune.exe [2011-08-05] (Microsoft Corporation)
Task: {FB350375-DDCC-4200-9859-EFC9FAE5CFBE} - System32\Tasks\{C4D16FA0-D560-4520-B37A-98D899F3450B} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.59.158/de/abandoninstall?page=tsMain
Task: {FB757F6D-D98E-46BD-82B2-63569D5C26A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-07 20:57 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-09 14:48 - 2014-12-09 14:48 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-09 14:48 - 2014-12-09 14:48 - 05846160 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-10 00:07 - 2014-12-10 00:07 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120901\algo.dll
2014-12-09 14:48 - 2014-12-09 14:48 - 04491192 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-12-09 14:48 - 2014-12-09 14:48 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3059467662-2371257444-3053940650-500 - Administrator - Disabled)
Gast (S-1-5-21-3059467662-2371257444-3053940650-501 - Limited - Disabled)
Gsellmann (S-1-5-21-3059467662-2371257444-3053940650-1003 - Administrator - Enabled) => C:\Users\Gsellmann
HomeGroupUser$ (S-1-5-21-3059467662-2371257444-3053940650-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-3059467662-2371257444-3053940650-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/10/2014 02:03:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/10/2014 02:03:04 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/10/2014 00:33:28 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.189.1570.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 42%
Total physical RAM: 4095.29 MB
Available physical RAM: 2344.73 MB
Total Pagefile: 8188.71 MB
Available Pagefile: 6356.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:697.71 GB) (Free:616.37 GB) NTFS
Drive d: (Recover) (Fixed) (Total:698.45 GB) (Free:2.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 2BD2C32A)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=697.7 GB) - (Type=42)
Partition 4: (Not Active) - (Size=699.5 GB) - (Type=42)

==================== End Of Log ============================

Danke

cosinus · 10.12.2014, 02:15

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

haiflosse · 11.12.2014, 08:12

Hallo!
Hier mal ein Zwischenbericht.
malwarebytes konnte ich durchführen.
Hier das Ergebnis

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 10.12.2014 13:04:29, SYSTEM, GSELLMANN-PC, Protection, Malware Protection, Starting, 
Protection, 10.12.2014 13:04:29, SYSTEM, GSELLMANN-PC, Protection, Malware Protection, Started, 
Protection, 10.12.2014 13:04:29, SYSTEM, GSELLMANN-PC, Protection, Malicious Website Protection, Starting, 
Update, 10.12.2014 13:04:33, SYSTEM, GSELLMANN-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 10.12.2014 13:04:33, SYSTEM, GSELLMANN-PC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.8.3, 
Protection, 10.12.2014 13:04:34, SYSTEM, GSELLMANN-PC, Protection, Malicious Website Protection, Started, 
Update, 10.12.2014 13:04:53, SYSTEM, GSELLMANN-PC, Manual, Malware Database, 2014.11.20.6, 2014.12.10.6, 
Protection, 10.12.2014 13:04:53, SYSTEM, GSELLMANN-PC, Protection, Refresh, Starting, 
Protection, 10.12.2014 13:04:53, SYSTEM, GSELLMANN-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 10.12.2014 13:04:53, SYSTEM, GSELLMANN-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 10.12.2014 13:04:59, SYSTEM, GSELLMANN-PC, Protection, Refresh, Success, 
Protection, 10.12.2014 13:04:59, SYSTEM, GSELLMANN-PC, Protection, Malicious Website Protection, Starting, 
Protection, 10.12.2014 13:04:59, SYSTEM, GSELLMANN-PC, Protection, Malicious Website Protection, Started, 
Scan, 10.12.2014 13:23:07, SYSTEM, GSELLMANN-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 14 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 3 Malwareerkennung, 4-Malwareerkennung, 
Protection, 10.12.2014 13:25:44, SYSTEM, GSELLMANN-PC, Protection, Malware Protection, Starting, 
Protection, 10.12.2014 13:25:44, SYSTEM, GSELLMANN-PC, Protection, Malware Protection, Started, 
Protection, 10.12.2014 13:25:44, SYSTEM, GSELLMANN-PC, Protection, Malicious Website Protection, Starting, 
Protection, 10.12.2014 13:25:45, SYSTEM, GSELLMANN-PC, Protection, Malicious Website Protection, Started, 
Update, 10.12.2014 14:27:56, SYSTEM, GSELLMANN-PC, Scheduler, Failed, Unable to access update server, 
Update, 10.12.2014 15:21:52, SYSTEM, GSELLMANN-PC, Scheduler, Failed, Unable to access update server, 
Update, 10.12.2014 15:29:45, SYSTEM, GSELLMANN-PC, Scheduler, Failed, Unable to access update server, 
Update, 10.12.2014 16:25:49, SYSTEM, GSELLMANN-PC, Scheduler, Failed, Unable to access update server, 
Update, 10.12.2014 17:28:24, SYSTEM, GSELLMANN-PC, Scheduler, Failed, Unable to access update server, 
Update, 10.12.2014 18:27:36, SYSTEM, GSELLMANN-PC, Scheduler, Failed, Unable to access update server, 
Update, 10.12.2014 19:34:09, SYSTEM, GSELLMANN-PC, Scheduler, Failed, Unable to access update server, 
Update, 10.12.2014 20:28:18, SYSTEM, GSELLMANN-PC, Scheduler, Failed, Unable to access update server, 
Update, 10.12.2014 21:20:38, SYSTEM, GSELLMANN-PC, Scheduler, Failed, Unable to access update server, 
Update, 10.12.2014 21:24:16, SYSTEM, GSELLMANN-PC, Scheduler, Failed, Unable to access update server, 
Update, 10.12.2014 22:32:12, SYSTEM, GSELLMANN-PC, Scheduler, Failed, Unable to access update server, 
Update, 10.12.2014 23:22:38, SYSTEM, GSELLMANN-PC, Scheduler, Failed, Unable to access update server, 
Update, 10.12.2014 23:27:08, SYSTEM, GSELLMANN-PC, Scheduler, Failed, Unable to access update server, 

