Mystartsearch entfernen

seb-soft · 11.02.2015, 13:38

Hallo, guten Tag
Habe mir leider auch mystartsearch eingefangen. Bitte Euch mal wieder um Hilfe.

Danke und Gruss
seb-soft

schrauber · 11.02.2015, 14:23

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

seb-soft · 11.02.2015, 16:06

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015
Ran by seb at 2015-02-11 13:19:36
Running from C:\Unzipped
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2.1.0 (HKLM-x32\...\{4F80F043-B003-4820-B8E3-CB7E6CF5BB03}_is1) (Version: 2.1.0 - Christian Koban)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Audials (HKLM-x32\...\{7FAA26D8-3727-41CD-A9DE-9480E4EA9130}) (Version: 8.0.55300.0 - RapidSolution Software AG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Canon iP4300 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300) (Version:  - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
DivX Codec 3.1alpha release (HKLM-x32\...\DIVXCodec) (Version:  - )
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version:  - )
Exifer (HKLM-x32\...\Exifer_is1) (Version:  - Friedemann Schmidt)
FlashGet(JetCar) (HKLM-x32\...\FlashGet(JetCar)) (Version:  - )
Free Driver Scout (HKLM-x32\...\{50a7e828-15d3-40e6-a37d-22d5c5357878}) (Version: 1.0.0.0 - Covus Freemium)
Free Driver Scout (Version: 1.0.0.0 - Covus Freemium) Hidden
Free Studio version 5.3.1 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Ltd.)
Free Video Editor version 1.4.10.113 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.10.113 - DVDVideoSoft Ltd.)
Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.0 - Ellora Assets Corporation)
Future Pinball (HKLM-x32\...\Future Pinball_is1) (Version: Version 1.9.1.20101231 - Chris Leathley)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Google Earth (HKLM-x32\...\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}) (Version: 7.0.2.8415 - Google)
InstallShield für Microsoft Visual C++ 6 (HKLM-x32\...\InstallShield für Microsoft Visual C++ 6) (Version:  - )
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Professional Edition (Deutsch) (HKLM-x32\...\Visual Studio 6.0 Professional Edition (deu)) (Version:  - )
Microsoft VM for Java (HKLM-x32\...\MsJavaVM) (Version:  - )
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version:  - )
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mp3tag v2.53 (HKLM-x32\...\Mp3tag) (Version: v2.53 - Florian Heidenreich)
MSDN Library - Visual Studio 6.0a (Deutsch) (HKLM-x32\...\Microsoft Developer Network - Visual Studio 6.0a (deu)) (Version:  - )
NVIDIA 3D Vision Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PixiePack Codec Pack (HKLM-x32\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version:  - NCH Software)
Seagate*DiscWizard (HKLM-x32\...\{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}) (Version: 11.0.8330 - Seagate)
ShrinkTo5Basic (HKLM-x32\...\ShrinkTo5Basic) (Version:  - )
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.3.3 - Uniblue Systems Limited) <==== ATTENTION
ThumbsPlus 7x (deutsch) (HKLM-x32\...\ThumbsPlus7x) (Version:  - Atlantic Software Exchange, Inc.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TV-Browser 3.4.0.95-Beta (HKLM-x32\...\tvbrowser) (Version: 3.4.0.95-Beta - TV-Browser Team)
VBEx32 2.1.01 (HKLM-x32\...\VBEx32_is1) (Version:  - vb@rchiv- Das große Visual Basic Archiv)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinFF 1.2 (HKLM-x32\...\WinFF_is1) (Version:  - WinFF.org)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Xilisoft Download YouTube Video (HKLM-x32\...\Xilisoft Download YouTube Video) (Version: 5.6.1.20140425 - Xilisoft)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3122927800-2970940714-3403948491-1000_Classes\CLSID\{C539A15A-3AF9-4c92-B771-50CB78F5C751}\InprocServer32 -> C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll (Seagate)
CustomCLSID: HKU\S-1-5-21-3122927800-2970940714-3403948491-1000_Classes\CLSID\{C539A15B-3AF9-4c92-B771-50CB78F5C751}\InprocServer32 -> C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll (Seagate)

==================== Restore Points  =========================

07-02-2015 01:43:25 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {023219F5-3A5C-4B45-AAF0-D5EF9470856D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {040BE46B-DE06-4879-96CC-707A835D9C2C} - System32\Tasks\Loewenzahn_ab_2014_11_16_PreStarter => C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Task: {0B32DBC1-8193-498A-8753-C1DFB09E04C3} - System32\Tasks\{EA020B33-38A6-4EED-AAD2-489F8588284F} => C:\Program Files (x86)\Panasonic\HD Writer AE 4.0\HDWriter.exe <==== ATTENTION
Task: {0BAC4D20-57A1-4CE5-B785-7110D55ECB55} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2014-08-07] () <==== ATTENTION
Task: {0F7B5451-5DFD-4C8A-98BC-AAE5C44CE61D} - System32\Tasks\Microsoft\ccd47ccc24a901249e2e7b2e53185c1a => C:\Users\seb\AppData\Roaming\DownloadManager\Loader.exe [2015-02-08] (SOFTWARE AGILITY LIMITED) <==== ATTENTION
Task: {1660F2BB-E740-44E5-9EF4-0D59CA15A67C} - System32\Tasks\Atlantis_ab_2015_02_11 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {1ABF39B0-CA39-4C5E-BD16-EEA457B0FDA5} - System32\Tasks\{5D715D0F-C9AF-4341-B455-F94604D0B3E2} => D:\Setup32.exe <==== ATTENTION
Task: {1B436BF4-305A-4878-9324-F082369176D2} - System32\Tasks\{2EDA19E1-EDAD-4650-84E0-3651A132AC5A} => pcalua.exe -a D:\PinnacleOriginal\HollywoodFX\InstallHFZ.exe -d D:\PinnacleOriginal\HollywoodFX
Task: {1EEF1DD0-DFE7-4A5B-90BB-4D3736E06BC0} - System32\Tasks\Tischlein_deck_dich_ab_2015_02_12_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {237D9CBC-2E03-4ABB-8C6F-F68780B81AA4} - System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {245BDF6A-68DC-4A0C-8687-7328F2F738D7} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited) <==== ATTENTION
Task: {2ABD84A8-D561-4CF3-9CDE-B5A662BE12EB} - System32\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {300CEF0F-1633-4985-AE9C-C3C767B94FD3} - System32\Tasks\Dornroeschen_ab_2015_02_22_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {36402A14-4ADC-43E8-8AF8-A615E0D45E9B} - System32\Tasks\Dornroeschen_ab_2015_02_22 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {4256A6C1-2F58-4275-8D7C-E52EDA54B3AD} - System32\Tasks\Loewenzahn_ab_2014_11_16 => C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Task: {456B3163-B340-4AE1-A4FB-CD10FD480062} - System32\Tasks\Die_Sendung_mit_der_Maus_ab_2015_01_24_PreStarter => C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Task: {464C9C21-05A0-44E0-BDEB-0C5CD32394D5} - System32\Tasks\{E71FA50C-2A66-4E55-9475-1C1125FB8954} => pcalua.exe -a "C:\Program Files (x86)\Claro LTD\claro\1.8.8.5\GUninstaller.exe" -c -uprtc -key "claro"
Task: {4FE82C76-9324-42E4-98B6-CA306E2CE310} - System32\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {54802746-DB94-406D-AC07-62E18F27CDF5} - System32\Tasks\Atlantis_ab_2015_02_11_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {561C815D-F3CC-41A4-95A1-051AD72689BC} - System32\Tasks\Die_Sendung_mit_der_Maus_ab_2015_01_24 => C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Task: {5C1DD0CD-0EB1-4119-A713-09B54E9C7928} - System32\Tasks\Tischlein_deck_dich_ab_2015_02_12 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {65F7AC3C-5D78-4F0D-A9D7-553A964878B6} - System32\Tasks\FreeDriverScout => C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe [2014-08-07] ()
Task: {66123C71-7F6F-406B-A5E4-EC2F5DF16B38} - System32\Tasks\{09FECC89-2DF0-4946-A994-226C65FAE63A} => D:\Setup32.exe <==== ATTENTION
Task: {8406B674-5D0F-48DE-BEE5-F6A2A0F54CF9} - System32\Tasks\Test TimeTrigger => C:\Users\seb\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {848810E3-F22E-4685-9444-5D578DD83485} - System32\Tasks\{204CB24E-4252-482E-93D2-30A0450F2046} => pcalua.exe -a "C:\Program Files (x86)\Moyea\FLV Downloader\install_flash_player_active_x.exe" -d "C:\Program Files (x86)\Moyea\FLV Downloader"
Task: {87EC23CB-9ABA-4F33-A627-FF65B1C860A7} - System32\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {993D594B-A5D1-4499-945B-C8BA8A0F8D7B} - System32\Tasks\{44CADEB5-0CE4-4EB2-857B-47A0392A788C} => H:\Neu-Install-7\WinTVCAPGUI\WinTVCap_GUI_3.6.3.exe [2013-01-06] ()
Task: {A0182966-A5E4-4641-9B06-1EBB03F32238} - System32\Tasks\{F5BA5D89-AFF8-405D-B9AD-6E9D0B0D0129} => C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download New\FreeYTVDownloader.exe
Task: {A138CB2C-F3A5-423C-A056-962C1C4F0E2E} - \RocketTab No Task File <==== ATTENTION
Task: {A2033727-B74E-45E0-8440-0C708381EBB5} - System32\Tasks\Sesamstrasse_2658_ab_2015_01_13 => C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Task: {AD222EA9-87F5-48A8-A877-FB8CB4465381} - System32\Tasks\{0C43FBC4-3303-4061-B61C-5080CAAC890B} => pcalua.exe -a C:\Users\seb\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=mp3
Task: {AD2F4590-4486-42B7-8795-7163CAAC10E7} - System32\Tasks\Die_Gaensemagd_ab_2015_02_26 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {C446C38B-D9D1-4BF2-861E-ED019C38AFD7} - System32\Tasks\Sesamstrasse_2658_ab_2015_01_13_PreStarter => C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Task: {D40F0396-9F08-4539-A1EE-C65D30AAD0A8} - System32\Tasks\{454066F8-297E-452E-A014-89F2FB2F0114} => pcalua.exe -a H:\Neu-Install-7\TV-Browser\WinTVCap_GUI_3.6.3.exe -d H:\Neu-Install-7\TV-Browser
Task: {EC44A45C-31CC-4D84-974E-AD3F72DF1FF1} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited) <==== ATTENTION
Task: {F4D9959C-DBEC-4EC6-84BE-0887A8CD2F3C} - System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {F6D6D01A-CA6D-40DA-B862-C5ACEF85982E} - System32\Tasks\{A7105E6B-946B-493F-9209-4BAEA01ED4E3} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {FDE96D46-3D2A-4E30-8846-CA091E284622} - System32\Tasks\{2B5E1329-55DD-48BD-8185-1F375A2770CA} => D:\Setup32.exe <==== ATTENTION
Task: {FEE90840-1E00-447B-8AB5-A187A47BFBA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-09] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Atlantis_ab_2015_02_11.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Atlantis_ab_2015_02_11_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Die_Sendung_mit_der_Maus_ab_2015_01_24.job => C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Task: C:\Windows\Tasks\Die_Sendung_mit_der_Maus_ab_2015_01_24_PreStarter.job => C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Task: C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Dornroeschen_ab_2015_02_22.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Dornroeschen_ab_2015_02_22_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Loewenzahn_ab_2014_11_16.job => C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Task: C:\Windows\Tasks\Loewenzahn_ab_2014_11_16_PreStarter.job => C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Task: C:\Windows\Tasks\Sesamstrasse_2658_ab_2015_01_13.job => C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Task: C:\Windows\Tasks\Sesamstrasse_2658_ab_2015_01_13_PreStarter.job => C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\Tischlein_deck_dich_ab_2015_02_12.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Tischlein_deck_dich_ab_2015_02_12_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-18 09:04 - 2012-10-02 20:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-05 15:19 - 2010-12-17 13:25 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-01-05 15:19 - 2010-12-17 13:25 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-01-05 15:19 - 2010-12-17 13:25 - 00105584 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2013-01-05 15:19 - 2010-12-17 13:25 - 64643696 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2012-11-16 14:09 - 2012-11-16 14:09 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-02-08 14:08 - 2015-02-08 14:08 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020800\algo.dll
2015-02-10 18:39 - 2015-02-10 18:39 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15021001\algo.dll
2009-11-10 17:39 - 2009-11-10 17:39 - 01332576 _____ () C:\Program Files (x86)\Seagate\DiscWizard\fox.dll
2014-12-09 18:09 - 2014-12-09 18:09 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-26 23:11 - 2015-01-26 23:11 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-05 13:29 - 2015-02-05 13:29 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\Control Panel\Desktop\\Wallpaper -> 

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Exetender_148 => "C:\Program Files (x86)\FreeRide Games\GPlayer.exe" /runonstartup
MSCONFIG\startupreg: FreeYTVDownloader => C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
MSCONFIG\startupreg: TeViiRC => C:\Windows\TeViiRC.exe

==================== Accounts: =============================

Administrator (S-1-5-21-3122927800-2970940714-3403948491-500 - Administrator - Disabled)
Guest (S-1-5-21-3122927800-2970940714-3403948491-501 - Limited - Disabled)
seb (S-1-5-21-3122927800-2970940714-3403948491-1000 - Administrator - Enabled) => C:\Users\seb

==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2015 02:44:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: ILU.dll, Version: 0.1.6.5, Zeitstempel: 0x3d387f39
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000093ab
ID des fehlerhaften Prozesses: 0x80c
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/10/2015 02:40:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: ILU.dll, Version: 0.1.6.5, Zeitstempel: 0x3d387f39
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000093ab
ID des fehlerhaften Prozesses: 0x103c
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/10/2015 02:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: ILU.dll, Version: 0.1.6.5, Zeitstempel: 0x3d387f39
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000093ab
ID des fehlerhaften Prozesses: 0xf88
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/10/2015 02:36:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: ILU.dll, Version: 0.1.6.5, Zeitstempel: 0x3d387f39
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000093ab
ID des fehlerhaften Prozesses: 0xad4
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/09/2015 04:04:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x924
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (02/08/2015 08:18:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e2e2
ID des fehlerhaften Prozesses: 0x110c
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/08/2015 08:18:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e2e2
ID des fehlerhaften Prozesses: 0x1144
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/08/2015 04:57:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0011ef2a
ID des fehlerhaften Prozesses: 0x11e4
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/08/2015 04:56:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Newton.dll, Version: 0.0.0.0, Zeitstempel: 0x44746fc1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000253d8
ID des fehlerhaften Prozesses: 0x1348
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/08/2015 04:54:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: atioglxx.dll, Version: 6.14.10.11672, Zeitstempel: 0x50a69f68
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00e84c00
ID des fehlerhaften Prozesses: 0x1068
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3


System errors:
=============
Error: (02/10/2015 10:38:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (02/09/2015 10:26:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (02/09/2015 00:47:43 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (02/08/2015 02:35:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Pt Details" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/08/2015 02:35:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (02/08/2015 02:35:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Aspi32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/08/2015 02:28:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "JO Service component" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/08/2015 02:27:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Pt Details" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/08/2015 02:27:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IHProtect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/08/2015 02:07:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275


Microsoft Office Sessions:
=========================
Error: (02/10/2015 02:44:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3ILU.dll0.1.6.53d387f39c0000005000093ab80c01d0453785a1a250C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\ILU.dlle03ac931-b12a-11e4-b821-c860006d115b

Error: (02/10/2015 02:40:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3ILU.dll0.1.6.53d387f39c0000005000093ab103c01d04536fe499dd0C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\ILU.dll59887bed-b12a-11e4-b821-c860006d115b

Error: (02/10/2015 02:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3ILU.dll0.1.6.53d387f39c0000005000093abf8801d045368a7f652aC:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\ILU.dlle38ee3aa-b129-11e4-b821-c860006d115b

Error: (02/10/2015 02:36:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3ILU.dll0.1.6.53d387f39c0000005000093abad401d045366672ccaeC:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\ILU.dllc271ec53-b129-11e4-b821-c860006d115b

Error: (02/09/2015 04:04:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c0000005000000000000000092401d043a42a350934C:\Windows\Explorer.EXEunknownf18fb3d0-b06c-11e4-b821-c860006d115b

Error: (02/08/2015 08:18:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Future Pinball.exe1.9.2008.12254d1d68d3c00000050002e2e2110c01d043d403c61cbdC:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Future Pinball.exe51f7a042-afc7-11e4-b821-c860006d115b

Error: (02/08/2015 08:18:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Future Pinball.exe1.9.2008.12254d1d68d3c00000050002e2e2114401d043d3e64d2003C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Future Pinball.exe34a47b96-afc7-11e4-b821-c860006d115b

Error: (02/08/2015 04:57:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Future Pinball.exe1.9.2008.12254d1d68d3c00000050011ef2a11e401d043b7d7078172C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Future Pinball.exe33a4a3c3-afab-11e4-b821-c860006d115b

Error: (02/08/2015 04:56:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Newton.dll0.0.0.044746fc1c0000005000253d8134801d043b7ae5d8334C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Newton.dll0d37053f-afab-11e4-b821-c860006d115b

Error: (02/08/2015 04:54:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3atioglxx.dll6.14.10.1167250a69f68c000000500e84c00106801d043b767dd4ddcC:\Games\Future Pinball\Future Pinball.exeC:\Windows\system32\atioglxx.dllcef064aa-afaa-11e4-b821-c860006d115b


