Hallo

Icg habe diese zip datei geöffnet weil ich dachte, dass es eine mail von einem Buchkunden war.
jetzt habe ich ein problem.. mein pc ist extrem langsam udn die meine words docs haben die endung igmkfe udn und sind somit auch nicht mehr zu öffnen..

Wer kann mir da helfen?

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

[
FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Detlef (administrator) on DETLEF-PC on 21-01-2015 14:20:16
Running from C:\Users\Detlef\Desktop
Loaded Profiles: Detlef (Available profiles: Detlef)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch 

(Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-

tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(brother Industries Ltd) C:\Windows\System32\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\System32\BRSS01A.EXE
() C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Windows\vsnpstd.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Deutsche Telekom AG) C:\Users\Detlef\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared

\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or 

removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe 

[186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [snpstd] => C:\windows\vsnpstd.exe [339968 2005-10-11] ()
HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 

2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy 

Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] 

(Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe 

[254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11

-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 

2014-11-20] (Adobe Systems Incorporated)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Run: [OfficeSyncProcess] => C:\Program 

Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Run: [GrooveMonitor] => C:\Program Files

\Microsoft Office\Office14\GROOVEMN.EXE [945856 2013-03-06] (Microsoft Corporation)
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Run: [MobileConnect.EXE] => C:\Program 

Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Run: [Skype] => C:\Program Files\Skype

\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\RunOnce: [Adobe Speed Launcher] => 

1421846506
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: G - G:\.\Autorun.exe 

AUTORUN=1
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {23e26850-3b47-11e3-b836-

806e6f6e6963} - F:\StartVMCLite.exe
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {23e26877-3b47-11e3-b836-

1c7508558a7c} - F:\StartVMCLite.exe
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {23e26879-3b47-11e3-b836-

1c7508558a7c} - F:\StartVMCLite.exe
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {56b507d1-9257-11e4-bac8-

1c7508558a7c} - F:\AutoRun.exe
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {56b507e0-9257-11e4-bac8-

1c7508558a7c} - F:\AutoRun.exe
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {56b507f5-9257-11e4-bac8-

1c7508558a7c} - F:\AutoRun.exe
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {94e536d0-1f17-11e1-b18f-

1c7508558a7c} - G:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\MountPoints2: {f6b3ba49-3c1b-11e3-b86b-

1c7508558a7c} - F:\StartVMCLite.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan 

Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan

\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Detlef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\Detlef\AppData\Roaming\Telekom\MediencenterSync

\Mediencenter.exe (Deutsche Telekom AG)
Startup: C:\Users\Detlef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft 

SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office

\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Detlef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files\ZooskMessenger\ZooskMessenger.exe (No 

File)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => 

C:\Users\Detlef\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll 

(Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => 

C:\Users\Detlef\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll 

(Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => 

C:\Users\Detlef\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll 

(Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\Detlef\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\Detlef\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\Detlef\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users

\Detlef\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored 

to default.)

HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\Software\Microsoft\Internet Explorer

\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\Software\Microsoft\Internet Explorer

\Main,Search Page = hxxp://feed.snap.do/?

publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=f5792497-8cc1-4b00-959b-

53c2efb2a1f8&searchtype=ds&q={searchTerms}
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\Software\Microsoft\Internet Explorer\Main,ICQ 

Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\Software\Microsoft\Internet Explorer

\Main,Search Bar = hxxp://feed.snap.do/?

publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=f5792497-8cc1-4b00-959b-

53c2efb2a1f8&searchtype=ds&q={searchTerms}
HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\Software\Microsoft\Internet Explorer

\Main,Start Page Redirect Cache = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 

hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=f5792497-8cc1

-4b00-959b-53c2efb2a1f8&searchtype=ds&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?

publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=f5792497-8cc1-4b00-959b-

53c2efb2a1f8&searchtype=ds&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q=

{searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000 -> DefaultScope {014DB5FA-EAFB-

4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}

&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000 -> 

5AE8CA116EF64D60B04ADA2FE346DA22 URL = hxxp://search.conduit.com/Results.aspx?

ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPBA03A731-858F-4639-824C-

D98F0A857BBF&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000 -> {006ee092-9658-4fd6-bd8e-

a21a348e59f5} URL = hxxp://feed.snap.do/?

publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=f5792497-8cc1-4b00-959b-

53c2efb2a1f8&searchtype=ds&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000 -> {014DB5FA-EAFB-4592-A95B-

F44D3EE87FA9} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-

SearchBox
SearchScopes: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000 -> {0633EE93-D776-472f-A0FF-

E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000 -> {6552C7DD-90A4-4387-B795-

F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee 

Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files

\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files

\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program 

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:

\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files

\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files

\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-

windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-

windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-

windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-

windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files

\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars

\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin

\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin

\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files

\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight

\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL 

(Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL 

(Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo 

Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo 

Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo 

Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo 

Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe 

Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft 

Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe 

Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, 

Inc.)
FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default

\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default

\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default

\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default

\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default

\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default

\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default

\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles\94l106t1.default

\searchplugins\icqplugin.xml
FF Extension: DownloadHelper - C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles

\94l106t1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Session Manager - C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles

\94l106t1.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-03-23]
FF Extension: Adblock Plus - C:\Users\Detlef\AppData\Roaming\Mozilla\Firefox\Profiles

\94l106t1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-

BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-

401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-

8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-

681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file 

will not be moved unless listed separately.)

