Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Es geht drunter und drüber

Es geht drunter und drüber


Plagegeister aller Art und deren Bekämpfung: Es geht drunter und drüber

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.01.2015, 21:23   #1
Schgazbarek
 
Es geht drunter und drüber - Standard

Es geht drunter und drüber


Hallo, ich habe das Gefühl, dass meine Kiste macht, was sie will.

Ich war schon mal bei Euch, daher weiss ich, was ich zu posten habe :-)

FRST
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Win7 (administrator) on WIN7-PC on 19-01-2015 21:08:27
Running from C:\Users\Win7\Desktop
Loaded Profiles: Win7 (Available profiles: Win7 & Büro)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\FaxApplications.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\FaxApplications.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(STRATO) C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard Company) C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Deutsche Post AG) C:\Program Files\Deutsche Post AG\E-POST MAILER\EpostMailer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\FaxApplications.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [3743344 2011-08-01] (VIA)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [StatusAlerts] => C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM\...\Run: [HP LaserJet 400 MFP M425 Series Fax] => C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [2459192 2011-10-26] (Hewlett-Packard Company)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4262714597-415870921-2499499596-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POST MAILER.lnk
ShortcutTarget: E-POST MAILER.lnk -> C:\Program Files\Deutsche Post AG\E-POST MAILER\EpostMailer.exe (Deutsche Post AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk
ShortcutTarget: Nach Updates suchen.lnk -> C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4262714597-415870921-2499499596-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4262714597-415870921-2499499596-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4262714597-415870921-2499499596-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: AutorunsDisabled - No CLSID Value - 
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\fwlgc5x7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4262714597-415870921-2499499596-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF SearchPlugin: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\fwlgc5x7.default\searchplugins\duckduckgo.xml
FF Extension: Flashblock - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\fwlgc5x7.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-11]
FF Extension: NoScript - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\fwlgc5x7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-26]
FF Extension: Adblock Plus - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\fwlgc5x7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]

