Ein falscher Klick und ich habe mir Movie Wizard inkl. 10 weitere Programme herunter geladen.
Die "kleineren" Programme konnte ich ohne Probleme über die Systemsteuerung entfernen bzw deinstallieren. Movie Wizard leider nicht. Mittlerweile konnte ich über den Revo Uninstaller - Movie Wizard aus der Systemsteuerung entfernen, allerdings erscheinen immer wieder beim Surfen im Internet weiterhin die Werbefenster. Wie kann ich diese los werden?

Vielen Dank im Voraus für eure Hilfe!

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
• Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
• Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
• Poste die Logfiles direkt in Deinen Thread in Code-Tags.
• Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Hallo Jürgen,

vielen Dank schon einmal dass du mir helfen möchtest

Hier der erste Scan, allerdings hat sich bei mir nur ein Fenster geöffnet!?!


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by User (administrator) on USER-PC on 24-01-2015 18:39:33
Running from C:\Users\User\Downloads
Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Small Island Development) C:\ProgramData\mnoRYlZTjd\DlMoQktqa.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\User\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2168424 2010-10-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-20] (Intel(R) Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-01-21] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [191304 2011-01-17] ()
HKLM-x32\...\Run: [PlusService] => C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2012-02-27] (Yuna Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-11] (AVAST Software)
HKLM-x32\...\Run: [gmsd_de_66] => [X]
HKLM-x32\...\Run: [mbot_de_395] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [192616 2011-03-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 - (No Name) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M8D66A3BE-050D-4721-A91C-EFEF034859ED&SearchSource=58&CUI=&UM=8&UP=SP837D4855-8C69-45DF-8437-9EB87B1ECEA9&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1ex653aBDOR
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll No File
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=8 -> C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\user.js
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-10]
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-12-12]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-12-12]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-29]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-10]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-11] (Avast Software)
R2 DlMoQktqa; C:\ProgramData\mnoRYlZTjd\DlMoQktqa.exe [2734456 2015-01-07] (Small Island Development)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-20] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-17] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-07] (Fuyu LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Adsamdrtmins; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-01-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-11] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-11] ()
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [50176 2011-01-21] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-11] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 18:39 - 2015-01-24 18:39 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-01-24 18:35 - 2015-01-24 18:37 - 02129920 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe
2015-01-19 18:57 - 2015-01-19 18:58 - 00037321 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-19 18:56 - 2015-01-24 18:39 - 00025473 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-19 18:56 - 2015-01-24 18:39 - 00000000 ____D () C:\FRST
2015-01-19 18:22 - 2015-01-19 18:22 - 00000247 _____ () C:\Windows\system32\2015-01-19-17-22-38.084-aswFe.exe-4440.log
2015-01-19 18:14 - 2015-01-19 18:22 - 00000247 _____ () C:\Windows\system32\2015-01-19-17-14-21.087-aswFe.exe-6936.log
2015-01-19 18:14 - 2015-01-19 18:14 - 00000197 _____ () C:\Windows\system32\2015-01-19-17-14-14.092-AvastVBoxSVC.exe-3232.log
2015-01-19 17:35 - 2015-01-19 17:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-19 17:35 - 2015-01-19 17:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-19 17:34 - 2015-01-19 17:34 - 00001270 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-01-19 17:34 - 2015-01-19 17:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-19 17:28 - 2015-01-19 17:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-01-11 21:44 - 2015-01-11 21:44 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-11 21:44 - 2015-01-11 21:44 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-11 21:36 - 2015-01-11 21:36 - 00001992 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-01-11 21:36 - 2015-01-11 21:36 - 00001932 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-01-11 21:36 - 2015-01-11 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-11 21:35 - 2015-01-11 21:35 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-11 21:35 - 2015-01-11 21:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-11 21:34 - 2015-01-11 21:34 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-01-11 20:50 - 2015-01-11 20:50 - 00003256 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-4193091509-1981412286-3300238867-1001
2015-01-11 20:46 - 2015-01-11 20:46 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2015-01-11 20:41 - 2015-01-11 20:41 - 05049344 _____ (Crawler.com ) C:\Users\User\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2015-01-11 20:25 - 2015-01-19 18:01 - 00000000 ____D () C:\ProgramData\Browser
2015-01-08 20:44 - 2015-01-08 20:44 - 00003100 _____ () C:\Windows\System32\Tasks\{2BDC3066-B574-4BE4-8B71-215296389417}
2015-01-08 20:38 - 2015-01-08 20:48 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-08 20:32 - 2015-01-08 20:33 - 143452799 _____ () C:\Users\User\Desktop\lexi2.cpr
2015-01-08 20:29 - 2015-01-11 21:43 - 00001091 _____ () C:\Users\User\Desktop\Continue Live Installation.lnk
2015-01-07 23:56 - 2015-01-07 23:56 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-07 23:54 - 2015-01-07 23:54 - 00003142 _____ () C:\Windows\System32\Tasks\{0FA4B8A4-296A-4522-AC73-2A304E514602}
2015-01-07 23:53 - 2015-01-07 23:53 - 00000000 ____D () C:\ProgramData\2355320829
2015-01-07 23:23 - 2015-01-07 23:23 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-01-07 23:20 - 2015-01-07 23:20 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-07 23:20 - 2015-01-07 23:20 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-07 23:20 - 2015-01-07 23:20 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-07 23:19 - 2015-01-19 19:03 - 00000000 ____D () C:\Users\User\AppData\Local\MovieWizard
2015-01-07 23:19 - 2015-01-19 17:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\VOPackage
2015-01-07 23:19 - 2015-01-08 20:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\omiga-plus
2015-01-07 23:19 - 2015-01-07 23:19 - 00004010 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-07 23:19 - 2015-01-07 23:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-01-07 23:18 - 2015-01-07 23:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\InetStat
2015-01-07 23:18 - 2015-01-07 23:19 - 00000000 ____D () C:\ProgramData\mnoRYlZTjd
2015-01-05 13:50 - 2015-01-05 13:50 - 00025799 _____ () C:\Users\User\Desktop\rentenkassechat.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 18:38 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 18:38 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 18:33 - 2013-05-20 10:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 18:27 - 2011-03-30 13:42 - 02087112 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 18:15 - 2013-05-20 10:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 18:15 - 2013-05-20 10:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 18:15 - 2011-06-29 22:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 18:14 - 2013-08-18 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-24 18:14 - 2011-06-17 17:49 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-24 18:11 - 2014-11-27 16:05 - 03353776 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-24 18:10 - 2011-01-12 16:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 18:10 - 2011-01-12 16:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 21:18 - 2014-06-20 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-19 18:59 - 2014-12-12 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-19 18:01 - 2009-08-04 10:51 - 00711094 _____ () C:\Windows\system32\perfh007.dat
2015-01-19 18:01 - 2009-08-04 10:51 - 00153542 _____ () C:\Windows\system32\perfc007.dat
2015-01-19 18:01 - 2009-07-14 06:13 - 01651444 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 17:58 - 2013-05-29 00:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-19 17:57 - 2011-03-30 14:15 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-01-19 17:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 17:54 - 2009-07-14 05:51 - 00095731 _____ () C:\Windows\setupact.log
2015-01-19 17:35 - 2014-07-18 17:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-19 17:35 - 2014-07-18 17:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-19 17:35 - 2011-06-17 09:19 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-19 17:08 - 2011-03-30 14:10 - 00001429 _____ () C:\Windows\system32\ServiceFilter.ini
2015-01-11 21:41 - 2011-03-30 14:10 - 00002472 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-01-11 21:40 - 2011-03-30 13:38 - 00488158 _____ () C:\Windows\PFRO.log
2015-01-11 21:35 - 2014-06-24 21:47 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-11 21:35 - 2014-06-24 21:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-11 21:35 - 2013-06-23 22:30 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-11 20:50 - 2011-06-18 08:46 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-08 20:58 - 2014-10-28 12:08 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-01-08 20:58 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-08 20:55 - 2011-06-16 23:52 - 00001427 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-08 09:55 - 2011-06-17 00:28 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-01-12 17:02 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-03-30 14:23 - 2011-03-30 14:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-01-12 16:48 - 2011-01-12 16:49 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-01-12 16:48 - 2011-01-12 16:48 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2011-03-30 14:19 - 2011-03-30 14:22 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2011-03-30 14:22 - 2011-03-30 14:23 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2011-03-30 14:18 - 2011-03-30 14:19 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\BackupSetup.exe
C:\Users\User\AppData\Local\Temp\ffunzip.exe
C:\Users\User\AppData\Local\Temp\GLF72A5.tmp.ConduitEngineSetup.exe
C:\Users\User\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\MSND930.exe
C:\Users\User\AppData\Local\Temp\nseAAE1.exe
C:\Users\User\AppData\Local\Temp\prxGLF72A5.tmp.tbIncr.dll
C:\Users\User\AppData\Local\Temp\supoptsetup.exe
C:\Users\User\AppData\Local\Temp\tbIncr.dll
C:\Users\User\AppData\Local\Temp\Update_034f.exe
C:\Users\User\AppData\Local\Temp\Update_3b18.exe
C:\Users\User\AppData\Local\Temp\Update_bac3.exe
C:\Users\User\AppData\Local\Temp\Update_d73f.exe
C:\Users\User\AppData\Local\Temp\wlsetup-cvr.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-08 21:50

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Hi,

guckst Du da:

Code: Alles auswählenAufklappen

ATTFilter

C:\Users\User\Downloads\Addition.txt
         

Deswegen nochmal Haken setzen bei Addition.txt...Die wird nämlich nur beim ersten Mal mit erstellt.