R2 BRA_Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-08-04] 

() [File not signed]
R2 Brother XP spl Service; C:\windows\system32\brsvc01a.exe [57344 2004-06-13] (brother 

Industries Ltd)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe 

[1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] 

(Microsoft Corporation)
S2 KMService; C:\windows\system32\srvany.exe [8192 2011-03-23] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 

2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft 

Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft 

Corporation)
R2 SAService; C:\windows\system32\SAsrv.exe [445496 2010-03-25] (Conexant Systems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft 

Corporation)
S2 Wajam Internet Enhancer Service; C:\Program Files\Wajam\Wajam Internet Enhancer

\WajamInternetEnhancerService.exe [X] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file 

will not be moved unless listed separately.)

R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
S2 BrPar; C:\windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) 

[File not signed]
R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [54800 2010-11-27] ()
S3 IwUSB; C:\windows\System32\Drivers\IwUSB.sys [20645 2012-01-21] (Thesycon GmbH, Germany) [File 

not signed]
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl1c5e0a74; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D00FC982-

AF32-4593-9865-309557D1A75B}\MpKsl1c5e0a74.sys [39464 2015-01-21] (Microsoft Corporation)
S1 MpKsl278c1984; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D00FC982-

AF32-4593-9865-309557D1A75B}\MpKsl278c1984.sys [39464 2015-01-21] () [File not signed]
S3 snpstd; C:\windows\System32\DRIVERS\snpstd.sys [390784 2006-05-03] ()
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not 

signed]
R3 usbsmi; C:\windows\System32\DRIVERS\SMIksdrv.sys [171776 2009-10-16] (SMI)
S3 wdmirror; C:\windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename 

Longhorn DDK provider)
R2 WinFLdrv; C:\windows\System32\WinFLdrv.sys [17984 2011-03-23] ()
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U3 BcmSqlStartupSvc; No ImagePath
S3 ewsercd; system32\DRIVERS\ewsercd.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 IviRegMgr; No ImagePath
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
U2 RichVideo; No ImagePath
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
U3 SQLWriter; No ImagePath
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file 

could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 14:20 - 2015-01-21 14:28 - 00022148 _____ () C:\Users\Detlef\Desktop\FRST.txt
2015-01-21 14:00 - 2015-01-21 14:08 - 00040208 _____ () C:\Users\Detlef\Desktop\Addition.txt
2015-01-21 13:36 - 2015-01-21 14:21 - 00000000 ____D () C:\FRST
2015-01-21 13:35 - 2015-01-21 13:35 - 01118208 _____ (Farbar) C:\Users\Detlef\Desktop\FRST.exe
2015-01-21 13:26 - 2015-01-21 13:26 - 02359350 _____ () C:\Users\Public\Documents\Decrypt All 

Files igmkvfe.bmp
2015-01-21 13:26 - 2015-01-21 13:26 - 00001512 _____ () C:\Users\Public\Documents\Decrypt All 

Files igmkvfe.txt
2015-01-21 13:04 - 2015-01-21 13:04 - 00000144 _____ () C:\AtmApInit.TXT.igmkvfe
2015-01-21 12:58 - 2015-01-21 14:02 - 00768198 _____ () C:\ProgramData\lnsmahk.html
2015-01-16 19:32 - 2015-01-21 13:38 - 00000000 ____D () C:\Users\Detlef\Desktop\auto - Kopie
2015-01-16 13:40 - 2015-01-21 12:59 - 00014752 _____ () C:\Users\Detlef\Desktop\LLDetlef 

engl1a.DOC.igmkvfe
2015-01-16 13:40 - 2015-01-16 13:40 - 00014592 _____ () C:\Users\Detlef\Desktop\LLDetlef 

engl1.DOC.igmkvfe
2015-01-12 12:39 - 2015-01-16 19:52 - 00081968 _____ () C:\Users\Detlef\Desktop\x5.PDF.igmkvfe
2015-01-12 12:39 - 2015-01-12 12:39 - 00042624 _____ () C:\Users\Detlef\Desktop

\e22603_6095465_invoice_2014.12.01.PDF.igmkvfe
2015-01-08 18:02 - 2015-01-08 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start 

Menu\Programs\Skype
2015-01-08 18:02 - 2015-01-08 18:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-01-02 15:06 - 2015-01-02 15:06 - 00001051 _____ () C:\Users\Public\Desktop\Mobile 

Partner.lnk
2015-01-02 15:06 - 2015-01-02 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start 

Menu\Programs\Mobile Partner
2015-01-02 15:06 - 2009-06-22 20:01 - 00112128 _____ (Huawei Technologies Co., Ltd.) C:\windows

\system32\Drivers\ewusbnet.sys
2015-01-02 15:06 - 2009-06-22 19:38 - 00102912 _____ (Huawei Technologies Co., Ltd.) C:\windows

\system32\Drivers\ewusbmdm.sys
2015-01-02 15:06 - 2009-06-22 19:26 - 00100736 _____ (Huawei Technologies Co., Ltd.) C:\windows

\system32\Drivers\ewusbdev.sys
2015-01-02 15:06 - 2007-08-09 04:06 - 00023424 _____ (Huawei Tech. Co., Ltd.) C:\windows