Chrome: 
=======
CHR Profile: C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-25]
CHR Extension: (Google Docs) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-25]
CHR Extension: (Google Drive) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-25]
CHR Extension: (YouTube) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-25]
CHR Extension: (Google-Suche) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-25]
CHR Extension: (Google Tabellen) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-25]
CHR Extension: (Google Mail) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-07-28] (Advanced Micro Devices, Inc.) [File not signed]
S4 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 STRATO HiDrive Service; C:\Program Files\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [32768 2011-11-15] (STRATO) [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-07-12] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-15] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-15] (Emsisoft GmbH)
S3 AF9035BDA; C:\Windows\System32\Drivers\AF9035BDA.sys [462952 2009-07-16] (AfaTech                  )
S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2010-06-29] (Advanced Micro Devices Inc.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66688 2011-04-15] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [33408 2011-04-15] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] ()
S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [642560 2010-04-02] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [44544 2009-08-24] (AzureWave Technologies, Inc.)
S4 btiaa2dp; C:\Windows\System32\drivers\btiaa2dp.sys [67456 2008-09-16] (iAnywhere Solutions) [File not signed]
S4 BTiAPan; C:\Windows\System32\DRIVERS\btiapan.sys [30720 2008-09-16] (iAnywhere Solutions) [File not signed]
S4 btiarcp; C:\Windows\System32\DRIVERS\btiarcp.sys [9216 2008-07-30] (iAnywhere Solutions) [File not signed]
S4 btiaspp; C:\Windows\System32\DRIVERS\btiaspp.sys [79744 2008-09-16] (iAnywhere Solutions) [File not signed]
S4 BTIAUSB; C:\Windows\System32\DRIVERS\btiausb.sys [23808 2008-11-14] (iAnywhere Solutions) [File not signed]
S4 BTPROT; C:\Windows\System32\DRIVERS\btprot.sys [484096 2008-11-14] (iAnywhere Solutions) [File not signed]
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
S4 iAnywhere_btAudio; C:\Windows\System32\drivers\btiasco.sys [19712 2008-07-30] (iAnywhere Solutions) [File not signed]
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R3 mod7700; C:\Windows\System32\Drivers\mod7700.sys [914816 2010-11-19] (DiBcom SA)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-04-10] (Samsung Electronics) [File not signed]
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2011-01-08] (The OpenVPN Project)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1810032 2011-07-12] (VIA Technologies, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Win7\AppData\Local\Temp\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
R4 OADevice; \??\C:\Windows\system32\drivers\OADriver.sys [X]
R4 OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 21:08 - 2015-01-19 21:08 - 00015764 _____ () C:\Users\Win7\Desktop\FRST.txt
2015-01-19 20:40 - 2015-01-19 20:40 - 00000000 ____D () C:\Users\Win7\Desktop\FRST-OlderVersion
2015-01-19 20:36 - 2015-01-19 20:36 - 01184256 _____ () C:\Users\Win7\Downloads\MicrosoftFixit50450.msi
2015-01-19 12:26 - 2015-01-19 12:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-19 09:01 - 2015-01-19 09:01 - 00000000 ____D () C:\Users\Win7\Desktop\tweaking.com_windows_repair_aio
2015-01-19 09:00 - 2015-01-19 09:01 - 07876439 _____ () C:\Users\Win7\Desktop\tweaking.com_windows_repair_aio.zip
2015-01-18 23:36 - 2015-01-18 23:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WIN7-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2015-01-18 23:36 - 2015-01-18 23:36 - 00000000 ____D () C:\RegBackup
2015-01-18 23:06 - 2015-01-18 23:06 - 00000000 ____D () C:\Users\Win7\Documents\tweaking.com_windows_repair_aio
2015-01-12 22:18 - 2015-01-12 22:18 - 00000000 ____D () C:\Program Files\ESET
2015-01-12 21:52 - 2015-01-18 22:13 - 00000000 ____D () C:\Windows\Minidump
2015-01-06 20:47 - 2015-01-19 20:40 - 01118208 _____ (Farbar) C:\Users\Win7\Desktop\FRST.exe
2015-01-06 20:18 - 2015-01-19 07:56 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-06 20:17 - 2015-01-06 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-06 20:17 - 2015-01-06 20:17 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-06 20:17 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-06 20:17 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-06 20:17 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-02 15:11 - 2015-01-02 15:11 - 00269428 _____ () C:\Users\Win7\Downloads\de.formsolutions(9).FillServlet
2015-01-02 15:10 - 2015-01-02 15:10 - 00269428 _____ () C:\Users\Win7\Downloads\de.formsolutions(8).FillServlet