(end)

eset arbeitet nun schon seit über 12 Stunden und ist nun bei 67%.
Muss ich dies noch abwarten?

Danke

Eset läuft nun schon fast 19 Stunden und ist bei 69%.
Muss ich da weiter abwarten.
Er hat bis jetzt 54 infizierte Dateien gefunden.
Danke

cosinus · 11.12.2014, 08:59

Bitte das richtige Log von Malwarebytes posten. Suchlauf-Protokoll, kein Anwendungsprotokoll.

haiflosse · 11.12.2014, 18:11

Hallo!
Sorry. Hier nun das Suchlauf-Protokoll

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 10.12.2014
Suchlauf-Zeit: 13:06:23
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.10.06
Rootkit Datenbank: v2014.12.08.03
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Gsellmann

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 410862
Verstrichene Zeit: 14 Min, 35 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jcdgjdiieiljkfkdcloehkohchhpekkn, In Quarantäne, [ea443031d7a5aa8c1e8d5713ab58a060], 

Registrierungswerte: 1
Backdoor.Bot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|JAVA, C:\Windows\java.vbs, In Quarantäne, [0c2276eb03790e28a6c49d78a65e2ad6]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 5
Backdoor.Bot, C:\Users\Gsellmann\AppData\Local\Temp\1563.tmp, In Quarantäne, [9d91481997e544f2564f0b95e41d867a], 
PUP.Optional.SweetIM, C:\Windows\Installer\2de313.msi, In Quarantäne, [f7371d445c2080b69939e4a99f6606fa], 
PUP.Optional.SweetIM, C:\Windows\Installer\2de319.msi, In Quarantäne, [70be2b368eeedc5ad00286070cf9fe02], 
PUP.Optional.SweetIM, C:\Windows\Installer\2de31f.msi, In Quarantäne, [0925c29ff98386b0f7db54399471639d], 
Backdoor.Bot, C:\Windows\java.vbs, In Quarantäne, [0c2276eb03790e28a6c49d78a65e2ad6], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Was soll ich noch mit dem eset Scanner tun.
Er läuft nun noch immer und ist erst bei 70%.
Danke

cosinus · 11.12.2014, 19:04

Einfach geduldig sein und warten

haiflosse · 12.12.2014, 14:22

o.k.
Wie lange kann das noch dauern. Derzeit habe ich 1% pro Tag.
Kann ich inzwischen noch etwas anderes prüfen, oder muss ich da abwarten.
Grüße