Schritt 1



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Hier nochmal


FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by User (administrator) on USER-PC on 24-01-2015 18:47:27
Running from C:\Users\User\Downloads
Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Small Island Development) C:\ProgramData\mnoRYlZTjd\DlMoQktqa.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_287.exe
(Farbar) C:\Users\User\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2168424 2010-10-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-20] (Intel(R) Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-01-21] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [191304 2011-01-17] ()
HKLM-x32\...\Run: [PlusService] => C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2012-02-27] (Yuna Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-11] (AVAST Software)
HKLM-x32\...\Run: [gmsd_de_66] => [X]
HKLM-x32\...\Run: [mbot_de_395] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [192616 2011-03-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 - (No Name) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M8D66A3BE-050D-4721-A91C-EFEF034859ED&SearchSource=58&CUI=&UM=8&UP=SP837D4855-8C69-45DF-8437-9EB87B1ECEA9&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420669216&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1ex653aBDOR
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll No File
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=8 -> C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\user.js
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-10]
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2014-12-12]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-12-12]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-29]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-10]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-11] (Avast Software)
R2 DlMoQktqa; C:\ProgramData\mnoRYlZTjd\DlMoQktqa.exe [2734456 2015-01-07] (Small Island Development)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-20] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-17] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-07] (Fuyu LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Adsamdrtmins; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-01-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-11] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-11] ()
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [50176 2011-01-21] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-11] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 18:44 - 2015-01-24 18:44 - 00000000 ____D () C:\Users\User\Downloads\Konto
2015-01-24 18:39 - 2015-01-24 18:39 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-01-24 18:35 - 2015-01-24 18:37 - 02129920 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe
2015-01-19 18:57 - 2015-01-19 18:58 - 00037321 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-19 18:56 - 2015-01-24 18:47 - 00025359 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-19 18:56 - 2015-01-24 18:47 - 00000000 ____D () C:\FRST
2015-01-19 18:22 - 2015-01-19 18:22 - 00000247 _____ () C:\Windows\system32\2015-01-19-17-22-38.084-aswFe.exe-4440.log
2015-01-19 18:14 - 2015-01-19 18:22 - 00000247 _____ () C:\Windows\system32\2015-01-19-17-14-21.087-aswFe.exe-6936.log
2015-01-19 18:14 - 2015-01-19 18:14 - 00000197 _____ () C:\Windows\system32\2015-01-19-17-14-14.092-AvastVBoxSVC.exe-3232.log
2015-01-19 17:35 - 2015-01-19 17:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-19 17:35 - 2015-01-19 17:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-19 17:34 - 2015-01-19 17:34 - 00001270 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-01-19 17:34 - 2015-01-19 17:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-19 17:28 - 2015-01-19 17:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-01-11 21:44 - 2015-01-11 21:44 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-11 21:44 - 2015-01-11 21:44 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-11 21:36 - 2015-01-11 21:36 - 00001992 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-01-11 21:36 - 2015-01-11 21:36 - 00001932 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-01-11 21:36 - 2015-01-11 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-11 21:35 - 2015-01-11 21:35 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-11 21:35 - 2015-01-11 21:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-11 21:34 - 2015-01-11 21:34 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-01-11 20:50 - 2015-01-11 20:50 - 00003256 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-4193091509-1981412286-3300238867-1001
2015-01-11 20:46 - 2015-01-11 20:46 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2015-01-11 20:41 - 2015-01-11 20:41 - 05049344 _____ (Crawler.com ) C:\Users\User\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2015-01-11 20:25 - 2015-01-19 18:01 - 00000000 ____D () C:\ProgramData\Browser
2015-01-08 20:44 - 2015-01-08 20:44 - 00003100 _____ () C:\Windows\System32\Tasks\{2BDC3066-B574-4BE4-8B71-215296389417}
2015-01-08 20:38 - 2015-01-08 20:48 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-08 20:32 - 2015-01-08 20:33 - 143452799 _____ () C:\Users\User\Desktop\lexi2.cpr
2015-01-08 20:29 - 2015-01-11 21:43 - 00001091 _____ () C:\Users\User\Desktop\Continue Live Installation.lnk
2015-01-07 23:56 - 2015-01-07 23:56 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-07 23:54 - 2015-01-07 23:54 - 00003142 _____ () C:\Windows\System32\Tasks\{0FA4B8A4-296A-4522-AC73-2A304E514602}
2015-01-07 23:53 - 2015-01-07 23:53 - 00000000 ____D () C:\ProgramData\2355320829
2015-01-07 23:23 - 2015-01-07 23:23 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-01-07 23:20 - 2015-01-07 23:20 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-07 23:20 - 2015-01-07 23:20 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-07 23:20 - 2015-01-07 23:20 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-07 23:19 - 2015-01-19 19:03 - 00000000 ____D () C:\Users\User\AppData\Local\MovieWizard
2015-01-07 23:19 - 2015-01-19 17:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\VOPackage
2015-01-07 23:19 - 2015-01-08 20:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\omiga-plus
2015-01-07 23:19 - 2015-01-07 23:19 - 00004010 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-07 23:19 - 2015-01-07 23:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-01-07 23:18 - 2015-01-07 23:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\InetStat
2015-01-07 23:18 - 2015-01-07 23:19 - 00000000 ____D () C:\ProgramData\mnoRYlZTjd
2015-01-05 13:50 - 2015-01-05 13:50 - 00025799 _____ () C:\Users\User\Desktop\rentenkassechat.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 18:38 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 18:38 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 18:33 - 2013-05-20 10:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 18:27 - 2011-03-30 13:42 - 02087112 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 18:19 - 2013-08-18 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-24 18:15 - 2013-05-20 10:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 18:15 - 2013-05-20 10:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 18:15 - 2011-06-29 22:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 18:14 - 2011-06-17 17:49 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-24 18:11 - 2014-11-27 16:05 - 03353776 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-24 18:10 - 2011-01-12 16:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 18:10 - 2011-01-12 16:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 21:18 - 2014-06-20 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-19 18:59 - 2014-12-12 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-19 18:01 - 2009-08-04 10:51 - 00711094 _____ () C:\Windows\system32\perfh007.dat
2015-01-19 18:01 - 2009-08-04 10:51 - 00153542 _____ () C:\Windows\system32\perfc007.dat
2015-01-19 18:01 - 2009-07-14 06:13 - 01651444 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-19 17:58 - 2013-05-29 00:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-19 17:57 - 2011-03-30 14:15 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-01-19 17:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 17:54 - 2009-07-14 05:51 - 00095731 _____ () C:\Windows\setupact.log
2015-01-19 17:35 - 2014-07-18 17:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-19 17:35 - 2014-07-18 17:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-19 17:35 - 2011-06-17 09:19 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-19 17:08 - 2011-03-30 14:10 - 00001429 _____ () C:\Windows\system32\ServiceFilter.ini
2015-01-11 21:41 - 2011-03-30 14:10 - 00002472 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-01-11 21:40 - 2011-03-30 13:38 - 00488158 _____ () C:\Windows\PFRO.log
2015-01-11 21:35 - 2014-06-24 21:47 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-11 21:35 - 2014-06-24 21:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-11 21:35 - 2013-06-23 22:30 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-11 20:50 - 2011-06-18 08:46 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-08 20:58 - 2014-10-28 12:08 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-01-08 20:58 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-08 20:55 - 2011-06-16 23:52 - 00001427 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-08 09:55 - 2011-06-17 00:28 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-01-12 17:02 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-03-30 14:23 - 2011-03-30 14:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-01-12 16:48 - 2011-01-12 16:49 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-01-12 16:48 - 2011-01-12 16:48 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2011-03-30 14:19 - 2011-03-30 14:22 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2011-03-30 14:22 - 2011-03-30 14:23 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2011-03-30 14:18 - 2011-03-30 14:19 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\BackupSetup.exe
C:\Users\User\AppData\Local\Temp\ffunzip.exe
C:\Users\User\AppData\Local\Temp\GLF72A5.tmp.ConduitEngineSetup.exe
C:\Users\User\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\MSND930.exe
C:\Users\User\AppData\Local\Temp\nseAAE1.exe
C:\Users\User\AppData\Local\Temp\prxGLF72A5.tmp.tbIncr.dll
C:\Users\User\AppData\Local\Temp\supoptsetup.exe
C:\Users\User\AppData\Local\Temp\tbIncr.dll
C:\Users\User\AppData\Local\Temp\Update_034f.exe
C:\Users\User\AppData\Local\Temp\Update_3b18.exe
C:\Users\User\AppData\Local\Temp\Update_bac3.exe
C:\Users\User\AppData\Local\Temp\Update_d73f.exe
C:\Users\User\AppData\Local\Temp\wlsetup-cvr.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-08 21:50