\system32\Drivers\ewdcsc.sys
2015-01-02 15:05 - 2015-01-02 15:07 - 00000000 ____D () C:\Program Files\Mobile Partner
2015-01-02 14:03 - 2015-01-21 13:38 - 00000000 ____D () C:\Users\Detlef\Desktop\auto
2014-12-26 09:45 - 2014-12-26 09:45 - 00420357 _____ () C:\Users\Detlef\Desktop\3528

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 14:25 - 2010-11-27 02:34 - 02689195 _____ () C:\windows\WindowsUpdate.log
2015-01-21 14:23 - 2011-01-31 13:12 - 00000000 ____D () C:\Users\Detlef\AppData\Roaming\Skype
2015-01-21 13:58 - 2012-05-14 07:20 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player 

Updater.job
2015-01-21 13:43 - 2011-04-09 10:48 - 00396800 ___SH () C:\Users\Detlef\Documents\Thumbs.db
2015-01-21 13:41 - 2009-07-14 04:34 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e-

B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 13:41 - 2009-07-14 04:34 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e-

B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 13:39 - 2014-12-10 19:37 - 00000000 ___RD () C:\Users\Detlef\Mediencenter
2015-01-21 13:38 - 2012-08-17 18:39 - 00000000 ___RD () C:\Users\Detlef\Dropbox
2015-01-21 13:35 - 2014-12-02 21:56 - 00000000 ____D () C:\Users\Detlef\Desktop\englisch
2015-01-21 13:35 - 2014-11-02 17:38 - 00000000 ____D () C:\Users\Detlef\Desktop\buch
2015-01-21 13:30 - 2012-08-27 17:53 - 00000000 ____D () C:\Users\Detlef\AppData\Roaming

\MyPhoneExplorer
2015-01-21 13:22 - 2012-08-17 18:36 - 00000000 ____D () C:\Users\Detlef\AppData\Roaming\Dropbox
2015-01-21 13:21 - 2011-01-28 12:46 - 00000000 ____D () C:\Users\Detlef\AppData\Local

\VirtualStore
2015-01-21 13:03 - 2009-07-14 04:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-21 13:03 - 2009-07-14 04:39 - 00185380 _____ () C:\windows\setupact.log
2015-01-21 13:00 - 2013-10-22 18:18 - 00000000 ____D () C:\ProgramData\Vodafone
2015-01-21 12:56 - 2014-01-13 14:54 - 00000000 ____D () C:\ProgramData\InternetUpdater
2015-01-21 12:56 - 2014-01-13 10:35 - 00000000 ____D () C:\ProgramData\lpggpWn3
2015-01-21 12:54 - 2011-03-23 14:23 - 00000000 ____D () C:\Program Files\Winamp
2015-01-21 12:54 - 2011-03-23 13:00 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-21 12:53 - 2013-04-03 12:13 - 00000000 ____D () C:\Program Files\Trillian
2015-01-21 12:53 - 2013-02-21 17:46 - 00000000 ___RD () C:\Program Files\Skype
2015-01-21 12:52 - 2014-01-08 19:15 - 00000000 ____D () C:\Program Files\Microsoft Mouse and 

Keyboard Center
2015-01-21 12:51 - 2012-05-26 09:51 - 00000000 ____D () C:\Program Files\ICQ6Toolbar
2015-01-21 12:51 - 2012-04-16 05:51 - 00000000 ____D () C:\Program Files\Free WMA to MP3 

Converter
2015-01-21 12:51 - 2011-03-23 15:17 - 00000000 ____D () C:\Program Files\Folder Lock 6
2015-01-21 12:51 - 2011-03-23 13:54 - 00000000 ____D () C:\Program Files\IrfanView
2015-01-21 12:50 - 2013-06-05 12:03 - 00000000 ____D () C:\Program Files\ConvertHelper
2015-01-21 12:50 - 2012-04-15 18:25 - 00000000 ____D () C:\Program Files\Audiograbber
2015-01-21 12:50 - 2011-02-07 10:33 - 00000000 ____D () C:\Program Files\Biet-O-Matic
2015-01-21 12:18 - 2011-03-21 11:41 - 00000000 ____D () C:\Users\Detlef\AppData\Local\Deployment
2015-01-21 11:16 - 2014-08-30 07:46 - 00000330 _____ () C:\Users\Detlef\Desktop\QuickSoftware - 1 

.appref-ms
2015-01-21 11:16 - 2012-06-07 08:17 - 00000000 ____D () C:\Users\Detlef\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\QuickBooker
2015-01-18 21:56 - 2012-05-14 07:20 - 00701616 _____ (Adobe Systems Incorporated) C:\windows

\system32\FlashPlayerApp.exe
2015-01-18 21:56 - 2011-06-21 07:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows

\system32\FlashPlayerCPLApp.cpl
2015-01-18 21:22 - 2013-11-11 14:14 - 00954208 _____ () C:\Users\Public\Documents\am-

hard.TXT.igmkvfe
2015-01-18 21:17 - 2013-11-11 14:13 - 00955600 _____ () C:\Users\Public\Documents\am-

soft.TXT.igmkvfe
2015-01-18 21:13 - 2013-11-11 14:13 - 01183040 _____ () C:\Users\Public\Documents

\zvab.TXT.igmkvfe
2015-01-18 21:00 - 2014-06-10 13:24 - 00016576 _____ () C:\Users\Public\Documents\Bücher-Keller-

Klein22.DOCX.igmkvfe
2015-01-18 20:57 - 2014-06-10 13:24 - 00018480 _____ () C:\Users\Public\Documents\Bücher-