2014-12-23 23:28 - 2014-11-21 11:44 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-23 23:28 - 2014-11-21 11:43 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-23 23:28 - 2014-11-21 11:43 - 01267712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-23 23:28 - 2014-11-21 11:43 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-23 23:28 - 2014-11-21 11:43 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-23 23:28 - 2014-11-21 11:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-23 23:28 - 2014-11-21 11:43 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-23 23:28 - 2014-11-21 11:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-23 23:28 - 2014-11-21 11:42 - 11019264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-23 23:28 - 2014-11-21 11:42 - 02086912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-23 23:28 - 2014-11-21 11:42 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-23 23:28 - 2014-11-21 11:42 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-23 23:28 - 2014-11-21 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-23 23:28 - 2014-11-21 11:41 - 01466368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-23 23:28 - 2014-11-21 11:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-23 23:28 - 2014-11-21 11:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-23 23:28 - 2014-11-21 11:41 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-23 23:28 - 2014-11-21 10:28 - 00386048 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-23 23:28 - 2014-11-21 08:53 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-23 23:27 - 2014-10-30 02:46 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 21:08 - 2013-10-25 20:12 - 00000000 ____D () C:\FRST
2015-01-19 21:08 - 2013-09-23 11:28 - 01872061 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 21:06 - 2013-08-15 08:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 21:05 - 2014-12-01 09:03 - 00000466 _____ () C:\Windows\Tasks\FaxArchive_HPLaserJet400MFPM425dw_copy_2.job
2015-01-19 21:05 - 2014-11-20 10:48 - 00000466 _____ () C:\Windows\Tasks\FaxArchive_HPLaserJet400MFPM425dw_copy_1.job
2015-01-19 21:01 - 2014-10-10 19:40 - 00000520 _____ () C:\Windows\Tasks\FaxArchive_HPLaserJet400MFPM425dw.job
2015-01-19 21:01 - 2014-03-07 12:08 - 00000000 ____D () C:\Program Files\Online Armor
2015-01-19 20:56 - 2012-03-18 17:58 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-19 20:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-19 20:45 - 2012-08-18 12:18 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2015-01-19 20:35 - 2009-07-14 05:34 - 00021840 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 20:35 - 2009-07-14 05:34 - 00021840 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 20:32 - 2011-04-12 02:39 - 00000000 ____D () C:\Windows\ShellNew
2015-01-19 20:32 - 2010-11-20 22:01 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 20:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-19 20:28 - 2014-03-07 12:02 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-01-19 20:27 - 2014-11-25 20:16 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 20:27 - 2014-10-22 20:07 - 00000106 _____ () C:\Windows\system32\mfilemon.log
2015-01-19 20:27 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 20:26 - 2012-07-12 10:23 - 00129380 _____ () C:\Windows\setupact.log
2015-01-19 13:38 - 2014-04-03 13:51 - 00000600 _____ () C:\Users\Win7\AppData\Local\PUTTY.RND
2015-01-19 13:21 - 2014-11-25 20:16 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 13:11 - 2012-10-09 22:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 11:48 - 2012-03-16 12:53 - 00130144 _____ () C:\Users\Win7\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-19 11:35 - 2009-07-14 05:33 - 00443744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-19 11:34 - 2012-08-06 19:24 - 00675210 _____ () C:\Windows\PFRO.log
2015-01-19 09:07 - 2013-01-09 23:21 - 00000000 ____D () C:\Users\Win7\Desktop\Eigenes
2015-01-19 08:12 - 2012-04-08 21:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-19 08:12 - 2012-03-19 13:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-19 07:54 - 2011-04-12 02:38 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-19 00:39 - 2009-07-14 03:04 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_422
2015-01-18 23:03 - 2012-03-16 13:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-18 22:25 - 2014-06-20 18:19 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2015-01-18 22:24 - 2012-03-16 13:02 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-18 22:24 - 2009-07-14 03:04 - 00000536 _____ () C:\Windows\win.ini
2015-01-18 22:15 - 2012-03-16 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-18 22:15 - 2012-03-16 12:40 - 00000000 ____D () C:\Users\Win7
2015-01-18 22:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-18 22:14 - 2013-10-29 21:50 - 00000000 ____D () C:\Users\Büro
2015-01-18 22:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-18 22:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-18 22:13 - 2014-12-19 18:44 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-01-18 22:13 - 2014-11-25 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-18 22:13 - 2014-06-20 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-01-18 22:13 - 2014-06-02 09:09 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-01-18 22:13 - 2012-09-24 11:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-18 22:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-18 22:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-18 22:09 - 2012-03-17 22:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-18 22:09 - 2012-03-17 22:35 - 00000000 ____D () C:\Program Files\Adobe
2015-01-14 22:51 - 2014-10-22 20:11 - 00000000 ____D () C:\Users\Win7\AppData\Roaming\EPM
2015-01-14 21:51 - 2014-08-17 12:23 - 00000000 ____D () C:\Users\Win7\AppData\Local\Adobe
2015-01-12 15:43 - 2014-11-20 09:55 - 00000000 ____D () C:\ProgramData\EBM
2015-01-08 09:55 - 2012-03-18 17:10 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 11:47 - 2012-10-31 22:14 - 00000000 ____D () C:\Users\Win7\Desktop\Stabat mater
2015-01-05 13:02 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-21 10:40 - 2012-03-17 21:53 - 00000000 ____D () C:\Users\Win7\AppData\Local\Thunderbird