CodeIntegrity Errors:
===================================
  Date: 2013-01-10 16:11:25.067
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CyberLink\PowerDVD\clpciid.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-10 16:11:25.004
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CyberLink\PowerDVD\clpciid.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) D CPU 3.40GHz
Percentage of memory in use: 42%
Total physical RAM: 4095.05 MB
Available physical RAM: 2361.38 MB
Total Pagefile: 16377.23 MB
Available Pagefile: 13975.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:234.45 GB) (Free:101.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Daten) (Fixed) (Total:97.65 GB) (Free:91.15 GB) NTFS
Drive f: (DRIVE_F) (Fixed) (Total:833.85 GB) (Free:235.7 GB) NTFS
Drive h: (C_Boot_Daten_1) (Fixed) (Total:718.47 GB) (Free:415.54 GB) NTFS
Drive i: (C_Boot_Daten_3) (Fixed) (Total:244.14 GB) (Free:199.79 GB) NTFS
Drive j: (C_Boot_Daten_2) (Fixed) (Total:200.2 GB) (Free:172 GB) NTFS
Drive p: (Extern_01) (Fixed) (Total:683.59 GB) (Free:197.62 GB) NTFS
Drive q: (DRIVE_K) (Fixed) (Total:2 GB) (Free:1.54 GB) NTFS
Drive s: (Extern_02) (Fixed) (Total:390.63 GB) (Free:372.26 GB) NTFS
Drive t: (Extern_03) (Fixed) (Total:323.05 GB) (Free:235.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 5F0FC9BA)
Partition 1: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=234.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=244.1 GB) - (Type=05)
Partition 4: (Not Active) - (Size=718.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B2025BBE)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: C392B35B)
Partition 1: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=323 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 01
Ran by seb (administrator) on SEB-PC on 11-02-2015 16:00:32
Running from C:\Unzipped
Loaded Profiles: seb (Available profiles: seb)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [136544 2009-11-10] (Seagate)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [1352480 2009-11-10] (Seagate)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe [906912 2009-11-10] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2489456 2010-12-17] (VIA)
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\MountPoints2: {e3e5276d-660a-11e2-b9f2-c860006d115b} - K:\LaunchU3.exe -a
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IeCatch5 Class -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: CatcherBHO Class -> {9B4DF450-DCC7-4B07-935D-0CD757A64583} ->  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\bfj3vrht.default-1421832937164
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-15]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5 [2015-01-31]
FF HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14]
CHR Extension: (Google Drive) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-14]
CHR Extension: (YouTube) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-14]
CHR Extension: (Google Search) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-14]
CHR Extension: (Gmail) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-14]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 polugive; C:\Users\seb\AppData\Roaming\VOPackage\nsz92D6.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Aspi32; C:\Windows\SysWow64\Drivers\Aspi32.sys [23936 1997-12-23] (Adaptec)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-09] ()
S3 cpuz130; No ImagePath
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S4 NVHDA; No ImagePath
R3 SAllBDA; C:\Windows\System32\Drivers\TeViiS2.sys [149128 2011-05-23] (TeVii Technology Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-12-16] ()
S3 Synth3dVsc; No ImagePath
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 13:56 - 2015-02-11 13:56 - 00003252 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-3122927800-2970940714-3403948491-1000
2015-02-11 13:54 - 2015-02-11 15:54 - 00000274 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2015-02-11 13:54 - 2015-02-11 13:54 - 00003204 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2015-02-11 13:54 - 2015-02-11 13:54 - 00002492 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2015-02-11 13:54 - 2015-02-11 13:54 - 00000268 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2015-02-11 13:54 - 2015-02-11 13:54 - 00000000 ____D () C:\Users\seb\AppData\Roaming\Uniblue
2015-02-11 13:54 - 2015-02-11 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2015-02-11 13:54 - 2015-02-11 13:54 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2015-02-11 13:31 - 2015-02-11 13:45 - 00000000 ____D () C:\AdwCleaner
2015-02-11 13:24 - 2015-02-11 13:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-11 13:17 - 2015-02-11 16:00 - 00000000 ____D () C:\FRST
2015-02-11 13:09 - 2015-02-11 13:09 - 00000258 _____ () C:\Users\seb\Desktop\mystartsearch entfernen - Trojaner-Board.URL
2015-02-08 14:17 - 2015-02-08 14:17 - 00003140 _____ () C:\Windows\System32\Tasks\{0C43FBC4-3303-4061-B61C-5080CAAC890B}
2015-02-06 20:13 - 2015-02-06 20:14 - 08842240 _____ () C:\Users\seb\Downloads\AngryRobot(1).fpt
2015-02-06 20:13 - 2015-02-06 20:13 - 08842240 _____ () C:\Users\seb\Downloads\AngryRobot.fpt
2015-02-06 18:59 - 2015-02-06 18:59 - 00000000 ____D () C:\Program Files (x86)\Future Pinball
2015-02-06 14:15 - 2015-02-11 13:47 - 00000336 _____ () C:\Windows\setupact.log
2015-02-06 14:15 - 2015-02-06 14:15 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 13:06 - 2014-11-29 01:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-02-04 21:40 - 2015-02-06 14:15 - 00000518 _____ () C:\Windows\Tasks\Tischlein_deck_dich_ab_2015_02_12.job
2015-02-04 21:40 - 2015-02-06 14:15 - 00000372 _____ () C:\Windows\Tasks\Tischlein_deck_dich_ab_2015_02_12_PreStarter.job
2015-02-04 21:40 - 2015-02-04 21:40 - 00003050 _____ () C:\Windows\System32\Tasks\Tischlein_deck_dich_ab_2015_02_12
2015-02-04 21:40 - 2015-02-04 21:40 - 00002904 _____ () C:\Windows\System32\Tasks\Tischlein_deck_dich_ab_2015_02_12_PreStarter
2015-02-04 21:37 - 2015-02-06 14:15 - 00000600 _____ () C:\Windows\Tasks\Atlantis_ab_2015_02_11.job
2015-02-04 21:37 - 2015-02-06 14:15 - 00000454 _____ () C:\Windows\Tasks\Atlantis_ab_2015_02_11_PreStarter.job
2015-02-04 21:37 - 2015-02-04 21:39 - 00003468 _____ () C:\Windows\System32\Tasks\Atlantis_ab_2015_02_11
2015-02-04 21:37 - 2015-02-04 21:37 - 00003324 _____ () C:\Windows\System32\Tasks\Atlantis_ab_2015_02_11_PreStarter
2015-02-01 23:02 - 2015-02-11 15:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 23:02 - 2015-02-05 13:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-01 12:36 - 2015-02-02 12:49 - 00000542 _____ () C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22.job
2015-02-01 12:36 - 2015-02-02 12:49 - 00000396 _____ () C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter.job
2015-02-01 12:36 - 2015-02-01 12:36 - 00003406 _____ () C:\Windows\System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22
2015-02-01 12:36 - 2015-02-01 12:36 - 00003260 _____ () C:\Windows\System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter
2015-02-01 12:35 - 2015-02-02 12:49 - 00000506 _____ () C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000502 _____ () C:\Windows\Tasks\Dornroeschen_ab_2015_02_22.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000360 _____ () C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000356 _____ () C:\Windows\Tasks\Dornroeschen_ab_2015_02_22_PreStarter.job
2015-02-01 12:35 - 2015-02-01 12:35 - 00003038 _____ () C:\Windows\System32\Tasks\Die_Gaensemagd_ab_2015_02_26
2015-02-01 12:35 - 2015-02-01 12:35 - 00003034 _____ () C:\Windows\System32\Tasks\Dornroeschen_ab_2015_02_22
2015-02-01 12:35 - 2015-02-01 12:35 - 00002892 _____ () C:\Windows\System32\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter
2015-02-01 12:35 - 2015-02-01 12:35 - 00002888 _____ () C:\Windows\System32\Tasks\Dornroeschen_ab_2015_02_22_PreStarter
2015-01-30 14:40 - 2015-01-30 14:41 - 00000000 ____D () C:\Users\seb\AppData\Local\Songr
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\YoutubeToMp3Converter
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-01-28 13:19 - 2015-01-28 13:19 - 00000000 ____D () C:\Users\seb\AppData\Roaming\Mp3jam
2015-01-27 19:22 - 2015-01-27 19:22 - 00000000 ____D () C:\Users\seb\AppData\Roaming\FreeVideoEditor
2015-01-27 19:16 - 2015-02-01 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-27 19:16 - 2015-02-01 19:02 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-27 19:12 - 2015-01-27 19:12 - 03526608 _____ (DVDVideoSoft Ltd. ) C:\Users\seb\Downloads\FreeVideo1410Editor.exe
2015-01-27 18:28 - 2015-01-27 19:02 - 00000000 ____D () C:\Users\seb\AppData\Roaming\avidemux
2015-01-26 23:11 - 2015-02-05 14:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 18:24 - 2015-01-23 23:59 - 00000554 _____ () C:\Windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15.job
2015-01-21 18:24 - 2015-01-23 23:59 - 00000408 _____ () C:\Windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15_PreStarter.job
2015-01-21 18:24 - 2015-01-21 18:24 - 00003086 _____ () C:\Windows\System32\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15
2015-01-21 18:24 - 2015-01-21 18:24 - 00002940 _____ () C:\Windows\System32\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15_PreStarter
2015-01-14 15:53 - 2015-02-01 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 16:00 - 2013-12-27 09:21 - 00000000 ____D () C:\Unzipped
2015-02-11 15:47 - 2013-01-23 23:31 - 00000000 ____D () C:\Users\seb\AppData\Roaming\vlc
2015-02-11 15:40 - 2013-01-05 15:14 - 01496513 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 13:57 - 2013-01-09 16:21 - 00000000 ____D () C:\Users\seb\Desktop\Sicherheit
2015-02-11 13:52 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 13:52 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 13:47 - 2013-06-18 09:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-11 13:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 13:46 - 2013-01-05 17:57 - 00778318 _____ () C:\Windows\PFRO.log
2015-02-11 13:45 - 2013-01-05 15:50 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-11 13:45 - 2013-01-05 15:50 - 00001057 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-11 13:45 - 2013-01-05 15:13 - 00001170 _____ () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-11 13:45 - 2013-01-05 15:13 - 00000943 _____ () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-11 13:02 - 2013-01-06 22:14 - 00000000 ____D () C:\Program Files (x86)\ThumbsPlus 7x deutsch
2015-02-11 13:01 - 2014-12-18 13:57 - 00000310 _____ () C:\Users\seb\Desktop\Photo.URL
2015-02-11 05:45 - 2015-01-10 20:29 - 00000554 _____ () C:\Windows\Tasks\Sesamstrasse_2658_ab_2015_01_13.job
2015-02-11 05:43 - 2015-01-10 20:29 - 00000406 _____ () C:\Windows\Tasks\Sesamstrasse_2658_ab_2015_01_13_PreStarter.job
2015-02-10 22:17 - 2013-01-05 16:22 - 00697072 _____ () C:\Windows\system32\perfh007.dat
2015-02-10 22:17 - 2013-01-05 16:22 - 00149040 _____ () C:\Windows\system32\perfc007.dat
2015-02-10 22:17 - 2009-07-14 06:13 - 01619880 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-10 10:38 - 2013-02-12 14:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-10 05:45 - 2013-03-09 09:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\WinTVCap_GUI
2015-02-09 15:35 - 2014-06-28 06:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 20:43 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\AppData\Roaming\DMCache
2015-02-08 14:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2015-02-08 14:06 - 2014-12-09 10:45 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-08 13:05 - 2013-01-23 01:21 - 00118384 _____ () C:\Users\seb\AppData\Roaming\GDIPFONTCACHEV1.DAT
2015-02-08 12:50 - 2013-01-24 14:04 - 00000255 _____ () C:\Users\seb\Desktop\[PinSimDB.org] Pinball Future Pinball.URL
2015-02-08 12:24 - 2013-01-06 16:37 - 00000000 ____D () C:\Users\seb\AppData\Roaming\TV-Browser
2015-02-08 10:50 - 2014-11-10 12:23 - 00000532 _____ () C:\Windows\Tasks\Loewenzahn_ab_2014_11_16.job
2015-02-08 10:48 - 2014-11-10 12:23 - 00000386 _____ () C:\Windows\Tasks\Loewenzahn_ab_2014_11_16_PreStarter.job
2015-02-07 15:20 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\AppData\Roaming\IDM
2015-02-07 10:55 - 2015-01-10 20:25 - 00000510 _____ () C:\Windows\Tasks\Die_Sendung_mit_der_Maus_ab_2015_01_24.job
2015-02-07 10:53 - 2015-01-10 20:25 - 00000364 _____ () C:\Windows\Tasks\Die_Sendung_mit_der_Maus_ab_2015_01_24_PreStarter.job
2015-02-06 01:03 - 2015-01-10 20:29 - 00003560 _____ () C:\Windows\System32\Tasks\Sesamstrasse_2658_ab_2015_01_13
2015-02-05 13:29 - 2013-01-10 13:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 13:29 - 2013-01-10 13:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 12:04 - 2013-02-12 14:27 - 00000000 ____D () C:\Users\seb\AppData\Roaming\dvdcss
2015-02-05 11:01 - 2013-01-23 00:15 - 00000000 ____D () C:\Windows\Minidump
2015-02-03 22:23 - 2013-01-11 20:07 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2015-02-03 18:58 - 2013-12-24 01:47 - 00000000 ____D () C:\temp
2015-02-03 18:55 - 2013-01-11 15:59 - 00051200 _____ () C:\Users\seb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-03 18:19 - 2013-01-11 20:07 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-02-03 11:16 - 2013-01-11 15:26 - 00000000 ____D () C:\Users\seb\AppData\Local\Pinnacle
2015-02-03 11:09 - 2013-01-11 15:21 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2015-02-02 18:17 - 2014-12-09 18:10 - 00001972 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-02 16:47 - 2013-01-09 16:21 - 00000000 ____D () C:\Users\seb\Desktop\DVD_Video
2015-02-02 12:49 - 2013-01-05 15:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 12:49 - 2013-01-05 15:12 - 00000000 ____D () C:\Users\seb
2015-02-02 12:28 - 2013-04-26 12:38 - 00000000 ____D () C:\Users\seb\AppData\Roaming\TrueCrypt
2015-02-01 23:03 - 2014-08-04 09:38 - 00000000 ____D () C:\Users\seb\AppData\Local\Adobe
2015-02-01 19:02 - 2013-01-10 13:36 - 00000000 ____D () C:\Users\seb\AppData\Roaming\DVDVideoSoft
2015-02-01 18:39 - 2013-01-10 12:10 - 00000000 ____D () C:\Users\seb\Desktop\Audio
2015-01-30 14:36 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\Downloads\Compressed
2015-01-28 13:50 - 2013-09-27 09:18 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-28 13:31 - 2014-05-14 21:34 - 00000000 ____D () C:\ProgramData\Skype
2015-01-27 17:08 - 2013-01-10 16:46 - 00001186 _____ () C:\Windows\PVAStrumento.ini
2015-01-21 10:13 - 2013-10-27 20:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 10:13 - 2013-09-01 12:43 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 10:12 - 2014-10-12 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 10:11 - 2014-10-12 08:56 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-15 17:57 - 2013-01-11 10:41 - 00000035 _____ () C:\Windows\vbaddin.ini
2015-01-14 23:06 - 2013-01-07 01:10 - 00118000 _____ () C:\Users\seb\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-14 23:04 - 2009-07-14 05:45 - 00417000 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2013-06-08 06:10 - 2014-12-16 19:25 - 0000030 _____ () C:\Program Files (x86)\Exiferupdate.ini
2013-11-16 08:03 - 2013-11-16 08:04 - 50063360 _____ () C:\Program Files (x86)\GUT3F71.tmp
2013-01-11 15:59 - 2015-02-03 18:55 - 0051200 _____ () C:\Users\seb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-11 10:31 - 2013-12-25 22:42 - 0007605 _____ () C:\Users\seb\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-05 05:48

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 11.02.2015, 18:29

hi,

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

SpeedUpMyPC
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

seb-soft · 11.02.2015, 19:31

Code:

ATTFilter

ComboFix 15-02-09.01 - seb 11.02.2015  18:41:12.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.4095.2429 [GMT 1:00]
ausgeführt von:: c:\unzipped\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-11 bis 2015-02-11  ))))))))))))))))))))))))))))))
.
.
2015-02-11 18:18 . 2015-02-11 18:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-11 12:31 . 2015-02-11 12:45	--------	d-----w-	C:\AdwCleaner
2015-02-11 12:24 . 2015-02-11 17:31	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-02-11 12:17 . 2015-02-11 15:01	--------	d-----w-	C:\FRST
2015-02-06 17:59 . 2015-02-06 17:59	--------	d-----w-	c:\program files (x86)\Future Pinball
2015-02-06 12:06 . 2014-11-29 00:37	180648	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2015-01-30 13:40 . 2015-01-30 13:41	--------	d-----w-	c:\users\seb\AppData\Local\Songr
2015-01-28 12:50 . 2015-01-28 12:50	--------	d-----w-	c:\users\seb\AppData\Roaming\YoutubeToMp3Converter
2015-01-28 12:50 . 2015-01-28 12:50	--------	d-----w-	c:\program files (x86)\Freemake
2015-01-28 12:19 . 2015-01-28 12:19	--------	d-----w-	c:\users\seb\AppData\Roaming\Mp3jam
2015-01-27 18:22 . 2015-01-27 18:22	--------	d-----w-	c:\users\seb\AppData\Roaming\FreeVideoEditor
2015-01-27 18:16 . 2015-02-01 18:02	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2015-01-27 18:16 . 2015-02-01 18:02	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2015-01-27 17:28 . 2015-01-27 18:02	--------	d-----w-	c:\users\seb\AppData\Roaming\avidemux
2015-01-21 09:12 . 2015-01-21 09:12	--------	d-----w-	c:\program files (x86)\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-09 14:35 . 2014-06-28 05:36	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-05 12:29 . 2013-01-10 12:19	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 12:29 . 2013-01-10 12:19	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-21 09:11 . 2014-10-12 07:56	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-31 17:56 . 2013-01-11 10:13	67072	----a-w-	c:\windows\SysWow64\ieframe.oca
2014-12-31 17:56 . 2013-01-11 10:13	241664	----a-w-	c:\windows\SysWow64\COMCTL32.oca
2014-12-31 17:56 . 2013-01-11 10:13	44032	----a-w-	c:\windows\SysWow64\TABCTL32.oca
2014-12-24 11:39 . 2013-01-05 15:40	112710672	----a-w-	c:\windows\system32\MRT.exe
2014-12-16 17:26 . 2014-12-16 17:26	16152	----a-w-	c:\windows\system32\drivers\SWDUMon.sys
2014-12-09 17:10 . 2014-01-15 07:38	1050432	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-12-09 17:09 . 2014-01-15 07:38	116728	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-12-09 17:09 . 2014-01-15 07:38	267632	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-12-09 17:09 . 2014-01-15 07:38	436624	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-12-09 17:09 . 2014-12-09 17:09	364512	----a-w-	c:\windows\system32\aswBoot.exe
2014-12-09 17:09 . 2014-12-09 17:09	43152	----a-w-	c:\windows\avastSS.scr
2014-12-09 17:09 . 2014-05-06 05:35	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-12-09 17:09 . 2014-01-15 07:38	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-12-09 17:09 . 2014-01-15 07:38	83280	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-12-09 17:09 . 2014-01-15 07:38	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-11-21 05:14 . 2014-06-28 05:35	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-06-28 05:35	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2013-03-28 12:21	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-11-16 07:04 . 2013-11-16 07:03	50063360	----a-w-	c:\program files (x86)\GUT3F71.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-11-10 1352480]
"AcronisTimounterMonitor"="c:\program files (x86)\Seagate\DiscWizard\TimounterMonitor.exe" [2009-11-10 906912]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-12-17 2489456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 polugive;Pt Details;c:\users\seb\AppData\Roaming\VOPackage\nsz92D6.tmpfs;c:\users\seb\AppData\Roaming\VOPackage\nsz92D6.tmpfs [x]
R3 cpuz130;cpuz130; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SAllBDA;TeVii DVB-S/S2 Receiver;c:\windows\system32\Drivers\TeViiS2.sys;c:\windows\SYSNATIVE\Drivers\TeViiS2.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02	114688	----a-w-	c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-10 12:29]
.
2015-02-06 c:\windows\Tasks\Atlantis_ab_2015_02_11.job
- c:\program files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21 09:11]
.
2015-02-06 c:\windows\Tasks\Atlantis_ab_2015_02_11_PreStarter.job
- c:\program files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21 09:11]
.
2015-02-02 c:\windows\Tasks\Die_Gaensemagd_ab_2015_02_26.job
- c:\program files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21 09:11]
.
2015-02-02 c:\windows\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter.job
- c:\program files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21 09:11]
.
2015-02-02 c:\windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22.job
- c:\program files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21 09:11]
.
2015-02-02 c:\windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter.job
- c:\program files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21 09:11]
.
2015-02-02 c:\windows\Tasks\Dornroeschen_ab_2015_02_22.job
- c:\program files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21 09:11]
.
2015-02-02 c:\windows\Tasks\Dornroeschen_ab_2015_02_22_PreStarter.job
- c:\program files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21 09:11]
.
2015-01-23 c:\windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15.job
- c:\program files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21 09:11]
.
2015-01-23 c:\windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15_PreStarter.job
- c:\program files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21 09:11]
.
2015-02-06 c:\windows\Tasks\Tischlein_deck_dich_ab_2015_02_12.job
- c:\program files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21 09:11]
.
2015-02-06 c:\windows\Tasks\Tischlein_deck_dich_ab_2015_02_12_PreStarter.job
- c:\program files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21 09:11]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
AeLookupSvc
AppInfo
AppMgmt
AudioSrv
BITS
browser
CertPropSvc
EapHost
FastUserSwitchingCompatibility
gpsvc
helpsvc
hkmsvc
Ias
IKEEXT
iphlpsvc
Irmon
lanmanserver
LogonHours
MMCSS
msiscsi
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
PCAudit
ProfSvc
Rasauto
Rasman
Remoteaccess
schedule
SCPolicySvc
seclogon
SENS
SessionEnv
Sharedaccess
ShellHWDetection
SRService
Tapisrv
TermService
Themes
uploadmgr
wercplsupport
winmgmt
WmdmPmSp
Wmi
wuauserv
BDESVC
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: 	c:\users\seb\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloadernew.htm
IE: Alles mit FlashGet laden - c:\program files (x86)\FlashGet\jc_all.htm
IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Mit FlashGet laden - c:\program files (x86)\FlashGet\jc_link.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
FF - ProfilePath - c:\users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\bfj3vrht.default-1421832937164\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{CDC95B92-E27C-4745-A8C5-64A52A78855D} - (no file)
AddRemove-InstallShield für Microsoft Visual C++ 6 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\polugive]
"ImagePath"="c:\users\seb\AppData\Roaming\VOPackage\nsz92D6.tmpfs"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3122927800-2970940714-3403948491-1000_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAc0ORMxBswkKXWNZcKG2lFAAAAAACAAAAAAAQZgAAAAEAACAAAACxs9PPh3zddPxR3ZpVbNCFlF2rb4CmTk+oRBL/dKmYdQAAAAAOgAAAAAIAACAAAAAWqjKfdCfC+WhGvNFBT2yU6/iGhcbV/L7q7Zqy0Y6zeRAAAACIV+3puV+6BE+8PVROfCDsQAAAAB+i7f5a8+zz9XApEKrtIgGKb+oTuoQY2/pBHAXT2mv9XdosiXl+bgBFAmeK6zdr2HxorFjluCf3kPsjS4jdDvI="
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAc6B05nKe/ECw+g061BARLAAAAAACAAAAAAAQZgAAAAEAACAAAACU3n4PF0SwTDuwvudHYgok7tNhZqfN+uEg3Su9UmFPcQAAAAAOgAAAAAIAACAAAAC0nthFJWaNkxOrCU3R1Yji/amkS2yx23tXh0CXXh24RSAAAAB4CRUtjHjFEdMdADgS/cL/s773eFoZZuiSmPTAacMjCUAAAAABDUdyeQG8ByMz2VPpsEsFyVwnnTvnZazd/W+J2zemIEvAtERW6et38t0Fv9me5fliy1dzwyazVoiVf2OsG6rF"
"{FCCCD80D-2A5E-401E-B64F-D1C2E375B955}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAc0ORMxBswkKXWNZcKG2lFAAAAAACAAAAAAAQZgAAAAEAACAAAABIU3minkHbvaPaoQ0bENza8u+kgKdxqYf6hV3qJtzu7gAAAAAOgAAAAAIAACAAAABZZ0qTCE62S3W9zx+MDzaNP3y5qqDACUNYzpXskZOh5BAAAAC1sYITKX1Qx2aWcxJ2OCXGQAAAAHngRneGuDnJRiSmke2OK45PKgjI6r4OVDcKzZcWnZY+HsUvwmRTI1nG74S3MczwMds1HIvqgehixmJryZg62Ig="
.
[HKEY_USERS\S-1-5-21-3122927800-2970940714-3403948491-1000_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock]
"LastSynchronizationClock"=hex(b):80,51,ca,1e,e7,0a,d2,08
"DeltaClock"=hex(b):8c,4e,3a,f9,ff,ff,ff,ff
"LastNtpServer"="time.nist.gov"
.
[HKEY_USERS\S-1-5-21-3122927800-2970940714-3403948491-1000_Classes\Wow6432Node\CLSID\{405b8b8b-f7e1-4d0f-a16a-077a1bea3311}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000020
"Therad"=dword:00000001
"MData"=hex(0):e6,31,26,c3,aa,29,a3,3b,7d,c8,fe,6e,64,47,fe,6a,d5,25,bc,d7,6b,
   54,b0,3a,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3122927800-2970940714-3403948491-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):aa,bb,04,f1,dc,10,8d,ba,6b,cd,f5,8a,75,4a,40,de,8a,95,58,5b,8a,
   f7,a6,c8,e2,ef,9a,ab,6d,ab,a9,d6,e7,b8,97,ec,bf,64,70,ee,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-11  19:27:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-11 18:27
.
Vor Suchlauf: 16 Verzeichnis(se), 103.664.414.720 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 103.514.259.456 Bytes frei
.
- - End Of File - - 606601E08A39579DBE90C85E113FAE78
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 12.02.2015, 06:47

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

seb-soft · 12.02.2015, 12:45

mbma - schreibt. keine bedrohlichen Elemente gefunden

hier die txt von AdwCleander:AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.110 - Logfile created 12/02/2015 at 12:25:56
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : seb - SEB-PC
# Running from : H:\Neu-Install-7\Viren\AdwCleaner_4.110.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16540


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [7844 bytes] - [11/02/2015 13:32:48]
AdwCleaner[R1].txt - [7903 bytes] - [11/02/2015 13:42:12]
AdwCleaner[R2].txt - [1465 bytes] - [12/02/2015 12:04:28]
AdwCleaner[R3].txt - [1319 bytes] - [12/02/2015 12:25:56]
AdwCleaner[S0].txt - [7903 bytes] - [11/02/2015 13:45:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1437 bytes] ##########