==================== End Of Log ============================
         

--- --- ---

--- --- ---



Addition

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by User at 2015-01-24 18:48:04
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
ALDI NORD Bestellsoftware 4.14.5 (HKLM-x32\...\ALDI NORD Bestellsoftware) (Version: 4.14.5 - ORWO Net)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0030 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_N3_Series (HKLM-x32\...\ASUS_N3_Series) (Version: 1.0.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2322.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.3.2322.0 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
ETDWare PS/2-x64 7.0.5.15_WHQL (HKLM\...\Elantech) (Version: 7.0.5.15 - ELAN Microelectronics Corp.)
ExpressGateCloud (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.6.20.110 - VideACE Co.)
ExpressGateCloud (x32 Version: 2.6.20.110 - VideACE Co.) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{26211D4B-CD06-44C8-BA6E-F937E1692629}) (Version: 3.0.114.13 - Fresco Logic Inc.)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 12.0.742.100 - Google Inc.)
Google Update Helper (x32 Version: 1.2.183.13 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Intel(R) Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.290 - Oracle)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Messenger Plus! 5 (HKLM-x32\...\Messenger Plus!) (Version: 5.11.0.760 - Yuna Software)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Graphics Driver 265.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 265.96 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6221 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
USB2.0 UVC 2M WebCam (HKLM\...\USB2.0 UVC 2M WebCam) (Version: 5.8.55133.208 - Sonix)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\...\{FC3F1B35-555E-420C-BAF5-80608DCDD336}) (Version: 21.00.8480 - Buhl Data Service GmbH)
XnView 1.98.2 (HKLM-x32\...\XnView_is1) (Version: 1.98.2 - Gougelet Pierre-e)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-12-2014 15:56:25 Windows Update
18-12-2014 17:03:38 Windows Update
23-12-2014 11:26:24 Windows Update
28-12-2014 18:38:30 Windows Update
05-01-2015 12:46:10 Windows Update
11-01-2015 20:38:19 Windows Update
11-01-2015 21:29:16 avast! antivirus system restore point
11-01-2015 21:36:06 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
19-01-2015 17:24:39 Windows Update
19-01-2015 18:00:49 Revo Uninstaller's restore point - Movie Wizard
19-01-2015 18:08:04 Revo Uninstaller's restore point - Photo Notifier and Animation Creator
19-01-2015 18:08:28 Photo Notifier and Animation Creator wurde entfernt.
19-01-2015 18:10:54 Revo Uninstaller's restore point - Spyware Terminator 2012
24-01-2015 18:11:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1EEA7C05-90CF-489E-998C-ECC3CD41E162} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {27F68C3C-D10A-4F46-910B-2B0C84BBE90D} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {35F04C88-54E5-4614-8B1B-8CEE3C5B9AE5} - System32\Tasks\{2BDC3066-B574-4BE4-8B71-215296389417} => pcalua.exe -a C:\ProgramData\MovieWizard\uninstall.exe -c /kb=y /ic=1
Task: {418AC38A-133F-4E5C-9E8F-F1FCD30BCE2D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {4CD5389C-EC9B-44C1-B3E5-03DBF058A750} - System32\Tasks\{0FA4B8A4-296A-4522-AC73-2A304E514602} => pcalua.exe -a C:\Users\User\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: {6454799E-A467-4F70-881E-4C5B66B78103} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12] (Google Inc.)
Task: {68C95B32-F54A-4A93-950E-8D4974F5BC6F} - System32\Tasks\avastBCLRestartS-1-5-21-4193091509-1981412286-3300238867-1001 => Firefox.exe 
Task: {A7A3A7CC-8C08-41FD-900D-94D72602C800} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {A7E6A06B-F2EB-4D8E-AC32-816C859CAAE2} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {C12012C5-397F-4104-98C2-396321DCF603} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12] (Google Inc.)
Task: {CAA131A6-E126-4E03-AABC-51DA03575CAE} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
Task: {CFB291BD-E069-4B53-AAF9-D07DF2C04742} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-11] (AVAST Software)
Task: {E336769A-C0E8-4D8C-BE20-4EF9E420CC92} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {F9A5D327-CA5B-4F2A-B1E9-6EFDEB5BBE81} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-07-20 00:48 - 2010-07-20 00:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-01-17 22:16 - 2011-01-17 22:16 - 00091464 _____ () C:\EXPRESSGATEUTIL\VAWINSERVICE.EXE
2015-01-11 21:34 - 2015-01-11 21:34 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-11 21:34 - 2015-01-11 21:34 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2011-01-12 17:01 - 2011-01-12 17:01 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2011-01-12 17:01 - 2011-01-12 17:01 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-30 14:09 - 2007-11-30 19:20 - 00051768 _____ () C:\PROGRAM FILES (X86)\ASUS\ASUS LIVE UPDATE\ALU.EXE
2010-04-03 03:21 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\PROGRAM FILES (X86)\ASUS\ASUS WEBSTORAGE\SERVICE\ASUSWSSERVICE.EXE
2010-07-20 00:48 - 2010-07-20 00:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-02-12 03:19 - 2011-01-27 01:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-09-24 00:53 - 2010-09-24 00:53 - 01601536 _____ () C:\PROGRAM FILES (X86)\ASUS\WIRELESS CONSOLE 3\WCOURIER.EXE
2011-01-17 22:16 - 2011-01-17 22:16 - 00191304 _____ () C:\EXPRESSGATEUTIL\VAWINAGENT.EXE
2014-07-23 00:02 - 2014-09-18 13:50 - 01428760 _____ () C:\PROGRAM FILES (X86)\WISO\STEUERSOFTWARE 2014\MSHAKTUELL.EXE
2015-01-19 17:11 - 2015-01-19 17:11 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15011900\algo.dll
2015-01-11 21:34 - 2015-01-11 21:34 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-24 18:12 - 2015-01-24 18:12 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012400\algo.dll
2011-01-17 22:16 - 2011-01-17 22:16 - 00091464 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-12-25 03:12 - 2010-12-25 03:12 - 00157000 _____ () C:\ExpressGateUtil\libexpat.dll
2011-01-04 01:27 - 2011-01-04 01:27 - 00061768 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2011-03-30 14:09 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-09-24 00:53 - 2010-09-24 00:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2011-01-17 22:16 - 2011-01-17 22:16 - 00191304 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2015-01-11 21:35 - 2015-01-11 21:35 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-23 00:02 - 2014-09-18 13:50 - 01428760 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2014-07-23 00:01 - 2014-09-18 13:50 - 09726232 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-07-23 00:01 - 2014-09-18 13:51 - 03902232 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 02752280 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 02125592 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01933080 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 04325656 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-07-23 00:01 - 2014-02-11 10:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-07-23 00:01 - 2014-02-11 10:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-07-23 00:01 - 2014-02-11 10:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01572632 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 05302040 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01740568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01812248 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01633560 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01340696 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01312536 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 07357208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01287448 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2011-01-17 15:19 - 2011-06-17 09:22 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-03-30 13:58 - 2011-03-10 05:22 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-12-12 18:04 - 2014-12-12 18:04 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-24 18:15 - 2015-01-24 18:15 - 16844464 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administrator (S-1-5-21-4193091509-1981412286-3300238867-500 - Administrator - Disabled)
Gast (S-1-5-21-4193091509-1981412286-3300238867-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4193091509-1981412286-3300238867-1024 - Limited - Enabled)
UpdatusUser (S-1-5-21-4193091509-1981412286-3300238867-1000 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-4193091509-1981412286-3300238867-1001 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2015 06:38:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 19.1.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1d80

Startzeit: 01d037fc5271a989

Endzeit: 0

Anwendungspfad: C:\Users\User\Desktop\FRST64.exe

Berichts-ID: bb5b9e02-a3ef-11e4-b280-f46d0482b822

Error: (01/24/2015 06:12:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Spyware Terminator Driver Filter.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/19/2015 06:22:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1288
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/11/2015 09:21:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xea8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/11/2015 08:53:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FIREFOX.EXE, Version 34.0.5.5443 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1de8

Startzeit: 01d02dd7d41ed93b

Endzeit: 12

Anwendungspfad: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE

Berichts-ID: 7c5559e0-99cb-11e4-91b7-f46d0482b822

Error: (01/11/2015 08:50:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xa24
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/11/2015 08:49:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x734
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/08/2015 09:48:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/08/2015 09:48:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/28/2014 11:30:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1c60
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (01/24/2015 06:39:21 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/24/2015 06:36:29 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/24/2015 06:35:41 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/24/2015 06:11:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (01/19/2015 06:29:02 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2015 06:28:55 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2015 06:28:47 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2015 06:28:40 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2015 06:28:34 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2015 06:28:28 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (01/24/2015 06:38:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe19.1.2015.01d8001d037fc5271a9890C:\Users\User\Desktop\FRST64.exebb5b9e02-a3ef-11e4-b280-f46d0482b822

Error: (01/24/2015 06:12:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Spyware Terminator Driver Filter.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/19/2015 06:22:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425128801d0340b3164e0a4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb7d53da0-9fff-11e4-b280-f46d0482b822