==================== Files in the root of some directories =======
2014-04-03 13:51 - 2015-01-19 13:38 - 0000600 _____ () C:\Users\Win7\AppData\Local\PUTTY.RND
2014-06-02 08:58 - 2014-06-02 08:58 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-03-17 21:48 - 2012-03-17 22:25 - 0000273 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 13:45

==================== End Of Log ============================
--- --- ---


und Addition:

HTML-Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by Win7 at 2015-01-19 21:09:16
Running from C:\Users\Win7\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{8376660A-EA9B-7AC6-B08C-BA0E6BEF7E74}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Bing Bar (HKLM\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bullzip PDF Printer 10.4.0.2240 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.4.0.2240 - Bullzip)
Deutsche Post E-Porto (HKLM\...\{A51F5414-4A2B-45A0-8EF2-B4D29CFBCAE7}) (Version: 2.3.0 - Deutsche Post AG)
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
E-POST MAILER (HKLM\...\{0A6A93FF-29E4-488E-88FC-DE0EDFBABB84}) (Version: 2.0.1.1925 - Deutsche Post AG)
E-POST MAILER Drucker (HKLM\...\{63E27958-2164-43F2-91F6-B78DE4C87702}) (Version: 2.0.1.1925 - Deutsche Post AG)
E-POST MAILER Start (Version: 1.0.0.0 - Deutsche Post AG) Hidden
EPSON BX620FWD Series Printer Uninstall (HKLM\...\EPSON BX620FWD Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
HP LaserJet 400 MFP M425 (HKLM\...\{568705AA-DD8A-4134-B8B9-9609721FBBCE}) (Version: 5.0.12200.1138 - Hewlett-Packard)
HP Support Solutions Framework (HKLM\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM425DSService (Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPDXP (Version: 3.0.26.11 - HP) Hidden
HPLaserJet400MFP-M425_HelpLearnCenter_SI (HKLM\...\{55D8D1AB-94C2-498F-A165-608B834A30EA}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (Version: 020.021.004 - HP) Hidden
HPLJUTCore (Version: 004.005.0001 - HP) Hidden
HPLJUTM425 (Version: 3.00.0003 - HP) Hidden
hppFaxDrvM425 (Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM425LaserJetService (Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM425 (Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM425 (Version: 050.034.00131 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
KVB-Erstattungsantrag PC 2.62 (HKLM\...\KVB-Erstattungsantrag PC_is1) (Version:  - KVB)
KVB-Erstattungsantrag PC 2.84 VBS (HKLM\...\KVB-Erstattungsantrag PC (VBS)_is1) (Version:  - KVB)
LJDXPHelperUI (Version: 020.021.004 - HP) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Multi file port monitor (mfilemon) 1.5.0 (HKLM\...\{A932243F-381F-434C-B18E-4F09D2F015F8}_is1) (Version: 1.5.0 - Monti Lorenzo)
Musicnotes Player V1.32.2 and Viewer V1.19.0 (HKLM\...\Musicnotes Player_is1) (Version: 1.32.2 - Musicnotes Inc.)
MyDriveConnect 3.3.0.1502 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
Nvu 1.0 (HKLM\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
ON_OFF Charge B11.0110.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Online Sheet Music Viewer 8.3.4.0 (HKLM\...\Online Sheet Music Viewer_is1) (Version: 8.3.4.0 - Online Sheet Music, Inc.)
Platform (Version: 1.36 - VIA Technologies, Inc.) Hidden
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM\...\{10ABE49D-343A-463E-9753-C4C5A05ECEF9}) (Version: 6.2.0 - Sibelius Software)
STRATO HiDrive (remove only) (HKLM\...\STRATO HiDrive) (Version:  - STRATO AG)
TVCenter (HKLM\...\{C7132F71-289A-4111-A9A9-1DD28C7B80A7}) (Version: 6.4.1.858 - PCTV Systems)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
Video Power (HKLM\...\{17DB3734-EAB4-4717-954B-C860EE162FBA}) (Version: 1.0.24 - Video Power)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4262714597-415870921-2499499596-1000_Classes\CLSID\{00B01B2E-B1FE-33A6-AD40-57DE8358DC7D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4262714597-415870921-2499499596-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-4262714597-415870921-2499499596-1000_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-4262714597-415870921-2499499596-1000_Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32 -> No File Path