--- --- ---

Hier die txt von JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by seb on 12.02.2015 at 12:34:32,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B4DF450-DCC7-4B07-935D-0CD757A64583}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9B4DF450-DCC7-4B07-935D-0CD757A64583}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B4DF450-DCC7-4B07-935D-0CD757A64583}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9B4DF450-DCC7-4B07-935D-0CD757A64583}



~~~ Files

Successfully deleted: [File] "C:\Users\seb\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
Successfully deleted: [File] C:\Windows\prefetch\SPEEDUPMYPC.EXE-E9FC9CD7.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\seb\AppData\Roaming\mozilla\firefox\profiles\bfj3vrht.default-1421832937164\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "mp3");
user_pref("browser.search.searchengine.uid", "ST1500DM003-1CH16G_W1E30DJ1XXXXW1E30DJ1");
Emptied folder: C:\Users\seb\AppData\Roaming\mozilla\firefox\profiles\bfj3vrht.default-1421832937164\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.02.2015 at 12:41:19,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und ein "frisches" fsrt log:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 01
Ran by seb (administrator) on SEB-PC on 12-02-2015 12:43:41
Running from C:\Unzipped
Loaded Profiles: seb (Available profiles: seb)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [136544 2009-11-10] (Seagate)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [1352480 2009-11-10] (Seagate)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe [906912 2009-11-10] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2489456 2010-12-17] (VIA)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\bfj3vrht.default-1421832937164
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-15]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5 [2015-01-31]
FF HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14]
CHR Extension: (Google Drive) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-14]
CHR Extension: (YouTube) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-14]
CHR Extension: (Google Search) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-14]
CHR Extension: (Gmail) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-14]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 polugive; C:\Users\seb\AppData\Roaming\VOPackage\nsz92D6.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Aspi32; C:\Windows\SysWow64\Drivers\Aspi32.sys [23936 1997-12-23] (Adaptec)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-09] ()
S3 cpuz130; No ImagePath
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-11] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S4 NVHDA; No ImagePath
R3 SAllBDA; C:\Windows\System32\Drivers\TeViiS2.sys [149128 2011-05-23] (TeVii Technology Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-12-16] ()
S3 Synth3dVsc; No ImagePath
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 12:41 - 2015-02-12 12:41 - 00002899 _____ () C:\Users\seb\Desktop\JRT.txt
2015-02-11 19:27 - 2015-02-11 19:27 - 00020705 _____ () C:\ComboFix.txt
2015-02-11 18:38 - 2015-02-11 19:27 - 00000000 ____D () C:\Qoobox
2015-02-11 18:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-11 18:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-11 18:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-11 18:37 - 2015-02-11 19:25 - 00000000 ____D () C:\Windows\erdnt
2015-02-11 18:31 - 2015-02-11 18:31 - 00001272 _____ () C:\Users\seb\Desktop\Revo Uninstaller.lnk
2015-02-11 13:56 - 2015-02-11 13:56 - 00003252 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-3122927800-2970940714-3403948491-1000
2015-02-11 13:31 - 2015-02-12 12:28 - 00000000 ____D () C:\AdwCleaner
2015-02-11 13:24 - 2015-02-11 18:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-11 13:17 - 2015-02-12 12:43 - 00000000 ____D () C:\FRST
2015-02-11 13:09 - 2015-02-12 12:06 - 00000258 _____ () C:\Users\seb\Desktop\mystartsearch entfernen - Trojaner-Board.URL
2015-02-08 14:17 - 2015-02-08 14:17 - 00003140 _____ () C:\Windows\System32\Tasks\{0C43FBC4-3303-4061-B61C-5080CAAC890B}
2015-02-06 20:13 - 2015-02-06 20:14 - 08842240 _____ () C:\Users\seb\Downloads\AngryRobot(1).fpt
2015-02-06 20:13 - 2015-02-06 20:13 - 08842240 _____ () C:\Users\seb\Downloads\AngryRobot.fpt
2015-02-06 18:59 - 2015-02-06 18:59 - 00000000 ____D () C:\Program Files (x86)\Future Pinball
2015-02-06 14:15 - 2015-02-11 19:19 - 00000392 _____ () C:\Windows\setupact.log
2015-02-06 14:15 - 2015-02-06 14:15 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 13:06 - 2014-11-29 01:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-02-04 21:37 - 2015-02-11 22:25 - 00000600 _____ () C:\Windows\Tasks\Atlantis_ab_2015_02_11.job
2015-02-04 21:37 - 2015-02-11 19:58 - 00000454 _____ () C:\Windows\Tasks\Atlantis_ab_2015_02_11_PreStarter.job
2015-02-04 21:37 - 2015-02-04 21:39 - 00003468 _____ () C:\Windows\System32\Tasks\Atlantis_ab_2015_02_11
2015-02-04 21:37 - 2015-02-04 21:37 - 00003324 _____ () C:\Windows\System32\Tasks\Atlantis_ab_2015_02_11_PreStarter
2015-02-01 23:02 - 2015-02-12 12:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 23:02 - 2015-02-05 13:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-01 12:36 - 2015-02-02 12:49 - 00000542 _____ () C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22.job
2015-02-01 12:36 - 2015-02-02 12:49 - 00000396 _____ () C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter.job
2015-02-01 12:36 - 2015-02-01 12:36 - 00003406 _____ () C:\Windows\System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22
2015-02-01 12:36 - 2015-02-01 12:36 - 00003260 _____ () C:\Windows\System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter
2015-02-01 12:35 - 2015-02-02 12:49 - 00000506 _____ () C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000502 _____ () C:\Windows\Tasks\Dornroeschen_ab_2015_02_22.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000360 _____ () C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000356 _____ () C:\Windows\Tasks\Dornroeschen_ab_2015_02_22_PreStarter.job
2015-02-01 12:35 - 2015-02-01 12:35 - 00003038 _____ () C:\Windows\System32\Tasks\Die_Gaensemagd_ab_2015_02_26
2015-02-01 12:35 - 2015-02-01 12:35 - 00003034 _____ () C:\Windows\System32\Tasks\Dornroeschen_ab_2015_02_22
2015-02-01 12:35 - 2015-02-01 12:35 - 00002892 _____ () C:\Windows\System32\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter
2015-02-01 12:35 - 2015-02-01 12:35 - 00002888 _____ () C:\Windows\System32\Tasks\Dornroeschen_ab_2015_02_22_PreStarter
2015-01-30 14:40 - 2015-01-30 14:41 - 00000000 ____D () C:\Users\seb\AppData\Local\Songr
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\YoutubeToMp3Converter
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-01-28 13:19 - 2015-01-28 13:19 - 00000000 ____D () C:\Users\seb\AppData\Roaming\Mp3jam
2015-01-27 19:22 - 2015-01-27 19:22 - 00000000 ____D () C:\Users\seb\AppData\Roaming\FreeVideoEditor
2015-01-27 19:16 - 2015-02-01 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-27 19:16 - 2015-02-01 19:02 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-27 19:12 - 2015-01-27 19:12 - 03526608 _____ (DVDVideoSoft Ltd. ) C:\Users\seb\Downloads\FreeVideo1410Editor.exe
2015-01-27 18:28 - 2015-01-27 19:02 - 00000000 ____D () C:\Users\seb\AppData\Roaming\avidemux
2015-01-26 23:11 - 2015-02-05 14:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 18:24 - 2015-01-23 23:59 - 00000554 _____ () C:\Windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15.job
2015-01-21 18:24 - 2015-01-23 23:59 - 00000408 _____ () C:\Windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15_PreStarter.job
2015-01-21 18:24 - 2015-01-21 18:24 - 00003086 _____ () C:\Windows\System32\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15
2015-01-21 18:24 - 2015-01-21 18:24 - 00002940 _____ () C:\Windows\System32\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15_PreStarter
2015-01-14 15:53 - 2015-02-01 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 12:43 - 2013-12-27 09:21 - 00000000 ____D () C:\Unzipped
2015-02-12 12:25 - 2013-01-23 23:31 - 00000000 ____D () C:\Users\seb\AppData\Roaming\vlc
2015-02-12 11:38 - 2013-01-05 15:14 - 01535562 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 07:45 - 2013-03-09 09:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\WinTVCap_GUI
2015-02-11 21:49 - 2014-06-28 06:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 19:35 - 2013-01-05 16:22 - 00697072 _____ () C:\Windows\system32\perfh007.dat
2015-02-11 19:35 - 2013-01-05 16:22 - 00149040 _____ () C:\Windows\system32\perfc007.dat
2015-02-11 19:35 - 2009-07-14 06:13 - 01619880 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-11 19:27 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-11 19:25 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 19:25 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 19:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-11 19:19 - 2013-06-18 09:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-11 19:19 - 2013-01-05 17:57 - 00779100 _____ () C:\Windows\PFRO.log
2015-02-11 19:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 19:18 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\AppData\Roaming\DMCache
2015-02-11 18:22 - 2013-01-12 21:32 - 00000000 ____D () C:\Users\seb\Desktop\Spiele
2015-02-11 13:57 - 2013-01-09 16:21 - 00000000 ____D () C:\Users\seb\Desktop\Sicherheit
2015-02-11 13:45 - 2013-01-07 22:24 - 00000000 ____D () C:\Users\seb\AppData\Roaming\CheckPoint
2015-02-11 13:45 - 2013-01-05 15:50 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-11 13:45 - 2013-01-05 15:50 - 00001057 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-11 13:45 - 2013-01-05 15:13 - 00001170 _____ () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-11 13:45 - 2013-01-05 15:13 - 00000943 _____ () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-11 13:02 - 2013-01-06 22:14 - 00000000 ____D () C:\Program Files (x86)\ThumbsPlus 7x deutsch
2015-02-11 13:01 - 2014-12-18 13:57 - 00000310 _____ () C:\Users\seb\Desktop\Photo.URL
2015-02-10 10:38 - 2013-02-12 14:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-08 14:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2015-02-08 14:06 - 2014-12-09 10:45 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-08 13:05 - 2013-01-23 01:21 - 00118384 _____ () C:\Users\seb\AppData\Roaming\GDIPFONTCACHEV1.DAT
2015-02-08 12:50 - 2013-01-24 14:04 - 00000255 _____ () C:\Users\seb\Desktop\[PinSimDB.org] Pinball Future Pinball.URL
2015-02-08 12:24 - 2013-01-06 16:37 - 00000000 ____D () C:\Users\seb\AppData\Roaming\TV-Browser
2015-02-07 15:20 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\AppData\Roaming\IDM
2015-02-05 13:29 - 2013-01-10 13:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 13:29 - 2013-01-10 13:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 12:04 - 2013-02-12 14:27 - 00000000 ____D () C:\Users\seb\AppData\Roaming\dvdcss
2015-02-05 11:01 - 2013-01-23 00:15 - 00000000 ____D () C:\Windows\Minidump
2015-02-03 22:23 - 2013-01-11 20:07 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2015-02-03 18:58 - 2013-12-24 01:47 - 00000000 ____D () C:\temp
2015-02-03 18:55 - 2013-01-11 15:59 - 00051200 _____ () C:\Users\seb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-03 18:19 - 2013-01-11 20:07 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-02-03 11:16 - 2013-01-11 15:26 - 00000000 ____D () C:\Users\seb\AppData\Local\Pinnacle
2015-02-03 11:09 - 2013-01-11 15:21 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2015-02-02 18:17 - 2014-12-09 18:10 - 00001972 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-02 16:47 - 2013-01-09 16:21 - 00000000 ____D () C:\Users\seb\Desktop\DVD_Video
2015-02-02 12:49 - 2013-01-05 15:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 12:49 - 2013-01-05 15:12 - 00000000 ____D () C:\Users\seb
2015-02-02 12:28 - 2013-04-26 12:38 - 00000000 ____D () C:\Users\seb\AppData\Roaming\TrueCrypt
2015-02-01 23:03 - 2014-08-04 09:38 - 00000000 ____D () C:\Users\seb\AppData\Local\Adobe
2015-02-01 19:02 - 2013-01-10 13:36 - 00000000 ____D () C:\Users\seb\AppData\Roaming\DVDVideoSoft
2015-02-01 18:39 - 2013-01-10 12:10 - 00000000 ____D () C:\Users\seb\Desktop\Audio
2015-01-30 14:36 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\Downloads\Compressed
2015-01-28 13:50 - 2013-09-27 09:18 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-28 13:31 - 2014-05-14 21:34 - 00000000 ____D () C:\ProgramData\Skype
2015-01-27 17:08 - 2013-01-10 16:46 - 00001186 _____ () C:\Windows\PVAStrumento.ini
2015-01-21 10:13 - 2013-10-27 20:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 10:13 - 2013-09-01 12:43 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 10:12 - 2014-10-12 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 10:11 - 2014-10-12 08:56 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-15 17:57 - 2013-01-11 10:41 - 00000035 _____ () C:\Windows\vbaddin.ini
2015-01-14 23:06 - 2013-01-07 01:10 - 00118000 _____ () C:\Users\seb\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-14 23:04 - 2009-07-14 05:45 - 00417000 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2013-06-08 06:10 - 2014-12-16 19:25 - 0000030 _____ () C:\Program Files (x86)\Exiferupdate.ini
2013-11-16 08:03 - 2013-11-16 08:04 - 50063360 _____ () C:\Program Files (x86)\GUT3F71.tmp
2013-01-11 15:59 - 2015-02-03 18:55 - 0051200 _____ () C:\Users\seb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-11 10:31 - 2013-12-25 22:42 - 0007605 _____ () C:\Users\seb\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-05 05:48

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

schrauber · 12.02.2015, 20:26

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

seb-soft · 13.02.2015, 10:49

Hallo, ist das normal, daß der Eset-Online-Scanner jetzt schon 3 einhalb Stunden läuft und erst bei ca 30 % angelangt ist ?

Danke

Hallo, guten Morgen.

Nun ist "er" fertig.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8e1537da5f22f148bae02c7fa6180281
# engine=22443
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-13 12:36:21
# local_time=2015-02-13 01:36:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 97 913631 34019862 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 45566555 175417631 0 0
# scanned=331331
# found=17
# cleaned=0
# scan_time=17950
sh=3DAE15BC047B21EF17CB19294A54B5BF6CD41A87 ft=1 fh=3c3f1b649fb3d1f0 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe.vir"
sh=39421EC50E118657E18AE8507CAA89C9BB9ADA24 ft=0 fh=0000000000000000 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\seb\Downloads\Compressed\Songr-2.zip"
sh=ABD9885EDFA7F2714E9A2A2512ECB294B8A75242 ft=1 fh=d46593929fb6ebf3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\Neu-Install-7\DVD_Video\FreeStudio.exe"
sh=AA88BE58BA244ED684D31560B038BCA56271AAA0 ft=1 fh=04edb8f3c0fad613 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\Neu-Install-7\DVD_Video\FreeYouTubeDownloadNew_3.2.0.1201.exe"
sh=6A1B8BD71D38104FDBC782308156775433D378E8 ft=1 fh=100a0dc67752f66f vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="H:\Neu-Install-7\DVD_Video\YTD43Setup.exe"
sh=BC4945BCC68770751CC1E79873D9E43555B069CF ft=1 fh=e3b4d757d5c46217 vn="Variante von Win32/RegPatch.A evtl. unerwünschte Anwendung" ac=I fn="H:\Neu-Install-7\DVD_Video\rm-Converter\RM Converter v1.40 + Crack\Crack\Registry info.exe"
sh=FC616BAA19A4E0D229843FF3FB93A8F1D09E9790 ft=1 fh=5ce49007903526bd vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="H:\Neu-Install-7\Spiele\SoftonicDownloader_fuer_future-pinball.exe"
sh=F4BD5BA3AB807D9A9A51C89983A2EB69953F213F ft=1 fh=8eb3ddfa8b1727ca vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="H:\Neu-Install-7\Treiber  Update\DLG_free_driver_scout_chip_default.exe"
sh=2E8F71594190BE6DA97CC124381292B3A892FA84 ft=1 fh=28bb61366fa1b352 vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="H:\Neu-Install-7\UniBlue\speedupmypc.exe"
sh=ABD9885EDFA7F2714E9A2A2512ECB294B8A75242 ft=1 fh=d46593929fb6ebf3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\FreeStudio.exe"
sh=AA88BE58BA244ED684D31560B038BCA56271AAA0 ft=1 fh=04edb8f3c0fad613 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\FreeYouTubeDownloadNew_3.2.0.1201.exe"
sh=6A1B8BD71D38104FDBC782308156775433D378E8 ft=1 fh=100a0dc67752f66f vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\YTD43Setup.exe"
sh=BC4945BCC68770751CC1E79873D9E43555B069CF ft=1 fh=e3b4d757d5c46217 vn="Variante von Win32/RegPatch.A evtl. unerwünschte Anwendung" ac=I fn="P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\rm-Converter\RM Converter v1.40 + Crack\Crack\Registry info.exe"
sh=FC616BAA19A4E0D229843FF3FB93A8F1D09E9790 ft=1 fh=5ce49007903526bd vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="P:\Copy von Elements_Platte\Neu-Install-7\Spiele\SoftonicDownloader_fuer_future-pinball.exe"
sh=F4BD5BA3AB807D9A9A51C89983A2EB69953F213F ft=1 fh=8eb3ddfa8b1727ca vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="P:\Copy von Elements_Platte\Neu-Install-7\Treiber  Update\DLG_free_driver_scout_chip_default.exe"
sh=2E8F71594190BE6DA97CC124381292B3A892FA84 ft=1 fh=28bb61366fa1b352 vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="P:\Copy von Elements_Platte\Neu-Install-7\UniBlue\speedupmypc.exe"
sh=29937FA3571590E243178B116200C090ED146C67 ft=1 fh=9f83e32127ad336a vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="P:\Copy von Elements_Platte\Neu-Install-7\Viren\AdwCleaner_TSV32FPQP.exe"

Gruss

FRST-Log:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by seb (administrator) on SEB-PC on 13-02-2015 10:45:40
Running from C:\Unzipped
Loaded Profiles: seb (Available profiles: seb)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [136544 2009-11-10] (Seagate)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [1352480 2009-11-10] (Seagate)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe [906912 2009-11-10] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2489456 2010-12-17] (VIA)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\bfj3vrht.default-1421832937164
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-15]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5 [2015-01-31]
FF HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14]
CHR Extension: (Google Drive) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-14]
CHR Extension: (YouTube) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-14]
CHR Extension: (Google Search) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-14]
CHR Extension: (Gmail) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-14]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 polugive; C:\Users\seb\AppData\Roaming\VOPackage\nsz92D6.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Aspi32; C:\Windows\SysWow64\Drivers\Aspi32.sys [23936 1997-12-23] (Adaptec)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-09] ()
S3 cpuz130; No ImagePath
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-11] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S4 NVHDA; No ImagePath
R3 SAllBDA; C:\Windows\System32\Drivers\TeViiS2.sys [149128 2011-05-23] (TeVii Technology Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-12-16] ()
S3 Synth3dVsc; No ImagePath
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 20:34 - 2015-02-12 20:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-11 19:27 - 2015-02-11 19:27 - 00020705 _____ () C:\ComboFix.txt
2015-02-11 18:38 - 2015-02-11 19:27 - 00000000 ____D () C:\Qoobox
