in Firefox werden links aus der google-Suche umgeleitet auf h**p://lp2.playerpage109.info/1421194756/player/LP5_1/?pid=7302&distid=24543&d1=

Sanne1705 · 14.01.2015, 02:43

Hallo zusammen und schon mal Danke fürs lesen.

Ich bin zum einen neu hier und zum anderen leider nur eine PC-Nutzerin
die von allem was tiefer geht überhaupt keine Ahnung hat.

Wie schon in der Überschrift geschrieben, lässt sich zwar über google nach Links suchen,
jedoch werde ich - wenn ich den Link anklicke - auf folgende Seite umgeleitet:

h**p://lp2.playerpage109.info/1421194756/player/LP5_1/?pid=7302&distid=24543&d1=16538&clickid=1991594005

Der Tab hört überhaupt nicht mehr auf zu laden,
zurück gehen über den Button ist auch nicht möglich.
Dieses Problem habe ich seit ich AVG deinstalliert und stattdessen Avira installiert habe.
Avg habe ich übrigens deinstalliert weil ich immer öfter nicht auf Seiten kam,
die vorher regelmäßig von mir benutzt wurden..
.. scheint also da schon, wie ich nun annehme, etwas nicht mehr ganz ok gewesen zu sein.

Mein Pop-up Blocker lässt übrigens auch alle möglichen und "unmöglichen" Pop-ups zu,
trotz der Einstellung alles zu blockieren.

Habe mir über einen anderen Rechner Avast Antivirus runtergeladen und installiert,
gefunden wurde nichts.

Vielleicht wichtig? Betriebssystem ist Windows 7

Sorry für den langen Text, wusste nicht wie ich das Problem kürzer beschreiben sollte.

LG, Sanne

schrauber · 14.01.2015, 06:19

Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Sanne1705 · 15.01.2015, 07:56

Hallo Schrauber

Danke für die prompte Antwort :O)
Habe das Programm über den 2. PC runtergeladen und dann auf meinem installiert, da ich mit meinem Rechner nicht auf die Seite hier kam und der Dowmload, egal bei weöcher Einstellung, von Avast blockiert wurde. Habe darum Avast deinstalliert.

Her erst mal die beiden erstellten Dateien:

#Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-01-2015 01
Ran by Sanne (administrator) on SANNE-PC on 15-01-2015 07:41:51
Running from C:\Users\Sanne\Desktop
Loaded Profiles: Sanne (Available profiles: Sanne)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
(Winstep Software Technologies) C:\Program Files\Winstep\WsxService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Simply Super Software) C:\Program Files\Trojan Remover\Trjscan.exe
(ACD Systems International Inc.) C:\Program Files\Common Files\ACD Systems\DE\DevDetect.exe
(Winstep Software Technologies) C:\Program Files\Winstep\Nexus.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Farbar) C:\Users\Sanne\Desktop\FRST(1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [TrojanScanner] => C:\Program Files\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Run: [Nexus] => C:\Program Files\Winstep\Nexus.exe [16993408 2014-11-05] (Winstep Software Technologies)
HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Run: [SwvUpdtr] => /reg
HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\MountPoints2: {adc28dcc-30d9-11e2-bf30-00252263b098} - K:\Startme.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * aswBoot.exe /M:732e790ae /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = sweet-page
HKU\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland
HKU\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = sweet-page
URLSearchHook: HKU\S-1-5-21-859861029-3488139155-271133188-1001 - (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{23E6C0F1-8591-4B76-B57C-797DD60F94B6}: [NameServer] 31.168.224.100,5.135.12.56
Tcpip\..\Interfaces\{4618B231-3952-4FD7-8BB6-FE12AC7912BB}: [NameServer] 31.168.224.100,5.135.12.56

FireFox:
========
FF ProfilePath: C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: sweet-page
FF Homepage: https://de.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-859861029-3488139155-271133188-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Adblock Plus - C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-19]
FF Extension: Adblock Plus - C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Firefox\Extensions: [inlinetranslate@inlinetranslate.com] - C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\extensions\inlinetranslate@inlinetranslate.com

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435016 2013-02-10] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1021256 2009-10-30] (TuneUp Software)
R2 Winstep Xtreme Service; C:\Program Files\Winstep\WsxService [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 20:16 - 2015-01-14 20:16 - 01116672 _____ (Farbar) C:\Users\Sanne\Desktop\FRST(1).exe
2015-01-14 20:02 - 2015-01-15 07:41 - 00000000 ____D () C:\FRST
2015-01-14 18:34 - 2015-01-14 18:34 - 00000197 _____ () C:\Windows\system32\2015-01-14-17-34-12.025-AvastVBoxSVC.exe-3796.log
2015-01-14 12:08 - 2015-01-14 12:08 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\Simply Super Software
2015-01-14 12:04 - 2015-01-14 12:16 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-14 12:04 - 2015-01-14 12:04 - 00001097 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2015-01-14 12:04 - 2015-01-14 12:04 - 00000000 ____D () C:\Users\Sanne\Documents\Simply Super Software
2015-01-14 12:04 - 2015-01-14 12:04 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-01-14 12:04 - 2015-01-14 12:04 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-14 12:04 - 2015-01-14 12:04 - 00000000 ____D () C:\Program Files\Trojan Remover
2015-01-14 11:50 - 2015-01-14 11:50 - 01179936 _____ () C:\Users\Sanne\Downloads\Trojan Remover - CHIP-Installer.exe
2015-01-14 10:45 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 10:45 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 10:45 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 10:45 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:45 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:45 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 10:39 - 2015-01-14 10:39 - 00000197 _____ () C:\Windows\system32\2015-01-14-09-39-10.043-AvastVBoxSVC.exe-4152.log
2015-01-14 05:44 - 2015-01-14 05:44 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-14 01:48 - 2015-01-14 01:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-14 01:48 - 2015-01-14 01:48 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-14 01:37 - 2015-01-14 01:37 - 00000247 _____ () C:\Windows\system32\2015-01-14-00-37-34.078-aswFe.exe-4512.log
2015-01-14 01:27 - 2015-01-15 07:38 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-01-14 01:26 - 2015-01-14 01:26 - 172884064 _____ (Emsisoft Ltd. ) C:\Users\Sanne\Downloads\EmsisoftAntiMalwareSetup.exe
2015-01-14 00:52 - 2015-01-14 01:37 - 00000247 _____ () C:\Windows\system32\2015-01-13-23-52-20.000-aswFe.exe-2636.log
2015-01-14 00:52 - 2015-01-14 00:52 - 00000197 _____ () C:\Windows\system32\2015-01-13-23-52-15.053-AvastVBoxSVC.exe-5872.log
2015-01-14 00:46 - 2015-01-14 00:47 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-14 00:35 - 2015-01-14 01:32 - 00000000 ____D () C:\Program Files\Google
2015-01-14 00:35 - 2015-01-14 01:31 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Google
2015-01-14 00:33 - 2015-01-15 07:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-08 10:59 - 2015-01-08 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainbow Folders
2015-01-08 10:59 - 2015-01-08 10:59 - 00000000 ____D () C:\Program Files\Rainbow Folders
2015-01-08 10:44 - 2015-01-14 01:42 - 00000000 ____D () C:\Users\Sanne\Downloads\Foxit reader
2015-01-06 09:29 - 2015-01-06 09:32 - 00000000 ____D () C:\Users\Sanne\Desktop\2015-01-06 W6
2015-01-06 08:14 - 2015-01-06 08:39 - 00000000 ____D () C:\Users\Sanne\Desktop\2015-01-06 DAK Krankengeld
2014-12-30 15:45 - 2014-12-30 21:27 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-30 15:44 - 2014-12-30 15:44 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-30 15:40 - 2014-12-30 15:41 - 109829936 _____ (Apple Inc.) C:\Users\Sanne\Downloads\iTunesSetup.exe
2014-12-29 14:37 - 2014-12-29 15:29 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\Mp3tag
2014-12-29 11:09 - 2014-12-29 11:09 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Apps\2.0
2014-12-28 20:37 - 2014-12-28 20:38 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-12-28 20:37 - 2014-12-28 20:38 - 00001908 _____ () C:\Windows\diagerr.xml
2014-12-28 18:34 - 2014-12-28 18:34 - 00000000 ____D () C:\Program Files\predm
2014-12-28 12:17 - 2014-12-28 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-28 12:13 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-12-28 12:13 - 2014-07-02 06:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-21 15:36 - 2014-12-21 15:36 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Sanne\Downloads\avira_de_av_5730897383__ws.exe
2014-12-21 15:28 - 2014-12-21 15:42 - 00000000 ____D () C:\Users\Sanne\AppData\Local\7906
2014-12-21 15:10 - 2014-12-21 15:10 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-21 15:06 - 2015-01-14 05:46 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Temp3680
2014-12-21 15:06 - 2015-01-14 05:46 - 00000000 ____D () C:\Program Files\HQPro-Video 1.6V21.12
2014-12-21 15:06 - 2014-12-21 15:06 - 00000000 ____D () C:\Users\Sanne\AppData\Local\globalUpdate
2014-12-18 08:53 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 07:38 - 2012-11-17 23:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-15 07:38 - 2012-08-19 17:17 - 00814056 _____ () C:\Windows\PFRO.log
2015-01-15 07:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 07:38 - 2009-07-14 05:39 - 00003269 _____ () C:\Windows\setupact.log
2015-01-15 07:35 - 2012-08-17 23:38 - 01899552 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 07:21 - 2012-08-19 14:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 00:18 - 2012-08-19 16:51 - 00000000 ____D () C:\Users\Public\Documents\Winstep
2015-01-14 20:11 - 2009-07-14 05:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 20:11 - 2009-07-14 05:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 19:59 - 2012-08-18 00:02 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 19:50 - 2012-08-19 13:38 - 00000000 ____D () C:\Users\Sanne\{972ce4c6-7e08-4474-a285-3208198ce6fd}
2015-01-14 19:16 - 2012-08-18 19:26 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Thunderbird
2015-01-14 18:34 - 2012-08-19 16:51 - 00000000 ____D () C:\Program Files\Winstep
2015-01-14 15:47 - 2013-07-29 21:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 15:44 - 2012-08-19 18:56 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 12:04 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-14 02:13 - 2012-08-19 14:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 02:13 - 2012-08-19 14:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 01:48 - 2014-10-01 22:55 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-14 01:46 - 2014-07-04 15:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-14 01:45 - 2012-08-19 17:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-14 01:45 - 2012-08-19 17:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-14 01:41 - 2012-11-13 23:29 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-14 01:37 - 2014-12-13 12:08 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\DVDVideoSoft
2015-01-14 00:37 - 2012-08-19 16:47 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-01-14 00:36 - 2012-08-19 13:20 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-13 20:26 - 2012-08-19 14:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 20:14 - 2012-10-31 20:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-08 11:05 - 2014-01-25 11:44 - 00303104 ___SH () C:\Users\Sanne\Documents\Thumbs.db
2015-01-08 10:51 - 2008-07-03 12:44 - 00001446 _____ () C:\Program Files\Rainbow Folders.txt
2015-01-08 10:51 - 2008-07-03 11:45 - 00826451 _____ (Piotr Chodzinski ) C:\Program Files\Rainbow Folders.exe
2015-01-06 08:01 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-06 04:36 - 2012-08-18 11:10 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-02 14:38 - 2012-08-19 16:48 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\MediaMonkey
2015-01-02 04:48 - 2009-07-14 09:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-30 21:27 - 2012-08-19 21:17 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-30 15:48 - 2012-08-20 04:23 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\Apple Computer
2014-12-30 15:47 - 2013-03-05 11:51 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Apple Computer
2014-12-30 15:45 - 2012-08-19 21:17 - 00000000 ____D () C:\ProgramData\Apple
2014-12-30 15:29 - 2012-08-19 16:50 - 00000000 ____D () C:\Program Files\Winamp
2014-12-28 20:37 - 2009-07-14 05:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-28 18:37 - 2014-12-09 20:21 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Unity
2014-12-28 12:30 - 2013-12-09 17:43 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-28 12:13 - 2012-08-18 11:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-21 15:42 - 2014-12-13 12:26 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-21 15:31 - 2014-12-09 05:16 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\Spotify
2014-12-21 15:10 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-21 13:54 - 2014-03-13 17:32 - 00000000 ____D () C:\Users\Sanne\Documents\div. Dokumente Sanne