==================== Restore Points  =========================

15-01-2015 11:25:36 Windows Update
15-01-2015 12:48:50 Windows Update
15-01-2015 13:16:11 Windows Update
15-01-2015 22:58:41 Windows Update
16-01-2015 17:40:46 Windows Update
17-01-2015 00:10:00 Windows Update
17-01-2015 12:41:56 Windows Update
17-01-2015 23:30:27 Windows Update
18-01-2015 10:14:44 Configured Microsoft Office Professional Plus 2010
18-01-2015 11:41:32 Wiederherstellungsvorgang
18-01-2015 11:49:11 Configured Microsoft Office Professional Plus 2010
18-01-2015 12:48:42 Removed Microsoft Office Professional Plus 2010
18-01-2015 13:10:48 Windows Update
18-01-2015 21:58:33 Windows Update
18-01-2015 22:07:04 Wiederherstellungsvorgang
18-01-2015 22:23:54 Configured Microsoft Office Professional Plus 2010
19-01-2015 08:13:48 Configured Microsoft Office Professional Plus 2010
19-01-2015 20:29:29 Configured Microsoft Office Professional Plus 2010
19-01-2015 20:37:34 Installed Microsoft Fix it 50450
19-01-2015 20:38:20 Installed Microsoft Fix it 50450
19-01-2015 20:46:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-01-19 09:23 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {23AFE912-DC3D-423E-BD42-4A8D4C72FFCC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: {47D71ABE-5EEC-474F-BFF6-F5F2B0C7B45F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-19] (Adobe Systems Incorporated)
Task: {6D3D952B-83DE-4D85-9064-2A0D86AA444D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: {8B0370F0-7A96-4E70-9FDF-C7446939F627} - System32\Tasks\{85B9A583-00A7-4A91-84C3-D95456C5F7D2} => pcalua.exe -a C:\Users\Win7\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent.exe -d C:\Users\Win7\Downloads
Task: {8BCAD73C-3CA6-4075-81CF-92EE883A5AF1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8EF9E9F6-E2C8-4E17-8E68-FC45228D1F90} - System32\Tasks\FaxArchive_HPLaserJet400MFPM425dw_copy_2 => C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\FaxApplications.exe [2012-06-28] (Hewlett-Packard Co.)
Task: {CC10A505-B09F-4CDC-BF23-A9E8F008502D} - System32\Tasks\HPLJCustParticipation => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: {D33E6D13-C381-43C2-9DA0-F9C0AC287320} - System32\Tasks\FaxArchive_HPLaserJet400MFPM425dw_copy_1 => C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\FaxApplications.exe [2012-06-28] (Hewlett-Packard Co.)
Task: {DA264CDE-D9EA-4A14-A3AF-62D33A9D7E3C} - System32\Tasks\FaxArchive_HPLaserJet400MFPM425dw => C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\FaxApplications.exe [2012-06-28] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FaxArchive_HPLaserJet400MFPM425dw.job => C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\FaxApplications.exe
Task: C:\Windows\Tasks\FaxArchive_HPLaserJet400MFPM425dw_copy_1.job => C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\FaxApplications.exe
Task: C:\Windows\Tasks\FaxArchive_HPLaserJet400MFPM425dw_copy_2.job => C:\Program Files\HP\HP LaserJet 400 MFP M425\bin\FaxApplications.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-10-08 11:29 - 2012-11-22 14:45 - 00024064 _____ () C:\Windows\System32\ssn3mlm.dll
2012-03-16 12:48 - 2011-08-01 04:43 - 00080496 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2012-03-16 12:48 - 2011-08-01 04:42 - 00113264 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2012-03-16 12:48 - 2011-08-01 04:43 - 00623216 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2014-12-19 18:44 - 2014-12-19 18:44 - 03339376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-12-19 18:44 - 2014-12-19 18:44 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-12-19 18:44 - 2014-12-19 18:44 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: WinDefend => 2
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HP Officejet Pro 276dw MFP (NET) => "C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe" -deviceID "CN39PA4G2Q:NW" -scfn "HP Officejet Pro 276dw MFP (NET)" -AutoStart 1
MSCONFIG\startupreg: MyDriveConnect.exe => "C:\Program Files\MyDrive Connect\MyDriveConnect.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

========================= Accounts: ==========================

Administrator (S-1-5-21-4262714597-415870921-2499499596-500 - Administrator - Disabled)
Büro (S-1-5-21-4262714597-415870921-2499499596-1083 - Limited - Enabled) => C:\Users\Büro
Gast (S-1-5-21-4262714597-415870921-2499499596-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4262714597-415870921-2499499596-1003 - Limited - Enabled)
Win7 (S-1-5-21-4262714597-415870921-2499499596-1000 - Administrator - Enabled) => C:\Users\Win7

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 08:54:09 PM) (Source: MsiInstaller) (EventID: 11406) (User: Win7-PC)
Description: Produkt: Microsoft .NET Framework 4.5.2 -- Fehler 1406. Der Wert Class konnte nicht unter den Schlüssel \Software\Classes\CLSID\{00B01B2E-B1FE-33A6-AD40-57DE8358DC7D}\InprocServer32\4.0.0.0 geschrieben werden.  Systemfehler . Stellen Sie sicher, dass Sie ausreichende Zugriffsrechte für diesen Schlüssel besitzen, oder wenden Sie sich an den Support.