Wohnung22.DOCX.igmkvfe
2015-01-18 20:50 - 2014-06-10 13:24 - 00017712 _____ () C:\Users\Public\Documents\Bücher-Keller-

Gross22.DOCX.igmkvfe
2015-01-16 16:20 - 2014-10-29 14:28 - 00000000 ____D () C:\Users\Detlef\AppData\Local\CrashDumps
2015-01-16 12:08 - 2014-01-21 13:29 - 00006176 _____ () C:\Users\Public\Documents\Re-

Hik.XLS.igmkvfe
2015-01-16 11:48 - 2014-12-11 17:36 - 00614752 _____ () C:\Users\Public\Documents

\zvab1.TXT.igmkvfe
2015-01-16 11:43 - 2014-12-20 20:30 - 00493712 _____ () C:\Users\Public\Documents\am-

hard1.TXT.igmkvfe
2015-01-16 11:41 - 2014-12-20 20:30 - 00493616 _____ () C:\Users\Public\Documents\am-

soft1.TXT.igmkvfe
2015-01-16 11:35 - 2014-10-29 10:09 - 00645920 _____ () C:\Users\Public\Documents

\booklooker1.TXT.igmkvfe
2015-01-16 11:29 - 2013-11-13 13:57 - 00969776 _____ () C:\Users\Public\Documents

\booklooker.TXT.igmkvfe
2015-01-12 12:03 - 2014-06-10 13:24 - 00018736 _____ () C:\Users\Public\Documents\Bücher-

Wohnung21.DOCX.igmkvfe
2015-01-11 20:29 - 2014-06-10 13:24 - 00017632 _____ () C:\Users\Public\Documents\Bücher-Keller-

Klein21.DOCX.igmkvfe
2015-01-11 20:29 - 2014-06-10 13:24 - 00017104 _____ () C:\Users\Public\Documents\Bücher-Keller-

Gross21.DOCX.igmkvfe
2015-01-08 19:52 - 2009-07-14 04:52 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-01-08 18:02 - 2011-01-31 13:09 - 00000000 ____D () C:\ProgramData\Skype
2015-01-05 13:08 - 2014-06-10 13:24 - 00015904 _____ () C:\Users\Public\Documents\Bücher-Keller-

Gross20.DOCX.igmkvfe
2015-01-05 13:06 - 2014-06-10 13:24 - 00019184 _____ () C:\Users\Public\Documents\Bücher-

Wohnung20.DOCX.igmkvfe
2015-01-05 12:57 - 2014-06-10 13:24 - 00015888 _____ () C:\Users\Public\Documents\Bücher-Keller-

Klein20.DOCX.igmkvfe
2015-01-04 10:33 - 2010-10-24 11:50 - 01621084 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-02 20:50 - 2009-07-14 02:37 - 00000000 ____D () C:\windows\system32\NDF
2014-12-29 08:31 - 2014-06-10 13:24 - 00015344 _____ () C:\Users\Public\Documents\Bücher-Keller-

Gross19.DOCX.igmkvfe
2014-12-29 08:31 - 2014-06-10 13:24 - 00014624 _____ () C:\Users\Public\Documents\Bücher-Keller-

Klein19.DOCX.igmkvfe
2014-12-27 10:48 - 2014-06-10 13:24 - 00017808 _____ () C:\Users\Public\Documents\Bücher-

Wohnung19.DOCX.igmkvfe

==================== Files in the root of some directories =======
2011-04-02 16:59 - 2014-08-09 20:13 - 0011264 _____ () C:\Users\Detlef\AppData\Local\DCBC2A71-

70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-23 13:51 - 2011-03-23 13:51 - 0000008 __RSH () C:\ProgramData\5D7FEE4581.sys
2011-03-23 13:51 - 2011-03-23 15:37 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-01-21 12:58 - 2015-01-21 14:02 - 0768198 _____ () C:\ProgramData\lnsmahk.html

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2331039535-1181406896-2111325039-1000\$2b7307da3415a37f89d2f64300b1dc7a

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$2b7307da3415a37f89d2f64300b1dc7a

Some content of TEMP:
====================
C:\Users\Detlef\AppData\Local\Temp\6157999.exe
C:\Users\Detlef\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Detlef\AppData\Local\Temp\jptfujf.exe
C:\Users\Detlef\AppData\Local\Temp\mfc80.dll
C:\Users\Detlef\AppData\Local\Temp\mfc80u.dll
C:\Users\Detlef\AppData\Local\Temp\mfcm80.dll
C:\Users\Detlef\AppData\Local\Temp\mfcm80u.dll
C:\Users\Detlef\AppData\Local\Temp\msvcm80.dll
C:\Users\Detlef\AppData\Local\Temp\msvcp80.dll
C:\Users\Detlef\AppData\Local\Temp\msvcr80.dll
C:\Users\Detlef\AppData\Local\Temp\nsd8AC8.exe
C:\Users\Detlef\AppData\Local\Temp\nst3EF7.exe
C:\Users\Detlef\AppData\Local\Temp\nst4168.exe
C:\Users\Detlef\AppData\Local\Temp\nsxF5C7.exe
C:\Users\Detlef\AppData\Local\Temp\nsy8838.exe
C:\Users\Detlef\AppData\Local\Temp\OSU.exe
C:\Users\Detlef\AppData\Local\Temp\ResetDevice.exe
C:\Users\Detlef\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Detlef\AppData\Local\Temp\Uninstaller.exe
C:\Users\Detlef\AppData\Local\Temp\UninstallerGer.dll
C:\Users\Detlef\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Detlef\AppData\Local\Temp\WTGXMLUtil.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 16:38