Hallo!
Der eset Scanner ist nun endlich fertig geworden.
Hier das Ergebnis:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=65e47e4f7309db4588da65e0b1025608
# engine=21488
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-12 05:56:19
# local_time=2014-12-12 06:56:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 234425 234584 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 21853461 112544989 0 0
# scanned=214140
# found=65
# cleaned=0
# scan_time=62551
sh=111A45CFC3B90E7EFC5F8A29CA7B671527AE3FC0 ft=1 fh=541dc356763bc3d1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\mgcommon.dll.vir"
sh=843091CC4B11E7DBCA7260148854EF0263B6FD41 ft=1 fh=75ffa605f15aa281 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\mgcommunication.dll.vir"
sh=05B88F770FF4CF803620ECF6841DD6F8E4C7F55F ft=1 fh=c73269955da119f2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\mgsimcommon.dll.vir"
sh=477C9030A086A0EF33EE020061EECBBFFB711E34 ft=1 fh=69b06e9044e131f9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\mgxml_wrapper.dll.vir"
sh=8570D63803C2FC0F944F46C2144009209B573DFF ft=1 fh=099d200935a603cb vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe.vir"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll.vir"
sh=FCD58D230710D97734D6DA825B84A66B45A8BC09 ft=1 fh=803c27236be703a2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe.vir"
sh=EEE7965935CF6D281022423AC2159E8E98BA1183 ft=1 fh=5f3499241d71f7e8 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll.vir"
sh=DDF643F34EBFAC73B7CEF5FE5A875CB09DD0E2D2 ft=1 fh=b287aa0c4066b7f1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgArchive.dll.vir"
sh=0829E23EE7973B55F5DF168CB5D582FB32A747A0 ft=1 fh=b9e26e741cf528be vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgcommon.dll.vir"
sh=A94BB51780D1C0278A7919311ECDE9909ADCA4AE ft=1 fh=004d6f6a35d311a0 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll.vir"
sh=7ECF11D3C8AF8F92B5CFD83BD010F6E6A617E056 ft=1 fh=9a3f26a384aa5e3b vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgconfig.dll.vir"
sh=459ABF1224EF48877D3DC5F0D13AE297EA631033 ft=1 fh=97f0ac65cb0f8992 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll.vir"
sh=5787C377D42C3F387E1E5883E13C395CBC2FAD17 ft=1 fh=665600364462adc7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mghooking.dll.vir"
sh=952EECCEC1E9D42E03B2DAB02F82DB0B0D24DAB5 ft=1 fh=59d1a94321a18fc7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll.vir"
sh=FAE653E979802BCCE1A0BA28CB38FC4B062B3322 ft=1 fh=c238cdbf722dbee1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll.vir"
sh=45E3FF8B014EED68EE70BF58D7BC6E4A6327B9DC ft=1 fh=d0237264f583be01 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mglogger.dll.vir"
sh=7D3852E6F6C0E1D16DBC9DF4B9FC508859F6D340 ft=1 fh=dca258e402db5661 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll.vir"
sh=058E85BD129D04CDCC1AB534E087D48DBB841E7D ft=1 fh=33bbb4ec6faf8720 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll.vir"
sh=E35AE873A58544486A7BAEA26F26876077F14B53 ft=1 fh=d188a05ec8ee9737 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll.vir"
sh=D7BBC28B3666475C54CE31889A336C7DBE3B11A4 ft=1 fh=6456d5f63c8939a7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll.vir"
sh=BBA9639507F480CBC08BE81513D32189F75B0F6B ft=1 fh=8047d73f9b30c012 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll.vir"
sh=DCDCF508E485BD9A7F268206321C60433175313E ft=1 fh=a2735164dfee87ca vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll.vir"
sh=4D53F1C240E5B46AE22C2102CE8AB80B33EA83CB ft=1 fh=f802cb8ac448af36 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll.vir"