Error: (01/19/2015 08:50:40 PM) (Source: MsiInstaller) (EventID: 11406) (User: Win7-PC)
Description: Produkt: Microsoft .NET Framework 4.5.2 -- Fehler 1406. Der Wert Assembly konnte nicht unter den Schlüssel \Software\Classes\CLSID\{00B01B2E-B1FE-33A6-AD40-57DE8358DC7D}\InprocServer32\4.0.0.0 geschrieben werden.  Systemfehler . Stellen Sie sicher, dass Sie ausreichende Zugriffsrechte für diesen Schlüssel besitzen, oder wenden Sie sich an den Support.

Error: (01/19/2015 08:34:42 PM) (Source: MsiInstaller) (EventID: 11406) (User: Win7-PC)
Description: Product: Microsoft Office Proof (French) 2010 -- Error 1406. Setup cannot write the value  to the registry key \CLSID\{B3E0E785-BD78-4366-9560-B7DABE2723BE}\InprocServer32.  Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, see C:\Users\Win7\AppData\Local\Temp\Setup000015d4\PSS10R.CHM.

Error: (01/19/2015 11:37:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/19/2015 09:22:45 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\DE-DE\AACLIENT.MFL

Error: (01/19/2015 09:22:40 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF

Error: (01/19/2015 08:18:20 AM) (Source: MsiInstaller) (EventID: 11406) (User: Win7-PC)
Description: Product: Microsoft Office Proof (Italian) 2010 -- Error 1406. Setup cannot write the value  to the registry key \CLSID\{B4D76674-9F0E-4560-98F0-BF57C8750F97}\InprocServer32.  Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, see C:\Users\Win7\AppData\Local\Temp\Setup00000da4\PSS10R.CHM.

Error: (01/19/2015 08:15:35 AM) (Source: MsiInstaller) (EventID: 11704) (User: Win7-PC)
Description: Produkt: Microsoft Office Shared MUI (German) 2010 -- Fehler 1704. Eine Installation von Microsoft Office Professional Plus 2010 ist zurzeit unterbrochen. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, um den Vorgang fortzusetzen. Möchten Sie diese Änderungen rückgängig machen?

Error: (01/19/2015 07:54:06 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/19/2015 00:36:58 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\DE-DE\AACLIENT.MFL


System errors:
=============
Error: (01/19/2015 09:02:32 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{0E3E7279-869C-4DAC-819A-F6740884B2-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/19/2015 08:55:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Microsoft .NET Framework 4.5.2 für Windows 7 (KB2901983)

Error: (01/19/2015 01:41:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/19/2015 01:19:29 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (01/19/2015 01:19:29 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (01/19/2015 01:13:28 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (01/19/2015 01:13:27 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (01/19/2015 00:37:06 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{0E3E7279-869C-4DAC-819A-F6740884B2-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/19/2015 00:31:39 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (01/19/2015 00:31:38 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (01/19/2015 08:54:09 PM) (Source: MsiInstaller) (EventID: 11406) (User: Win7-PC)
Description: Produkt: Microsoft .NET Framework 4.5.2 -- Fehler 1406. Der Wert Class konnte nicht unter den Schlüssel \Software\Classes\CLSID\{00B01B2E-B1FE-33A6-AD40-57DE8358DC7D}\InprocServer32\4.0.0.0 geschrieben werden.  Systemfehler . Stellen Sie sicher, dass Sie ausreichende Zugriffsrechte für diesen Schlüssel besitzen, oder wenden Sie sich an den Support.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/19/2015 08:50:40 PM) (Source: MsiInstaller) (EventID: 11406) (User: Win7-PC)
Description: Produkt: Microsoft .NET Framework 4.5.2 -- Fehler 1406. Der Wert Assembly konnte nicht unter den Schlüssel \Software\Classes\CLSID\{00B01B2E-B1FE-33A6-AD40-57DE8358DC7D}\InprocServer32\4.0.0.0 geschrieben werden.  Systemfehler . Stellen Sie sicher, dass Sie ausreichende Zugriffsrechte für diesen Schlüssel besitzen, oder wenden Sie sich an den Support.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/19/2015 08:34:42 PM) (Source: MsiInstaller) (EventID: 11406) (User: Win7-PC)
Description: Product: Microsoft Office Proof (French) 2010 -- Error 1406. Setup cannot write the value  to the registry key \CLSID\{B3E0E785-BD78-4366-9560-B7DABE2723BE}\InprocServer32.  Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, see C:\Users\Win7\AppData\Local\Temp\Setup000015d4\PSS10R.CHM.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/19/2015 11:37:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/19/2015 09:22:45 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\DE-DE\AACLIENT.MFL