Some content of TEMP:
====================
C:\Users\Sanne\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

#Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-01-2015 01
Ran by Sanne at 2015-01-14 20:19:43
Running from C:\Users\Sanne\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Das Programm lief bis vor 5 Min. immer noch?????? hing bei "listing Programms"???
Die beiden gewünschten Dateien waren aber angelegt....
Habe meinen Rechner jetzt erst mal runtergefahren

LG, Sanne

schrauber · 15.01.2015, 08:30

FRST löschen und neu laden. Dann nochmal laufen lassen, aber bitte nen Haken bei Addition setzen.

Und wichtig: Bitte die Logs in Codetags posten

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Sanne1705 · 15.01.2015, 10:36

Hi Schrauber,

habs soeben neu gemacht hier nun die Log´s

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by Sanne (administrator) on SANNE-PC on 15-01-2015 10:29:46
Running from C:\Users\Sanne\Desktop
Loaded Profiles: Sanne (Available profiles: Sanne)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Winstep Software Technologies) C:\Program Files\Winstep\WsxService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(ACD Systems International Inc.) C:\Program Files\Common Files\ACD Systems\DE\DevDetect.exe
(Winstep Software Technologies) C:\Program Files\Winstep\Nexus.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Run: [Nexus] => C:\Program Files\Winstep\Nexus.exe [16993408 2014-11-05] (Winstep Software Technologies)
HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Run: [SwvUpdtr] => /reg
HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\MountPoints2: {adc28dcc-30d9-11e2-bf30-00252263b098} - K:\Startme.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * aswBoot.exe /M:732e790ae /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1418469982&from=cor&uid=395049983_1052499_ECFAAEFE
HKU\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1418469982&from=cor&uid=395049983_1052499_ECFAAEFE
URLSearchHook: HKU\S-1-5-21-859861029-3488139155-271133188-1001 - (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} -  No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{23E6C0F1-8591-4B76-B57C-797DD60F94B6}: [NameServer] 31.168.224.100,5.135.12.56
Tcpip\..\Interfaces\{4618B231-3952-4FD7-8BB6-FE12AC7912BB}: [NameServer] 31.168.224.100,5.135.12.56

FireFox:
========
FF ProfilePath: C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: sweet-page
FF Homepage: https://de.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-859861029-3488139155-271133188-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Adblock Plus - C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-19]
FF Extension: Adblock Plus - C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Firefox\Extensions: [inlinetranslate@inlinetranslate.com] - C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\extensions\inlinetranslate@inlinetranslate.com