sh=E28606C8AF455AA4C4264BE322028C28075C2943 ft=1 fh=8964a6b801489ba0 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll.vir"
sh=68025AE9EB81EC0DDC9AE3F88618DAD344807791 ft=1 fh=0983a28d994d94c9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll.vir"
sh=11DDADDAE588650F1540F6C6DB612B25A4EA2666 ft=1 fh=c047422c844ae7e1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\SweetIM.exe.vir"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll.vir"
sh=4534B7A7409F3D7B4E83C12501377BEDD7AE38F4 ft=1 fh=9c745ce39056f40a vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir"
sh=2ECFC15C2427538484A944A420E2D4EBB47A2B2C ft=1 fh=16ad298bb9822fb9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir"
sh=8FB163099AB3CF69EADB1810F436B584B8C60D28 ft=1 fh=ae45e8ad3226ccf9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir"
sh=85719767CA0DEFF76A5B21BF5390A235D81FDC14 ft=1 fh=5f1f4da61e4a119d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir"
sh=7122E9F6553F9A6BC794D423D9ED92EB9D542B83 ft=1 fh=47774c9519bc2a47 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir"
sh=C1334610E8EADC8AE416889A849E649B69BF0994 ft=1 fh=847823e427bd54ba vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir"
sh=7841DE02C418392E76B6D89F451A15FA4BBC5947 ft=1 fh=593acd8b174b576e vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir"
sh=996C01EDD33383DCFC8FD798126F9685598774AC ft=1 fh=d81630da06fae24d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir"
sh=1297B2296A962B067A98EAC493EB2E11C6F2A926 ft=1 fh=2db2eca1c732a6ec vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir"
sh=006A399FC0D70862785045FE35AC1EF7E6A87AC4 ft=1 fh=734c5e24dce5153c vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir"
sh=BF5CD61B81ED1327AE7AE7C79C020C810684C38D ft=1 fh=f0f0448aff65ac37 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir"
sh=E1C99225C4C16710DE3AF3D52300E1E943F7C84F ft=1 fh=f891ef12b7700e02 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SweetIM\Messenger\update\sweetimsetup.exe.vir"
sh=E88D89F2EA182D1C9A7248B178B0A4E487E0BC21 ft=1 fh=28e98c7539f090b7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\software\Tools\MediaPack\Setup.exe"
sh=EC3F56813179B2856782F4C896F0E07A48B8E640 ft=1 fh=9a80ea4520455037 vn="Variante von Win32/Spammer.Agent.Z Trojaner" ac=I fn="C:\Users\Gsellmann\AppData\Local\Temp\7D78.tmp"
sh=EC3F56813179B2856782F4C896F0E07A48B8E640 ft=1 fh=9a80ea4520455037 vn="Variante von Win32/Spammer.Agent.Z Trojaner" ac=I fn="C:\Users\Gsellmann\AppData\Local\Temp\D77.tmp"
sh=44ECB658BADD130FED7C0351886380736F3533C5 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2011-08-15 224346\Backup Files 2011-08-15 224346\Backup files 119.zip"
sh=E04F5DC7920F159F1EFD3FE562245AD36F2A0930 ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2011-08-15 224346\Backup Files 2011-08-15 224346\Backup files 4.zip"
sh=F63A0B013243AF3D743FE114D3BB3FFBF431F68C ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2011-08-15 224346\Backup Files 2011-12-05 162924\Backup files 9.zip"
sh=28B340BBB1E598527B5DFF88A6D32EDD6F656F8A ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="D:\GSELLMANN-PC\Backup Set 2011-08-15 224346\Backup Files 2012-01-22 190001\Backup files 1.zip"
sh=B348A6080FD6B9A64D31B6491CDBD556A25F475D ft=0 fh=0000000000000000 vn="JS/FBook.NAP Trojaner" ac=I fn="D:\GSELLMANN-PC\Backup Set 2011-08-15 224346\Backup Files 2012-05-13 191135\Backup files 4.zip"
sh=91A1C792B5BB004536895F2E6ABFC7E14F21BF07 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2011-08-15 224346\Backup Files 2012-05-20 190001\Backup files 6.zip"
sh=3413AFCE45C6434511D040AAEF13342AF8497A4C ft=0 fh=0000000000000000 vn="HTML/IFrame.L Trojaner" ac=I fn="D:\GSELLMANN-PC\Backup Set 2011-08-15 224346\Backup Files 2012-06-03 190001\Backup files 1.zip"