Error: (01/19/2015 09:22:40 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF

Error: (01/19/2015 08:18:20 AM) (Source: MsiInstaller) (EventID: 11406) (User: Win7-PC)
Description: Product: Microsoft Office Proof (Italian) 2010 -- Error 1406. Setup cannot write the value  to the registry key \CLSID\{B4D76674-9F0E-4560-98F0-BF57C8750F97}\InprocServer32.  Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance.  For information about how to contact PSS, see C:\Users\Win7\AppData\Local\Temp\Setup00000da4\PSS10R.CHM.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/19/2015 08:15:35 AM) (Source: MsiInstaller) (EventID: 11704) (User: Win7-PC)
Description: Produkt: Microsoft Office Shared MUI (German) 2010 -- Fehler 1704. Eine Installation von Microsoft Office Professional Plus 2010 ist zurzeit unterbrochen. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, um den Vorgang fortzusetzen. Möchten Sie diese Änderungen rückgängig machen?(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/19/2015 07:54:06 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/19/2015 00:36:58 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\DE-DE\AACLIENT.MFL


==================== Memory info =========================== 

Processor: AMD A4-3400 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 51%
Total physical RAM: 3325.41 MB
Available physical RAM: 1608.56 MB
Total Pagefile: 6649.12 MB
Available Pagefile: 4493.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.04 GB) (Free:172.62 GB) NTFS
Drive d: () (Fixed) (Total:201.02 GB) (Free:197.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 46188D82)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=201 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20.6 GB) - (Type=05)

==================== End Of Log ============================
Vor einem halben Jahr habe ich mir MS Office Professional Plus installiert. Ich wollte Outlook auf meinem Laptop haben und habe daher eine Doppellizenz bei Badge Art erworben, welche günstiger war, als eine einzeln erhätliche Office 2010 Home and Student Lizenz woanders. Habe es dann auch auf diesem PC installiert und damit nun auch Probleme. Für mich wirkte das Ganze seriös.

Ich habe ebenfalls Windows-Update-Probleme. (Z.B. Tool z. Entfernen bösartiger Software konnte nicht installiert werden.

Online Armor - den ich soeben deinstalliert habe, weil dieser für Laien schlicht nicht handlebar ist und man schließlich alles genehmigt um die Meldungen loszuwerden- hat ebenfalls komsiches Zeug gemeldet, so z. B. dass er irgendwelchem Karaokekram den Zugriff genehmigt hat. Durch die Deinstallation wurde der inzwischen sehr langsame PC wenigstens wieder etwas schneller.

Windows Repair hatte ich heuite morgen durchgeführt. Aber mein Office kann ich daraufhin nach wie vor nicht reparieren oder deinstallieren, weil mir dazu die Berechtigungen fehlen, obwohl ich als Admin eingeloggt bin.

Ich hoffe, jemand von Euch erbarmt sich und schaut mal drüber.