Error: (01/11/2015 09:21:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425ea801d02dd8c7dd21c3C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll711f0fb0-99cf-11e4-91b7-f46d0482b822

Error: (01/11/2015 08:53:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FIREFOX.EXE34.0.5.54431de801d02dd7d41ed93b12C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE7c5559e0-99cb-11e4-91b7-f46d0482b822

Error: (01/11/2015 08:50:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425a2401d02dd7b118baa2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll0e45e951-99cb-11e4-91b7-f46d0482b822

Error: (01/11/2015 08:49:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d664800000030000142573401d02dd4bc1d8d71C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle351f39f-99ca-11e4-91b7-f46d0482b822

Error: (01/08/2015 09:48:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dllC:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll2

Error: (01/08/2015 09:48:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (12/28/2014 11:30:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d66480000003000014251c6001d01d40964cac44C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1fd77ffb-8ee1-11e4-91b7-f46d0482b822


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 55%
Total physical RAM: 4006.71 MB
Available physical RAM: 1785.01 MB
Total Pagefile: 8011.61 MB
Available Pagefile: 4908.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:256 GB) (Free:167.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:315.17 GB) (Free:314.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: B2088A36)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=256 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=315.2 GB) - (Type=OF Extended)

==================== End Of Log ============================
         

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

• Download
• Installiere das Programm in den vorgegebenen Pfad.
• Starte Malwarebytes' Anti-Malware (MBAM).
• Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
• Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
• Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
• Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 3



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Text von Schritt 1

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v4.109 - Bericht erstellt am 24/01/2015 um 18:58:49
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-24.4 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Downloads\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : WindowsMangerProtect
Dienst Gelöscht : IHProtect Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Browser
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\yuna software
Ordner Gelöscht : C:\Program Files (x86)\XTab
Ordner Gelöscht : C:\Users\User\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\User\AppData\Local\MovieWizard
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\User\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\User\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\User\AppData\Roaming\omiga-plus
Ordner Gelöscht : C:\Users\User\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\User\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\user.js
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\omiga-plus.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\omiga-plus.xml

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2724407
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{990AF1C2-5A27-4460-8149-ECC6BC122AF3}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\yuna software
Schlüssel Gelöscht : HKCU\Software\StormWatchApp
Schlüssel Gelöscht : HKCU\Software\Wnkey
Schlüssel Gelöscht : HKCU\Software\Super Optimizer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gelöscht : HKLM\SOFTWARE\omiga-plusSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\yuna software
Schlüssel Gelöscht : HKLM\SOFTWARE\GAMESDESKTOP
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v34.0.5 (x86 de)

[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407..clientLogIsEnabled", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.BrowserCompStateIsOpen_129626311033612748", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.BrowserCompStateIsOpen_129681662005688888", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.CTID", "ct2724407");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.CurrentServerDate", "14-12-2011");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.DialogsAlignMode", "LTR");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.DialogsGetterLastCheckTime", "Sun Dec 04 2011 21:09:27 GMT+0100");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.DownloadReferralCookieData", "");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.EnableSearchHistory", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.EnableSearchSuggest", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.FirstServerDate", "4-7-2011");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.FirstTime", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.FirstTimeFF3", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.FixPageNotFoundErrors", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.GroupingServerCheckInterval", 1440);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.HasUserGlobalKeys", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.Initialize", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.InitializeCommonPrefs", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.InstallationAndCookieDataSentCount", 3);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.InstallationId", "ConduitStubGeneric");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.InstallationType", "ConduitStubIntegration");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.InstalledDate", "Mon Jul 04 2011 12:34:08 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.InvalidateCache", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.IsAlertDBUpdated", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.IsGrouping", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.IsInitSetupIni", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.IsMulticommunity", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.IsOpenThankYouPage", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.IsOpenUninstallPage", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.LanguagePackLastCheckTime", "Mon Jul 04 2011 12:34:10 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.LanguagePackReloadIntervalMM", 1440);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.LastLogin_3.5.0.12", "Mon Aug 15 2011 22:48:00 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.LastLogin_3.6.0.10", "Sun Oct 02 2011 21:22:38 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.LastLogin_3.7.0.6", "Thu Nov 10 2011 11:49:58 GMT+0100");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.LastLogin_3.8.0.8", "Wed Dec 14 2011 01:38:41 GMT+0100");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.LatestVersion", "3.8.0.8");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.Locale", "de");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.MCDetectTooltipHeight", "83");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.MCDetectTooltipShow", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.MCDetectTooltipWidth", "295");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.MyStuffEnabledAtInstallation", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.OriginalFirstVersion", "3.5.0.12");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.RadioIsPodcast", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.RadioLastCheckTime", "Mon Jul 04 2011 12:34:09 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.RadioLastUpdateIPServer", "0");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.RadioMediaID", "21080119");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.RadioMediaType", "Media Player");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.RadioMenuSelectedID", "EBRadioMenu_CT272440721080119");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.RadioShrinkedFromSetup", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.RadioStationName", "Royal-Radio%20");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.RadioStationURL", "");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.SearchBoxWidth", 100);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.SearchFromAddressBarIsInit", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2724407&q=");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.SearchInNewTabEnabled", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.SearchInNewTabIntervalMM", 1440);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.SearchInNewTabLastCheckTime", "Mon Jul 04 2011 12:34:08 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.SearchInNewTabUserEnabled", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ServiceMapLastCheckTime", "Tue Dec 13 2011 23:04:35 GMT+0100");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.SettingsLastCheckTime", "Mon Jul 04 2011 12:34:08 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.SettingsLastUpdate", "1306530423");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ThirdPartyComponentsInterval", 504);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ThirdPartyComponentsLastCheck", "Mon Jul 04 2011 12:34:08 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ThirdPartyComponentsLastUpdate", "1255344657");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ToolbarShrinkedFromSetup", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724407");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.UserID", "UN84182865384111345");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.WeatherNetwork", "");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.WeatherPollDate", "Mon Jul 04 2011 13:14:17 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.WeatherUnit", "C");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.alertChannelId", "1116673");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.approveUntrustedApps", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e.:2z527", "247E70756B74757945473D3E3C3D3F3B224D4245327A3426282721263A313C2E30313233344E565A53553C675C5F4C354E4041413B44544B56484A4B4C7A68727D6D54207477644D665[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e06cg5el8:", "6E6D6F6F6B7272767272");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747375757178787C7878242F4B49474F42357D5D5C3D");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e31;cjeik4!kk", "247E61393F236B25767177722A212C6E414F444D327A34515557402D57573C333E214D4E57432C4534473E49596D61656165503958536175705740593834285D545F6E6E6A7821[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A3951485367756363677575676B65527D7275624B645453515[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927252[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A474D4D5E55607971246E7778257[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F7A6F725F48614F50504F665D6[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b-0?3g>d", "3C3E6D6A7142416E7A7473727A2076777E772520247E502A28535356592D25265E2E5D2F");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b-0?3g@6:5;", "");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b/556,bi5a>g", "6E6D6F6F6B726E746E75777776");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b5ba==9cjag", "6D3D6D3D6A406C747A7570777773787A4A4A7B4C21");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F6B7272757576737179");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b9643g3/9e", "6A");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b<:222h64<", "393F352F3E");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b=+03eh8h8j?:", "4443");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9b?b0d:8aj62<h", "6D");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.componentAlertEnabled", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.components.1000082", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.components.1000234", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.AppTrackingLastCheckTime", "Sat Aug 20 2011 18:36:04 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.DialogsAlignMode", "LTR");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.InvalidateCache", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.LanguagePackLastCheckTime", "Wed Dec 14 2011 01:38:41 GMT+0100");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.Locale", "de");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.RadioLastCheckTime", "Mon Jul 04 2011 12:34:10 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.RadioLastUpdateIPServer", "3");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.RadioLastUpdateServer", "129249047784100000");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.SearchInNewTabLastCheckTime", "Wed Dec 14 2011 01:38:41 GMT+0100");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.SettingsLastCheckTime", "Wed Dec 14 2011 01:38:40 GMT+0100");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.SettingsLastUpdate", "1323771972");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.ThirdPartyComponentsLastCheck", "Sun Dec 04 2011 21:09:25 GMT+0100");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.ThirdPartyComponentsLastUpdate", "1255344657");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.components.129248972442534223", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.components.129248974835231354", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.components.129248976574606681", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.components.129248977510712757", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.globalFirstTimeInfoLastCheckTime", "Sun Dec 04 2011 21:09:27 GMT+0100");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.toolbarAppMetaDataLastCheckTime", "Sun Dec 04 2011 21:09:26 GMT+0100");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.ct2724407.toolbarContextMenuLastCheckTime", "Sun Dec 04 2011 21:09:26 GMT+0100");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.globalFirstTimeInfoLastCheckTime", "Mon Jul 04 2011 12:34:08 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.homepageProtectorEnableByLogin", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.initDone", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.isAppTrackingManagerOn", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.isFirstRadioInstallation", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.myStuffEnabled", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.myStuffPublihserMinWidth", 400);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.myStuffServiceIntervalMM", 1440);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.oldAppsList", "129248971186128163,129248971186128164,111,129248972442534223,129248976574606681,129248977510712757,1000082,129626311033612748,1000234,129248974835231354,1000034,100[...]
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.revertSettingsEnabled", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.searchProtectorDialogDelayInSec", 10);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.searchProtectorEnableByLogin", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.testingCtid", "");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.toolbarAppMetaDataLastCheckTime", "Mon Jul 04 2011 12:34:08 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.toolbarContextMenuLastCheckTime", "Mon Jul 04 2011 12:34:10 GMT+0200");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.usageEnabled", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CT2724407.usagesFlag", 2);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "oIwsta2spzadhjRgiY1Nhw==");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "WiZSpHJzJ/uTUKvfHHyj/w==");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "9H/gICSaMqbmx+Gd+8W4Sg==");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "eJfMrdrGnhGHiiPiYjgAww==");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\User\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\fzjyd66v.default\\conduitCommon\\modules\\3.8.0.8");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_eb033329", "356x332");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1ex653aBDOR&search=");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2724407");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2724407");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2724407");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "16ffef7d-d464-474e-9e50-3387ff87657c");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Dec 13 2011 23:04:36 GMT+0100");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Dec 13 2011 23:04:36 GMT+0100");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "41fbecbf-e272-482c-a6a8-5b5704987b58");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.alias", "omiga-plus");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/favicon.ico");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.name", "omiga-plus");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420669137&from=tugs&uid=ST9640320AS_5WX1ZP8HXXXX5WX1ZP8H&q={searchTerms}");
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[fzjyd66v.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [36097 octets] - [24/01/2015 18:57:16]
AdwCleaner[S0].txt - [36098 octets] - [24/01/2015 18:58:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [36159 octets] ##########
         