==================== End Of Log ============================
         

--- --- ---

--- --- ---
]

[/Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by Detlef at 2015-01-21 14:30:02
Running from C:\Users\Detlef\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The

adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe

Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe

Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version:

11.0.10 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
Biet-O-Matic v2.14.8 (HKLM\...\Biet-O-Matic v2.14.8) (Version: Biet-O-Matic v2.14.8 - BOM

Development Team)
BRAdmin Professional 3 (HKLM\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.40.0006 -

Brother)
Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version:

1.0.0.0 - )
Brother HL-5140 (HKLM\...\Brother HL-5140) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: -

DownloadHelper)
Corel WinDVD 2010 (HKLM\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.4.251 - Corel

Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Dropbox) (Version: 1.4.12 -

Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.5 - Lenovo)
FileParade Bundle (HKLM\...\FileParade Bundle) (Version: 1.0.0.0 - FileParade Bundle) <====

ATTENTION!
FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version: - Jodix

Technologies Ltd.)
Free YouTube Download version 3.1.22.319 (HKLM\...\Free YouTube Download_is1) (Version:

3.1.22.319 - DVDVideoSoft Ltd.)
GMX SMS-Manager (HKLM\...\com.unitedinternet.ums.sms-mms-manager) (Version: 3.3 - 1 und 1

Internet AG)
GMX SMS-Manager (Version: 3.3 - 1 und 1 Internet AG) Hidden
High-Definition Video Playback 10 (Version: 7.0.11000.25.1 - Nero AG) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: -

Intel Corporation)
Internet Updater (HKLM\...\InternetUpdater) (Version: 2.6.52 - Parallel Lines Development, LLC)

<==== ATTENTION
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java(TM) 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017F0}) (Version: 6.0.170 - Sun

Microsystems, Inc.)
Java(TM) 6 Update 23 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 -

Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle

Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Lenovo EasyCamera (HKLM\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.8.0.12 - Silicon

Motion)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediencenter 3.9.1055.64 (HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Mediencenter)

(Version: 3.9.1055.64 - Deutsche Telekom AG)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile)

(Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4

Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version:

4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4

Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Access Runtime (German) 2007 (HKLM\...\{90120000-001C-0407-0000-0000000FF1CE})

(Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 -

Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-

BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 -

Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 -

Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8})

(Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07

-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2})

(Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-

DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-

21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-

BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-

88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version:

2.3.145.0 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.302.06.03.545 - Huawei Technologies

Co.,Ltd)
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0

- Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0

- Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100

- Nero AG)
Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11600 -

Nero AG)
Personal ID (HKLM\...\{F722209B-739E-40E4-ADB1-062BD032A0DB}) (Version: 1.8.5 - coolspot AG)
QuickSoftware - 1 (HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\f1b2d6b2417860b8)

(Version: 1.1.14.4 - QuickBooker)
QuickSoftware (HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\f1b1726c417a164f) (Version:

1.1.0.5 - QuickBooker)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-

06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version:

6.1.7600.30101 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-

0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: -

Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 -

Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype

Technologies S.A.)
Snagit 12 (HKLM\...\{affb3620-aa43-4653-a34d-19705d4e9f07}) (Version: 12.1.1.1747 - TechSmith

Corporation)
Snagit 12 (Version: 12.1.1 - TechSmith Corporation) Hidden
SpeedCommander 13 (HKLM\...\SpeedCommander 13) (Version: 13.30.6200 - SWE Sven Ritter)
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.14484 - TeamViewer)
Trillian (HKLM\...\Trillian) (Version: - Cerulean Studios, LLC)
Updater (HKLM\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island

Media, LLC) <==== ATTENTION
VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.58 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2331039535-1181406896-2111325039-1000\...\Winamp Detect)

(Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-

5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-

EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will

not be moved.)

CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{005A3A96-BAC4-

4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Detlef\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{039B2CA5-3B41-

4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No

File
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{11CD84A3-A5E0-

43CB-B3DF-92C623C0E0E0}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{22756E83-8EBC-

4B16-A4A4-0AA73BE497B1}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{268502F4-815D-

4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Telekom

\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{2A235D7E-0358-

40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{42481700-CF3C-

4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No

File
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{528EE335-5034-

4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Telekom

\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{56C94D6A-7370-

4885-A04E-7097FE4E0BAF}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{6066ADF0-9EB0-

43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Telekom

\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{672CDBDB-0270-

4EB9-83EC-216377522D21}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{77BC4082-DB5F-

439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Telekom

\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{841BFDCA-6A9A-

4EBC-BC7E-194AA5DCE428}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{94330D48-EB33-

49BB-87F1-AD8C0352C010}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{D0D38C6E-BF64-

4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No

File
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{F7CA46A9-ACA5-

45A6-967E-03FF5A282D01}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{FB314ED9-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Dropbox\bin

\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{FB314EDA-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Dropbox\bin

\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{FB314EDB-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Dropbox\bin

\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2331039535-1181406896-2111325039-1000_Classes\CLSID\{FB314EDC-A251-

47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Detlef\AppData\Roaming\Dropbox\bin

\DropboxExt.14.dll (Dropbox, Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file

could be listed separately to be moved.)

