Firefox IE verhalten sich auffällig

p153

Hallo Schrauber, dann geht es los...

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by fuesschen (administrator) on FUESSCHEN-PC on 01-06-2015 07:59:14
Running from C:\Users\fuesschen\Desktop
Loaded Profiles: fuesschen & Internet (Available Profiles: fuesschen & Internet)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) D:\programme\ati\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() D:\hanka\software 1&1\HSPA USB MODEM\BackgroundService\ServiceManager.exe
() C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() D:\hanka\software 1&1\HSPA USB MODEM\BackgroundService\ModemListener.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(CyberLink) D:\programme\system\kamera\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Advanced Micro Devices Inc.) D:\programme\ati\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) D:\programme\ati\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() D:\hanka\software 1&1\HSPA USB MODEM\BackgroundService\ModemListener.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) D:\programme\ati\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) D:\programme\ati\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) D:\programme\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2821416 2011-08-20] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => D:\programme\ati\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => D:\programme\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2004360 2015-04-23] (APN)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Komsa_Germany Silverstone ModemListener] => D:\hanka\software 1&1\HSPA USB MODEM\BackgroundService\ModemListener.exe [158032 2013-10-14] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2048408916-4185743852-3487642171-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2048408916-4185743852-3487642171-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\fuesschen\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-2048408916-4185743852-3487642171-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2048408916-4185743852-3487642171-1000\...\Run: [BrowserChoice] => C:\Windows\System32\browserchoice.exe [294912 2010-02-23] (Microsoft Corporation)
HKU\S-1-5-21-2048408916-4185743852-3487642171-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2048408916-4185743852-3487642171-1001\...\MountPoints2: {a1fc451c-bffd-11e4-a2c5-9c8e99457e4c} - F:\AutoRun.exe
HKU\S-1-5-21-2048408916-4185743852-3487642171-1001\...\MountPoints2: {a1fc4534-bffd-11e4-a2c5-9c8e99457e4c} - F:\AutoRun.exe
HKU\S-1-5-21-2048408916-4185743852-3487642171-1001\...\MountPoints2: {a1fc459b-bffd-11e4-a2c5-9c8e99457e4c} - G:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-11-14]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = webssearches
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = webssearches
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1422288906&from=cvs2&uid=HitachiXHTS543232A7A384_E2434243K286DKK286DKX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1422288906&from=cvs2&uid=HitachiXHTS543232A7A384_E2434243K286DKK286DKX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422288906&from=cvs2&uid=HitachiXHTS543232A7A384_E2434243K286DKK286DKX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422288906&from=cvs2&uid=HitachiXHTS543232A7A384_E2434243K286DKK286DKX&q={searchTerms}
HKU\S-1-5-21-2048408916-4185743852-3487642171-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Suche
HKU\S-1-5-21-2048408916-4185743852-3487642171-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-2048408916-4185743852-3487642171-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKU\S-1-5-21-2048408916-4185743852-3487642171-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
URLSearchHook: HKLM-x32 - FreemiumA Toolbar - {afa59d4f-18ec-4866-949b-f406270e15cb} - C:\Program Files (x86)\FreemiumA\prxtbFree.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2048408916-4185743852-3487642171-1000 - FreemiumA Toolbar - {afa59d4f-18ec-4866-949b-f406270e15cb} - C:\Program Files (x86)\FreemiumA\prxtbFree.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2048408916-4185743852-3487642171-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=HitachiXHTS543232A7A384_E2434243K286DKK286DKX&ts=1422289103&type=de fault&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2048408916-4185743852-3487642171-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=HitachiXHTS543232A7A384_E2434243K286DKK286DKX&ts=1422289103&type=de fault&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2048408916-4185743852-3487642171-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=HitachiXHTS543232A7A384_E2434243K286DKK286DKX&ts=1422289103&type=de fault&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2048408916-4185743852-3487642171-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=HitachiXHTS543232A7A384_E2434243K286DKK286DKX&ts=1422289103&type=de fault&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2048408916-4185743852-3487642171-1000 -> {81AF3094-17BD-4786-8117-129ED30CF81B} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=HitachiXHTS543232A7A384_E2434243K286DKK286DKX&ts=1422289103&type=de fault&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2048408916-4185743852-3487642171-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=HitachiXHTS543232A7A384_E2434243K286DKK286DKX&ts=1422289103&type=de fault&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2048408916-4185743852-3487642171-1000 -> {F79E5646-F793-4B73-AE42-1AC8D799ED58} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs2&utm_campaign=install_ie&utm_content=ds&from=cvs2&uid=HitachiXHTS543232A7A384_E2434243K286DKK286DKX&ts=1422289103&type=de fault&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2048408916-4185743852-3487642171-1001 -> {21371359-8212-4EE4-8120-AB7DEE125886} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=a9e7606c-4f4a-4d83-9902-97cd5e4e4f9d&apn_sauid=4009D49D-F4DF-49BE-A8C1-8A1D38CEB803
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll [2015-04-23] (APN LLC.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: FreemiumA Toolbar -> {afa59d4f-18ec-4866-949b-f406270e15cb} -> C:\Program Files (x86)\FreemiumA\prxtbFree.dll [2013-11-06] (Conduit Ltd.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll [2015-04-23] (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.)
Toolbar: HKLM-x32 - FreemiumA Toolbar - {afa59d4f-18ec-4866-949b-f406270e15cb} - C:\Program Files (x86)\FreemiumA\prxtbFree.dll [2013-11-06] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-2048408916-4185743852-3487642171-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2048408916-4185743852-3487642171-1000 -> No Name - {AFA59D4F-18EC-4866-949B-F406270E15CB} - No File
Toolbar: HKU\S-1-5-21-2048408916-4185743852-3487642171-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2048408916-4185743852-3487642171-1001 -> Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll [2015-04-23] (APN LLC.)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\programme\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe webssearches