ich gehe nun weiter zu Schritt 2

Zitat:

Zitat von Anniiii

ich gehe nun weiter zu Schritt 2

jup...

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.01.2015
Suchlauf-Zeit: 19:10:41
Logdatei: 
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.24.13
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 392744
Verstrichene Zeit: 29 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.MovieWizard.A, C:\ProgramData\mnoRYlZTjd\DlMoQktqa.exe, 2516, Löschen bei Neustart, [53fef007c2c7e452bcb03a72fe03ea16]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.MovieWizard.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DlMoQktqa, In Quarantäne, [53fef007c2c7e452bcb03a72fe03ea16], 
PUP.Optional.IncrediMediaBar, HKU\S-1-5-21-4193091509-1981412286-3300238867-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\IncrediMail_MediaBar_Deutsch_2, In Quarantäne, [0f4205f25d2c9d998acad7a6a85b639d], 

Registrierungswerte: 2
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_de_66, In Quarantäne, [76dbc5325237b97d15dae39c8e756997], 
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_de_395, In Quarantäne, [88c9a15602878da96006c9c98e75f30d], 

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.MovieWizard.A, C:\Users\User\AppData\Local\MovieWizard, In Quarantäne, [f55cdf1863268aac5fc1a4fcda29c33d], 
Rogue.Multiple, C:\ProgramData\2355320829, In Quarantäne, [57fa3eb94b3eb77fdfbd6fc12ad9ed13], 

Dateien: 19
PUP.Optional.MovieWizard.A, C:\ProgramData\mnoRYlZTjd\DlMoQktqa.exe, Löschen bei Neustart, [53fef007c2c7e452bcb03a72fe03ea16], 
PUP.Optional.MovieWizard.A, C:\ProgramData\mnoRYlZTjd\dat\HzCEYQ.exe, Löschen bei Neustart, [1d34cb2ced9c30061f4dd4d8ef126c94], 
PUP.Optional.MovieWizard.A, C:\ProgramData\mnoRYlZTjd\dat\TXMAqiKRS.dll, Löschen bei Neustart, [b39e4daabbcea88e183a0191b74e23dd], 
PUP.Optional.MovieWizard.A, C:\ProgramData\mnoRYlZTjd\dat\yEJumchnyYV.exe, Löschen bei Neustart, [90c1c7304b3efb3b6507e9c30cf5ce32], 
PUP.Optional.SoftPulse, C:\$Recycle.Bin\S-1-5-21-4193091509-1981412286-3300238867-1001\$RSK8A3S.exe, In Quarantäne, [cc851ed9f594fa3c4ceee6211ee4ec14], 
PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\nseAAE1.exe, In Quarantäne, [b49dcd2a93f62214a32494128f72db25], 
PUP.Optional.MovieWizard.A, C:\Users\User\AppData\Local\Temp\17593600-89d9-47b4-abc6-1778c5516f66\setup.exe, In Quarantäne, [6fe2ab4c1d6ce55130e37ae37090eb15], 
PUP.Optional.Tuto4PC.A, C:\Users\User\AppData\Local\Temp\is-76B3N.tmp\package_mybestofferstoday_installer_multilang.exe, In Quarantäne, [88c919def891e94db8cc6e86fe03b54b], 
PUP.Optional.Tuto4PC.A, C:\Users\User\AppData\Local\Temp\is-E8HVI.tmp\package_speedup_installer_multilang.exe, In Quarantäne, [173a7483d7b2c472d1b38b69a75aaa56], 
PUP.Optional.BabylonToolBar.A, C:\Users\User\AppData\Local\Temp\is887590510\MyBabylonTB.exe, In Quarantäne, [450c4ea9523756e06f33e358d52c758b], 
PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\d5cf4d0f-c0af-4216-bbd2-0b2aaa40a073\spidentifierimpl.exe, In Quarantäne, [351c44b3d4b5e353b67df3b56a97bd43], 
PUP.Optional.StormWatch.A, C:\Users\User\AppData\Local\Temp\831f58e9-d62f-4af2-97e0-ec95fc2b7841\setup.exe, In Quarantäne, [aaa7b93ea1e846f02690d283cf310000], 
PUP.Optional.SupTab.A, C:\Users\User\AppData\Local\Temp\~dl8A01\~dljyb\tmp\STab_Down.exe, In Quarantäne, [450cc92ea7e2072f264fa0c5e11fee12], 
PUP.Optional.XTab.A, C:\Users\User\AppData\Local\Temp\~dl8A01\~dljyb\tmp\STab_v4.0.exe, In Quarantäne, [0e435f9850399d9979142bdceb17857b], 
PUP.Optional.WindowsProtectManger.A, C:\Users\User\AppData\Local\Temp\~dl8A01\~dljyb\tmp\wpm_v20.0.0.1337.exe, In Quarantäne, [6ae77384cdbc0234393b0db9a55c7c84], 
PUP.Optional.Tuto4PC.A, C:\Users\User\AppData\Local\Temp\7b0b9aea-f7bc-4273-947d-1c8b379f5822\games desktop.exe, In Quarantäne, [ea67797e1277f2445ca0e21bff024eb2], 
PUP.Optional.MovieWizard.A, C:\Users\User\AppData\Local\MovieWizard\data2.dat, In Quarantäne, [f55cdf1863268aac5fc1a4fcda29c33d], 
PUP.Optional.ISearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\omiga-plus.xml, In Quarantäne, [f95821d6d3b6fe3877dbad3822e2ed13], 
Rogue.Multiple, C:\ProgramData\2355320829\BIT92E3.tmp, In Quarantäne, [57fa3eb94b3eb77fdfbd6fc12ad9ed13], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

Sehr gut, und jetzt beglücke mich bitte mit frischen FRST-Logs...