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435016 2013-02-10] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1021256 2009-10-30] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 Winstep Xtreme Service; C:\Program Files\Winstep\WsxService [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 10:29 - 2015-01-15 10:30 - 00012368 _____ () C:\Users\Sanne\Desktop\FRST.txt
2015-01-15 10:28 - 2015-01-15 10:28 - 01116672 _____ (Farbar) C:\Users\Sanne\Desktop\FRST.exe
2015-01-14 20:02 - 2015-01-15 10:29 - 00000000 ____D () C:\FRST
2015-01-14 18:34 - 2015-01-14 18:34 - 00000197 _____ () C:\Windows\system32\2015-01-14-17-34-12.025-AvastVBoxSVC.exe-3796.log
2015-01-14 12:04 - 2015-01-15 10:21 - 00000000 ____D () C:\Program Files\Trojan Remover
2015-01-14 12:04 - 2015-01-14 12:16 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-14 12:04 - 2015-01-14 12:04 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-14 11:50 - 2015-01-14 11:50 - 01179936 _____ () C:\Users\Sanne\Downloads\Trojan Remover - CHIP-Installer.exe
2015-01-14 10:45 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 10:45 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 10:45 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 10:45 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:45 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:45 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 10:39 - 2015-01-14 10:39 - 00000197 _____ () C:\Windows\system32\2015-01-14-09-39-10.043-AvastVBoxSVC.exe-4152.log
2015-01-14 05:44 - 2015-01-14 05:44 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-14 01:48 - 2015-01-14 01:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-14 01:48 - 2015-01-14 01:48 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-14 01:37 - 2015-01-14 01:37 - 00000247 _____ () C:\Windows\system32\2015-01-14-00-37-34.078-aswFe.exe-4512.log
2015-01-14 01:27 - 2015-01-15 07:38 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-01-14 01:26 - 2015-01-14 01:26 - 172884064 _____ (Emsisoft Ltd. ) C:\Users\Sanne\Downloads\EmsisoftAntiMalwareSetup.exe
2015-01-14 00:52 - 2015-01-14 01:37 - 00000247 _____ () C:\Windows\system32\2015-01-13-23-52-20.000-aswFe.exe-2636.log
2015-01-14 00:52 - 2015-01-14 00:52 - 00000197 _____ () C:\Windows\system32\2015-01-13-23-52-15.053-AvastVBoxSVC.exe-5872.log
2015-01-14 00:46 - 2015-01-14 00:47 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-14 00:35 - 2015-01-14 01:32 - 00000000 ____D () C:\Program Files\Google
2015-01-14 00:35 - 2015-01-14 01:31 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Google
2015-01-14 00:33 - 2015-01-15 07:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-08 10:59 - 2015-01-08 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainbow Folders
2015-01-08 10:59 - 2015-01-08 10:59 - 00000000 ____D () C:\Program Files\Rainbow Folders
2015-01-08 10:44 - 2015-01-14 01:42 - 00000000 ____D () C:\Users\Sanne\Downloads\Foxit reader
2015-01-06 09:29 - 2015-01-06 09:32 - 00000000 ____D () C:\Users\Sanne\Desktop\2015-01-06 W6
2015-01-06 08:14 - 2015-01-06 08:39 - 00000000 ____D () C:\Users\Sanne\Desktop\2015-01-06 DAK Krankengeld
2014-12-30 15:45 - 2014-12-30 21:27 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-30 15:44 - 2014-12-30 15:44 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-30 15:40 - 2014-12-30 15:41 - 109829936 _____ (Apple Inc.) C:\Users\Sanne\Downloads\iTunesSetup.exe
2014-12-29 14:37 - 2014-12-29 15:29 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\Mp3tag
2014-12-29 11:09 - 2014-12-29 11:09 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Apps\2.0
2014-12-28 20:37 - 2014-12-28 20:38 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-12-28 20:37 - 2014-12-28 20:38 - 00001908 _____ () C:\Windows\diagerr.xml
2014-12-28 18:34 - 2014-12-28 18:34 - 00000000 ____D () C:\Program Files\predm
2014-12-28 12:17 - 2014-12-28 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-28 12:13 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-12-28 12:13 - 2014-07-02 06:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-21 15:36 - 2014-12-21 15:36 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Sanne\Downloads\avira_de_av_5730897383__ws.exe
2014-12-21 15:28 - 2014-12-21 15:42 - 00000000 ____D () C:\Users\Sanne\AppData\Local\7906
2014-12-21 15:10 - 2014-12-21 15:10 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-21 15:06 - 2015-01-14 05:46 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Temp3680
2014-12-21 15:06 - 2015-01-14 05:46 - 00000000 ____D () C:\Program Files\HQPro-Video 1.6V21.12
2014-12-21 15:06 - 2014-12-21 15:06 - 00000000 ____D () C:\Users\Sanne\AppData\Local\globalUpdate
2014-12-18 08:53 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 10:26 - 2012-08-19 13:38 - 00000000 ____D () C:\Users\Sanne\{972ce4c6-7e08-4474-a285-3208198ce6fd}
2015-01-15 10:25 - 2012-08-17 23:38 - 01925482 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 10:22 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 10:21 - 2012-11-17 23:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-15 10:21 - 2012-08-19 17:17 - 00814798 _____ () C:\Windows\PFRO.log
2015-01-15 10:21 - 2009-07-14 05:39 - 00003381 _____ () C:\Windows\setupact.log
2015-01-15 10:21 - 2009-07-14 05:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 10:21 - 2009-07-14 05:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 10:21 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-15 07:21 - 2012-08-19 14:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 00:18 - 2012-08-19 16:51 - 00000000 ____D () C:\Users\Public\Documents\Winstep
2015-01-14 19:59 - 2012-08-18 00:02 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 19:16 - 2012-08-18 19:26 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Thunderbird
2015-01-14 18:34 - 2012-08-19 16:51 - 00000000 ____D () C:\Program Files\Winstep
2015-01-14 15:47 - 2013-07-29 21:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 15:44 - 2012-08-19 18:56 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 02:13 - 2012-08-19 14:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 02:13 - 2012-08-19 14:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 01:48 - 2014-10-01 22:55 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-14 01:46 - 2014-07-04 15:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-14 01:45 - 2012-08-19 17:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-14 01:45 - 2012-08-19 17:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-14 01:41 - 2012-11-13 23:29 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-14 01:37 - 2014-12-13 12:08 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\DVDVideoSoft
2015-01-14 00:37 - 2012-08-19 16:47 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-01-14 00:36 - 2012-08-19 13:20 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-13 20:26 - 2012-08-19 14:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 20:14 - 2012-10-31 20:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-08 11:05 - 2014-01-25 11:44 - 00303104 ___SH () C:\Users\Sanne\Documents\Thumbs.db
2015-01-08 10:51 - 2008-07-03 12:44 - 00001446 _____ () C:\Program Files\Rainbow Folders.txt
2015-01-08 10:51 - 2008-07-03 11:45 - 00826451 _____ (Piotr Chodzinski ) C:\Program Files\Rainbow Folders.exe
2015-01-06 08:01 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-06 04:36 - 2012-08-18 11:10 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-02 14:38 - 2012-08-19 16:48 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\MediaMonkey
2015-01-02 04:48 - 2009-07-14 09:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-30 21:27 - 2012-08-19 21:17 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-30 15:48 - 2012-08-20 04:23 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\Apple Computer
2014-12-30 15:47 - 2013-03-05 11:51 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Apple Computer
2014-12-30 15:45 - 2012-08-19 21:17 - 00000000 ____D () C:\ProgramData\Apple
2014-12-30 15:29 - 2012-08-19 16:50 - 00000000 ____D () C:\Program Files\Winamp
2014-12-28 20:37 - 2009-07-14 05:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-28 18:37 - 2014-12-09 20:21 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Unity
2014-12-28 12:30 - 2013-12-09 17:43 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-28 12:13 - 2012-08-18 11:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-21 15:42 - 2014-12-13 12:26 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-21 15:31 - 2014-12-09 05:16 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\Spotify
2014-12-21 15:10 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-21 13:54 - 2014-03-13 17:32 - 00000000 ____D () C:\Users\Sanne\Documents\div. Dokumente Sanne

Some content of TEMP:
====================
C:\Users\Sanne\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 02:32

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015
Ran by Sanne at 2015-01-15 10:30:16
Running from C:\Users\Sanne\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
ACDSee Pro 3 (HKLM\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.355 - ACD Systems International Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Albelli Fotobücher (HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version:  - Albelli)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Ashampoo Burning Studio 2010 Advanced 9.25 (HKLM\...\Ashampoo Burning Studio 2010 Advanced_is1) (Version: 3.1.1 - ashampoo GmbH & Co. KG)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)
Bamboo Dock (HKLM\...\Bamboo Dock) (Version: 4.0 - Wacom Co., Ltd.)
Bamboo Dock (Version: 4.0.0 - Wacom Europe GmbH) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
FileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.3.1.606 - Foxit Corporation)
InlineTranslate für Firefox (HKLM\...\{C84149C6-0CF4-4003-BF6F-B9E70E3ACB90}_is1) (Version: 2.0 - InlineTranslate)
Kölsch-Übersetzer (HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Kölsch-Übersetzer) (Version:  - )
MediaMonkey 4.0 (HKLM\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Mp3tag v2.48 (HKLM\...\Mp3tag) (Version: v2.48 - Florian Heidenreich)
MySQL Server 5.1 (HKLM\...\{90BE3E28-62C6-4AD3-85C7-76605E54A9C2}) (Version: 5.1.57 - Oracle Corporation)
Nexus 12.2 (HKLM\...\Winstep Xtreme_is1) (Version:  - )
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenOffice.org 3.4 (HKLM\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.3 - Frank Heindörfer, Philip Chinery)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Quicktime Browser Plug-In (HKLM\...\QuicktimePluginDeinstallKey) (Version:  - )
Rainbow Folders (HKLM\...\{2AEA17BA-FAB3-49D2-BB85-0669D14DC9BC}_is1) (Version: 2.05 - Piotr Chodzinski)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TuneUp Utilities (HKLM\...\TuneUp Utilities) (Version: 9.0.2000.15 - TuneUp Software)
TuneUp Utilities (Version: 9.0.2000.15 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 9.0.2000.15 - TuneUp Software) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebTablet FB Plugin (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-859861029-3488139155-271133188-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Restore Points  =========================

30-12-2014 21:14:58 Removed iTunes
30-12-2014 21:28:01 Removed Apple Software Update
06-01-2015 09:12:58 Windows Update
09-01-2015 12:53:23 Windows Update
13-01-2015 12:27:49 Windows Update
14-01-2015 00:34:15 avast! antivirus system restore point
14-01-2015 00:41:01 avast! antivirus system restore point
14-01-2015 01:39:39 Removed Bonjour
14-01-2015 15:43:00 Windows Update
14-01-2015 20:07:33 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-12-28 22:11 - 00450831 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {002FF5FB-036A-4498-8456-D53C2D3BAED2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {22772717-1D3C-4BDF-B8C7-EC3774F80FF9} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {4EE34FC1-58DD-404B-A0DD-BF298ADD387B} - System32\Tasks\Automatische Problemsuche => C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30] (TuneUp Software)
Task: {50CD6FB1-9E56-49C2-9B86-8BC6DD8C2C2A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {99A7BBDA-361B-43FF-90DA-3385D6A66AFA} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files\TuneUp Utilities 2010\OneClick.exe [2009-10-30] (TuneUp Software)
Task: {AAD3369B-3593-46F8-9AC6-2DCC8DEA976F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {D02E1C35-4F58-4BB3-97FF-D85BDBBC90F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-11-17 23:35 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-09 17:43 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-09 17:43 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-09 17:43 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-12-09 17:43 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-12-09 17:43 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-08-19 17:02 - 2011-09-08 16:48 - 00962936 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-08-21 17:16 - 2012-06-08 19:40 - 01086176 _____ () C:\Program Files\Winstep\wodTelnetDLX.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-859861029-3488139155-271133188-500 - Administrator - Disabled)
Gast (S-1-5-21-859861029-3488139155-271133188-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-859861029-3488139155-271133188-1002 - Limited - Enabled)
Sanne (S-1-5-21-859861029-3488139155-271133188-1001 - Administrator - Enabled) => C:\Users\Sanne