2015-02-11 18:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-11 18:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-11 18:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-11 18:37 - 2015-02-11 19:25 - 00000000 ____D () C:\Windows\erdnt
2015-02-11 13:56 - 2015-02-11 13:56 - 00003252 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-3122927800-2970940714-3403948491-1000
2015-02-11 13:31 - 2015-02-12 12:28 - 00000000 ____D () C:\AdwCleaner
2015-02-11 13:24 - 2015-02-11 18:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-11 13:17 - 2015-02-13 10:45 - 00000000 ____D () C:\FRST
2015-02-11 13:09 - 2015-02-12 12:06 - 00000258 _____ () C:\Users\seb\Desktop\mystartsearch entfernen - Trojaner-Board.URL
2015-02-08 14:17 - 2015-02-08 14:17 - 00003140 _____ () C:\Windows\System32\Tasks\{0C43FBC4-3303-4061-B61C-5080CAAC890B}
2015-02-06 20:13 - 2015-02-06 20:14 - 08842240 _____ () C:\Users\seb\Downloads\AngryRobot(1).fpt
2015-02-06 20:13 - 2015-02-06 20:13 - 08842240 _____ () C:\Users\seb\Downloads\AngryRobot.fpt
2015-02-06 18:59 - 2015-02-06 18:59 - 00000000 ____D () C:\Program Files (x86)\Future Pinball
2015-02-06 14:15 - 2015-02-11 19:19 - 00000392 _____ () C:\Windows\setupact.log
2015-02-06 14:15 - 2015-02-06 14:15 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 13:06 - 2014-11-29 01:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-02-04 21:37 - 2015-02-11 22:25 - 00000600 _____ () C:\Windows\Tasks\Atlantis_ab_2015_02_11.job
2015-02-04 21:37 - 2015-02-11 19:58 - 00000454 _____ () C:\Windows\Tasks\Atlantis_ab_2015_02_11_PreStarter.job
2015-02-04 21:37 - 2015-02-04 21:39 - 00003468 _____ () C:\Windows\System32\Tasks\Atlantis_ab_2015_02_11
2015-02-04 21:37 - 2015-02-04 21:37 - 00003324 _____ () C:\Windows\System32\Tasks\Atlantis_ab_2015_02_11_PreStarter
2015-02-01 23:02 - 2015-02-13 10:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 23:02 - 2015-02-05 13:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-01 12:36 - 2015-02-02 12:49 - 00000542 _____ () C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22.job
2015-02-01 12:36 - 2015-02-02 12:49 - 00000396 _____ () C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter.job
2015-02-01 12:36 - 2015-02-01 12:36 - 00003406 _____ () C:\Windows\System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22
2015-02-01 12:36 - 2015-02-01 12:36 - 00003260 _____ () C:\Windows\System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter
2015-02-01 12:35 - 2015-02-02 12:49 - 00000506 _____ () C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000502 _____ () C:\Windows\Tasks\Dornroeschen_ab_2015_02_22.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000360 _____ () C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000356 _____ () C:\Windows\Tasks\Dornroeschen_ab_2015_02_22_PreStarter.job
2015-02-01 12:35 - 2015-02-01 12:35 - 00003038 _____ () C:\Windows\System32\Tasks\Die_Gaensemagd_ab_2015_02_26
2015-02-01 12:35 - 2015-02-01 12:35 - 00003034 _____ () C:\Windows\System32\Tasks\Dornroeschen_ab_2015_02_22
2015-02-01 12:35 - 2015-02-01 12:35 - 00002892 _____ () C:\Windows\System32\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter
2015-02-01 12:35 - 2015-02-01 12:35 - 00002888 _____ () C:\Windows\System32\Tasks\Dornroeschen_ab_2015_02_22_PreStarter
2015-01-30 14:40 - 2015-01-30 14:41 - 00000000 ____D () C:\Users\seb\AppData\Local\Songr
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\YoutubeToMp3Converter
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-01-28 13:19 - 2015-01-28 13:19 - 00000000 ____D () C:\Users\seb\AppData\Roaming\Mp3jam
2015-01-27 19:22 - 2015-01-27 19:22 - 00000000 ____D () C:\Users\seb\AppData\Roaming\FreeVideoEditor
2015-01-27 19:16 - 2015-02-01 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-27 19:16 - 2015-02-01 19:02 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-27 19:12 - 2015-01-27 19:12 - 03526608 _____ (DVDVideoSoft Ltd. ) C:\Users\seb\Downloads\FreeVideo1410Editor.exe
2015-01-27 18:28 - 2015-01-27 19:02 - 00000000 ____D () C:\Users\seb\AppData\Roaming\avidemux
2015-01-26 23:11 - 2015-02-05 14:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 18:24 - 2015-01-23 23:59 - 00000554 _____ () C:\Windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15.job
2015-01-21 18:24 - 2015-01-23 23:59 - 00000408 _____ () C:\Windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15_PreStarter.job
2015-01-21 18:24 - 2015-01-21 18:24 - 00003086 _____ () C:\Windows\System32\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15
2015-01-21 18:24 - 2015-01-21 18:24 - 00002940 _____ () C:\Windows\System32\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15_PreStarter
2015-01-14 15:53 - 2015-02-01 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 10:45 - 2013-12-27 09:21 - 00000000 ____D () C:\Unzipped
2015-02-13 10:42 - 2013-01-05 16:22 - 00697072 _____ () C:\Windows\system32\perfh007.dat
2015-02-13 10:42 - 2013-01-05 16:22 - 00149040 _____ () C:\Windows\system32\perfc007.dat
2015-02-13 10:42 - 2009-07-14 06:13 - 01619880 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-13 10:40 - 2013-01-05 15:14 - 01536390 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 23:15 - 2013-01-23 23:31 - 00000000 ____D () C:\Users\seb\AppData\Roaming\vlc
2015-02-12 21:45 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\AppData\Roaming\DMCache
2015-02-12 21:45 - 2013-01-06 16:37 - 00000000 ____D () C:\Users\seb\AppData\Roaming\TV-Browser
2015-02-12 13:03 - 2013-01-12 21:32 - 00000000 ____D () C:\Users\seb\Desktop\Spiele
2015-02-12 12:59 - 2013-01-09 16:21 - 00000000 ____D () C:\Users\seb\Desktop\Sicherheit
2015-02-12 07:45 - 2013-03-09 09:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\WinTVCap_GUI
2015-02-11 21:49 - 2014-06-28 06:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 19:27 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-11 19:25 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 19:25 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 19:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-11 19:19 - 2013-06-18 09:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-11 19:19 - 2013-01-05 17:57 - 00779100 _____ () C:\Windows\PFRO.log
2015-02-11 19:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 13:45 - 2013-01-07 22:24 - 00000000 ____D () C:\Users\seb\AppData\Roaming\CheckPoint
2015-02-11 13:45 - 2013-01-05 15:50 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-11 13:45 - 2013-01-05 15:50 - 00001057 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-11 13:45 - 2013-01-05 15:13 - 00001170 _____ () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-11 13:45 - 2013-01-05 15:13 - 00000943 _____ () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-11 13:02 - 2013-01-06 22:14 - 00000000 ____D () C:\Program Files (x86)\ThumbsPlus 7x deutsch
2015-02-11 13:01 - 2014-12-18 13:57 - 00000310 _____ () C:\Users\seb\Desktop\Photo.URL
2015-02-10 10:38 - 2013-02-12 14:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-08 14:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2015-02-08 14:06 - 2014-12-09 10:45 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-08 13:05 - 2013-01-23 01:21 - 00118384 _____ () C:\Users\seb\AppData\Roaming\GDIPFONTCACHEV1.DAT
2015-02-08 12:50 - 2013-01-24 14:04 - 00000255 _____ () C:\Users\seb\Desktop\[PinSimDB.org] Pinball Future Pinball.URL
2015-02-07 15:20 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\AppData\Roaming\IDM
2015-02-05 13:29 - 2013-01-10 13:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 13:29 - 2013-01-10 13:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 12:04 - 2013-02-12 14:27 - 00000000 ____D () C:\Users\seb\AppData\Roaming\dvdcss
2015-02-05 11:01 - 2013-01-23 00:15 - 00000000 ____D () C:\Windows\Minidump
2015-02-03 22:23 - 2013-01-11 20:07 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2015-02-03 18:58 - 2013-12-24 01:47 - 00000000 ____D () C:\temp
2015-02-03 18:55 - 2013-01-11 15:59 - 00051200 _____ () C:\Users\seb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-03 18:19 - 2013-01-11 20:07 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-02-03 11:16 - 2013-01-11 15:26 - 00000000 ____D () C:\Users\seb\AppData\Local\Pinnacle
2015-02-03 11:09 - 2013-01-11 15:21 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2015-02-02 16:47 - 2013-01-09 16:21 - 00000000 ____D () C:\Users\seb\Desktop\DVD_Video
2015-02-02 12:49 - 2013-01-05 15:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 12:49 - 2013-01-05 15:12 - 00000000 ____D () C:\Users\seb
2015-02-02 12:28 - 2013-04-26 12:38 - 00000000 ____D () C:\Users\seb\AppData\Roaming\TrueCrypt
2015-02-01 23:03 - 2014-08-04 09:38 - 00000000 ____D () C:\Users\seb\AppData\Local\Adobe
2015-02-01 19:02 - 2013-01-10 13:36 - 00000000 ____D () C:\Users\seb\AppData\Roaming\DVDVideoSoft
2015-02-01 18:39 - 2013-01-10 12:10 - 00000000 ____D () C:\Users\seb\Desktop\Audio
2015-01-30 14:36 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\Downloads\Compressed
2015-01-28 13:50 - 2013-09-27 09:18 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-28 13:31 - 2014-05-14 21:34 - 00000000 ____D () C:\ProgramData\Skype
2015-01-27 17:08 - 2013-01-10 16:46 - 00001186 _____ () C:\Windows\PVAStrumento.ini
2015-01-21 10:13 - 2013-10-27 20:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 10:13 - 2013-09-01 12:43 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 10:12 - 2014-10-12 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 10:11 - 2014-10-12 08:56 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-15 17:57 - 2013-01-11 10:41 - 00000035 _____ () C:\Windows\vbaddin.ini
2015-01-14 23:06 - 2013-01-07 01:10 - 00118000 _____ () C:\Users\seb\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-14 23:04 - 2009-07-14 05:45 - 00417000 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2013-06-08 06:10 - 2014-12-16 19:25 - 0000030 _____ () C:\Program Files (x86)\Exiferupdate.ini
2013-11-16 08:03 - 2013-11-16 08:04 - 50063360 _____ () C:\Program Files (x86)\GUT3F71.tmp
2013-01-11 15:59 - 2015-02-03 18:55 - 0051200 _____ () C:\Users\seb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-11 10:31 - 2013-12-25 22:42 - 0007605 _____ () C:\Users\seb\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 02:08

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Add.txt - log:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by seb at 2015-02-13 10:46:42
Running from C:\Unzipped
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2.1.0 (HKLM-x32\...\{4F80F043-B003-4820-B8E3-CB7E6CF5BB03}_is1) (Version: 2.1.0 - Christian Koban)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Audials (HKLM-x32\...\{7FAA26D8-3727-41CD-A9DE-9480E4EA9130}) (Version: 8.0.55300.0 - RapidSolution Software AG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Canon iP4300 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300) (Version:  - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
DivX Codec 3.1alpha release (HKLM-x32\...\DIVXCodec) (Version:  - )
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Exifer (HKLM-x32\...\Exifer_is1) (Version:  - Friedemann Schmidt)
FlashGet(JetCar) (HKLM-x32\...\FlashGet(JetCar)) (Version:  - )
Free Driver Scout (HKLM-x32\...\{50a7e828-15d3-40e6-a37d-22d5c5357878}) (Version: 1.0.0.0 - Covus Freemium)
Free Driver Scout (Version: 1.0.0.0 - Covus Freemium) Hidden
Free Studio version 5.3.1 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Ltd.)
Free Video Editor version 1.4.10.113 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.10.113 - DVDVideoSoft Ltd.)
Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.0 - Ellora Assets Corporation)
Future Pinball (HKLM-x32\...\Future Pinball_is1) (Version: Version 1.9.1.20101231 - Chris Leathley)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Google Earth (HKLM-x32\...\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}) (Version: 7.0.2.8415 - Google)
InstallShield für Microsoft Visual C++ 6 (HKLM-x32\...\InstallShield für Microsoft Visual C++ 6) (Version:  - )
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Professional Edition (Deutsch) (HKLM-x32\...\Visual Studio 6.0 Professional Edition (deu)) (Version:  - )
Microsoft VM for Java (HKLM-x32\...\MsJavaVM) (Version:  - )
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version:  - )
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mp3tag v2.53 (HKLM-x32\...\Mp3tag) (Version: v2.53 - Florian Heidenreich)
MSDN Library - Visual Studio 6.0a (Deutsch) (HKLM-x32\...\Microsoft Developer Network - Visual Studio 6.0a (deu)) (Version:  - )
NVIDIA 3D Vision Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PixiePack Codec Pack (HKLM-x32\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version:  - NCH Software)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Seagate*DiscWizard (HKLM-x32\...\{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}) (Version: 11.0.8330 - Seagate)
ShrinkTo5Basic (HKLM-x32\...\ShrinkTo5Basic) (Version:  - )
ThumbsPlus 7x (deutsch) (HKLM-x32\...\ThumbsPlus7x) (Version:  - Atlantic Software Exchange, Inc.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TV-Browser 3.4.0.95-Beta (HKLM-x32\...\tvbrowser) (Version: 3.4.0.95-Beta - TV-Browser Team)
VBEx32 2.1.01 (HKLM-x32\...\VBEx32_is1) (Version:  - vb@rchiv- Das große Visual Basic Archiv)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinFF 1.2 (HKLM-x32\...\WinFF_is1) (Version:  - WinFF.org)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Xilisoft Download YouTube Video (HKLM-x32\...\Xilisoft Download YouTube Video) (Version: 5.6.1.20140425 - Xilisoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3122927800-2970940714-3403948491-1000_Classes\CLSID\{C539A15A-3AF9-4c92-B771-50CB78F5C751}\InprocServer32 -> C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll (Seagate)
CustomCLSID: HKU\S-1-5-21-3122927800-2970940714-3403948491-1000_Classes\CLSID\{C539A15B-3AF9-4c92-B771-50CB78F5C751}\InprocServer32 -> C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll (Seagate)

==================== Restore Points  =========================

11-02-2015 13:54:08 Uniblue SpeedUpMyPC installation
11-02-2015 18:34:18 Revo Uninstaller's restore point - SpeedUpMyPC

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-11 19:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {023219F5-3A5C-4B45-AAF0-D5EF9470856D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {0B32DBC1-8193-498A-8753-C1DFB09E04C3} - System32\Tasks\{EA020B33-38A6-4EED-AAD2-489F8588284F} => C:\Program Files (x86)\Panasonic\HD Writer AE 4.0\HDWriter.exe <==== ATTENTION
Task: {0F7B5451-5DFD-4C8A-98BC-AAE5C44CE61D} - System32\Tasks\Microsoft\ccd47ccc24a901249e2e7b2e53185c1a => C:\Users\seb\AppData\Roaming\DownloadManager\Loader.exe <==== ATTENTION
Task: {1660F2BB-E740-44E5-9EF4-0D59CA15A67C} - System32\Tasks\Atlantis_ab_2015_02_11 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {1ABF39B0-CA39-4C5E-BD16-EEA457B0FDA5} - System32\Tasks\{5D715D0F-C9AF-4341-B455-F94604D0B3E2} => D:\Setup32.exe <==== ATTENTION
Task: {1B436BF4-305A-4878-9324-F082369176D2} - System32\Tasks\{2EDA19E1-EDAD-4650-84E0-3651A132AC5A} => pcalua.exe -a D:\PinnacleOriginal\HollywoodFX\InstallHFZ.exe -d D:\PinnacleOriginal\HollywoodFX
Task: {237D9CBC-2E03-4ABB-8C6F-F68780B81AA4} - System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {2ABD84A8-D561-4CF3-9CDE-B5A662BE12EB} - System32\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {2F2AF128-54C0-4693-AEE9-6CA0A4496C1C} - System32\Tasks\avastBCLRestartS-1-5-21-3122927800-2970940714-3403948491-1000 => Firefox.exe 
Task: {300CEF0F-1633-4985-AE9C-C3C767B94FD3} - System32\Tasks\Dornroeschen_ab_2015_02_22_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {36402A14-4ADC-43E8-8AF8-A615E0D45E9B} - System32\Tasks\Dornroeschen_ab_2015_02_22 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {464C9C21-05A0-44E0-BDEB-0C5CD32394D5} - System32\Tasks\{E71FA50C-2A66-4E55-9475-1C1125FB8954} => pcalua.exe -a "C:\Program Files (x86)\Claro LTD\claro\1.8.8.5\GUninstaller.exe" -c -uprtc -key "claro"
Task: {4FE82C76-9324-42E4-98B6-CA306E2CE310} - System32\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {54802746-DB94-406D-AC07-62E18F27CDF5} - System32\Tasks\Atlantis_ab_2015_02_11_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {66123C71-7F6F-406B-A5E4-EC2F5DF16B38} - System32\Tasks\{09FECC89-2DF0-4946-A994-226C65FAE63A} => D:\Setup32.exe <==== ATTENTION
Task: {8406B674-5D0F-48DE-BEE5-F6A2A0F54CF9} - System32\Tasks\Test TimeTrigger => C:\Users\seb\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {848810E3-F22E-4685-9444-5D578DD83485} - System32\Tasks\{204CB24E-4252-482E-93D2-30A0450F2046} => pcalua.exe -a "C:\Program Files (x86)\Moyea\FLV Downloader\install_flash_player_active_x.exe" -d "C:\Program Files (x86)\Moyea\FLV Downloader"
Task: {87EC23CB-9ABA-4F33-A627-FF65B1C860A7} - System32\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {993D594B-A5D1-4499-945B-C8BA8A0F8D7B} - System32\Tasks\{44CADEB5-0CE4-4EB2-857B-47A0392A788C} => H:\Neu-Install-7\WinTVCAPGUI\WinTVCap_GUI_3.6.3.exe [2013-01-06] ()
Task: {A0182966-A5E4-4641-9B06-1EBB03F32238} - System32\Tasks\{F5BA5D89-AFF8-405D-B9AD-6E9D0B0D0129} => C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download New\FreeYTVDownloader.exe
Task: {AD222EA9-87F5-48A8-A877-FB8CB4465381} - System32\Tasks\{0C43FBC4-3303-4061-B61C-5080CAAC890B} => pcalua.exe -a C:\Users\seb\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=mp3
Task: {AD2F4590-4486-42B7-8795-7163CAAC10E7} - System32\Tasks\Die_Gaensemagd_ab_2015_02_26 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {D40F0396-9F08-4539-A1EE-C65D30AAD0A8} - System32\Tasks\{454066F8-297E-452E-A014-89F2FB2F0114} => pcalua.exe -a H:\Neu-Install-7\TV-Browser\WinTVCap_GUI_3.6.3.exe -d H:\Neu-Install-7\TV-Browser
Task: {F4D9959C-DBEC-4EC6-84BE-0887A8CD2F3C} - System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {F6D6D01A-CA6D-40DA-B862-C5ACEF85982E} - System32\Tasks\{A7105E6B-946B-493F-9209-4BAEA01ED4E3} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {FDE96D46-3D2A-4E30-8846-CA091E284622} - System32\Tasks\{2B5E1329-55DD-48BD-8185-1F375A2770CA} => D:\Setup32.exe <==== ATTENTION
Task: {FEE90840-1E00-447B-8AB5-A187A47BFBA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-09] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Atlantis_ab_2015_02_11.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Atlantis_ab_2015_02_11_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Dornroeschen_ab_2015_02_22.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Dornroeschen_ab_2015_02_22_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-18 09:04 - 2012-10-02 20:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-12 11:18 - 2015-02-12 11:18 - 02912256 _____ () C:\Program Files\AVAST Software\Avast\defs\15021200\algo.dll
2015-02-12 23:39 - 2015-02-12 23:39 - 02912256 _____ () C:\Program Files\AVAST Software\Avast\defs\15021201\algo.dll
2015-01-26 23:11 - 2015-01-26 23:11 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-09 18:09 - 2014-12-09 18:09 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-05 13:29 - 2015-02-05 13:29 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Exetender_148 => "C:\Program Files (x86)\FreeRide Games\GPlayer.exe" /runonstartup
MSCONFIG\startupreg: FreeYTVDownloader => C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
MSCONFIG\startupreg: TeViiRC => C:\Windows\TeViiRC.exe

==================== Accounts: =============================

Administrator (S-1-5-21-3122927800-2970940714-3403948491-500 - Administrator - Disabled)