Tut mir leid, ich musste spontan los.
Hier nun der frisch Scan



FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by User (administrator) on USER-PC on 24-01-2015 23:05:02
Running from C:\Users\User\Downloads
Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Farbar) C:\Users\User\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2168424 2010-10-13] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-20] (Intel(R) Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-01-21] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [191304 2011-01-17] ()
HKLM-x32\...\Run: [PlusService] => C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-11] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [192616 2011-03-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=8 -> C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\searchplugins\yahoo-avast.xml
FF Extension: Download videos and MP3s from YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-10]
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fzjyd66v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2015-01-19]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2015-01-19]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-29]
FF HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-10]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-11] (Avast Software)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-20] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-17] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Adsamdrtmins; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-01-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-11] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-11] ()
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [50176 2011-01-21] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-21] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-11] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 19:46 - 2015-01-24 19:46 - 00000197 _____ () C:\Windows\system32\2015-01-24-18-46-12.041-AvastVBoxSVC.exe-5616.log
2015-01-24 19:08 - 2015-01-24 19:08 - 00000000 ____D () C:\ProgramData\Browser
2015-01-24 19:07 - 2015-01-24 19:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-24 19:03 - 2015-01-24 19:03 - 00000197 _____ () C:\Windows\system32\2015-01-24-18-03-11.029-AvastVBoxSVC.exe-284.log
2015-01-24 18:56 - 2015-01-24 18:56 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-24 18:56 - 2015-01-24 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-24 18:56 - 2015-01-24 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-24 18:56 - 2015-01-24 18:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-24 18:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-24 18:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-24 18:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-24 18:54 - 2015-01-24 18:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-24 18:53 - 2015-01-24 18:59 - 00000000 ____D () C:\AdwCleaner
2015-01-24 18:52 - 2015-01-24 18:52 - 02194432 _____ () C:\Users\User\Downloads\AdwCleaner_4.109.exe
2015-01-24 18:44 - 2015-01-24 18:44 - 00000000 ____D () C:\Users\User\Downloads\Konto
2015-01-24 18:39 - 2015-01-24 18:39 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-01-24 18:35 - 2015-01-24 18:37 - 02129920 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe
2015-01-19 18:59 - 2015-01-19 18:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-19 18:57 - 2015-01-24 18:48 - 00037135 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-19 18:56 - 2015-01-24 23:05 - 00020274 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-19 18:56 - 2015-01-24 23:05 - 00000000 ____D () C:\FRST
2015-01-19 18:22 - 2015-01-19 18:22 - 00000247 _____ () C:\Windows\system32\2015-01-19-17-22-38.084-aswFe.exe-4440.log
2015-01-19 18:14 - 2015-01-19 18:22 - 00000247 _____ () C:\Windows\system32\2015-01-19-17-14-21.087-aswFe.exe-6936.log
2015-01-19 18:14 - 2015-01-19 18:14 - 00000197 _____ () C:\Windows\system32\2015-01-19-17-14-14.092-AvastVBoxSVC.exe-3232.log
2015-01-19 17:35 - 2015-01-19 17:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-19 17:35 - 2015-01-19 17:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-19 17:34 - 2015-01-19 17:34 - 00001270 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-01-19 17:34 - 2015-01-19 17:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-19 17:28 - 2015-01-19 17:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-01-19 17:27 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-19 17:27 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-19 17:27 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-19 17:27 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-19 17:27 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-19 17:27 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-19 17:26 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-19 17:26 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-19 17:26 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-19 17:26 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-19 17:26 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-19 17:26 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-19 17:26 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-11 21:44 - 2015-01-11 21:44 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-11 21:44 - 2015-01-11 21:44 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-11 21:36 - 2015-01-11 21:36 - 00001992 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-01-11 21:36 - 2015-01-11 21:36 - 00001932 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-01-11 21:36 - 2015-01-11 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-11 21:35 - 2015-01-11 21:35 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-11 21:35 - 2015-01-11 21:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-11 21:34 - 2015-01-11 21:34 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-01-11 20:50 - 2015-01-11 20:50 - 00003256 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-4193091509-1981412286-3300238867-1001
2015-01-11 20:46 - 2015-01-11 20:46 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2015-01-11 20:41 - 2015-01-11 20:41 - 05049344 _____ (Crawler.com ) C:\Users\User\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2015-01-08 20:44 - 2015-01-08 20:44 - 00003100 _____ () C:\Windows\System32\Tasks\{2BDC3066-B574-4BE4-8B71-215296389417}
2015-01-08 20:32 - 2015-01-08 20:33 - 143452799 _____ () C:\Users\User\Desktop\lexi2.cpr
2015-01-07 23:54 - 2015-01-07 23:54 - 00003142 _____ () C:\Windows\System32\Tasks\{0FA4B8A4-296A-4522-AC73-2A304E514602}
2015-01-07 23:23 - 2015-01-07 23:23 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-01-07 23:18 - 2015-01-24 19:42 - 00000000 ____D () C:\ProgramData\mnoRYlZTjd
2015-01-05 13:50 - 2015-01-05 13:50 - 00025799 _____ () C:\Users\User\Desktop\rentenkassechat.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 22:55 - 2011-01-12 16:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 22:46 - 2011-03-30 13:42 - 01070241 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 22:33 - 2013-05-20 10:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 19:52 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 19:52 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 19:44 - 2013-05-29 00:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-24 19:42 - 2012-04-26 10:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-24 19:42 - 2011-03-30 14:15 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-01-24 19:42 - 2011-03-30 13:38 - 00494356 _____ () C:\Windows\PFRO.log
2015-01-24 19:42 - 2011-01-12 16:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 19:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 19:42 - 2009-07-14 05:51 - 00095843 _____ () C:\Windows\setupact.log
2015-01-24 19:42 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2015-01-24 19:07 - 2009-08-04 10:51 - 00711094 _____ () C:\Windows\system32\perfh007.dat
2015-01-24 19:07 - 2009-08-04 10:51 - 00153542 _____ () C:\Windows\system32\perfc007.dat
2015-01-24 19:07 - 2009-07-14 06:13 - 01651444 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 18:19 - 2013-08-18 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-24 18:15 - 2013-05-20 10:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 18:15 - 2013-05-20 10:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 18:15 - 2011-06-29 22:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 18:14 - 2011-06-17 17:49 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-24 18:11 - 2014-11-27 16:05 - 03353776 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-19 21:18 - 2014-06-20 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-19 17:35 - 2014-07-18 17:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-19 17:35 - 2014-07-18 17:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-19 17:35 - 2011-06-17 09:19 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-19 17:08 - 2011-03-30 14:10 - 00001429 _____ () C:\Windows\system32\ServiceFilter.ini
2015-01-11 21:41 - 2011-03-30 14:10 - 00002472 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-01-11 21:35 - 2014-06-24 21:47 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-11 21:35 - 2014-06-24 21:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-11 21:35 - 2013-06-23 22:30 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-11 21:35 - 2013-05-29 00:36 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-11 20:50 - 2011-06-18 08:46 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-08 20:58 - 2014-10-28 12:08 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-01-08 20:58 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-08 20:55 - 2011-06-16 23:52 - 00001427 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-08 09:55 - 2011-06-17 00:28 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-01-12 17:02 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-03-30 14:23 - 2011-03-30 14:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-01-12 16:48 - 2011-01-12 16:49 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-01-12 16:48 - 2011-01-12 16:48 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2011-03-30 14:19 - 2011-03-30 14:22 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2011-03-30 14:22 - 2011-03-30 14:23 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2011-03-30 14:18 - 2011-03-30 14:19 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\BackupSetup.exe
C:\Users\User\AppData\Local\Temp\ffunzip.exe
C:\Users\User\AppData\Local\Temp\GLF72A5.tmp.ConduitEngineSetup.exe
C:\Users\User\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\User\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\MSND930.exe
C:\Users\User\AppData\Local\Temp\prxGLF72A5.tmp.tbIncr.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\supoptsetup.exe
C:\Users\User\AppData\Local\Temp\tbIncr.dll
C:\Users\User\AppData\Local\Temp\Update_034f.exe
C:\Users\User\AppData\Local\Temp\Update_3b18.exe
C:\Users\User\AppData\Local\Temp\Update_bac3.exe
C:\Users\User\AppData\Local\Temp\Update_d73f.exe
C:\Users\User\AppData\Local\Temp\wlsetup-cvr.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 20:19