Task: {0647F01A-4C83-4EC4-88F8-D7429C48415A} - System32\Tasks

\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center

\ipoint.exe [2013-09-04] (Microsoft Corporation)
Task: {0AD9F653-C766-483A-A9C3-E73115086DCD} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {0B8E33BA-7174-4D80-85A5-4F66CB6B3D2B} - System32\Tasks\cewvuae => C:\Users\Detlef\AppData

\Local\Temp\jptfujf.exe [2015-01-21] () <==== ATTENTION
Task: {126F1A39-D466-4B99-8218-AD1EA1292593} - System32\Tasks\{48BAE31D-34D3-4EFA-9386-

8DCA5297DF7A} => Firefox.exe hxxp://www.skype.com/go/downloading?

source=lightinstaller&amp;ver=5.1.0.104.259&amp;LastError=12002
Task: {24D1EAE2-E0F1-4683-9C1C-4F98288E6028} - System32\Tasks\{81633AD6-2EEF-49DB-9B77-

5B073711CF0A} => pcalua.exe -a "C:\Users\Detlef\AppData\Local\Microsoft\Windows\Temporary

Internet Files\Content.IE5\9IJRD2N5\SpyHunter-Installer.exe" -d C:\Users\Detlef\Desktop
Task: {2770E9C3-2D2C-42E6-9DFC-8B5E43853CFE} - System32\Tasks\{02AEEFF2-2CF3-4F94-B473-

AADB735D3FAB} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?

page=tsProgressBar
Task: {3F7E3D86-5752-4978-BE34-3C4663BD7BAD} - System32\Tasks

\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and

Keyboard Center\mousekeyboardcenter.exe [2013-09-04] (Microsoft)
Task: {5021DFB7-6C07-44C0-927F-8A0A3E9248AF} - System32\Tasks\{6B54D27E-3BF0-46DB-A242-

DC36F611144B} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?

page=tsProgressBar
Task: {662AFEC8-4B9F-4EC8-9220-6836C63BC3FE} - System32\Tasks\OfficeSoftwareProtectionPlatform

\SvcRestartTask => Sc.exe start osppsvc
Task: {69B57400-D34E-423C-B3DD-C3085EEF8BF1} - System32\Tasks\AutoPico Daily Restart => C:

\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {759E1509-912E-4A42-8AEB-1CD8471BF64F} - System32\Tasks\Adobe Flash Player Updater => C:

\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-18] (Adobe Systems

Incorporated)
Task: {933B3E73-2CEE-4C5F-BABD-D35AA51C72C3} - System32\Tasks\TechSmith Updater => C:\Program

Files\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-05-30] (TechSmith Corporation)
Task: {C1A94141-1EF2-4D74-9FE4-2906FB82A20E} - System32\Tasks\{CD21D1D2-1473-4BB2-B346-

3D2D5D9DFA26} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?

page=tsPlugin&amp;installinfo=google-toolbar:notoffered;notincluded,google-

chrome:notoffered;disabled
Task: {CC2113E6-B439-42CC-972A-03EC20D32F8B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe

=> c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft

Corporation)
Task: {D1FB4358-F26E-4936-B579-422C0783C2D3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe

=> c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft

Corporation)
Task: {DEB9D4AF-E448-4171-BC6A-8D36144E67CA} - System32\Tasks\{B4532431-5C67-4575-8E5A-

DCAC9B5FC9E6} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {E1E2153A-7355-4960-9E45-C3AFA85F9580} - System32\Tasks\{CBFB3CFD-7ECE-4673-8570-

5A000A556DA3} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {FCFEC977-6078-453B-8017-FCC8CA15C592} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe

=> c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-09-04] (Microsoft

Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is

running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash

\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files

\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files

\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot

- Search & Destroy 2\SDScan.exe
Task: C:\windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe

==================== Loaded Modules (whitelisted) =============

2011-02-01 11:25 - 2010-08-04 16:38 - 00065536 _____ () C:\Program Files\Brother\BRAdmin

Professional 3\bratimer.exe
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft

shared\OFFICE14\Cultures\OFFICE.ODF
2011-03-23 13:00 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2005-10-11 18:54 - 2005-10-11 18:54 - 00339968 _____ () C:\Windows\vsnpstd.exe
2010-11-27 02:46 - 2008-12-20 03:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy

Management\kbdhook.dll
2010-11-27 02:46 - 2008-12-20 03:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy

Management\HookLib.dll
2010-11-27 02:44 - 2009-06-05 16:36 - 00217088 _____ () C:\windows\system32\370prop.ax
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft

Shared\office14\Cultures\office.odf
2013-02-14 13:46 - 2013-02-14 13:46 - 01044048 _____ () C:\Program Files\Microsoft Office

\Office14\ADDINS\UmOutlookAddin.dll
2013-12-20 21:44 - 2013-12-20 21:44 - 03559024 _____ () C:\Program Files\Mozilla Firefox

\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The

"AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will

be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk

=> C:\windows\pss\Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Detlef^AppData^Roaming^Microsoft^Windows^Start

Menu^Programs^Startup^GMX-SMS-Manager.lnk => C:\windows\pss\GMX-SMS-Manager.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader

\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe"

/DelayServices
MSCONFIG\startupreg: Facebook Update => "C:\Users\Detlef\AppData\Local\Facebook\Update

\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Personal ID => C:\COOLSP~1\PERSON~1\PID.EXE
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files\Lenovo\VeriFace\PManage.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2331039535-1181406896-2111325039-500 - Administrator - Disabled)
Detlef (S-1-5-21-2331039535-1181406896-2111325039-1000 - Administrator - Enabled) => C:\Users