Guest (S-1-5-21-3122927800-2970940714-3403948491-501 - Limited - Disabled)
seb (S-1-5-21-3122927800-2970940714-3403948491-1000 - Administrator - Enabled) => C:\Users\seb

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2015 10:42:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/12/2015 09:40:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/12/2015 08:34:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (02/13/2015 10:42:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/12/2015 09:40:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Unzipped\esetsmartinstaller_deu.exe

Error: (02/12/2015 08:34:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Unzipped\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-02-11 19:17:13.202
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-11 19:17:13.077
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-10 16:11:25.067
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CyberLink\PowerDVD\clpciid.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-10 16:11:25.004
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CyberLink\PowerDVD\clpciid.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) D CPU 3.40GHz
Percentage of memory in use: 40%
Total physical RAM: 4095.05 MB
Available physical RAM: 2443.29 MB
Total Pagefile: 16377.23 MB
Available Pagefile: 14401.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:234.45 GB) (Free:96.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Daten) (Fixed) (Total:97.65 GB) (Free:91.15 GB) NTFS
Drive f: (DRIVE_F) (Fixed) (Total:833.85 GB) (Free:231.23 GB) NTFS
Drive h: (C_Boot_Daten_1) (Fixed) (Total:718.47 GB) (Free:415.54 GB) NTFS
Drive i: (C_Boot_Daten_3) (Fixed) (Total:244.14 GB) (Free:199.79 GB) NTFS
Drive j: (C_Boot_Daten_2) (Fixed) (Total:200.2 GB) (Free:172 GB) NTFS
Drive l: (Elements) (Fixed) (Total:1862.98 GB) (Free:593.55 GB) NTFS
Drive p: (Extern_01) (Fixed) (Total:683.59 GB) (Free:197.62 GB) NTFS
Drive s: (Extern_02) (Fixed) (Total:390.63 GB) (Free:372.26 GB) NTFS
Drive t: (Extern_03) (Fixed) (Total:323.05 GB) (Free:235.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 5F0FC9BA)
Partition 1: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=234.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=244.1 GB) - (Type=05)
Partition 4: (Not Active) - (Size=718.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B2025BBE)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 3497912C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: C392B35B)
Partition 1: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=323 GB) - (Type=07 NTFS)

==================== End Of Log ============================

und den Security Check

Code:

ATTFilter

 UNSUPPORTED OPERATING SYSTEM! ABORTED!

schrauber · 13.02.2015, 20:20

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe.vir

C:\Users\seb\Downloads\Compressed\Songr-2.zip

H:\Neu-Install-7\DVD_Video\FreeStudio.exe

H:\Neu-Install-7\DVD_Video\FreeYouTubeDownloadNew_3.2.0.1201.exe

H:\Neu-Install-7\DVD_Video\YTD43Setup.exe

H:\Neu-Install-7\DVD_Video\rm-Converter\RM Converter v1.40 + Crack\Crack\Registry info.exe

H:\Neu-Install-7\Spiele\SoftonicDownloader_fuer_future-pinball.exe

H:\Neu-Install-7\Treiber  Update\DLG_free_driver_scout_chip_default.exe

H:\Neu-Install-7\UniBlue\speedupmypc.exe

P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\FreeStudio.exe

P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\FreeYouTubeDownloadNew_3.2.0.1201.exe

P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\YTD43Setup.exe

P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\rm-Converter\RM Converter v1.40 + Crack\Crack\Registry info.exe

P:\Copy von Elements_Platte\Neu-Install-7\Spiele\SoftonicDownloader_fuer_future-pinball.exe

P:\Copy von Elements_Platte\Neu-Install-7\Treiber  Update\DLG_free_driver_scout_chip_default.exe

P:\Copy von Elements_Platte\Neu-Install-7\UniBlue\speedupmypc.exe

P:\Copy von Elements_Platte\Neu-Install-7\Viren\AdwCleaner_TSV32FPQP.exe

Task: {0B32DBC1-8193-498A-8753-C1DFB09E04C3} - System32\Tasks\{EA020B33-38A6-4EED-AAD2-489F8588284F} => C:\Program Files (x86)\Panasonic\HD Writer AE 4.0\HDWriter.exe <==== ATTENTION

Task: {0F7B5451-5DFD-4C8A-98BC-AAE5C44CE61D} - System32\Tasks\Microsoft\ccd47ccc24a901249e2e7b2e53185c1a => C:\Users\seb\AppData\Roaming\DownloadManager\Loader.exe <==== ATTENTION

Task: {1ABF39B0-CA39-4C5E-BD16-EEA457B0FDA5} - System32\Tasks\{5D715D0F-C9AF-4341-B455-F94604D0B3E2} => D:\Setup32.exe <==== ATTENTION

Task: {66123C71-7F6F-406B-A5E4-EC2F5DF16B38} - System32\Tasks\{09FECC89-2DF0-4946-A994-226C65FAE63A} => D:\Setup32.exe <==== ATTENTION

Task: {8406B674-5D0F-48DE-BEE5-F6A2A0F54CF9} - System32\Tasks\Test TimeTrigger => C:\Users\seb\AppData\Local\Temp\Runner.exe <==== ATTENTION

Task: {FDE96D46-3D2A-4E30-8846-CA091E284622} - System32\Tasks\{2B5E1329-55DD-48BD-8185-1F375A2770CA} => D:\Setup32.exe <==== ATTENTION
S2 polugive; C:\Users\seb\AppData\Roaming\VOPackage\nsz92D6.tmpfs [X]
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST Log bitte. Nd ja, der ESET Scan braucht schon Zeit

seb-soft · 14.02.2015, 10:37

Hi, alles so gemacht, als ich dann frst gestartet und den fix - Button geklicke habe, hängt sich der Rechner auf und macht einen neustart. Ich schau mal , wo ich jetzt die Datei finde.

Hab sie gefunden, hier ist sie:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2015
Ran by seb at 2015-02-13 21:01:44 Run:1
Running from C:\Unzipped
Loaded Profiles: seb (Available profiles: seb)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe.vir

C:\Users\seb\Downloads\Compressed\Songr-2.zip

H:\Neu-Install-7\DVD_Video\FreeStudio.exe

H:\Neu-Install-7\DVD_Video\FreeYouTubeDownloadNew_3.2.0.1201.exe

H:\Neu-Install-7\DVD_Video\YTD43Setup.exe

H:\Neu-Install-7\DVD_Video\rm-Converter\RM Converter v1.40 + Crack\Crack\Registry info.exe

H:\Neu-Install-7\Spiele\SoftonicDownloader_fuer_future-pinball.exe

H:\Neu-Install-7\Treiber  Update\DLG_free_driver_scout_chip_default.exe

H:\Neu-Install-7\UniBlue\speedupmypc.exe

P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\FreeStudio.exe

P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\FreeYouTubeDownloadNew_3.2.0.1201.exe

P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\YTD43Setup.exe

P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\rm-Converter\RM Converter v1.40 + Crack\Crack\Registry info.exe

P:\Copy von Elements_Platte\Neu-Install-7\Spiele\SoftonicDownloader_fuer_future-pinball.exe

P:\Copy von Elements_Platte\Neu-Install-7\Treiber  Update\DLG_free_driver_scout_chip_default.exe

P:\Copy von Elements_Platte\Neu-Install-7\UniBlue\speedupmypc.exe

P:\Copy von Elements_Platte\Neu-Install-7\Viren\AdwCleaner_TSV32FPQP.exe

Task: {0B32DBC1-8193-498A-8753-C1DFB09E04C3} - System32\Tasks\{EA020B33-38A6-4EED-AAD2-489F8588284F} => C:\Program Files (x86)\Panasonic\HD Writer AE 4.0\HDWriter.exe <==== ATTENTION

Task: {0F7B5451-5DFD-4C8A-98BC-AAE5C44CE61D} - System32\Tasks\Microsoft\ccd47ccc24a901249e2e7b2e53185c1a => C:\Users\seb\AppData\Roaming\DownloadManager\Loader.exe <==== ATTENTION

Task: {1ABF39B0-CA39-4C5E-BD16-EEA457B0FDA5} - System32\Tasks\{5D715D0F-C9AF-4341-B455-F94604D0B3E2} => D:\Setup32.exe <==== ATTENTION

Task: {66123C71-7F6F-406B-A5E4-EC2F5DF16B38} - System32\Tasks\{09FECC89-2DF0-4946-A994-226C65FAE63A} => D:\Setup32.exe <==== ATTENTION

Task: {8406B674-5D0F-48DE-BEE5-F6A2A0F54CF9} - System32\Tasks\Test TimeTrigger => C:\Users\seb\AppData\Local\Temp\Runner.exe <==== ATTENTION

Task: {FDE96D46-3D2A-4E30-8846-CA091E284622} - System32\Tasks\{2B5E1329-55DD-48BD-8185-1F375A2770CA} => D:\Setup32.exe <==== ATTENTION
S2 polugive; C:\Users\seb\AppData\Roaming\VOPackage\nsz92D6.tmpfs [X]
Emptytemp:
         
*****************

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe.vir => Moved successfully.
C:\Users\seb\Downloads\Compressed\Songr-2.zip => Moved successfully.
H:\Neu-Install-7\DVD_Video\FreeStudio.exe => Moved successfully.
H:\Neu-Install-7\DVD_Video\FreeYouTubeDownloadNew_3.2.0.1201.exe => Moved successfully.
H:\Neu-Install-7\DVD_Video\YTD43Setup.exe => Moved successfully.
H:\Neu-Install-7\DVD_Video\rm-Converter\RM Converter v1.40 + Crack\Crack\Registry info.exe => Moved successfully.
H:\Neu-Install-7\Spiele\SoftonicDownloader_fuer_future-pinball.exe => Moved successfully.
H:\Neu-Install-7\Treiber  Update\DLG_free_driver_scout_chip_default.exe => Moved successfully.
H:\Neu-Install-7\UniBlue\speedupmypc.exe => Moved successfully.
P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\FreeStudio.exe => Moved successfully.
P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\FreeYouTubeDownloadNew_3.2.0.1201.exe => Moved successfully.
P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\YTD43Setup.exe => Moved successfully.
P:\Copy von Elements_Platte\Neu-Install-7\DVD_Video\rm-Converter\RM Converter v1.40 + Crack\Crack\Registry info.exe => Moved successfully.
P:\Copy von Elements_Platte\Neu-Install-7\Spiele\SoftonicDownloader_fuer_future-pinball.exe => Moved successfully.
P:\Copy von Elements_Platte\Neu-Install-7\Treiber  Update\DLG_free_driver_scout_chip_default.exe => Moved successfully.
P:\Copy von Elements_Platte\Neu-Install-7\UniBlue\speedupmypc.exe => Moved successfully.
P:\Copy von Elements_Platte\Neu-Install-7\Viren\AdwCleaner_TSV32FPQP.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B32DBC1-8193-498A-8753-C1DFB09E04C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B32DBC1-8193-498A-8753-C1DFB09E04C3}" => Key deleted successfully.
C:\Windows\System32\Tasks\{EA020B33-38A6-4EED-AAD2-489F8588284F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EA020B33-38A6-4EED-AAD2-489F8588284F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F7B5451-5DFD-4C8A-98BC-AAE5C44CE61D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F7B5451-5DFD-4C8A-98BC-AAE5C44CE61D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\ccd47ccc24a901249e2e7b2e53185c1a => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\ccd47ccc24a901249e2e7b2e53185c1a" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1ABF39B0-CA39-4C5E-BD16-EEA457B0FDA5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ABF39B0-CA39-4C5E-BD16-EEA457B0FDA5}" => Key deleted successfully.
C:\Windows\System32\Tasks\{5D715D0F-C9AF-4341-B455-F94604D0B3E2} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5D715D0F-C9AF-4341-B455-F94604D0B3E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66123C71-7F6F-406B-A5E4-EC2F5DF16B38}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66123C71-7F6F-406B-A5E4-EC2F5DF16B38}" => Key deleted successfully.
C:\Windows\System32\Tasks\{09FECC89-2DF0-4946-A994-226C65FAE63A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09FECC89-2DF0-4946-A994-226C65FAE63A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8406B674-5D0F-48DE-BEE5-F6A2A0F54CF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8406B674-5D0F-48DE-BEE5-F6A2A0F54CF9}" => Key deleted successfully.
C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDE96D46-3D2A-4E30-8846-CA091E284622}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDE96D46-3D2A-4E30-8846-CA091E284622}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2B5E1329-55DD-48BD-8185-1F375A2770CA} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B5E1329-55DD-48BD-8185-1F375A2770CA}" => Key deleted successfully.
polugive => Service deleted successfully.
EmptyTemp: => Removed 421.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 21:02:21 ====

gruss

Hallo, guten Morgen
Habe Eset nochmals laufen lassen, hatte 17 Bedrohungen gefunden und in Quaratäne verschoben. Hier die Txt:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8e1537da5f22f148bae02c7fa6180281
# engine=22467
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-14 05:57:06
# local_time=2015-02-14 06:57:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 97 1015676 34125507 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 45672200 175523276 0 0
# scanned=330021
# found=17
# cleaned=17
# scan_time=16829
sh=3DAE15BC047B21EF17CB19294A54B5BF6CD41A87 ft=1 fh=3c3f1b649fb3d1f0 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe.vir.xBAD"
sh=39421EC50E118657E18AE8507CAA89C9BB9ADA24 ft=0 fh=0000000000000000 vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\seb\Downloads\Compressed\Songr-2.zip.xBAD"
sh=ABD9885EDFA7F2714E9A2A2512ECB294B8A75242 ft=1 fh=d46593929fb6ebf3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\H\Neu-Install-7\DVD_Video\FreeStudio.exe.xBAD"
sh=AA88BE58BA244ED684D31560B038BCA56271AAA0 ft=1 fh=04edb8f3c0fad613 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\H\Neu-Install-7\DVD_Video\FreeYouTubeDownloadNew_3.2.0.1201.exe.xBAD"
sh=6A1B8BD71D38104FDBC782308156775433D378E8 ft=1 fh=100a0dc67752f66f vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\H\Neu-Install-7\DVD_Video\YTD43Setup.exe.xBAD"
sh=BC4945BCC68770751CC1E79873D9E43555B069CF ft=1 fh=e3b4d757d5c46217 vn="Variante von Win32/RegPatch.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\H\Neu-Install-7\DVD_Video\rm-Converter\RM Converter v1.40 + Crack\Crack\Registry info.exe.xBAD"
sh=FC616BAA19A4E0D229843FF3FB93A8F1D09E9790 ft=1 fh=5ce49007903526bd vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\H\Neu-Install-7\Spiele\SoftonicDownloader_fuer_future-pinball.exe.xBAD"
sh=F4BD5BA3AB807D9A9A51C89983A2EB69953F213F ft=1 fh=8eb3ddfa8b1727ca vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\H\Neu-Install-7\Treiber  Update\DLG_free_driver_scout_chip_default.exe.xBAD"
sh=2E8F71594190BE6DA97CC124381292B3A892FA84 ft=1 fh=28bb61366fa1b352 vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\H\Neu-Install-7\UniBlue\speedupmypc.exe.xBAD"
sh=ABD9885EDFA7F2714E9A2A2512ECB294B8A75242 ft=1 fh=d46593929fb6ebf3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\P\Copy von Elements_Platte\Neu-Install-7\DVD_Video\FreeStudio.exe.xBAD"
sh=AA88BE58BA244ED684D31560B038BCA56271AAA0 ft=1 fh=04edb8f3c0fad613 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\P\Copy von Elements_Platte\Neu-Install-7\DVD_Video\FreeYouTubeDownloadNew_3.2.0.1201.exe.xBAD"
sh=6A1B8BD71D38104FDBC782308156775433D378E8 ft=1 fh=100a0dc67752f66f vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\P\Copy von Elements_Platte\Neu-Install-7\DVD_Video\YTD43Setup.exe.xBAD"
sh=BC4945BCC68770751CC1E79873D9E43555B069CF ft=1 fh=e3b4d757d5c46217 vn="Variante von Win32/RegPatch.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\P\Copy von Elements_Platte\Neu-Install-7\DVD_Video\rm-Converter\RM Converter v1.40 + Crack\Crack\Registry info.exe.xBAD"
sh=FC616BAA19A4E0D229843FF3FB93A8F1D09E9790 ft=1 fh=5ce49007903526bd vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\P\Copy von Elements_Platte\Neu-Install-7\Spiele\SoftonicDownloader_fuer_future-pinball.exe.xBAD"
sh=F4BD5BA3AB807D9A9A51C89983A2EB69953F213F ft=1 fh=8eb3ddfa8b1727ca vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\P\Copy von Elements_Platte\Neu-Install-7\Treiber  Update\DLG_free_driver_scout_chip_default.exe.xBAD"
sh=2E8F71594190BE6DA97CC124381292B3A892FA84 ft=1 fh=28bb61366fa1b352 vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\P\Copy von Elements_Platte\Neu-Install-7\UniBlue\speedupmypc.exe.xBAD"
sh=29937FA3571590E243178B116200C090ED146C67 ft=1 fh=9f83e32127ad336a vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\P\Copy von Elements_Platte\Neu-Install-7\Viren\AdwCleaner_TSV32FPQP.exe.xBAD"

Checkup txt:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Microsoft VM for Java  
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (35.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Und aktuell FRST.txt:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by seb (administrator) on SEB-PC on 14-02-2015 10:28:29
Running from C:\Unzipped
Loaded Profiles: seb (Available profiles: seb)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [136544 2009-11-10] (Seagate)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [1352480 2009-11-10] (Seagate)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe [906912 2009-11-10] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2489456 2010-12-17] (VIA)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\bfj3vrht.default-1421832937164
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\bfj3vrht.default-1421832937164\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-14]
FF Extension: Adblock Plus - C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\bfj3vrht.default-1421832937164\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-15]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5 [2015-01-31]
FF HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14]
CHR Extension: (Google Drive) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-14]
CHR Extension: (YouTube) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-14]
CHR Extension: (Google Search) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-14]
CHR Extension: (Gmail) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-14]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Aspi32; C:\Windows\SysWow64\Drivers\Aspi32.sys [23936 1997-12-23] (Adaptec)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-09] ()
S3 cpuz130; No ImagePath
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-11] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S4 NVHDA; No ImagePath
R3 SAllBDA; C:\Windows\System32\Drivers\TeViiS2.sys [149128 2011-05-23] (TeVii Technology Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-12-16] ()
S3 Synth3dVsc; No ImagePath
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 20:55 - 2015-02-13 20:55 - 00002289 _____ () C:\Users\seb\Documents\fixlist.txt
2015-02-11 19:27 - 2015-02-11 19:27 - 00020705 _____ () C:\ComboFix.txt
2015-02-11 18:38 - 2015-02-11 19:27 - 00000000 ____D () C:\Qoobox
2015-02-11 18:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-11 18:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-11 18:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-11 18:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-11 18:37 - 2015-02-11 19:25 - 00000000 ____D () C:\Windows\erdnt
2015-02-11 13:56 - 2015-02-11 13:56 - 00003252 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-3122927800-2970940714-3403948491-1000
2015-02-11 13:31 - 2015-02-12 12:28 - 00000000 ____D () C:\AdwCleaner
2015-02-11 13:24 - 2015-02-11 18:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-11 13:17 - 2015-02-14 10:28 - 00000000 ____D () C:\FRST
2015-02-11 13:09 - 2015-02-12 12:06 - 00000258 _____ () C:\Users\seb\Desktop\mystartsearch entfernen - Trojaner-Board.URL
2015-02-08 14:17 - 2015-02-08 14:17 - 00003140 _____ () C:\Windows\System32\Tasks\{0C43FBC4-3303-4061-B61C-5080CAAC890B}
2015-02-06 20:13 - 2015-02-06 20:14 - 08842240 _____ () C:\Users\seb\Downloads\AngryRobot(1).fpt
2015-02-06 20:13 - 2015-02-06 20:13 - 08842240 _____ () C:\Users\seb\Downloads\AngryRobot.fpt
2015-02-06 18:59 - 2015-02-06 18:59 - 00000000 ____D () C:\Program Files (x86)\Future Pinball
2015-02-06 14:15 - 2015-02-14 10:13 - 00000560 _____ () C:\Windows\setupact.log
2015-02-06 14:15 - 2015-02-06 14:15 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 13:06 - 2014-11-29 01:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-02-04 21:37 - 2015-02-11 22:25 - 00000600 _____ () C:\Windows\Tasks\Atlantis_ab_2015_02_11.job
2015-02-04 21:37 - 2015-02-11 19:58 - 00000454 _____ () C:\Windows\Tasks\Atlantis_ab_2015_02_11_PreStarter.job
2015-02-04 21:37 - 2015-02-04 21:39 - 00003468 _____ () C:\Windows\System32\Tasks\Atlantis_ab_2015_02_11
2015-02-04 21:37 - 2015-02-04 21:37 - 00003324 _____ () C:\Windows\System32\Tasks\Atlantis_ab_2015_02_11_PreStarter