==================== End Of Log ============================
         

--- --- ---

--- --- ---




Addition

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by User at 2015-01-24 23:05:51
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
ALDI NORD Bestellsoftware 4.14.5 (HKLM-x32\...\ALDI NORD Bestellsoftware) (Version: 4.14.5 - ORWO Net)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0030 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_N3_Series (HKLM-x32\...\ASUS_N3_Series) (Version: 1.0.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2322.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.3.2322.0 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
ETDWare PS/2-x64 7.0.5.15_WHQL (HKLM\...\Elantech) (Version: 7.0.5.15 - ELAN Microelectronics Corp.)
ExpressGateCloud (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.6.20.110 - VideACE Co.)
ExpressGateCloud (x32 Version: 2.6.20.110 - VideACE Co.) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{26211D4B-CD06-44C8-BA6E-F937E1692629}) (Version: 3.0.114.13 - Fresco Logic Inc.)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 12.0.742.100 - Google Inc.)
Google Update Helper (x32 Version: 1.2.183.13 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Intel(R) Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.290 - Oracle)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Messenger Plus! 5 (HKLM-x32\...\Messenger Plus!) (Version: 5.11.0.760 - Yuna Software)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Graphics Driver 265.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 265.96 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6221 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
USB2.0 UVC 2M WebCam (HKLM\...\USB2.0 UVC 2M WebCam) (Version: 5.8.55133.208 - Sonix)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\...\{FC3F1B35-555E-420C-BAF5-80608DCDD336}) (Version: 21.00.8480 - Buhl Data Service GmbH)
XnView 1.98.2 (HKLM-x32\...\XnView_is1) (Version: 1.98.2 - Gougelet Pierre-e)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-12-2014 15:56:25 Windows Update
18-12-2014 17:03:38 Windows Update
23-12-2014 11:26:24 Windows Update
28-12-2014 18:38:30 Windows Update
05-01-2015 12:46:10 Windows Update
11-01-2015 20:38:19 Windows Update
11-01-2015 21:29:16 avast! antivirus system restore point
11-01-2015 21:36:06 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
19-01-2015 17:24:39 Windows Update
19-01-2015 18:00:49 Revo Uninstaller's restore point - Movie Wizard
19-01-2015 18:08:04 Revo Uninstaller's restore point - Photo Notifier and Animation Creator
19-01-2015 18:08:28 Photo Notifier and Animation Creator wurde entfernt.
19-01-2015 18:10:54 Revo Uninstaller's restore point - Spyware Terminator 2012
24-01-2015 18:11:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1EEA7C05-90CF-489E-998C-ECC3CD41E162} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {27F68C3C-D10A-4F46-910B-2B0C84BBE90D} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {35F04C88-54E5-4614-8B1B-8CEE3C5B9AE5} - System32\Tasks\{2BDC3066-B574-4BE4-8B71-215296389417} => pcalua.exe -a C:\ProgramData\MovieWizard\uninstall.exe -c /kb=y /ic=1
Task: {418AC38A-133F-4E5C-9E8F-F1FCD30BCE2D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {4CD5389C-EC9B-44C1-B3E5-03DBF058A750} - System32\Tasks\{0FA4B8A4-296A-4522-AC73-2A304E514602} => pcalua.exe -a C:\Users\User\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: {6454799E-A467-4F70-881E-4C5B66B78103} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12] (Google Inc.)
Task: {68C95B32-F54A-4A93-950E-8D4974F5BC6F} - System32\Tasks\avastBCLRestartS-1-5-21-4193091509-1981412286-3300238867-1001 => Firefox.exe 
Task: {A7A3A7CC-8C08-41FD-900D-94D72602C800} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {A7E6A06B-F2EB-4D8E-AC32-816C859CAAE2} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {C12012C5-397F-4104-98C2-396321DCF603} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12] (Google Inc.)
Task: {CAA131A6-E126-4E03-AABC-51DA03575CAE} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
Task: {CFB291BD-E069-4B53-AAF9-D07DF2C04742} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-11] (AVAST Software)
Task: {F9A5D327-CA5B-4F2A-B1E9-6EFDEB5BBE81} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-07-20 00:48 - 2010-07-20 00:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-01-17 22:16 - 2011-01-17 22:16 - 00091464 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2011-01-12 17:01 - 2011-01-12 17:01 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2011-01-12 17:01 - 2011-01-12 17:01 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-30 14:09 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-04-03 03:21 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2010-07-20 00:48 - 2010-07-20 00:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-02-12 03:19 - 2011-01-27 01:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-09-24 00:53 - 2010-09-24 00:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2011-01-17 22:16 - 2011-01-17 22:16 - 00191304 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2014-07-23 00:02 - 2014-09-18 13:50 - 01428760 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2015-01-11 21:34 - 2015-01-11 21:34 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-11 21:34 - 2015-01-11 21:34 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-01-24 19:02 - 2015-01-24 19:02 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012401\algo.dll
2015-01-11 21:34 - 2015-01-11 21:34 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2010-12-25 03:12 - 2010-12-25 03:12 - 00157000 _____ () C:\ExpressGateUtil\libexpat.dll
2011-01-04 01:27 - 2011-01-04 01:27 - 00061768 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2015-01-11 21:35 - 2015-01-11 21:35 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 09726232 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-07-23 00:01 - 2014-09-18 13:51 - 03902232 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 02752280 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 02125592 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01933080 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 04325656 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-07-23 00:01 - 2014-02-11 10:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-07-23 00:01 - 2014-02-11 10:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-07-23 00:01 - 2014-02-11 10:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01572632 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 05302040 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01740568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01812248 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01633560 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01340696 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01312536 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 07357208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01287448 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-07-23 00:01 - 2014-09-18 13:50 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2011-01-17 15:19 - 2011-06-17 09:22 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-03-30 13:58 - 2011-03-10 05:22 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-19 18:59 - 2015-01-19 18:59 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administrator (S-1-5-21-4193091509-1981412286-3300238867-500 - Administrator - Disabled)
Gast (S-1-5-21-4193091509-1981412286-3300238867-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4193091509-1981412286-3300238867-1024 - Limited - Enabled)
UpdatusUser (S-1-5-21-4193091509-1981412286-3300238867-1000 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-4193091509-1981412286-3300238867-1001 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2015 08:18:51 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (01/24/2015 08:18:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (01/24/2015 07:17:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xd20
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/24/2015 06:38:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 19.1.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1d80

Startzeit: 01d037fc5271a989

Endzeit: 0

Anwendungspfad: C:\Users\User\Desktop\FRST64.exe

Berichts-ID: bb5b9e02-a3ef-11e4-b280-f46d0482b822

Error: (01/24/2015 06:12:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Spyware Terminator Driver Filter.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/19/2015 06:22:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1288
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/11/2015 09:21:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xea8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/11/2015 08:53:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FIREFOX.EXE, Version 34.0.5.5443 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1de8

Startzeit: 01d02dd7d41ed93b

Endzeit: 12

Anwendungspfad: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE

Berichts-ID: 7c5559e0-99cb-11e4-91b7-f46d0482b822

Error: (01/11/2015 08:50:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xa24
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/11/2015 08:49:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x734
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (01/24/2015 11:03:41 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/24/2015 07:42:39 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/24/2015 07:42:39 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{0D07AB03-1AD1-4B00-802E-3F1AE2E62194} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (01/24/2015 07:42:36 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/24/2015 07:42:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/24/2015 07:42:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update Service (gupdate) erreicht.

Error: (01/24/2015 07:41:03 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "USER-PC        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.213
registriert werden. Der Computer mit IP-Adresse 192.168.1.227 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/24/2015 07:02:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AvastVBox COM Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/24/2015 07:02:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AvastVBox COM Service erreicht.

Error: (01/24/2015 07:02:24 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053AvastVBoxSvc{F319F1B8-7587-4146-AF9C-0D6D77819BF1}


Microsoft Office Sessions:
=========================
Error: (01/24/2015 08:18:51 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dllC:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll2

Error: (01/24/2015 08:18:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (01/24/2015 07:17:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425d2001d03800605c23d1C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll4f708845-a3f5-11e4-ab1b-f46d0482b822

Error: (01/24/2015 06:38:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe19.1.2015.01d8001d037fc5271a9890C:\Users\User\Desktop\FRST64.exebb5b9e02-a3ef-11e4-b280-f46d0482b822

Error: (01/24/2015 06:12:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Spyware Terminator Driver Filter.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/19/2015 06:22:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425128801d0340b3164e0a4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb7d53da0-9fff-11e4-b280-f46d0482b822

Error: (01/11/2015 09:21:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425ea801d02dd8c7dd21c3C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll711f0fb0-99cf-11e4-91b7-f46d0482b822

Error: (01/11/2015 08:53:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FIREFOX.EXE34.0.5.54431de801d02dd7d41ed93b12C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE7c5559e0-99cb-11e4-91b7-f46d0482b822

Error: (01/11/2015 08:50:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425a2401d02dd7b118baa2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll0e45e951-99cb-11e4-91b7-f46d0482b822

Error: (01/11/2015 08:49:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d664800000030000142573401d02dd4bc1d8d71C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle351f39f-99ca-11e4-91b7-f46d0482b822


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 48%
Total physical RAM: 4006.71 MB
Available physical RAM: 2045.98 MB
Total Pagefile: 8011.61 MB
Available Pagefile: 5696.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:256 GB) (Free:167.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:315.17 GB) (Free:314.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: B2088A36)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=256 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=315.2 GB) - (Type=OF Extended)

==================== End Of Log ============================
         

Schauen wir mal was er noch findet und dann fixen wir noch die Reste...