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 07:46:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc015000f
Fehleroffset: 0x00083fd3
ID des fehlerhaften Prozesses: 0xbdc
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (01/15/2015 07:46:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18517, Zeitstempel: 0x53aa285b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1f8
ID des fehlerhaften Prozesses: 0xbdc
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (01/15/2015 00:36:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/14/2015 08:18:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc015000f
Fehleroffset: 0x00083fd3
ID des fehlerhaften Prozesses: 0xc6c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (01/14/2015 08:18:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18517, Zeitstempel: 0x53aa285b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1f8
ID des fehlerhaften Prozesses: 0xc6c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (01/14/2015 08:07:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7f005da7-67c9-424f-93f2-56a6f809b962}

Error: (01/14/2015 00:20:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc015000f
Fehleroffset: 0x00083fd3
ID des fehlerhaften Prozesses: 0xd14
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (01/14/2015 00:20:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18517, Zeitstempel: 0x53aa285b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1f8
ID des fehlerhaften Prozesses: 0xd14
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (01/14/2015 10:37:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DevDetect.exe, Version: 5.1.187.0, Zeitstempel: 0x4ab01008
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xef4
Startzeit der fehlerhaften Anwendung: 0xDevDetect.exe0
Pfad der fehlerhaften Anwendung: DevDetect.exe1
Pfad des fehlerhaften Moduls: DevDetect.exe2
Berichtskennung: DevDetect.exe3

Error: (01/14/2015 02:33:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (01/15/2015 07:35:29 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/14/2015 09:42:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/14/2015 07:56:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (01/14/2015 07:56:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (01/14/2015 07:56:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (01/14/2015 07:56:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (01/14/2015 06:23:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/14/2015 03:31:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TouchServicePen erreicht.

Error: (01/10/2015 03:50:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (01/03/2015 04:54:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


Microsoft Office Sessions:
=========================
Error: (01/15/2015 07:46:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7ntdll.dll6.1.7601.18247521ea91cc015000f00083fd3bdc01d0308df51c54d7C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll35b70ddd-9c82-11e4-8aba-00252263b098

Error: (01/15/2015 07:46:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1851753aa285bc00000050004b1f8bdc01d0308df51c54d7C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll32ba2d73-9c82-11e4-8aba-00252263b098

Error: (01/15/2015 00:36:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\distutils\command\wininst-9.0-amd64.exe

Error: (01/14/2015 08:18:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7ntdll.dll6.1.7601.18247521ea91cc015000f00083fd3c6c01d0302004542f07C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll2348d372-9c22-11e4-a63f-00252263b098

Error: (01/14/2015 08:18:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1851753aa285bc00000050004b1f8c6c01d0302004542f07C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll1e4e5463-9c22-11e4-a63f-00252263b098

Error: (01/14/2015 08:07:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7f005da7-67c9-424f-93f2-56a6f809b962}

Error: (01/14/2015 00:20:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7ntdll.dll6.1.7601.18247521ea91cc015000f00083fd3d1401d02fdd9bcd1f19C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll69b91cb8-9bdf-11e4-a5eb-00252263b098

Error: (01/14/2015 00:20:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1851753aa285bc00000050004b1f8d1401d02fdd9bcd1f19C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll660f1587-9bdf-11e4-a5eb-00252263b098

Error: (01/14/2015 10:37:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DevDetect.exe5.1.187.04ab01008unknown0.0.0.000000000c000000500000000ef401d02fdd9da851cbC:\Program Files\Common Files\ACD Systems\DE\DevDetect.exeunknowne375d01f-9bd0-11e4-a5eb-00252263b098

Error: (01/14/2015 02:33:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\distutils\command\wininst-9.0-amd64.exe


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 31%
Total physical RAM: 3583.3 MB
Available physical RAM: 2443.42 MB
Total Pagefile: 7164.9 MB
Available Pagefile: 5986.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:118.85 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:201.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A7549456)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 967.5 MB) (Disk ID: CA373C06)
Partition 1: (Active) - (Size=967 MB) - (Type=06)

==================== End Of Log ============================

hoffe nun ist´s richtig ;-)

Gruß, Sanne

schrauber · 15.01.2015, 12:46

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Sanne1705 · 15.01.2015, 15:29

Hi,
der nächste Schritt ist gemacht:

Code:

ATTFilter

ComboFix 15-01-08.01 - Sanne 15.01.2015  14:59:12.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3583.2383 [GMT 1:00]
ausgeführt von:: c:\users\Sanne\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-15 bis 2015-01-15  ))))))))))))))))))))))))))))))
.
.
2015-01-15 14:05 . 2015-01-15 14:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-15 13:59 . 2015-01-15 13:59	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{748552E0-65CB-42FF-8F82-AD43A02E19DC}\offreg.dll
2015-01-14 19:02 . 2015-01-15 09:30	--------	d-----w-	C:\FRST
2015-01-14 11:04 . 2015-01-14 11:04	--------	d-----w-	c:\programdata\Licenses
2015-01-14 11:04 . 2015-01-15 09:21	--------	d-----w-	c:\program files\Trojan Remover
2015-01-14 09:45 . 2014-12-12 05:11	3971512	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-01-14 09:45 . 2014-12-12 05:11	3916728	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-01-14 09:45 . 2014-12-15 03:13	9054624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{748552E0-65CB-42FF-8F82-AD43A02E19DC}\mpengine.dll
2015-01-14 09:45 . 2014-12-11 17:47	74240	----a-w-	c:\windows\system32\TSWbPrxy.exe
2015-01-14 09:45 . 2014-12-19 02:43	164864	----a-w-	c:\windows\system32\profsvc.dll
2015-01-14 09:45 . 2014-12-06 03:50	242688	----a-w-	c:\windows\system32\nlasvc.dll
2015-01-14 09:45 . 2014-12-19 01:34	116224	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2015-01-14 04:44 . 2015-01-14 04:44	--------	d-----w-	c:\programdata\Emsisoft
2015-01-14 00:48 . 2015-01-14 00:48	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2015-01-14 00:48 . 2015-01-14 00:48	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-01-14 00:48 . 2015-01-14 00:48	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2015-01-14 00:48 . 2015-01-14 00:48	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-01-14 00:48 . 2015-01-14 00:48	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2015-01-14 00:48 . 2015-01-14 00:48	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-01-14 00:48 . 2015-01-14 00:48	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2015-01-14 00:48 . 2015-01-14 00:48	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-01-14 00:48 . 2015-01-14 00:48	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2015-01-14 00:48 . 2015-01-14 00:48	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-01-14 00:48 . 2015-01-14 00:48	--------	d-----w-	c:\program files\QuickTime
2015-01-14 00:27 . 2015-01-15 06:38	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2015-01-13 23:46 . 2015-01-13 23:47	--------	d-----w-	c:\windows\system32\vbox
2015-01-13 23:35 . 2015-01-14 00:32	--------	d-----w-	c:\program files\Google
2015-01-13 23:35 . 2015-01-14 00:31	--------	d-----w-	c:\users\Sanne\AppData\Local\Google
2015-01-13 23:33 . 2015-01-15 06:38	--------	d-----w-	c:\programdata\AVAST Software
2015-01-13 19:14 . 2015-01-13 19:14	73840	----a-w-	c:\program files\Mozilla Firefox\wow_helper.exe
2015-01-08 09:59 . 2015-01-08 09:59	--------	d-----w-	c:\program files\Rainbow Folders
2015-01-03 14:43 . 2015-01-03 14:43	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-01-03 14:43 . 2015-01-03 14:43	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-01-02 03:50 . 2015-01-02 03:50	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-01-02 03:50 . 2015-01-02 03:50	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-01-02 03:50 . 2015-01-02 03:50	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-12-30 14:46 . 2014-12-30 20:25	--------	dc----w-	c:\windows\system32\DRVSTORE
2014-12-30 14:45 . 2014-12-30 20:27	--------	d-----w-	c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-30 14:44 . 2014-12-30 14:44	--------	d-----w-	c:\program files\Bonjour
2014-12-29 13:37 . 2014-12-29 14:29	--------	d-----w-	c:\users\Sanne\AppData\Roaming\Mp3tag
2014-12-29 10:09 . 2014-12-29 10:09	--------	d-----w-	c:\users\Sanne\AppData\Local\Apps
2014-12-28 17:34 . 2014-12-28 17:34	--------	d-----w-	c:\program files\predm
2014-12-28 11:13 . 2014-07-02 17:39	609240	----a-w-	c:\windows\system32\nvStreaming.exe
2014-12-28 11:13 . 2014-07-02 05:14	3826628	----a-w-	c:\windows\system32\nvcoproc.bin
2014-12-21 14:28 . 2014-12-21 14:42	--------	d-----w-	c:\users\Sanne\AppData\Local\7906
2014-12-21 14:10 . 2014-12-21 14:10	--------	d--h--w-	c:\users\Public\Temp
2014-12-21 14:06 . 2014-12-21 14:06	--------	d-----w-	c:\users\Sanne\AppData\Local\globalUpdate
2014-12-21 14:06 . 2015-01-14 04:46	--------	d-----w-	c:\program files\HQPro-Video 1.6V21.12
2014-12-21 14:06 . 2015-01-14 04:46	--------	d-----w-	c:\users\Sanne\AppData\Local\Temp3680
2014-12-18 07:53 . 2014-12-13 03:33	115712	----a-w-	c:\windows\system32\ieUnatt.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-14 01:13 . 2012-08-19 13:07	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 01:13 . 2012-08-19 13:07	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-01-08 09:51 . 2008-07-03 10:45	826451	----a-w-	c:\program files\Rainbow Folders.exe
2015-01-06 03:36 . 2012-08-18 10:10	249488	------w-	c:\windows\system32\MpSigStub.exe
2014-12-04 04:38 . 2014-12-10 21:19	337920	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 04:38 . 2014-12-10 21:19	610304	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 04:38 . 2014-12-10 21:19	315392	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 04:38 . 2014-12-10 21:19	728576	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 04:38 . 2014-12-10 21:19	159744	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 04:38 . 2014-12-10 21:19	202752	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 04:34 . 2014-12-10 21:19	873984	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 21:19	1160872	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-22 02:20 . 2014-12-10 21:19	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-10 21:19	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-10 21:19	501248	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-10 21:19	62464	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-10 21:19	47616	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 21:19	64000	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-10 21:19	102912	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-10 21:19	620032	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-10 21:19	667648	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-10 21:19	60416	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 21:19	4299264	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-10 21:19	2052096	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 21:19	1155072	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-10 21:19	1888256	----a-w-	c:\windows\system32\wininet.dll
2014-11-11 02:44 . 2014-12-10 21:19	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 13:33	186880	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 13:33	550912	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 01:32 . 2014-12-10 21:19	74752	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-11-08 02:45 . 2014-12-10 21:18	2048	----a-w-	c:\windows\system32\tzres.dll
2014-10-30 01:45 . 2014-12-10 21:18	155136	----a-w-	c:\windows\system32\charmap.exe
2014-10-25 01:32 . 2014-11-13 01:50	67584	----a-w-	c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-13 01:51	571904	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-12-10 23:19	3209728	----a-w-	c:\windows\system32\mf.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"SwvUpdtr"="/reg" [X]
"Nexus"="c:\program files\Winstep\Nexus.exe" [2014-11-05 16993408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0aswBoot.exe /M:732e790ae /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-10-11 12:05	60712	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 13:23	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"BambooCore"=c:\program files\Bamboo Dock\BambooCore.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 cleanhlp;cleanhlp;c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-11-17 12400]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 5554552]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 451960]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 01:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1418469982&from=cor&uid=395049983_1052499_ECFAAEFE
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{23E6C0F1-8591-4B76-B57C-797DD60F94B6}: NameServer = 31.168.224.100,5.135.12.56
TCP: Interfaces\{4618B231-3952-4FD7-8BB6-FE12AC7912BB}: NameServer = 31.168.224.100,5.135.12.56
FF - ProfilePath - c:\users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\
FF - prefs.js: browser.search.selectedEngine - sweet-page
FF - prefs.js: browser.startup.homepage - hxxps://de.yahoo.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1 - c:\users\Sanne\AppData\Local\Albelli Fotobücher\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-859861029-3488139155-271133188-1001)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-859861029-3488139155-271133188-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-859861029-3488139155-271133188-1001)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
@Allowed: (Read) (RestrictedCode)
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAATqUVs/syq0qqomBDx/sMPgAAAAACAAAAAAAQZgAAAAEAACAAAABSVaik4x26KI9XmMbhO7UQV2auCPpKRcYThcK8MxldzQAAAAAOgAAAAAIAACAAAACzp/PTO8umvz0Kcd1aQuSYZm4tntSoI/jrXu89HSAnDhAAAABveA6X+Fe3zCvFjrG5x8TNQAAAAJ/5uqv1ois7ar4tc7k6N/Loy2HlylYPOr5C9MVeU02KNxFYAIfmJTfvxuOFgNZqM7bdz4UC80j2GsrBmUtbPIA="
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAATqUVs/syq0qqomBDx/sMPgAAAAACAAAAAAAQZgAAAAEAACAAAACZT+IH+O6Z+FLZG4RLosDIuBJxUt6PwxPj2GDLoiIXwgAAAAAOgAAAAAIAACAAAADm8vZxEJ8WPl+8lJLYDtvq+bX1WNQOxAxftEu3PfF+RiAAAABajgPL6ZTkh1ZL6mLDZPbCdV5J9xVRc5rqRsZclu1ft0AAAABIBFeFUG+v7NMUtQAWGwtzLao9rFh+b8AgodPGUs5Vxpy0VQCotrF0D8eFVxOI6QnwaJ/n096QPZ5nDq29lXpi"
"{FCCCD80D-2A5E-401E-B64F-D1C2E375B955}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAATqUVs/syq0qqomBDx/sMPgAAAAACAAAAAAAQZgAAAAEAACAAAAAfz0eFFImkd978BKEJgYCU6ND6myd+FUq255jkcAFVXwAAAAAOgAAAAAIAACAAAAC4hKcFO6ew+GYibqaw/SMhZRS4/yRCaEMXsmyvblBl2RAAAABdr0UFUwEko2P+NOgELAgBQAAAAJBiIOAVCrceTj3ecRVEW5ulXj5e0w1Y+ZXaRn37jrh789RZ2LaKzLZiNuEd+v2KBXrN3C11jGAatL+EqhXoDds="
.
[HKEY_USERS\S-1-5-21-859861029-3488139155-271133188-1001_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock]
"LastSynchronizationClock"=hex(b):70,36,65,d4,22,e6,d1,08
"DeltaClock"=hex(b):a0,72,fb,ff,ff,ff,ff,ff
"LastNtpServer"="time.nist.gov"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-15  15:21:29
ComboFix-quarantined-files.txt  2015-01-15 14:21
.
Vor Suchlauf: 9 Verzeichnis(se), 127.749.701.632 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 125.857.259.520 Bytes frei
.
- - End Of File - - A86BB17072C6966B521CBED3E172D90D
A36C5E4F47E84449FF07ED3517B43A31

Gruß, Sanne

schrauber · 15.01.2015, 16:20

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Sanne1705 · 15.01.2015, 17:28

Hallo Schrauber,

alle 4 Schritte erledigt. hier die gewünschten Dateien

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 15.01.2015
Suchlauf-Zeit: 16:47:19
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.15.09
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Sanne

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 315925
Verstrichene Zeit: 9 Min, 30 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 5
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\GAMESDESKTOP, In Quarantäne, [ab0a23d48cfdd95dc771541ff80b0ef2], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\supWindowsMangerProtect, In Quarantäne, [b302f502cebbd95dc2234e9b6b995ca4], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [862f19de58312b0b2ec594e5e122ca36], 
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-859861029-3488139155-271133188-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, In Quarantäne, [e0d5d4238efb3bfbc7750279fb089c64], 
PUP.Optional.FastStart.A, HKU\S-1-5-21-859861029-3488139155-271133188-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [a3123bbcd3b6db5bbd2388f933d03cc4], 

Registrierungswerte: 2
PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\extensions\faststartff@gmail.com, In Quarantäne, [af06fbfc37527abc36c911d7b94b9f61]
PUP.Optional.FastStart.A, HKU\S-1-5-21-859861029-3488139155-271133188-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [a3123bbcd3b6db5bbd2388f933d03cc4]

Registrierungsdaten: 4
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[d4e122d56d1c4aece4692274aa5b9967]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-859861029-3488139155-271133188-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1418469982&from=cor&uid=395049983_1052499_ECFAAEFE, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1418469982&from=cor&uid=395049983_1052499_ECFAAEFE),Ersetzt,[02b346b1147586b095198b0bf312b848]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{23E6C0F1-8591-4B76-B57C-797DD60F94B6}|NameServer, 31.168.224.100,5.135.12.56, Gut: (), Schlecht: (31.168.224.100,5.135.12.56),Ersetzt,[7c3953a46128e2541db9f6a20ef7b14f]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{4618B231-3952-4FD7-8BB6-FE12AC7912BB}|NameServer, 31.168.224.100,5.135.12.56, Gut: (), Schlecht: (31.168.224.100,5.135.12.56),Ersetzt,[83321ed9e1a85dd9597d0692bd485da3]