2015-02-01 23:02 - 2015-02-14 10:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 23:02 - 2015-02-05 13:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-01 12:36 - 2015-02-02 12:49 - 00000542 _____ () C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22.job
2015-02-01 12:36 - 2015-02-02 12:49 - 00000396 _____ () C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter.job
2015-02-01 12:36 - 2015-02-01 12:36 - 00003406 _____ () C:\Windows\System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22
2015-02-01 12:36 - 2015-02-01 12:36 - 00003260 _____ () C:\Windows\System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter
2015-02-01 12:35 - 2015-02-02 12:49 - 00000506 _____ () C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000502 _____ () C:\Windows\Tasks\Dornroeschen_ab_2015_02_22.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000360 _____ () C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000356 _____ () C:\Windows\Tasks\Dornroeschen_ab_2015_02_22_PreStarter.job
2015-02-01 12:35 - 2015-02-01 12:35 - 00003038 _____ () C:\Windows\System32\Tasks\Die_Gaensemagd_ab_2015_02_26
2015-02-01 12:35 - 2015-02-01 12:35 - 00003034 _____ () C:\Windows\System32\Tasks\Dornroeschen_ab_2015_02_22
2015-02-01 12:35 - 2015-02-01 12:35 - 00002892 _____ () C:\Windows\System32\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter
2015-02-01 12:35 - 2015-02-01 12:35 - 00002888 _____ () C:\Windows\System32\Tasks\Dornroeschen_ab_2015_02_22_PreStarter
2015-01-30 14:40 - 2015-01-30 14:41 - 00000000 ____D () C:\Users\seb\AppData\Local\Songr
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\YoutubeToMp3Converter
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-01-28 13:19 - 2015-01-28 13:19 - 00000000 ____D () C:\Users\seb\AppData\Roaming\Mp3jam
2015-01-27 19:22 - 2015-01-27 19:22 - 00000000 ____D () C:\Users\seb\AppData\Roaming\FreeVideoEditor
2015-01-27 19:16 - 2015-02-01 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-27 19:16 - 2015-02-01 19:02 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-27 19:12 - 2015-01-27 19:12 - 03526608 _____ (DVDVideoSoft Ltd. ) C:\Users\seb\Downloads\FreeVideo1410Editor.exe
2015-01-27 18:28 - 2015-01-27 19:02 - 00000000 ____D () C:\Users\seb\AppData\Roaming\avidemux
2015-01-26 23:11 - 2015-02-05 14:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 18:24 - 2015-01-23 23:59 - 00000554 _____ () C:\Windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15.job
2015-01-21 18:24 - 2015-01-23 23:59 - 00000408 _____ () C:\Windows\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15_PreStarter.job
2015-01-21 18:24 - 2015-01-21 18:24 - 00003086 _____ () C:\Windows\System32\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15
2015-01-21 18:24 - 2015-01-21 18:24 - 00002940 _____ () C:\Windows\System32\Tasks\Ein_Herz_und_eine_Seele_Rosenmontagszug_ab_2015_02_15_PreStarter

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 10:28 - 2013-12-27 09:21 - 00000000 ____D () C:\Unzipped
2015-02-14 10:18 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-14 10:18 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-14 10:16 - 2013-01-05 15:14 - 01608824 _____ () C:\Windows\WindowsUpdate.log
2015-02-14 10:14 - 2013-02-12 14:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-14 10:13 - 2013-06-18 09:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-14 10:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-14 01:37 - 2013-01-23 23:31 - 00000000 ____D () C:\Users\seb\AppData\Roaming\vlc
2015-02-14 01:07 - 2013-01-05 16:22 - 00697072 _____ () C:\Windows\system32\perfh007.dat
2015-02-14 01:07 - 2013-01-05 16:22 - 00149040 _____ () C:\Windows\system32\perfc007.dat
2015-02-14 01:07 - 2009-07-14 06:13 - 01619880 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-13 21:04 - 2013-01-05 17:57 - 00779920 _____ () C:\Windows\PFRO.log
2015-02-13 21:02 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\AppData\Roaming\DMCache
2015-02-13 21:01 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\Downloads\Compressed
2015-02-12 21:45 - 2013-01-06 16:37 - 00000000 ____D () C:\Users\seb\AppData\Roaming\TV-Browser
2015-02-12 13:03 - 2013-01-12 21:32 - 00000000 ____D () C:\Users\seb\Desktop\Spiele
2015-02-12 12:59 - 2013-01-09 16:21 - 00000000 ____D () C:\Users\seb\Desktop\Sicherheit
2015-02-12 07:45 - 2013-03-09 09:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\WinTVCap_GUI
2015-02-11 21:49 - 2014-06-28 06:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 19:27 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-11 19:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-11 13:45 - 2013-01-07 22:24 - 00000000 ____D () C:\Users\seb\AppData\Roaming\CheckPoint
2015-02-11 13:45 - 2013-01-05 15:50 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-11 13:45 - 2013-01-05 15:50 - 00001057 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-11 13:45 - 2013-01-05 15:13 - 00001170 _____ () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-11 13:45 - 2013-01-05 15:13 - 00000943 _____ () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-11 13:02 - 2013-01-06 22:14 - 00000000 ____D () C:\Program Files (x86)\ThumbsPlus 7x deutsch
2015-02-11 13:01 - 2014-12-18 13:57 - 00000310 _____ () C:\Users\seb\Desktop\Photo.URL
2015-02-08 14:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2015-02-08 14:06 - 2014-12-09 10:45 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-08 13:05 - 2013-01-23 01:21 - 00118384 _____ () C:\Users\seb\AppData\Roaming\GDIPFONTCACHEV1.DAT
2015-02-08 12:50 - 2013-01-24 14:04 - 00000255 _____ () C:\Users\seb\Desktop\[PinSimDB.org] Pinball Future Pinball.URL
2015-02-07 15:20 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\AppData\Roaming\IDM
2015-02-05 13:29 - 2013-01-10 13:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 13:29 - 2013-01-10 13:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 12:04 - 2013-02-12 14:27 - 00000000 ____D () C:\Users\seb\AppData\Roaming\dvdcss
2015-02-05 11:01 - 2013-01-23 00:15 - 00000000 ____D () C:\Windows\Minidump
2015-02-03 22:23 - 2013-01-11 20:07 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2015-02-03 18:58 - 2013-12-24 01:47 - 00000000 ____D () C:\temp
2015-02-03 18:55 - 2013-01-11 15:59 - 00051200 _____ () C:\Users\seb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-03 18:19 - 2013-01-11 20:07 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-02-03 11:16 - 2013-01-11 15:26 - 00000000 ____D () C:\Users\seb\AppData\Local\Pinnacle
2015-02-03 11:09 - 2013-01-11 15:21 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2015-02-02 16:47 - 2013-01-09 16:21 - 00000000 ____D () C:\Users\seb\Desktop\DVD_Video
2015-02-02 12:49 - 2013-01-05 15:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 12:49 - 2013-01-05 15:12 - 00000000 ____D () C:\Users\seb
2015-02-02 12:28 - 2013-04-26 12:38 - 00000000 ____D () C:\Users\seb\AppData\Roaming\TrueCrypt
2015-02-01 23:03 - 2014-08-04 09:38 - 00000000 ____D () C:\Users\seb\AppData\Local\Adobe
2015-02-01 22:56 - 2015-01-14 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-02-01 19:02 - 2013-01-10 13:36 - 00000000 ____D () C:\Users\seb\AppData\Roaming\DVDVideoSoft
2015-02-01 18:39 - 2013-01-10 12:10 - 00000000 ____D () C:\Users\seb\Desktop\Audio
2015-01-28 13:50 - 2013-09-27 09:18 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-28 13:31 - 2014-05-14 21:34 - 00000000 ____D () C:\ProgramData\Skype
2015-01-27 17:08 - 2013-01-10 16:46 - 00001186 _____ () C:\Windows\PVAStrumento.ini
2015-01-21 10:13 - 2013-10-27 20:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 10:13 - 2013-09-01 12:43 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 10:12 - 2014-10-12 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 10:11 - 2014-10-12 08:56 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-15 17:57 - 2013-01-11 10:41 - 00000035 _____ () C:\Windows\vbaddin.ini

==================== Files in the root of some directories =======

2013-06-08 06:10 - 2014-12-16 19:25 - 0000030 _____ () C:\Program Files (x86)\Exiferupdate.ini
2013-11-16 08:03 - 2013-11-16 08:04 - 50063360 _____ () C:\Program Files (x86)\GUT3F71.tmp
2013-01-11 15:59 - 2015-02-03 18:55 - 0051200 _____ () C:\Users\seb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-11 10:31 - 2013-12-25 22:42 - 0007605 _____ () C:\Users\seb\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 02:08

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Nun muß noch frst-fix durchgeführt werden. Dazu schreib mir bitte noch was bei notepad eingefügt werden muß. Danke für die zusätzliche Mühe.
Gruss

schrauber · 14.02.2015, 17:05

Den Fix haste doch schon gemacht

Adobe updaten.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

seb-soft · 14.02.2015, 21:50

Ja, Fix habe ich gemacht... danach hat sich mein Rechner verabschiedet und ich mußte neu booten. - Deswegen habe ich doch einen neuen Eset-Scan gemacht. Und dann kamen doch 18 Bedrohungen raus, die in die Quaratäne verschoben wurden. Vorher war doch alles ok. Beste ist, ich fahre die ganze Prozedur nochmals durch. Wenn es dir aber zu aufwändig ist, versuche ich das selbst. Danke erstmal für deine Hilfe, ich werde mich trotzdem per PayPal erkenntlich zeigen.

Gruss.

schrauber · 15.02.2015, 15:27

Was für 18 Funde? Die waren mit Sicherheit alle schon in Quarantäne.

Du brauchst die ganze Prozedur nit nochma machen. Poste einfach mal ein frisches FRST log, ich schau nochmal drüber.

seb-soft · 15.02.2015, 19:53

Alles klar, Danke.

FRST-Log

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by seb (administrator) on SEB-PC on 15-02-2015 19:44:47
Running from C:\Unzipped
Loaded Profiles: seb (Available profiles: seb)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(BSP Software Design Solutions) C:\Games\Future Pinball\Future Pinball.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [136544 2009-11-10] (Seagate)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [1352480 2009-11-10] (Seagate)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe [906912 2009-11-10] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2489456 2010-12-17] (VIA)
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\bfj3vrht.default-1421832937164
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\bfj3vrht.default-1421832937164\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-14]
FF Extension: Adblock Plus - C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\bfj3vrht.default-1421832937164\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-15]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5 [2015-01-31]
FF HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\seb\AppData\Roaming\IDM\idmmzcc5
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14]
CHR Extension: (Google Drive) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-14]
CHR Extension: (YouTube) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-14]
CHR Extension: (Google Search) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-14]
CHR Extension: (Gmail) - C:\Users\seb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-14]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Aspi32; C:\Windows\SysWow64\Drivers\Aspi32.sys [23936 1997-12-23] (Adaptec)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-09] ()
S3 cpuz130; No ImagePath
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S4 NVHDA; No ImagePath
R3 SAllBDA; C:\Windows\System32\Drivers\TeViiS2.sys [149128 2011-05-23] (TeVii Technology Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-12-16] ()
S3 Synth3dVsc; No ImagePath
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 19:44 - 2015-02-15 19:44 - 00000000 ____D () C:\FRST
2015-02-15 12:38 - 2015-02-15 12:42 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-15 12:38 - 2015-02-15 12:42 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-02-15 12:38 - 2015-02-15 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-02-15 12:38 - 2015-02-15 12:38 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-15 12:30 - 2015-02-15 12:30 - 00000000 ____D () C:\Users\seb\AppData\Roaming\WinPatrol
2015-02-15 12:30 - 2015-02-15 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-02-15 12:30 - 2015-02-15 12:30 - 00000000 ____D () C:\ProgramData\InstallMate
2015-02-15 12:30 - 2015-02-15 12:30 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2015-02-15 12:25 - 2015-02-15 12:26 - 00000651 _____ () C:\DelFix.txt
2015-02-15 12:25 - 2015-02-15 12:25 - 00000000 ____D () C:\Windows\ERUNT
2015-02-13 20:55 - 2015-02-13 20:55 - 00002289 _____ () C:\Users\seb\Documents\fixlist.txt
2015-02-11 18:37 - 2015-02-15 12:23 - 00000000 ____D () C:\Windows\erdnt
2015-02-11 13:56 - 2015-02-11 13:56 - 00003252 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-3122927800-2970940714-3403948491-1000
2015-02-11 13:24 - 2015-02-11 18:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-11 13:09 - 2015-02-12 12:06 - 00000258 _____ () C:\Users\seb\Desktop\mystartsearch entfernen - Trojaner-Board.URL
2015-02-08 14:17 - 2015-02-08 14:17 - 00003140 _____ () C:\Windows\System32\Tasks\{0C43FBC4-3303-4061-B61C-5080CAAC890B}
2015-02-06 20:13 - 2015-02-06 20:14 - 08842240 _____ () C:\Users\seb\Downloads\AngryRobot(1).fpt
2015-02-06 20:13 - 2015-02-06 20:13 - 08842240 _____ () C:\Users\seb\Downloads\AngryRobot.fpt
2015-02-06 18:59 - 2015-02-06 18:59 - 00000000 ____D () C:\Program Files (x86)\Future Pinball
2015-02-06 14:15 - 2015-02-14 10:13 - 00000560 _____ () C:\Windows\setupact.log
2015-02-06 14:15 - 2015-02-06 14:15 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 13:06 - 2014-11-29 01:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-02-04 21:37 - 2015-02-11 22:25 - 00000600 _____ () C:\Windows\Tasks\Atlantis_ab_2015_02_11.job
2015-02-04 21:37 - 2015-02-11 19:58 - 00000454 _____ () C:\Windows\Tasks\Atlantis_ab_2015_02_11_PreStarter.job
2015-02-04 21:37 - 2015-02-04 21:39 - 00003468 _____ () C:\Windows\System32\Tasks\Atlantis_ab_2015_02_11
2015-02-04 21:37 - 2015-02-04 21:37 - 00003324 _____ () C:\Windows\System32\Tasks\Atlantis_ab_2015_02_11_PreStarter
2015-02-01 23:02 - 2015-02-15 19:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 23:02 - 2015-02-05 13:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-01 12:36 - 2015-02-02 12:49 - 00000542 _____ () C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22.job
2015-02-01 12:36 - 2015-02-02 12:49 - 00000396 _____ () C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter.job
2015-02-01 12:36 - 2015-02-01 12:36 - 00003406 _____ () C:\Windows\System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22
2015-02-01 12:36 - 2015-02-01 12:36 - 00003260 _____ () C:\Windows\System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter
2015-02-01 12:35 - 2015-02-02 12:49 - 00000506 _____ () C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000502 _____ () C:\Windows\Tasks\Dornroeschen_ab_2015_02_22.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000360 _____ () C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter.job
2015-02-01 12:35 - 2015-02-02 12:49 - 00000356 _____ () C:\Windows\Tasks\Dornroeschen_ab_2015_02_22_PreStarter.job
2015-02-01 12:35 - 2015-02-01 12:35 - 00003038 _____ () C:\Windows\System32\Tasks\Die_Gaensemagd_ab_2015_02_26
2015-02-01 12:35 - 2015-02-01 12:35 - 00003034 _____ () C:\Windows\System32\Tasks\Dornroeschen_ab_2015_02_22
2015-02-01 12:35 - 2015-02-01 12:35 - 00002892 _____ () C:\Windows\System32\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter
2015-02-01 12:35 - 2015-02-01 12:35 - 00002888 _____ () C:\Windows\System32\Tasks\Dornroeschen_ab_2015_02_22_PreStarter
2015-01-30 14:40 - 2015-01-30 14:41 - 00000000 ____D () C:\Users\seb\AppData\Local\Songr
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\YoutubeToMp3Converter
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-01-28 13:19 - 2015-01-28 13:19 - 00000000 ____D () C:\Users\seb\AppData\Roaming\Mp3jam
2015-01-27 19:22 - 2015-01-27 19:22 - 00000000 ____D () C:\Users\seb\AppData\Roaming\FreeVideoEditor
2015-01-27 19:16 - 2015-02-01 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-27 19:16 - 2015-02-01 19:02 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-27 19:12 - 2015-01-27 19:12 - 03526608 _____ (DVDVideoSoft Ltd. ) C:\Users\seb\Downloads\FreeVideo1410Editor.exe
2015-01-27 18:28 - 2015-01-27 19:02 - 00000000 ____D () C:\Users\seb\AppData\Roaming\avidemux
2015-01-26 23:11 - 2015-02-05 14:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 19:44 - 2013-12-27 09:21 - 00000000 ____D () C:\Unzipped
2015-02-15 19:27 - 2013-01-23 23:31 - 00000000 ____D () C:\Users\seb\AppData\Roaming\vlc
2015-02-15 19:25 - 2013-03-09 09:50 - 00000000 ____D () C:\Users\seb\AppData\Roaming\WinTVCap_GUI
2015-02-15 16:17 - 2013-01-09 16:21 - 00000000 ____D () C:\Users\seb\Desktop\Sicherheit
2015-02-15 15:06 - 2013-01-06 22:14 - 00000000 ____D () C:\Program Files (x86)\ThumbsPlus 7x deutsch
2015-02-15 12:24 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\AppData\Roaming\DMCache
2015-02-15 11:38 - 2013-01-05 15:14 - 01631377 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 11:04 - 2013-01-05 16:22 - 00697072 _____ () C:\Windows\system32\perfh007.dat
2015-02-15 11:04 - 2013-01-05 16:22 - 00149040 _____ () C:\Windows\system32\perfc007.dat
2015-02-15 11:04 - 2009-07-14 06:13 - 01619880 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 11:02 - 2013-02-12 14:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-14 10:48 - 2014-06-28 06:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 10:18 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-14 10:18 - 2009-07-14 05:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-14 10:13 - 2013-06-18 09:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-14 10:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 21:04 - 2013-01-05 17:57 - 00779920 _____ () C:\Windows\PFRO.log
2015-02-13 21:01 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\Downloads\Compressed
2015-02-12 21:45 - 2013-01-06 16:37 - 00000000 ____D () C:\Users\seb\AppData\Roaming\TV-Browser
2015-02-12 13:03 - 2013-01-12 21:32 - 00000000 ____D () C:\Users\seb\Desktop\Spiele
2015-02-11 19:27 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-11 19:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-11 13:45 - 2013-01-07 22:24 - 00000000 ____D () C:\Users\seb\AppData\Roaming\CheckPoint
2015-02-11 13:45 - 2013-01-05 15:50 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-11 13:45 - 2013-01-05 15:50 - 00001057 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-11 13:45 - 2013-01-05 15:13 - 00001170 _____ () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-11 13:45 - 2013-01-05 15:13 - 00000943 _____ () C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-11 13:01 - 2014-12-18 13:57 - 00000310 _____ () C:\Users\seb\Desktop\Photo.URL
2015-02-08 14:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2015-02-08 14:06 - 2014-12-09 10:45 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-08 13:05 - 2013-01-23 01:21 - 00118384 _____ () C:\Users\seb\AppData\Roaming\GDIPFONTCACHEV1.DAT
2015-02-08 12:50 - 2013-01-24 14:04 - 00000255 _____ () C:\Users\seb\Desktop\[PinSimDB.org] Pinball Future Pinball.URL
2015-02-07 15:20 - 2014-12-09 10:45 - 00000000 ____D () C:\Users\seb\AppData\Roaming\IDM
2015-02-05 13:29 - 2013-01-10 13:19 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 13:29 - 2013-01-10 13:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 12:04 - 2013-02-12 14:27 - 00000000 ____D () C:\Users\seb\AppData\Roaming\dvdcss