FireFox:
========
FF ProfilePath: C:\Users\fuesschen\AppData\Roaming\Mozilla\Firefox\Profiles\nrheng8j.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1422288906&from=cvs2&uid=HitachiXHTS543232A7A384_E2434243K286DKK286DKX
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-21] ()
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> d:\programme\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Extension: Fast Start - C:\Users\fuesschen\AppData\Roaming\Mozilla\Firefox\Profiles\nrheng8j.default\Extensions\faststartff@gmail.com [2015-01-26]
FF Extension: Firefox Certificate Store Hotfix - C:\Users\fuesschen\AppData\Roaming\Mozilla\Firefox\Profiles\nrheng8j.default\Extensions\firefox-hotfix@mozilla.org.xpi [2015-06-01]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\fuesschen\AppData\Roaming\Mozilla\Firefox\Profiles\nrheng8j.default\extensions\faststartff@gmail.com
StartMenuInternet: FIREFOX.EXE - d:\programme\Mozilla Firefox\firefox.exe webssearches

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-28]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-28]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; D:\programme\ati\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-22] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-23] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 Komsa_Germany Silverstone Modem Device Helper; D:\hanka\software 1&1\HSPA USB MODEM\BackgroundService\ServiceManager.exe [58192 2013-06-18] ()
S3 Microsoft Office Groove Audit Service; D:\programme\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZDServ; C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe [427264 2013-11-08] ()
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [X]
S4 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [138752 2013-06-18] (TCT International Mobile Ltd)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 DVBUSB_0064_Sevice; C:\Windows\System32\DRIVERS\usb_0064.sys [170792 2012-09-24] ()
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2013-06-18] (TCT International Mobile Ltd)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-25] (Jungo)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 07:59 - 2015-06-01 08:00 - 00020363 _____ () C:\Users\fuesschen\Desktop\FRST.txt
2015-06-01 07:58 - 2015-06-01 07:59 - 00000000 ____D () C:\FRST
2015-06-01 07:58 - 2015-06-01 07:58 - 00000000 ____D () C:\Users\fuesschen\Desktop\frst
2015-06-01 07:57 - 2015-06-01 07:58 - 02108928 _____ (Farbar) C:\Users\fuesschen\Desktop\FRST64.exe
2015-06-01 00:32 - 2015-06-01 00:41 - 20439656 _____ (Malwarebytes Corporation ) C:\Users\fuesschen\Downloads\mbam-setup-2.1.6.1022(1).exe
2015-06-01 00:19 - 2015-06-01 00:31 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\fuesschen\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-31 23:56 - 2015-05-31 23:56 - 00000000 ____D () C:\Users\fuesschen\AppData\Local\Macromedia

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 07:47 - 2012-09-22 18:32 - 01761835 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 07:45 - 2012-11-24 15:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 05:54 - 2012-10-02 20:11 - 00000000 ____D () C:\Users\fuesschen\AppData\Roaming\Skype
2015-06-01 00:00 - 2014-01-14 13:36 - 00000000 ____D () C:\Users\fuesschen\AppData\Roaming\Avira
2015-05-31 23:55 - 2014-11-17 19:12 - 00000000 ____D () C:\Users\fuesschen\AppData\Local\Adobe
2015-05-31 23:45 - 2009-07-14 19:58 - 04822636 _____ () C:\Windows\system32\perfh007.dat
2015-05-31 23:45 - 2009-07-14 19:58 - 01462684 _____ () C:\Windows\system32\perfc007.dat
2015-05-31 23:45 - 2009-07-14 07:13 - 01517442 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-31 23:39 - 2012-09-23 23:59 - 00000000 ____D () C:\Users\Internet\AppData\Local\Adobe
2015-05-31 23:38 - 2015-04-08 20:12 - 00000896 _____ () C:\Windows\setupact.log
2015-05-31 23:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 10:43 - 2013-09-01 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-22 10:40 - 2013-09-01 00:53 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-22 10:40 - 2013-09-01 00:53 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-12 11:51 - 2015-04-08 20:12 - 00195256 _____ () C:\Windows\PFRO.log