Ordner: 3
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [dbdaa255f891b87e5ebb37188a7912ee], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [dbdaa255f891b87e5ebb37188a7912ee], 
PUP.Optional.CrossRider.A, C:\Program Files\HQPro-Video 1.6V21.12, In Quarantäne, [397ccf285435fc3a22240e56996af20e], 

Dateien: 21
PUP.Optional.OpenCandy, C:\Users\Sanne\Downloads\winamp5601_full_emusic-7plus_all.exe, In Quarantäne, [f1c4d1265336dc5a0d7aa11bcc39b848], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [dbdaa255f891b87e5ebb37188a7912ee], 
PUP.Optional.QuickStart.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[9c1930c7e7a21d19f1a9507ff60f4fb1]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), Ersetzt,[4e6746b134551d193c9b98383acb30d0]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you m), Ersetzt,[b4013bbc57326bcb3c9b29a77e87718f]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you ma), Ersetzt,[6a4b3eb9672294a2f1e6bc1440c520e0]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If you ma), Ersetzt,[a90c9a5dfb8ea393389fab25c63f659b]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file w), Ersetzt,[684dc1368efbc76f35a2359bb45153ad]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: ( this file.
 *
 * If you make changes to this file whil), Ersetzt,[6253589f5336a3935e7916bab84d8e72]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make ch), Ersetzt,[991caa4dfa8f033393448d43a75e45bb]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you make changes ), Ersetzt,[22935e995e2b1125d4037c5418edec14]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
 *
 * If you make changes to ), Ersetzt,[1c998770f891ea4ca433fbd57590a759]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (es

/* Do not edit this file.
 *
 * If you make ch), Ersetzt,[7342ed0a3554340203d4c907ed18a858]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while the application i), Ersetzt,[cbea85727e0b8babad2ad6fa6f96e41c]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: ( you make changes to this file while the application is), Ersetzt,[684d96611b6e9b9b67705e729d6812ee]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you make c), Ersetzt,[b9fc4bac3c4db284e3f406ca2adbf010]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (nces

/* Do not edit this file.
 *
 * If you mak), Ersetzt,[65509b5c3653f145d8ff616f07fead53]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you make changes to this fi), Ersetzt,[664f09ee1475d85eb3243f913cc94bb5]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (it this file.
 *
 * If you make changes to this file wh), Ersetzt,[7d3877803f4ac76f9e39844cbc4940c0]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make c), Ersetzt,[288d6394fb8e3105389f0fc18f762dd3]
PUP.Optional.Babylon.A, C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to ), Ersetzt,[c8ed7c7b147588ae0ccb745c2cd9a858]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 15/01/2015 um 17:07:11
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Sanne - SANNE-PC
# Gestartet von : C:\Users\Sanne\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\predm
Ordner Gelöscht : C:\Users\Sanne\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Sanne\AppData\Roaming\DesktopIconForAmazon
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Wnkey
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyAshampoo\toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 de)

[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "sweet-page");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "ecfaaefe00000000000084c9b2377443");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15573");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111304&tt=3412_1");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.622:24:19");
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[nu462yi3.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [3993 octets] - [15/01/2015 17:04:43]
AdwCleaner[S0].txt - [4094 octets] - [15/01/2015 17:07:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4154 octets] ##########

--- --- ---

JRT Logfile:

Code:

ATTFilter

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x86
Ran by Sanne on 15.01.2015 at 17:18:28,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Sanne\appdata\locallow\myashampoo"



~~~ FireFox

Emptied folder: C:\Users\Sanne\AppData\Roaming\mozilla\firefox\profiles\nu462yi3.default\minidumps [146 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.01.2015 at 17:20:34,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

und das frst

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by Sanne (administrator) on SANNE-PC on 15-01-2015 17:21:44
Running from C:\Users\Sanne\Desktop
Loaded Profiles: Sanne (Available profiles: Sanne)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
(Winstep Software Technologies) C:\Program Files\Winstep\WsxService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(ACD Systems International Inc.) C:\Program Files\Common Files\ACD Systems\DE\DevDetect.exe
(Winstep Software Technologies) C:\Program Files\Winstep\Nexus.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [IJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Run: [Nexus] => C:\Program Files\Winstep\Nexus.exe [16993408 2014-11-05] (Winstep Software Technologies)
HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Run: [SwvUpdtr] => /reg
BootExecute: autocheck autochk * aswBoot.exe /M:732e790ae /dir:C:\Program

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-859861029-3488139155-271133188-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-859861029-3488139155-271133188-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default
FF Homepage: https://de.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-859861029-3488139155-271133188-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-19]
FF Extension: Adblock Plus - C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Firefox\Extensions: [inlinetranslate@inlinetranslate.com] - C:\Users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\nu462yi3.default\extensions\inlinetranslate@inlinetranslate.com

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435016 2013-02-10] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1021256 2009-10-30] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 Winstep Xtreme Service; C:\Program Files\Winstep\WsxService [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)
S3 catchme; \??\C:\Users\Sanne\AppData\Local\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 17:20 - 2015-01-15 17:20 - 00000837 _____ () C:\Users\Sanne\Desktop\JRT.txt
2015-01-15 17:18 - 2015-01-15 17:18 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 17:17 - 2015-01-15 17:17 - 00004234 _____ () C:\Users\Sanne\Desktop\AdwCleaner[S0].txt
2015-01-15 17:04 - 2015-01-15 17:07 - 00000000 ____D () C:\AdwCleaner
2015-01-15 17:01 - 2015-01-15 17:01 - 00008574 _____ () C:\Users\Sanne\Desktop\mbam.txt
2015-01-15 16:36 - 2015-01-15 17:09 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 16:36 - 2015-01-15 16:36 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-15 16:36 - 2015-01-15 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-15 16:36 - 2015-01-15 16:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-15 16:36 - 2015-01-15 16:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-15 16:36 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-15 16:36 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-15 16:36 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-15 16:33 - 2015-01-15 16:33 - 01707939 _____ (Thisisu) C:\Users\Sanne\Desktop\JRT.exe
2015-01-15 16:32 - 2015-01-15 16:32 - 02191360 _____ () C:\Users\Sanne\Desktop\AdwCleaner_4.107.exe
2015-01-15 16:31 - 2015-01-15 16:31 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sanne\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-15 15:21 - 2015-01-15 15:21 - 00036298 _____ () C:\ComboFix.txt
2015-01-15 14:56 - 2015-01-15 15:21 - 00000000 ____D () C:\Qoobox
2015-01-15 14:56 - 2015-01-15 15:20 - 00000000 ____D () C:\Windows\erdnt
2015-01-15 14:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-15 14:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-15 14:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-15 14:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-15 14:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-15 14:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-15 14:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-15 14:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-15 14:55 - 2015-01-15 14:55 - 05609736 ____R (Swearware) C:\Users\Sanne\Desktop\ComboFix.exe
2015-01-15 10:30 - 2015-01-15 10:30 - 00025620 _____ () C:\Users\Sanne\Desktop\Addition.txt
2015-01-15 10:29 - 2015-01-15 17:21 - 00011039 _____ () C:\Users\Sanne\Desktop\FRST.txt
2015-01-15 10:28 - 2015-01-15 10:28 - 01116672 _____ (Farbar) C:\Users\Sanne\Desktop\FRST.exe
2015-01-14 20:02 - 2015-01-15 17:21 - 00000000 ____D () C:\FRST
2015-01-14 18:34 - 2015-01-14 18:34 - 00000197 _____ () C:\Windows\system32\2015-01-14-17-34-12.025-AvastVBoxSVC.exe-3796.log
2015-01-14 12:04 - 2015-01-15 15:03 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-14 12:04 - 2015-01-15 10:21 - 00000000 ____D () C:\Program Files\Trojan Remover
2015-01-14 12:04 - 2015-01-14 12:04 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-14 11:50 - 2015-01-14 11:50 - 01179936 _____ () C:\Users\Sanne\Downloads\Trojan Remover - CHIP-Installer.exe
2015-01-14 10:45 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 10:45 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 10:45 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 10:45 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:45 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:45 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 10:39 - 2015-01-14 10:39 - 00000197 _____ () C:\Windows\system32\2015-01-14-09-39-10.043-AvastVBoxSVC.exe-4152.log
2015-01-14 05:44 - 2015-01-14 05:44 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-14 01:48 - 2015-01-14 01:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-14 01:48 - 2015-01-14 01:48 - 00000000 ____D () C:\Program Files\QuickTime
2015-01-14 01:37 - 2015-01-14 01:37 - 00000247 _____ () C:\Windows\system32\2015-01-14-00-37-34.078-aswFe.exe-4512.log
2015-01-14 01:27 - 2015-01-15 07:38 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-01-14 01:26 - 2015-01-14 01:26 - 172884064 _____ (Emsisoft Ltd. ) C:\Users\Sanne\Downloads\EmsisoftAntiMalwareSetup.exe
2015-01-14 00:52 - 2015-01-14 01:37 - 00000247 _____ () C:\Windows\system32\2015-01-13-23-52-20.000-aswFe.exe-2636.log
2015-01-14 00:52 - 2015-01-14 00:52 - 00000197 _____ () C:\Windows\system32\2015-01-13-23-52-15.053-AvastVBoxSVC.exe-5872.log
2015-01-14 00:46 - 2015-01-14 00:47 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-14 00:35 - 2015-01-14 01:32 - 00000000 ____D () C:\Program Files\Google
2015-01-14 00:35 - 2015-01-14 01:31 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Google
2015-01-14 00:33 - 2015-01-15 07:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-08 10:59 - 2015-01-08 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainbow Folders
2015-01-08 10:59 - 2015-01-08 10:59 - 00000000 ____D () C:\Program Files\Rainbow Folders
2015-01-08 10:44 - 2015-01-14 01:42 - 00000000 ____D () C:\Users\Sanne\Downloads\Foxit reader
2015-01-06 09:29 - 2015-01-06 09:32 - 00000000 ____D () C:\Users\Sanne\Desktop\2015-01-06 W6
2015-01-06 08:14 - 2015-01-06 08:39 - 00000000 ____D () C:\Users\Sanne\Desktop\2015-01-06 DAK Krankengeld
2014-12-30 15:45 - 2014-12-30 21:27 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-30 15:44 - 2014-12-30 15:44 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-30 15:40 - 2014-12-30 15:41 - 109829936 _____ (Apple Inc.) C:\Users\Sanne\Downloads\iTunesSetup.exe
2014-12-29 14:37 - 2014-12-29 15:29 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\Mp3tag
2014-12-29 11:09 - 2014-12-29 11:09 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Apps\2.0
2014-12-28 20:37 - 2014-12-28 20:38 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-12-28 20:37 - 2014-12-28 20:38 - 00001908 _____ () C:\Windows\diagerr.xml
2014-12-28 12:17 - 2014-12-28 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-28 12:13 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-12-28 12:13 - 2014-07-02 06:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-21 15:36 - 2014-12-21 15:36 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Sanne\Downloads\avira_de_av_5730897383__ws.exe
2014-12-21 15:28 - 2014-12-21 15:42 - 00000000 ____D () C:\Users\Sanne\AppData\Local\7906
2014-12-21 15:10 - 2014-12-21 15:10 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-21 15:06 - 2015-01-14 05:46 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Temp3680
2014-12-18 08:53 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 17:15 - 2009-07-14 05:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 17:15 - 2009-07-14 05:34 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 17:13 - 2012-08-19 14:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 17:08 - 2012-11-17 23:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-15 17:08 - 2012-08-19 17:17 - 00819410 _____ () C:\Windows\PFRO.log
2015-01-15 17:08 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 17:08 - 2009-07-14 05:39 - 00003549 _____ () C:\Windows\setupact.log
2015-01-15 17:07 - 2012-08-17 23:38 - 01961042 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 16:34 - 2012-08-19 13:38 - 00000000 ____D () C:\Users\Sanne\{972ce4c6-7e08-4474-a285-3208198ce6fd}
2015-01-15 16:19 - 2014-10-01 22:49 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Adobe
2015-01-15 16:19 - 2012-08-19 14:07 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\Adobe
2015-01-15 15:35 - 2012-08-18 19:41 - 00000000 ____D () C:\Users\Sanne\AppData\Local\ACD Systems
2015-01-15 15:21 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-15 15:21 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-15 15:19 - 2009-07-14 03:04 - 00000248 _____ () C:\Windows\system.ini
2015-01-15 14:45 - 2013-12-09 17:43 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-15 14:44 - 2013-12-09 17:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-15 10:21 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-15 00:18 - 2012-08-19 16:51 - 00000000 ____D () C:\Users\Public\Documents\Winstep
2015-01-14 19:59 - 2012-08-18 00:02 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 19:16 - 2012-08-18 19:26 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Thunderbird
2015-01-14 18:34 - 2012-08-19 16:51 - 00000000 ____D () C:\Program Files\Winstep
2015-01-14 15:47 - 2013-07-29 21:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 15:44 - 2012-08-19 18:56 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 02:13 - 2012-08-19 14:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 02:13 - 2012-08-19 14:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 01:48 - 2014-10-01 22:55 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-14 01:46 - 2014-07-04 15:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-14 01:45 - 2012-08-19 17:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-14 01:45 - 2012-08-19 17:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-14 01:41 - 2012-11-13 23:29 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-14 01:37 - 2014-12-13 12:08 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\DVDVideoSoft
2015-01-14 00:37 - 2012-08-19 16:47 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-01-14 00:36 - 2012-08-19 13:20 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-13 20:26 - 2012-08-19 14:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 20:14 - 2012-10-31 20:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-08 11:05 - 2014-01-25 11:44 - 00303104 ___SH () C:\Users\Sanne\Documents\Thumbs.db
2015-01-08 10:51 - 2008-07-03 12:44 - 00001446 _____ () C:\Program Files\Rainbow Folders.txt
2015-01-08 10:51 - 2008-07-03 11:45 - 00826451 _____ (Piotr Chodzinski ) C:\Program Files\Rainbow Folders.exe
2015-01-06 08:01 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-06 04:36 - 2012-08-18 11:10 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-02 14:38 - 2012-08-19 16:48 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\MediaMonkey