2015-02-05 11:01 - 2013-01-23 00:15 - 00000000 ____D () C:\Windows\Minidump
2015-02-03 22:23 - 2013-01-11 20:07 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2015-02-03 18:58 - 2013-12-24 01:47 - 00000000 ____D () C:\temp
2015-02-03 18:55 - 2013-01-11 15:59 - 00051200 _____ () C:\Users\seb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-03 18:19 - 2013-01-11 20:07 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-02-03 11:16 - 2013-01-11 15:26 - 00000000 ____D () C:\Users\seb\AppData\Local\Pinnacle
2015-02-03 11:09 - 2013-01-11 15:21 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2015-02-02 16:47 - 2013-01-09 16:21 - 00000000 ____D () C:\Users\seb\Desktop\DVD_Video
2015-02-02 12:49 - 2013-01-05 15:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 12:49 - 2013-01-05 15:12 - 00000000 ____D () C:\Users\seb
2015-02-02 12:28 - 2013-04-26 12:38 - 00000000 ____D () C:\Users\seb\AppData\Roaming\TrueCrypt
2015-02-01 23:03 - 2014-08-04 09:38 - 00000000 ____D () C:\Users\seb\AppData\Local\Adobe
2015-02-01 22:56 - 2015-01-14 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-02-01 19:02 - 2013-01-10 13:36 - 00000000 ____D () C:\Users\seb\AppData\Roaming\DVDVideoSoft
2015-02-01 18:39 - 2013-01-10 12:10 - 00000000 ____D () C:\Users\seb\Desktop\Audio
2015-01-28 13:50 - 2013-09-27 09:18 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-28 13:31 - 2014-05-14 21:34 - 00000000 ____D () C:\ProgramData\Skype
2015-01-27 17:08 - 2013-01-10 16:46 - 00001186 _____ () C:\Windows\PVAStrumento.ini
2015-01-21 10:13 - 2013-10-27 20:29 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 10:13 - 2013-09-01 12:43 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 10:12 - 2014-10-12 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 10:11 - 2014-10-12 08:56 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-21 10:11 - 2014-10-12 08:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== Files in the root of some directories =======

2013-06-08 06:10 - 2014-12-16 19:25 - 0000030 _____ () C:\Program Files (x86)\Exiferupdate.ini
2013-11-16 08:03 - 2013-11-16 08:04 - 50063360 _____ () C:\Program Files (x86)\GUT3F71.tmp
2013-01-11 15:59 - 2015-02-03 18:55 - 0051200 _____ () C:\Users\seb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-11 10:31 - 2013-12-25 22:42 - 0007605 _____ () C:\Users\seb\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 02:08

==================== End Of Log ============================

--- --- ---

--- --- ---

Und die Addi.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by seb at 2015-02-15 19:46:01
Running from C:\Unzipped
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2.1.0 (HKLM-x32\...\{4F80F043-B003-4820-B8E3-CB7E6CF5BB03}_is1) (Version: 2.1.0 - Christian Koban)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Audials (HKLM-x32\...\{7FAA26D8-3727-41CD-A9DE-9480E4EA9130}) (Version: 8.0.55300.0 - RapidSolution Software AG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Canon iP4300 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300) (Version:  - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
DivX Codec 3.1alpha release (HKLM-x32\...\DIVXCodec) (Version:  - )
Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version:  - )
Exifer (HKLM-x32\...\Exifer_is1) (Version:  - Friedemann Schmidt)
FlashGet(JetCar) (HKLM-x32\...\FlashGet(JetCar)) (Version:  - )
Free Driver Scout (HKLM-x32\...\{50a7e828-15d3-40e6-a37d-22d5c5357878}) (Version: 1.0.0.0 - Covus Freemium)
Free Driver Scout (Version: 1.0.0.0 - Covus Freemium) Hidden
Free Studio version 5.3.1 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Ltd.)
Free Video Editor version 1.4.10.113 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.10.113 - DVDVideoSoft Ltd.)
Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.0 - Ellora Assets Corporation)
Future Pinball (HKLM-x32\...\Future Pinball_is1) (Version: Version 1.9.1.20101231 - Chris Leathley)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Google Earth (HKLM-x32\...\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}) (Version: 7.0.2.8415 - Google)
InstallShield für Microsoft Visual C++ 6 (HKLM-x32\...\InstallShield für Microsoft Visual C++ 6) (Version:  - )
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Professional Edition (Deutsch) (HKLM-x32\...\Visual Studio 6.0 Professional Edition (deu)) (Version:  - )
Microsoft VM for Java (HKLM-x32\...\MsJavaVM) (Version:  - )
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version:  - )
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mp3tag v2.53 (HKLM-x32\...\Mp3tag) (Version: v2.53 - Florian Heidenreich)
MSDN Library - Visual Studio 6.0a (Deutsch) (HKLM-x32\...\Microsoft Developer Network - Visual Studio 6.0a (deu)) (Version:  - )
NVIDIA 3D Vision Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PixiePack Codec Pack (HKLM-x32\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version:  - NCH Software)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Seagate*DiscWizard (HKLM-x32\...\{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}) (Version: 11.0.8330 - Seagate)
ShrinkTo5Basic (HKLM-x32\...\ShrinkTo5Basic) (Version:  - )
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
ThumbsPlus 7x (deutsch) (HKLM-x32\...\ThumbsPlus7x) (Version:  - Atlantic Software Exchange, Inc.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TV-Browser 3.4.0.95-Beta (HKLM-x32\...\tvbrowser) (Version: 3.4.0.95-Beta - TV-Browser Team)
VBEx32 2.1.01 (HKLM-x32\...\VBEx32_is1) (Version:  - vb@rchiv- Das große Visual Basic Archiv)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinFF 1.2 (HKLM-x32\...\WinFF_is1) (Version:  - WinFF.org)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Xilisoft Download YouTube Video (HKLM-x32\...\Xilisoft Download YouTube Video) (Version: 5.6.1.20140425 - Xilisoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3122927800-2970940714-3403948491-1000_Classes\CLSID\{C539A15A-3AF9-4c92-B771-50CB78F5C751}\InprocServer32 -> C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll (Seagate)
CustomCLSID: HKU\S-1-5-21-3122927800-2970940714-3403948491-1000_Classes\CLSID\{C539A15B-3AF9-4c92-B771-50CB78F5C751}\InprocServer32 -> C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll (Seagate)

==================== Restore Points  =========================

15-02-2015 12:25:35 End of disinfection

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-11 19:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {023219F5-3A5C-4B45-AAF0-D5EF9470856D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {1660F2BB-E740-44E5-9EF4-0D59CA15A67C} - System32\Tasks\Atlantis_ab_2015_02_11 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {1B436BF4-305A-4878-9324-F082369176D2} - System32\Tasks\{2EDA19E1-EDAD-4650-84E0-3651A132AC5A} => pcalua.exe -a D:\PinnacleOriginal\HollywoodFX\InstallHFZ.exe -d D:\PinnacleOriginal\HollywoodFX
Task: {237D9CBC-2E03-4ABB-8C6F-F68780B81AA4} - System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {2F2AF128-54C0-4693-AEE9-6CA0A4496C1C} - System32\Tasks\avastBCLRestartS-1-5-21-3122927800-2970940714-3403948491-1000 => Firefox.exe 
Task: {300CEF0F-1633-4985-AE9C-C3C767B94FD3} - System32\Tasks\Dornroeschen_ab_2015_02_22_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {36402A14-4ADC-43E8-8AF8-A615E0D45E9B} - System32\Tasks\Dornroeschen_ab_2015_02_22 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {464C9C21-05A0-44E0-BDEB-0C5CD32394D5} - System32\Tasks\{E71FA50C-2A66-4E55-9475-1C1125FB8954} => pcalua.exe -a "C:\Program Files (x86)\Claro LTD\claro\1.8.8.5\GUninstaller.exe" -c -uprtc -key "claro"
Task: {4FE82C76-9324-42E4-98B6-CA306E2CE310} - System32\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {54802746-DB94-406D-AC07-62E18F27CDF5} - System32\Tasks\Atlantis_ab_2015_02_11_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {848810E3-F22E-4685-9444-5D578DD83485} - System32\Tasks\{204CB24E-4252-482E-93D2-30A0450F2046} => pcalua.exe -a "C:\Program Files (x86)\Moyea\FLV Downloader\install_flash_player_active_x.exe" -d "C:\Program Files (x86)\Moyea\FLV Downloader"
Task: {993D594B-A5D1-4499-945B-C8BA8A0F8D7B} - System32\Tasks\{44CADEB5-0CE4-4EB2-857B-47A0392A788C} => H:\Neu-Install-7\WinTVCAPGUI\WinTVCap_GUI_3.6.3.exe [2013-01-06] ()
Task: {A0182966-A5E4-4641-9B06-1EBB03F32238} - System32\Tasks\{F5BA5D89-AFF8-405D-B9AD-6E9D0B0D0129} => C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download New\FreeYTVDownloader.exe
Task: {AD222EA9-87F5-48A8-A877-FB8CB4465381} - System32\Tasks\{0C43FBC4-3303-4061-B61C-5080CAAC890B} => pcalua.exe -a C:\Users\seb\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=mp3
Task: {AD2F4590-4486-42B7-8795-7163CAAC10E7} - System32\Tasks\Die_Gaensemagd_ab_2015_02_26 => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {D40F0396-9F08-4539-A1EE-C65D30AAD0A8} - System32\Tasks\{454066F8-297E-452E-A014-89F2FB2F0114} => pcalua.exe -a H:\Neu-Install-7\TV-Browser\WinTVCap_GUI_3.6.3.exe -d H:\Neu-Install-7\TV-Browser
Task: {F4D9959C-DBEC-4EC6-84BE-0887A8CD2F3C} - System32\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe [2015-01-21] (Oracle Corporation)
Task: {F6D6D01A-CA6D-40DA-B862-C5ACEF85982E} - System32\Tasks\{A7105E6B-946B-493F-9209-4BAEA01ED4E3} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {FEE90840-1E00-447B-8AB5-A187A47BFBA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-09] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Atlantis_ab_2015_02_11.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Atlantis_ab_2015_02_11_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Die_Gaensemagd_ab_2015_02_26_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Dittsche_Das_wirklich_wahre_Leben_ab_2015_02_22_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Dornroeschen_ab_2015_02_22.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
Task: C:\Windows\Tasks\Dornroeschen_ab_2015_02_22_PreStarter.job => C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-18 09:04 - 2012-10-02 20:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-05 15:19 - 2010-12-17 13:25 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-01-05 15:19 - 2010-12-17 13:25 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-01-05 15:19 - 2010-12-17 13:25 - 00105584 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2013-01-05 15:19 - 2010-12-17 13:25 - 64643696 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2012-11-16 14:09 - 2012-11-16 14:09 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-02-15 11:02 - 2015-02-15 11:02 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021500\algo.dll
2009-11-10 17:39 - 2009-11-10 17:39 - 01332576 _____ () C:\Program Files (x86)\Seagate\DiscWizard\fox.dll
2014-12-09 18:09 - 2014-12-09 18:09 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-26 23:11 - 2015-01-26 23:11 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-01-12 22:27 - 2007-12-09 15:22 - 00446464 _____ () C:\Games\Future Pinball\Newton.dll
2015-02-05 13:29 - 2015-02-05 13:29 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3122927800-2970940714-3403948491-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Exetender_148 => "C:\Program Files (x86)\FreeRide Games\GPlayer.exe" /runonstartup
MSCONFIG\startupreg: FreeYTVDownloader => C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
MSCONFIG\startupreg: TeViiRC => C:\Windows\TeViiRC.exe

==================== Accounts: =============================

Administrator (S-1-5-21-3122927800-2970940714-3403948491-500 - Administrator - Disabled)
Guest (S-1-5-21-3122927800-2970940714-3403948491-501 - Limited - Disabled)
seb (S-1-5-21-3122927800-2970940714-3403948491-1000 - Administrator - Enabled) => C:\Users\seb

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2015 06:25:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Newton.dll, Version: 0.0.0.0, Zeitstempel: 0x44746fc1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000034b8
ID des fehlerhaften Prozesses: 0xb00
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/15/2015 06:07:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e2e2
ID des fehlerhaften Prozesses: 0xe8c
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/15/2015 06:06:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e2e2
ID des fehlerhaften Prozesses: 0xbc0
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/15/2015 06:05:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e2e2
ID des fehlerhaften Prozesses: 0xd48
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/15/2015 06:04:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e2e2
ID des fehlerhaften Prozesses: 0xa54
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/15/2015 04:29:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012a06b
ID des fehlerhaften Prozesses: 0x1ac
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/15/2015 04:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012a06b
ID des fehlerhaften Prozesses: 0x13d4
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/15/2015 04:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012a06b
ID des fehlerhaften Prozesses: 0x2e0
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/15/2015 04:20:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Name des fehlerhaften Moduls: Future Pinball.exe, Version: 1.9.2008.1225, Zeitstempel: 0x4d1d68d3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012a06b
ID des fehlerhaften Prozesses: 0x1324
Startzeit der fehlerhaften Anwendung: 0xFuture Pinball.exe0
Pfad der fehlerhaften Anwendung: Future Pinball.exe1
Pfad des fehlerhaften Moduls: Future Pinball.exe2
Berichtskennung: Future Pinball.exe3

Error: (02/15/2015 04:19:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Future Pinball.exe, Version 1.9.2008.1225 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6e8

Startzeit: 01d049329176e990

Endzeit: 248

Anwendungspfad: C:\Games\Future Pinball\Future Pinball.exe

Berichts-ID: fc2d5db5-b525-11e4-b0a8-c860006d115b


System errors:
=============
Error: (02/14/2015 01:25:32 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR11.

Error: (02/14/2015 01:21:18 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR10.

Error: (02/14/2015 01:20:13 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR10.

Error: (02/14/2015 01:20:04 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR10.

Error: (02/14/2015 01:19:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst avast! Antivirus erreicht.

Error: (02/14/2015 01:19:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR7 gefunden.

Error: (02/14/2015 10:13:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (02/14/2015 10:13:47 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Aspi32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/14/2015 02:09:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (02/14/2015 02:09:38 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Aspi32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (02/15/2015 06:25:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Newton.dll0.0.0.044746fc1c0000005000034b8b0001d04944475ffe29C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Newton.dll94ddbf6d-b537-11e4-b0a8-c860006d115b

Error: (02/15/2015 06:07:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Future Pinball.exe1.9.2008.12254d1d68d3c00000050002e2e2e8c01d04941d340b20eC:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Future Pinball.exe1a944bd6-b535-11e4-b0a8-c860006d115b

Error: (02/15/2015 06:06:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Future Pinball.exe1.9.2008.12254d1d68d3c00000050002e2e2bc001d04941ac58dde8C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Future Pinball.exef3831d25-b534-11e4-b0a8-c860006d115b

Error: (02/15/2015 06:05:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Future Pinball.exe1.9.2008.12254d1d68d3c00000050002e2e2d4801d0494188ca8ab1C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Future Pinball.exed0f1bb11-b534-11e4-b0a8-c860006d115b

Error: (02/15/2015 06:04:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Future Pinball.exe1.9.2008.12254d1d68d3c00000050002e2e2a5401d0494176151937C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Future Pinball.exebef50551-b534-11e4-b0a8-c860006d115b

Error: (02/15/2015 04:29:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Future Pinball.exe1.9.2008.12254d1d68d3c00000050012a06b1ac01d049342b8a3c77C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Future Pinball.exe7d6feef7-b527-11e4-b0a8-c860006d115b

Error: (02/15/2015 04:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Future Pinball.exe1.9.2008.12254d1d68d3c00000050012a06b13d401d0493404c16608C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Future Pinball.exe566ee07e-b527-11e4-b0a8-c860006d115b

Error: (02/15/2015 04:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Future Pinball.exe1.9.2008.12254d1d68d3c00000050012a06b2e001d04933ebd2eb52C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Future Pinball.exe3f0205fb-b527-11e4-b0a8-c860006d115b

Error: (02/15/2015 04:20:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Future Pinball.exe1.9.2008.12254d1d68d3Future Pinball.exe1.9.2008.12254d1d68d3c00000050012a06b132401d04932c10728b4C:\Games\Future Pinball\Future Pinball.exeC:\Games\Future Pinball\Future Pinball.exe3110e4de-b526-11e4-b0a8-c860006d115b

Error: (02/15/2015 04:19:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Future Pinball.exe1.9.2008.12256e801d049329176e990248C:\Games\Future Pinball\Future Pinball.exefc2d5db5-b525-11e4-b0a8-c860006d115b


CodeIntegrity Errors:
===================================
  Date: 2015-02-11 19:17:13.202
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-11 19:17:13.077
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-10 16:11:25.067
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CyberLink\PowerDVD\clpciid.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-01-10 16:11:25.004
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\CyberLink\PowerDVD\clpciid.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) D CPU 3.40GHz
Percentage of memory in use: 52%
Total physical RAM: 4095.05 MB
Available physical RAM: 1948.42 MB
Total Pagefile: 16377.23 MB
Available Pagefile: 13726.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:234.45 GB) (Free:106.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Daten) (Fixed) (Total:97.65 GB) (Free:91.15 GB) NTFS
Drive f: (DRIVE_F) (Fixed) (Total:833.85 GB) (Free:226.66 GB) NTFS
Drive h: (C_Boot_Daten_1) (Fixed) (Total:718.47 GB) (Free:415.63 GB) NTFS
Drive i: (C_Boot_Daten_3) (Fixed) (Total:244.14 GB) (Free:199.79 GB) NTFS
Drive j: (C_Boot_Daten_2) (Fixed) (Total:200.2 GB) (Free:172 GB) NTFS
Drive k: (Elements) (Fixed) (Total:1862.98 GB) (Free:593.55 GB) NTFS
Drive p: (Extern_01) (Fixed) (Total:683.59 GB) (Free:197.72 GB) NTFS
Drive s: (Extern_02) (Fixed) (Total:390.63 GB) (Free:372.26 GB) NTFS
Drive t: (Extern_03) (Fixed) (Total:323.05 GB) (Free:235.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 5F0FC9BA)
Partition 1: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=234.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=244.1 GB) - (Type=05)
Partition 4: (Not Active) - (Size=718.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B2025BBE)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: C392B35B)
Partition 1: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=323 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 3497912C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Mystartsearch entfernen

Plagegeister aller Art und deren Bekämpfung: Mystartsearch entfernen