Some files in TEMP:
====================
C:\Users\fuesschen\AppData\Local\Temp\avgnt.exe
C:\Users\fuesschen\AppData\Local\Temp\Runner.exe
C:\Users\Internet\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-26 20:24

==================== End of log ============================

Addition Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by fuesschen at 2015-06-01 08:01:15
Running from C:\Users\fuesschen\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2048408916-4185743852-3487642171-500 - Administrator - Disabled)
fuesschen (S-1-5-21-2048408916-4185743852-3487642171-1000 - Administrator - Enabled) => C:\Users\fuesschen
Gast (S-1-5-21-2048408916-4185743852-3487642171-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2048408916-4185743852-3487642171-1007 - Limited - Enabled)
Internet (S-1-5-21-2048408916-4185743852-3487642171-1001 - Limited - Enabled) => C:\Users\Internet

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Surf-Stick (HKLM-x32\...\{7438DA7D-782C-450F-BCDC-5FC54E6831B8}) (Version: 1.0.0.2 - ZTE Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2048408916-4185743852-3487642171-1001\...\Amazon Kindle) (Version: - Amazon)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{B3C4ADC9-637E-DDD9-A66C-782AE5E2E667}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C1C01}) (Version: 12.28.1.1270 - APN, LLC)
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-2048408916-4185743852-3487642171-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION
Biet-O-Matic v2.14.8 (HKLM-x32\...\Biet-O-Matic v2.14.8) (Version: 2.14.8 - BOM Development Team)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4305 - CyberLink Corp.)
Dolby CP750 Setup Application (64-bit) (HKLM-x32\...\{566CFF9A-77DF-4E65-BB64-1A69769558BF}) (Version: 1.3.2.1 - Dolby Laboratories Inc)
DVBViewer TERRATEC Edition (HKLM-x32\...\DVBViewer TERRATEC Edition_is1) (Version: - CM&V)
EyeTV Hybrid v5.09.0813.01 (HKLM-x32\...\EyeTV Hybrid v5.09.0813.01) (Version: 5.09.0813.01 - Elgato Systems)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HSPA USB MODEM (HKLM-x32\...\Komsa_Germany Silverstone HSPA USB MODEM_is1) (Version: - Komsa_Germany)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Maniac Mansion Deluxe (HKLM-x32\...\Maniac Mansion Deluxe) (Version: - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 15.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 15.0.1 (x86 de)) (Version: 15.0.1 - Mozilla)
Mozilla Firefox 37.0.2 (x86 de) (HKU\S-1-5-21-2048408916-4185743852-3487642171-1001\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 15.0.1 - Mozilla)
Mozilla Thunderbird 15.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 15.0.1 (x86 de)) (Version: 15.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKU\S-1-5-21-2048408916-4185743852-3487642171-1001\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.0 - Frank Heindörfer, Philip Chinery)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
roomeon 3D-Planer (HKLM-x32\...\{40BF3500-3324-4648-ADED-234FF4F82C0F}) (Version: 1.5.0 - roomeon GmbH)
Servant Salamander 2.0 (HKLM-x32\...\Servant Salamander 2.0) (Version: - )
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.21.0 - Synaptics Incorporated)
TERRATEC Cinergy S USB (64 Bit) (HKLM-x32\...\{514A7E83-7B60-465B-A704-EC3C665E7B29}) (Version: 1.04.02.04 - TERRATEC Electronic GmbH)
TSDoctor (HKLM-x32\...\{4D3D61B8-A1E0-456A-9571-60618303880C}) (Version: 1.2.52 - Cypheros)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.64 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2048408916-4185743852-3487642171-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows-Treiberpaket - TerraTec (DVBUSB_0064_Sevice) Media (05/08/2009 1.4.2.4) (HKLM\...\B14668974D8B5E53C48AEE5F2C416910B7037085) (Version: 05/08/2009 1.4.2.4 - TerraTec )
ZDServer (HKLM-x32\...\{C8197F5F-E0DC-44f1-8AF2-1AA5A84F695D}) (Version: 1.0.1.2 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