\Detlef
Gast (S-1-5-21-2331039535-1181406896-2111325039-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2331039535-1181406896-2111325039-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: MpKsl278c1984
Description: MpKsl278c1984
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl278c1984
Problem: : This device is not present, is not working properly, or does not have all its drivers

installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a

new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be

resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2015 01:07:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GROOVE.EXE, Version: 14.0.7011.1000, Zeitstempel:

0x513a7cc7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb10c6
Ausnahmecode: 0xe0000002
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0x1638
Startzeit der fehlerhaften Anwendung: 0xGROOVE.EXE0
Pfad der fehlerhaften Anwendung: GROOVE.EXE1
Pfad des fehlerhaften Moduls: GROOVE.EXE2
Berichtskennung: GROOVE.EXE3

Error: (01/21/2015 01:07:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GROOVE.EXE, Version: 14.0.7011.1000, Zeitstempel:

0x513a7cc7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb10c6
Ausnahmecode: 0xe0000002
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0xb08
Startzeit der fehlerhaften Anwendung: 0xGROOVE.EXE0
Pfad der fehlerhaften Anwendung: GROOVE.EXE1
Pfad des fehlerhaften Moduls: GROOVE.EXE2
Berichtskennung: GROOVE.EXE3

Error: (01/21/2015 11:10:03 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT-AUTORITÄT)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location

%APPDATA%\.

Error: (01/21/2015 11:10:03 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT-AUTORITÄT)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location

%APPDATA%\.

Error: (01/18/2015 08:30:55 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Auf diesem Laufwerk ist nicht genügend

Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht

benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen.

(0x81000005)"

Error: (01/16/2015 04:44:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="

win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="

win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/16/2015 04:42:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für

"Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",

version="9.0.21022.8"1".
Die abhängige Assemblierung

"Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",

version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/16/2015 04:19:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Mediencenter.exe, Version: 3.9.1055.64,

Zeitstempel: 0x5399a4be
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x040de2f3
ID des fehlerhaften Prozesses: 0xe20
Startzeit der fehlerhaften Anwendung: 0xMediencenter.exe0
Pfad der fehlerhaften Anwendung: Mediencenter.exe1
Pfad des fehlerhaften Moduls: Mediencenter.exe2
Berichtskennung: Mediencenter.exe3

Error: (01/16/2015 04:19:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Mediencenter.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess

wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen:

System.NullReferenceException
Stapel:
bei

DTAG.Mediencenter.Client.Services.NamedPipes.NpServiceHost.Close()
bei

DTAG.Mediencenter.Client.Controller.ApplicationController.CloseInterProcessCommunication()
bei

DTAG.Mediencenter.Client.Controller.ApplicationController.GoOffline(Boolean)
bei

DTAG.Mediencenter.Client.Controller.ApplicationController

+<>c__DisplayClassb.<HandleConnectionError>b__a()
bei

System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)


bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate,

System.Object, Int32, System.Delegate)
bei

System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei

System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
bei

System.Threading.ExecutionContext.runTryCode(System.Object)
bei

System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode,

CleanupCode, System.Object)
bei System.Threading.ExecutionContext.RunInternal

(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei

System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,

System.Threading.ContextCallback, System.Object, Boolean)
bei

System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,

System.Threading.ContextCallback, System.Object)
bei

System.Windows.Threading.DispatcherOperation.Invoke()
bei

System.Windows.Threading.Dispatcher.ProcessQueue()
bei

System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)


bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei

MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei

System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)


bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate,

System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.InvokeImpl

(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object,

Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei

MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei

System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei

System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
bei

System.Windows.Application.RunDispatcher(System.Object)
bei

System.Windows.Application.RunInternal(System.Windows.Window)
bei

System.Windows.Application.Run(System.Windows.Window)
bei DTAG.Mediencenter.Client.App.Main()

Error: (01/16/2015 01:12:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OUTLOOK.EXE, Version 14.0.7109.5000 kann nicht mehr unter Windows

ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-

Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15a8

Startzeit: 01d0317cc2ddbb24

Endzeit: 120

Anwendungspfad: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

Berichts-ID: 5c832353-9d81-11e4-aa40-1c7508558a7c


System errors:
=============
Error: (01/21/2015 02:25:02 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

Neue Signaturversion:

Vorherige Signaturversion: 1.191.2526.0

Aktualisierungsquelle: %NT-AUTORITÄT59

Aktualisierungsphase: 4.4.0304.00

Quellpfad: 4.4.0304.01

Signaturtyp: %NT-AUTORITÄT602

Aktualisierungstyp: %NT-AUTORITÄT604

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: %NT-AUTORITÄT605

Vorherige Modulversion: %NT-AUTORITÄT606

Fehlercode: %NT-AUTORITÄT607

Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (01/21/2015 02:01:49 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (01/21/2015 02:01:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/21/2015 02:01:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

Volumeschattenkopie erreicht.

Error: (01/21/2015 01:04:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wajam Internet Enhancer Service" wurde aufgrund folgenden Fehlers nicht

gestartet:
%%2

Error: (01/21/2015 01:04:00 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler

beendet: %%-2147023143.

Error: (01/21/2015 01:03:53 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: Der Dienst "BrPar" ist von der Gruppe "Parallel arbitrator" abhängig. Kein Mitglied

dieser Gruppe wurde jedoch gestartet.