Schritt 1

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a870a0282f0b7d4d8ec42ffe6f9b0bdc
# engine=22130
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-25 12:01:35
# local_time=2015-01-25 01:01:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 85 1138858 186564585 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 19530 173773945 0 0
# scanned=278053
# found=45
# cleaned=0
# scan_time=5061
sh=786F7AEE16CEC1A5BFE05809DFF81E4245E163CF ft=1 fh=e44ca0af77a0f02f vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4193091509-1981412286-3300238867-1001\$R0VVAJR.exe"
sh=2C4EB8EB07C36FCCEEF9B7947D302110770E283C ft=1 fh=5f86e2b26a146a3a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4193091509-1981412286-3300238867-1001\$RB8D89Q.exe"
sh=87C20C1AC3AC7DB26818DD65279BC6293D9B1F31 ft=1 fh=229f3ba5593dc8cd vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4193091509-1981412286-3300238867-1001\$RCDWZJC.exe"
sh=AB33A65BFE21F971CDB744AFF8D8B285EE669CFD ft=1 fh=9c135ea2a754250f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-4193091509-1981412286-3300238867-1001\$RUSDNMG.exe"
sh=C0B7F8C09DB0ADA3DF2102A3D08FAC9781A15DC6 ft=1 fh=55bf436402755b8c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=52F9085A177DC911DC513ED9FA431A58126F73CF ft=1 fh=08f0a6962a427f0c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=FBDFC5A9C45940E1EE1DB6ADFCE2B1BD5DD301F3 ft=1 fh=c71c0011210d5c57 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=3E365578C151761F5E799B2A06A0C4B5AB293B7B ft=1 fh=641afd291d079167 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=EAE26C38934A5DFC7EB58B885FCC83DA388D5AE1 ft=1 fh=bf40033c211bd84f vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=D4A43936353E001F542FB287278ED350644F1917 ft=1 fh=cf34ce2fc97c23ab vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=599E2748522276CBF3F990EB4F46016868DEB898 ft=1 fh=f77aff1d76d0a3e6 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=9DF3638EE93AB2DB89A89AC6B67BF088DC64416B ft=1 fh=c71c00110e78363b vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=67218EC7AB4C2306F2B76E5320556953DE34DDAB ft=1 fh=b9f2ea2dd5ee429f vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\mnoRYlZTjd\dat\bCiPYRiuJNY.dll"
sh=67218EC7AB4C2306F2B76E5320556953DE34DDAB ft=1 fh=b9f2ea2dd5ee429f vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\mnoRYlZTjd\dat\bCiPYRiuJNY.dll"
sh=985BE3637EBD723D84E46E23A385F2730466C99C ft=0 fh=0000000000000000 vn="PDF/WorldBusinessGuide evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\IM\Identities\{CF4FA593-560F-486B-94FE-35416500A674}\Message Store\Attachments\update_form.pdf"
sh=16F5CCFFB93CAB3058AACDDB224FE36C959D384C ft=1 fh=c0304359b5e62671 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E84KPLN\Setup[2].exe"
sh=132BE3B560FD2C052AF6069ABCFB1C641095B374 ft=1 fh=567c183c749c1237 vn="Variante von Win32/VOPackage.BH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCFB6ANP\dl[1].htm"
sh=01B394BFD78AC1A88EF00B03878680F68FDD5291 ft=1 fh=80aefb8aa3c56326 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCFB6ANP\OrbiterInstaller[1].exe"
sh=90526DA34D9D42AA462B925FA6470491295A4CA9 ft=1 fh=bf1ebcbb38c13f1a vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCFB6ANP\Setup[1].exe"
sh=DE07A45DB8E9DB4B0B8B99DDEE6A0D7FE78C74FA ft=1 fh=0f0d85be27aea62e vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCFB6ANP\SPSetup[1].exe"
sh=EF827C9CC864B6BE1CD0F756F7C6AAF75A04D965 ft=1 fh=22a4cc13dc969e1d vn="Variante von Win32/Adware.ConvertAd.J Anwendung" ac=I fn="C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S60XT07O\ConvertAdSetup[1].exe"
sh=5A9FBB275A3A1733B0F01F1A494A09A89FB25695 ft=1 fh=626bc66fc2018c1e vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S60XT07O\Setup[1].exe"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S60XT07O\spstub[1].exe"
sh=4495024B25F21088902FBD82FC915E621187FE85 ft=1 fh=cc5f08593bdd79bc vn="MSIL/MyPCBackup.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\BackupSetup.exe"
sh=5A9FBB275A3A1733B0F01F1A494A09A89FB25695 ft=1 fh=626bc66fc2018c1e vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\ICReinstall_nsfDC73.tmp"
sh=16F5CCFFB93CAB3058AACDDB224FE36C959D384C ft=1 fh=c0304359b5e62671 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\ICReinstall_nsmFC8C.tmp"
sh=90526DA34D9D42AA462B925FA6470491295A4CA9 ft=1 fh=bf1ebcbb38c13f1a vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\ICReinstall_nsp3E3B.tmp"
sh=E5A9FB06547279E23037CC15E8E3A2C38F334178 ft=1 fh=6a54841cb5e62671 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\ICReinstall_nsz73D8.tmp"
sh=5A9FBB275A3A1733B0F01F1A494A09A89FB25695 ft=1 fh=626bc66fc2018c1e vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\nsfDC73.tmp"
sh=16F5CCFFB93CAB3058AACDDB224FE36C959D384C ft=1 fh=c0304359b5e62671 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\nsmFC8C.tmp"
sh=90526DA34D9D42AA462B925FA6470491295A4CA9 ft=1 fh=bf1ebcbb38c13f1a vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\nsp3E3B.tmp"
sh=EF827C9CC864B6BE1CD0F756F7C6AAF75A04D965 ft=1 fh=22a4cc13dc969e1d vn="Variante von Win32/Adware.ConvertAd.J Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\nswE334.tmp"
sh=E5A9FB06547279E23037CC15E8E3A2C38F334178 ft=1 fh=6a54841cb5e62671 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\nsz73D8.tmp"
sh=A150951F033DEC587789AD2E0790241E3112A433 ft=1 fh=2d985c0a1dc1f8e1 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\User\AppData\Local\Temp\supoptsetup.exe"
sh=87B6C339C4BB8FDB093408F5E59CA9B9C1C53720 ft=1 fh=a72b1b718e9aa66c vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\tbIncr.dll"
sh=12CAE449AF42D24BF2B4AEABA70FA682F5EFE32A ft=1 fh=03a29264727162c5 vn="Variante von Win32/MessengerPlus.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\Update_034f.exe"
sh=12CAE449AF42D24BF2B4AEABA70FA682F5EFE32A ft=1 fh=03a29264727162c5 vn="Variante von Win32/MessengerPlus.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\Update_3b18.exe"
sh=12CAE449AF42D24BF2B4AEABA70FA682F5EFE32A ft=1 fh=03a29264727162c5 vn="Variante von Win32/MessengerPlus.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\Update_bac3.exe"
sh=6B8531858328D27AEF9A9B24BFC5FFAFFCAB4B48 ft=1 fh=a659591a4e336caf vn="Variante von Win32/MessengerPlus.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\Update_d73f.exe"
sh=C6978D1865464EA8B56A90533273E9FE99EA3112 ft=1 fh=2efffe33657fbf73 vn="Variante von Win32/Adware.SpeedingUpMyPC.U Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\0c85315d-16a0-4a9e-996f-bdea972c38f2\superoptimizersetup.exe"
sh=AF023CD20C85601E6874CB788BCAA49AE325A40D ft=1 fh=da3b4c00ec0bc47d vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\21ac4613-dda8-4432-86c0-c37208c72a1a\cloud_backup_setup.exe"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\DMR\dmr_72.exe"
sh=FF42995D8E24E05FF9EBA12DCB27B9AAB183A290 ft=1 fh=605214e765268a80 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\FreeYouTubeToMP3Converter31011.exe"
sh=55C156D5FA1B484B110E45641E0F4E2F43DADB9B ft=1 fh=52d77ae698abad5d vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\Setup-MsgPlus-502.exe"
sh=AC4A71CF011D6896AC708FF7FAE586A0FBB2D1EB ft=1 fh=4d098ae0b586e308 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\Skype - CHIP-Installer.exe"
         

Hi,

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code: Alles auswählenAufklappen

ATTFilter

CloseProcesses:
Task: {35F04C88-54E5-4614-8B1B-8CEE3C5B9AE5} - System32\Tasks\{2BDC3066-B574-4BE4-8B71-215296389417} => pcalua.exe -a C:\ProgramData\MovieWizard\uninstall.exe -c /kb=y /ic=1
Task: {4CD5389C-EC9B-44C1-B3E5-03DBF058A750} - System32\Tasks\{0FA4B8A4-296A-4522-AC73-2A304E514602} => pcalua.exe -a C:\Users\User\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=tugs 
C:\ProgramData\mnoRYlZTjd
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
EmptyTemp:
         

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

• Starte FRST und drücke auf den Fix-Button.
• Das Tool erstellt eine "Fixlog.txt" -Datei.
• Poste mir bitte deren Inhalt.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Nebenbei eine Frage, da sich mein PC soeben neu gestartet hat... : Es öffnet sich beim Hochfahren ein Fenster mit dem Namen "Windows Installer" und dieser Datei: C:\eSupport\eDriver\Software\ASUS\FANCYSTART\ die ich installieren soll. Bisher habe ich dem lieber nicht vertraut. Soll ich bzw kann ich es installieren?


Hier der Fixlog

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by User at 2015-01-25 11:23:28 Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
Task: {35F04C88-54E5-4614-8B1B-8CEE3C5B9AE5} - System32\Tasks\{2BDC3066-B574-4BE4-8B71-215296389417} => pcalua.exe -a C:\ProgramData\MovieWizard\uninstall.exe -c /kb=y /ic=1
Task: {4CD5389C-EC9B-44C1-B3E5-03DBF058A750} - System32\Tasks\{0FA4B8A4-296A-4522-AC73-2A304E514602} => pcalua.exe -a C:\Users\User\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=tugs 
C:\ProgramData\mnoRYlZTjd
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4193091509-1981412286-3300238867-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
EmptyTemp:
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35F04C88-54E5-4614-8B1B-8CEE3C5B9AE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35F04C88-54E5-4614-8B1B-8CEE3C5B9AE5}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2BDC3066-B574-4BE4-8B71-215296389417} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2BDC3066-B574-4BE4-8B71-215296389417}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CD5389C-EC9B-44C1-B3E5-03DBF058A750}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CD5389C-EC9B-44C1-B3E5-03DBF058A750}" => Key deleted successfully.
C:\Windows\System32\Tasks\{0FA4B8A4-296A-4522-AC73-2A304E514602} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0FA4B8A4-296A-4522-AC73-2A304E514602}" => Key deleted successfully.
C:\ProgramData\mnoRYlZTjd => Moved successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-4193091509-1981412286-3300238867-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKU\S-1-5-21-4193091509-1981412286-3300238867-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found. 
EmptyTemp: => Removed 2.8 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 11:26:08 ====
         

P.s. soweit gibt es keine Probleme, das Internet läfut Werbefrei