2015-01-02 04:48 - 2009-07-14 09:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-30 21:27 - 2012-08-19 21:17 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-30 15:48 - 2012-08-20 04:23 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\Apple Computer
2014-12-30 15:47 - 2013-03-05 11:51 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Apple Computer
2014-12-30 15:45 - 2012-08-19 21:17 - 00000000 ____D () C:\ProgramData\Apple
2014-12-30 15:29 - 2012-08-19 16:50 - 00000000 ____D () C:\Program Files\Winamp
2014-12-28 20:37 - 2009-07-14 05:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-28 18:37 - 2014-12-09 20:21 - 00000000 ____D () C:\Users\Sanne\AppData\Local\Unity
2014-12-28 12:13 - 2012-08-18 11:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-21 15:31 - 2014-12-09 05:16 - 00000000 ____D () C:\Users\Sanne\AppData\Roaming\Spotify
2014-12-21 13:54 - 2014-03-13 17:32 - 00000000 ____D () C:\Users\Sanne\Documents\div. Dokumente Sanne

Some content of TEMP:
====================
C:\Users\Sanne\AppData\Local\Temp\Quarantine.exe
C:\Users\Sanne\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 02:32

==================== End Of Log ============================

--- --- ---

LG,Sanne

schrauber · 15.01.2015, 18:30

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Sanne1705 · 15.01.2015, 23:53

Hallo Schrauber

alle Schritte gemacht

Logs:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4680ff80c704ab419d8542b0d78cdb00
# engine=21989
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-15 10:01:54
# local_time=2015-01-15 11:01:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 32571 172990505 0 0
# scanned=379702
# found=18
# cleaned=0
# scan_time=7885
sh=BBC107B3C4335A094162EA909ED16DEC2B56B01F ft=1 fh=421fc8cb27121ff1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sanne\Documents\Downloads\Integrated_FreewareDE.exe"
sh=1736C47063E8E95902CA01F287D24C76AFFDDED8 ft=1 fh=0182462c0b921376 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sanne\Downloads\ashampoo_burning_studio_2010_advanced_9.24_7590.exe"
sh=498E923661B8BA8ED1CBF7C1CDCA384A9B4A00E9 ft=1 fh=eb42f37c6b6507b7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sanne\Downloads\FreeVideoToAudioConverter.exe"
sh=C51D159B6B94E091DE00890D1ECA614857DF5D77 ft=1 fh=618772bc74f1cdd4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sanne\Downloads\Trojan Remover - CHIP-Installer.exe"
sh=50EE303946830B54E8C184635C6DC251CB241937 ft=1 fh=b56f1fd9f4f28fd7 vn="Variante von Win32/OutBrowse.BS evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sanne\Downloads\Foxit reader\setup.exe"
sh=EA71CC0792D820FF23B97E0880C64FBA5BC475DD ft=1 fh=62a9c2a5ac1ce92b vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sanne\Downloads\Spiele\SoftonicDownloader_fuer_123-free-solitaire.exe"
sh=1736C47063E8E95902CA01F287D24C76AFFDDED8 ft=1 fh=0182462c0b921376 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Daten Sanne\Downloads\ashampoo_burning_studio_2010_advanced_9.24_7590.exe"
sh=4C3FC582DC7ABCD107A5F839736C7D01573EF5DC ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="D:\Windows.old\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JXSR2PRV\Iminent[1].MSI"
sh=BA2C170D2D9B7A52B7646D4AAF2F79E1DDBB6E46 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="D:\Windows.old\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKP8SX5U\IMinentToolbar[1].msi"
sh=56A5A29C3F4A3016B0842344CD0F0E9390CA02BE ft=1 fh=c72dcde4c9e7ac61 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="D:\Windows.old\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUQY8DXT\IMinentToolbarFF[1].exe"
sh=3FA38E71BF243489347C116FE7FF1C1E913E0FC1 ft=1 fh=9b367c8033cc7c8c vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Windows.old\Users\User\AppData\Local\Temp\ainet0\ash_update.exe"
sh=DDEA05AE47EBD453981C8E5748DD8838680C790E ft=1 fh=6cf616da7fec22a7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Windows.old\Users\User\AppData\Local\Temp\OCS\ocs_v5b_fw.exe"
sh=BBC107B3C4335A094162EA909ED16DEC2B56B01F ft=1 fh=421fc8cb27121ff1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Windows.old\Users\User\Documents\Downloads\Integrated_FreewareDE.exe"
sh=1736C47063E8E95902CA01F287D24C76AFFDDED8 ft=1 fh=0182462c0b921376 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Windows.old\Users\User\Downloads\ashampoo_burning_studio_2010_advanced_9.24_7590.exe"
sh=498E923661B8BA8ED1CBF7C1CDCA384A9B4A00E9 ft=1 fh=eb42f37c6b6507b7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Windows.old\Users\User\Downloads\FreeVideoToAudioConverter.exe"
sh=9CCC1EBEBBBCB59999B13B60824C52DE97ABBC27 ft=1 fh=c2639aeb7c0ee0ca vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="D:\Windows.old\Users\User\Downloads\installer_mirc_7_22_Deutsch.exe"
sh=31483861C556AD19059A40CA83B520B5EE5A0DA1 ft=1 fh=77b67014cb9fe56b vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="D:\Windows.old\Users\User\Downloads\MediaMonkey_3.2.5.1306.exe"
sh=EA71CC0792D820FF23B97E0880C64FBA5BC475DD ft=1 fh=62a9c2a5ac1ce92b vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="D:\Windows.old\Users\User\Downloads\Spiele\SoftonicDownloader_fuer_123-free-solitaire.exe"

Code:

ATTFilter

 a Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities    
 TuneUp Utilities Language Pack (de-DE) 
 TuneUp Utilities    
 Adobe Flash Player 	16.0.0.257  
 Adobe Reader XI  
 Mozilla Firefox (Firefox.) 
 Mozilla Thunderbird (31.3.0) 
 Google Chrome (39.0.2171.99) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Code:

ATTFilter

 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015
Ran by Sanne at 2015-01-15 23:16:47
Running from C:\Users\Sanne\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
ACDSee Pro 3 (HKLM\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.355 - ACD Systems International Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Ashampoo Burning Studio 2010 Advanced 9.25 (HKLM\...\Ashampoo Burning Studio 2010 Advanced_is1) (Version: 3.1.1 - ashampoo GmbH & Co. KG)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)
Bamboo Dock (HKLM\...\Bamboo Dock) (Version: 4.0 - Wacom Co., Ltd.)
Bamboo Dock (Version: 4.0.0 - Wacom Europe GmbH) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
FileZilla Client 3.9.0.5 (HKLM\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.3.1.606 - Foxit Corporation)
InlineTranslate für Firefox (HKLM\...\{C84149C6-0CF4-4003-BF6F-B9E70E3ACB90}_is1) (Version: 2.0 - InlineTranslate)
Kölsch-Übersetzer (HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Kölsch-Übersetzer) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Mp3tag v2.48 (HKLM\...\Mp3tag) (Version: v2.48 - Florian Heidenreich)
MySQL Server 5.1 (HKLM\...\{90BE3E28-62C6-4AD3-85C7-76605E54A9C2}) (Version: 5.1.57 - Oracle Corporation)
Nexus 12.2 (HKLM\...\Winstep Xtreme_is1) (Version:  - )
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenOffice.org 3.4 (HKLM\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.3 - Frank Heindörfer, Philip Chinery)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Quicktime Browser Plug-In (HKLM\...\QuicktimePluginDeinstallKey) (Version:  - )
Rainbow Folders (HKLM\...\{2AEA17BA-FAB3-49D2-BB85-0669D14DC9BC}_is1) (Version: 2.05 - Piotr Chodzinski)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-859861029-3488139155-271133188-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TuneUp Utilities (HKLM\...\TuneUp Utilities) (Version: 9.0.2000.15 - TuneUp Software)
TuneUp Utilities (Version: 9.0.2000.15 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 9.0.2000.15 - TuneUp Software) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebTablet FB Plugin (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-859861029-3488139155-271133188-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Restore Points  =========================

30-12-2014 21:14:58 Removed iTunes
30-12-2014 21:28:01 Removed Apple Software Update
06-01-2015 09:12:58 Windows Update
09-01-2015 12:53:23 Windows Update
13-01-2015 12:27:49 Windows Update
14-01-2015 00:34:15 avast! antivirus system restore point
14-01-2015 00:41:01 avast! antivirus system restore point
14-01-2015 01:39:39 Removed Bonjour
14-01-2015 15:43:00 Windows Update
14-01-2015 20:07:33 avast! antivirus system restore point
15-01-2015 15:00:43 wiederherstellungspunkt 15.01.2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-01-15 15:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {002FF5FB-036A-4498-8456-D53C2D3BAED2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {22772717-1D3C-4BDF-B8C7-EC3774F80FF9} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {4EE34FC1-58DD-404B-A0DD-BF298ADD387B} - System32\Tasks\Automatische Problemsuche => C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30] (TuneUp Software)
Task: {99A7BBDA-361B-43FF-90DA-3385D6A66AFA} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files\TuneUp Utilities 2010\OneClick.exe [2009-10-30] (TuneUp Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-11-17 23:35 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2012-08-19 17:02 - 2011-09-08 16:48 - 00962936 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-21 17:16 - 2012-06-08 19:40 - 01086176 _____ () C:\Program Files\Winstep\wodTelnetDLX.dll
2015-01-15 20:46 - 2015-01-15 20:46 - 00852505 _____ () C:\Users\Sanne\Desktop\SecurityCheck.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-859861029-3488139155-271133188-500 - Administrator - Disabled)
Gast (S-1-5-21-859861029-3488139155-271133188-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-859861029-3488139155-271133188-1002 - Limited - Enabled)
Sanne (S-1-5-21-859861029-3488139155-271133188-1001 - Administrator - Enabled) => C:\Users\Sanne

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/15/2015 05:23:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/15/2015 05:23:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (01/15/2015 05:23:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (01/15/2015 05:23:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (01/15/2015 05:23:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 41%
Total physical RAM: 3583.3 MB
Available physical RAM: 2089.8 MB
Total Pagefile: 7164.9 MB
Available Pagefile: 5743.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:116.64 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:201.57 GB) NTFS
Drive k: (USB DISK) (Removable) (Total:0.94 GB) (Free:0.69 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A7549456)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 967.5 MB) (Disk ID: CA373C06)
Partition 1: (Active) - (Size=967 MB) - (Type=06)

==================== End Of Log ============================

Noch eben avira installiert, alles eingestellt, getestet.... Maschine läuft!!!

All die tollen Programme auf meinem Desktop... deinstallieren? Behalten? Wenn Ja welche?

Ganz liebe und vor allem megadankbare Grüße, Sanne

PS: Ohne deine Hilfe wäre mir nur "plattmachen" und alles neu aufspielen eingefallen

schrauber · 16.01.2015, 07:42

Download Ordner leeren. Ordner Windows.old löschen.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Sanne1705 · 17.01.2015, 17:43

Hallo Schrauber,
sorry das ich mich erst jetzt wieder melde, hatte viel Arbeit und kam nicht früher an den Rechner zurück.

Habe alles gemacht wie beschrieben und es ist alles in allerbester Ordnung.
Kannst mich also aus deinen Abo´s aus nehmen ;-)

Nochmal ein ganz dickes und herzliches Danke für deine tolle Hilfe!!
Ich bin begeistert!!!

LG, Sanne

schrauber · 17.01.2015, 22:38

Gern Geschehen

17.01.2015, 22:38	#14
schrauber /// the machine /// TB-Ausbilder	in Firefox werden links aus der google-Suche umgeleitet auf hp://lp2.playerpage109.info/1421194756/player/LP5_1/?pid=7302&distid=24543&d1= Gern Geschehen __________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!**

in Firefox werden links aus der google-Suche umgeleitet auf h**p://lp2.playerpage109.info/1421194756/player/LP5_1/?pid=7302&distid=24543&d1=

Plagegeister aller Art und deren Bekämpfung: in Firefox werden links aus der google-Suche umgeleitet auf h**p://lp2.playerpage109.info/1421194756/player/LP5_1/?pid=7302&distid=24543&d1=