Error: (01/21/2015 11:18:03 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

Neue Signaturversion:

Vorherige Signaturversion: 1.191.2526.0

Aktualisierungsquelle: %NT-AUTORITÄT59

Aktualisierungsphase: 4.4.0304.00

Quellpfad: 4.4.0304.01

Signaturtyp: %NT-AUTORITÄT602

Aktualisierungstyp: %NT-AUTORITÄT604

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: %NT-AUTORITÄT605

Vorherige Modulversion: %NT-AUTORITÄT606

Fehlercode: %NT-AUTORITÄT607

Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (01/21/2015 11:08:34 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/21/2015 11:07:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wajam Internet Enhancer Service" wurde aufgrund folgenden Fehlers nicht

gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (01/21/2015 01:07:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:

GROOVE.EXE14.0.7011.1000513a7cc7KERNELBASE.dll6.1.7601.1822951fb10c6e00000020000812f163801d0357b3

36051f7C:\Program Files\Microsoft Office\Office14\GROOVE.EXEC:\windows

\system32\KERNELBASE.dll74ff0eb9-a16e-11e4-aacb-1c7508558a7c

Error: (01/21/2015 01:07:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:

GROOVE.EXE14.0.7011.1000513a7cc7KERNELBASE.dll6.1.7601.1822951fb10c6e00000020000812fb0801d0357add

630658C:\Program Files\Microsoft Office\Office14\GROOVE.EXEC:\windows

\system32\KERNELBASE.dll62bcf920-a16e-11e4-aacb-1c7508558a7c

Error: (01/21/2015 11:10:03 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT-AUTORITÄT)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location

%APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/21/2015 11:10:03 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT-AUTORITÄT)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location

%APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/18/2015 08:30:55 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung

verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz

freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)

Error: (01/16/2015 04:44:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-

Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="

win32",version="6.0.0.0"c:\program files\silicon motion\lenovo easycamera\driverpackage

\DPInst64.exe

Error: (01/16/2015 04:42:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description:

Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",v

ersion="9.0.21022.8"c:\program files\Trillian\plugins\ingame\ingame_64.exe

Error: (01/16/2015 04:19:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:

Mediencenter.exe3.9.1055.645399a4beunknown0.0.0.000000000c0000005040de2f3e2001d0317c97843010C:

\Users\Detlef\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exeunknown7402e87d-9d9b-11e4

-aa40-1c7508558a7c

Error: (01/16/2015 04:19:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Mediencenter.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess

wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen:

System.NullReferenceException
Stapel:
bei

DTAG.Mediencenter.Client.Services.NamedPipes.NpServiceHost.Close()
bei

DTAG.Mediencenter.Client.Controller.ApplicationController.CloseInterProcessCommunication()
bei

DTAG.Mediencenter.Client.Controller.ApplicationController.GoOffline(Boolean)
bei

DTAG.Mediencenter.Client.Controller.ApplicationController

+<>c__DisplayClassb.<HandleConnectionError>b__a()
bei

System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)


bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate,

System.Object, Int32, System.Delegate)
bei

System.Windows.Threading.DispatcherOperation.InvokeImpl()
bei

System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
bei

System.Threading.ExecutionContext.runTryCode(System.Object)
bei

System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode,

CleanupCode, System.Object)
bei System.Threading.ExecutionContext.RunInternal

(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei

System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,

System.Threading.ContextCallback, System.Object, Boolean)
bei

System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,

System.Threading.ContextCallback, System.Object)
bei

System.Windows.Threading.DispatcherOperation.Invoke()
bei

System.Windows.Threading.Dispatcher.ProcessQueue()
bei

System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)


bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei

MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei

System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)


bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate,

System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.InvokeImpl

(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object,

Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei

MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
bei

System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei

System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
bei

System.Windows.Application.RunDispatcher(System.Object)
bei

System.Windows.Application.RunInternal(System.Windows.Window)
bei

System.Windows.Application.Run(System.Windows.Window)
bei DTAG.Mediencenter.Client.App.Main()

Error: (01/16/2015 01:12:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7109.500015a801d0317cc2ddbb24120C:\Program Files\Microsoft Office

\Office14\OUTLOOK.EXE5c832353-9d81-11e4-aa40-1c7508558a7c


==================== Memory info ===========================

Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz
Percentage of memory in use: 86%
Total physical RAM: 2008.6 MB
Available physical RAM: 263.41 MB
Total Pagefile: 4017.2 MB
Available Pagefile: 2129.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.56 MB

==================== Drives ================================

Drive c: (Festplatte) (Fixed) (Total:187.69 GB) (Free:92.83 GB) NTFS
Drive d: (Treiber) (Fixed) (Total:30.25 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EFB06E8E)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=187.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================]

Vielen Dank für deine Antwort..

ich hoffe, das war richtig so?

Mit den Logs so kann ich nicht viel anfangen. Du musst sie richtig posten, in CODE-Tags und ohne Zeilenumbrüche. Aber ich sehe schon zwei Punkte:

1. Illegale Software - MS Office

Zitat:

KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )

Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

2. Rootkitbefall

Zitat:

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2331039535-1181406896-2111325039-1000\$2b7307da3415a37f89d2f64300b1dc7a

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$2b7307da3415a37f89d2f64300b1dc7a

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?

• Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
  
  
• Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
  
  
• Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.

Teile mir also mit, wie du dich entschieden hast.