Besten Dank.
Geändert von Schgazbarek (19.01.2015 um 22:06 Uhr)

Alt 19.01.2015, 22:45   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Es geht drunter und drüber - Standard

Es geht drunter und drüber


hi,

Zitat:
Aber mein Office kann ich daraufhin nach wie vor nicht reparieren oder deinstallieren, weil mir dazu die Berechtigungen fehlen, obwohl ich als Admin eingeloggt bin.
Kannste von der Meldung bitte einen Screenshot machen? Leg bitte auch mal einen neuen Benutzer mit Adminrechten an, boote in diesen, teste dort.
__________________

__________________
Alt 20.01.2015, 18:44   #3
Schgazbarek
 
Es geht drunter und drüber - Standard

Es geht drunter und drüber


Hallo Schrauber,

ich weiß nicht, was da jetzt der Kniff war, aber es funktioniert.

Ich habe einen anderen Benutzer als Admin eingerichtet. Dort konnte ich Office zwar nicht reparieren, aber die Fehlermeldung war diesmal von Office selbst und nicht von Windows.

Danach habe ich es nochmal (schätzungsweise zum 20ten Mal) im regulären Adminaccount versucht und es gelang.

Oder hing das nun alles mit dieser Firewall zusammen, die ich deinstalliert habe? Es war mein erster Versuch nach der Deinstallation.

Wie auch immer, gerade schnurrt die Kiste wieder wie ein Kätzchen und das, wo zuvor der Bildschirm tlw. einiges Sekunden schwarz gewesen war und Windows kaum noch herauf- oder herunterfahren wollte.

Alles okay wieder und/oder falscher Alarm?

Ich hoffe es und danke Dir.
__________________
Alt 21.01.2015, 11:10   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Es geht drunter und drüber - Standard

Es geht drunter und drüber


Beobachte es mal ein paar Tage, wenn nochmal was ist fangen wir an zu graben
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Es geht drunter und drüber
adobe, adware, bingbar, browser, computer, defender, entfernen, fehler, flash player, helper, home, installation, kis, microsoft fix it, monitor, mozilla, officejet, registry, registry key, scan, security, services.exe, software, svchost.exe, system, updates, warnung, windows, wlan


« ad by savernet? | PUP.Optional.OpenCandy Virus »


Ähnliche Themen: Es geht drunter und drüber


  1. Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht
    Plagegeister aller Art und deren Bekämpfung - 25.06.2015 (19)
  2. Nach einem Firefox-Update geht hier alles drunter und drüber
    Plagegeister aller Art und deren Bekämpfung - 09.07.2014 (5)
  3. Schaut mal drüber ^^ (Paranoia)
    Log-Analyse und Auswertung - 20.02.2012 (5)
  4. Warum funktioniert mein Firefox nicht mehr
    Log-Analyse und Auswertung - 16.10.2007 (2)
  5. Bitte mal drüber schauen
    Log-Analyse und Auswertung - 01.07.2007 (4)
  6. Bitte mal drüber schauen
    Log-Analyse und Auswertung - 31.05.2007 (2)
  7. Bitte drüber schauen!
    Mülltonne - 31.01.2007 (1)
  8. Bitte drüber schauen!
    Mülltonne - 03.12.2006 (0)
  9. Mal kurz drüber schaun....
    Mülltonne - 06.06.2006 (1)
  10. Bitte drüber schauen
    Log-Analyse und Auswertung - 16.05.2006 (8)
  11. Bitte mal drüber schauen
    Log-Analyse und Auswertung - 19.09.2005 (2)
  12. Bitte mal drüber schauen...
    Log-Analyse und Auswertung - 17.09.2005 (2)
  13. Bitte mal drüber schauen...
    Log-Analyse und Auswertung - 15.09.2005 (12)
  14. Schaut mal bitte drüber
    Log-Analyse und Auswertung - 19.05.2005 (13)
  15. Bitte mal drüber gucken!
    Log-Analyse und Auswertung - 20.11.2004 (3)
  16. Kurz mal drüber gucken . . .
    Log-Analyse und Auswertung - 19.11.2004 (3)
  17. ...bitte schaut mal drüber !!!!
    Log-Analyse und Auswertung - 19.11.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Es geht drunter und drüber - Hallo, ich habe das Gefühl, dass meine Kiste macht, was sie will. Ich war schon mal bei Euch, daher weiss ich, was ich zu posten habe :-) FRST FRST Logfile: - Es geht drunter und drüber...
Archiv
Du betrachtest: Es geht drunter und drüber auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131