sh=751A4588D5A0D648DD2DF750D1004DF68677020E ft=0 fh=0000000000000000 vn="JS/Kryptik.PB Trojaner" ac=I fn="D:\GSELLMANN-PC\Backup Set 2011-08-15 224346\Backup Files 2012-06-03 190001\Backup files 2.zip"
sh=3C63E8DEAD5BE6982274BB09EF7B1C07B83A19AE ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2011-08-15 224346\Backup Files 2012-06-18 131110\Backup files 2.zip"
sh=AC649C2C782E4EC0F48F4B7BAFC3F8D9627C2450 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="D:\GSELLMANN-PC\Backup Set 2011-08-15 224346\Backup Files 2012-07-03 170525\Backup files 1.zip"
sh=7D2A879EEE35BA5F90ADC7516DA4654A107C3FE8 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2012-08-16 061701\Backup Files 2012-08-20 220926\Backup files 12.zip"
sh=F528E0545EE0ECE347405DD4808BD8B598FC4A67 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2012-08-16 061701\Backup Files 2012-08-20 220926\Backup files 26.zip"
sh=A2F52EB385A6E215508492A3DF897A72B82A37EB ft=0 fh=0000000000000000 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2012-08-16 061701\Backup Files 2012-08-20 220926\Backup files 27.zip"
sh=932929EB942756F1AF66E2BB6DF8EAA5E39CF3DA ft=0 fh=0000000000000000 vn="Variante von Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2012-08-16 061701\Backup Files 2012-08-20 220926\Backup files 28.zip"
sh=241F7E4C56ED3B620AD5DC14EE704C98912F0EF9 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2012-08-16 061701\Backup Files 2012-08-30 110654\Backup files 121.zip"
sh=48D5FB3F955157E98B7B4A89A7302BEC189A4663 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2013-04-15 063430\Backup Files 2013-04-15 063430\Backup files 185.zip"
sh=63510C32B9968E394ACD8A3E772821EB251B7D87 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2013-04-15 063430\Backup Files 2013-04-15 063430\Backup files 27.zip"
sh=A26913F7A0DDA029CD025953823C1B18F8E2929D ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2013-04-15 063430\Backup Files 2013-04-15 063430\Backup files 28.zip"
sh=37DD6443915CAB998F8D27629A36088C2C106321 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2013-09-09 163337\Backup Files 2013-09-17 205900\Backup files 6.zip"
sh=B75E48A90EB5F59882D2BAECE94905E2A83C5FAF ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="D:\GSELLMANN-PC\Backup Set 2013-09-09 163337\Backup Files 2013-09-17 205900\Backup files 7.zip"
sh=8A3301B9CA3CD219DA3B3B8A538A0E6687BC0644 ft=0 fh=0000000000000000 vn="Variante von Win32/Kryptik.CDJE Trojaner" ac=I fn="D:\GSELLMANN-PC\Backup Set 2013-12-16 081951\Backup Files 2014-06-10 112937\Backup files 2.zip"
sh=701692F105A8E8B45E7E64A09B3740F005E435EF ft=0 fh=0000000000000000 vn="Variante von Win32/Kryptik.CDJE Trojaner" ac=I fn="D:\GSELLMANN-PC\Backup Set 2014-06-30 073720\Backup Files 2014-07-07 074107\Backup files 20.zip"

Bitte um weitere Inofs.
Danke

10.12.2014, 00:44	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Medion PC mit Windows 7 geht sehr langsam Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. __________________ Logfiles bitte immer in CODE-Tags posten

11.12.2014, 08:59	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Medion PC mit Windows 7 geht sehr langsam Bitte das richtige Log von Malwarebytes posten. Suchlauf-Protokoll, kein Anwendungsprotokoll. __________________ Logfiles bitte immer in CODE-Tags posten

11.12.2014, 19:04	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Medion PC mit Windows 7 geht sehr langsam Einfach geduldig sein und warten __________________ Logfiles bitte immer in CODE-Tags posten

Medion PC mit Windows 7 geht sehr langsam

Plagegeister aller Art und deren Bekämpfung: Medion PC mit Windows 7 geht sehr langsam