30-05-2015 10:28:29 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-01-18 00:41 - 00000958 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04E703EE-DA14-43BC-9361-C7960645C810} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {086254FF-383B-4C5A-8517-75FBC3DAA6D4} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\fuesschen\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {3A9DC469-261D-466F-AB45-79DAD64936F4} - System32\Tasks\MirageAgent => D:\programme\system\kamera\YouCam\YCMMirage.exe [2011-07-06] (CyberLink)
Task: {44CC9214-60B0-41BE-B8F4-BEF2A506636F} - System32\Tasks\AdobeAAMUpdater-1.0-fuesschen-PC-Internet => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {52401079-57A0-4171-903B-A7BBE0FA242F} - System32\Tasks\{6F0D3799-C6B0-4193-BC67-72441AB2E245} => Iexplore.exe Downloading
Task: {8C255D66-6239-4AFB-A9B5-A718625F9000} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-21] (Adobe Systems Incorporated)
Task: {8E04A371-EA57-421F-BED4-60E5CCE5C21F} - System32\Tasks\{64471085-9DAF-4D77-9DCC-C3C65BD7E3CE} => pcalua.exe -a D:\install\treiber\motorola_bluetooth_sp52850.exe -d D:\install\treiber
Task: {F4FE1492-4F40-4AA3-B2CF-311AC9539125} - System32\Tasks\AdobeAAMUpdater-1.0-fuesschen-PC-fuesschen => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2011-07-05 11:27 - 2011-07-05 11:27 - 00073728 _____ () D:\programme\ati\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-03-17 15:05 - 2013-06-18 12:28 - 00058192 _____ () D:\hanka\software 1&1\HSPA USB MODEM\BackgroundService\ServiceManager.exe
2015-03-11 12:11 - 2013-11-08 11:50 - 00427264 _____ () C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
2015-03-11 12:11 - 2013-11-08 11:50 - 00426752 _____ () C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe
2015-03-17 15:05 - 2013-10-14 19:40 - 00158032 _____ () D:\hanka\software 1&1\HSPA USB MODEM\BackgroundService\ModemListener.exe
2011-07-05 11:27 - 2011-07-05 11:27 - 00103424 _____ () D:\programme\ati\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-05 11:13 - 2011-07-05 11:13 - 00243712 _____ () D:\programme\ati\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 13:42 - 2011-06-17 13:42 - 00016384 _____ () D:\programme\ati\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2048408916-4185743852-3487642171-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2048408916-4185743852-3487642171-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{17A6CF44-304E-417E-829D-7E3BC161F7F7}] => (Allow) D:\programme\Microsoft Office\Office12\outlook.exe
FirewallRules: [{3AEC758F-60AB-4957-BF8B-724961C10510}] => (Allow) D:\programme\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{10880A9D-D981-46D6-BB89-0C2EDA48759F}] => (Allow) D:\programme\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{1302AF6A-89E8-4A7A-9F9D-F8D4F3A65357}] => (Allow) D:\programme\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{594DC504-DC16-4623-9803-B396119A9A8D}] => (Allow) D:\programme\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{A658155E-CB3D-42ED-9A24-8ADC9FFD8885}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{1BBD2176-A916-43A0-8147-638E3263C166}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{8C8D437C-0526-48C4-B1FA-BB29AEFEEEA6}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{CA5E196F-034C-4C75-AD46-252E4D418A04}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{112ADD27-5983-4171-AFEA-464190699A9C}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{CF2C2BB0-5F20-43CF-8E5A-0E1C7258DDD9}D:\programme\mozilla firefox\firefox.exe] => (Block) D:\programme\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F8DAEBEB-4C6E-4035-9478-165D67D53247}D:\programme\mozilla firefox\firefox.exe] => (Block) D:\programme\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{A1D84311-E18A-4760-A883-8B8B75334A0E}D:\programme\mozilla firefox\firefox.exe] => (Block) D:\programme\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{10DE8DD6-1B5B-4DCE-B724-5742547253E6}D:\programme\mozilla firefox\firefox.exe] => (Block) D:\programme\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2015 11:45:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (05/31/2015 11:45:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/31/2015 11:45:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/30/2015 09:14:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (05/30/2015 09:14:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/30/2015 09:14:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/28/2015 05:15:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (05/28/2015 05:15:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/28/2015 05:15:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/28/2015 03:18:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.


System errors:
=============
Error: (06/01/2015 06:29:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (06/01/2015 05:54:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (05/31/2015 11:41:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/31/2015 11:38:37 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (05/30/2015 09:35:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/28/2015 05:14:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst RasMan erreicht.

Error: (05/28/2015 01:09:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst RasMan erreicht.

Error: (05/27/2015 01:09:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/21/2015 00:02:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/19/2015 01:39:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: AMD E-350 Processor
Percentage of memory in use: 42%
Total physical RAM: 3690.91 MB
Available physical RAM: 2113.43 MB
Total Pagefile: 7379.96 MB
Available Pagefile: 4805.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.73 GB) (Free:23.14 GB) NTFS
Drive d: () (Fixed) (Total:249.16 GB) (Free:149.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E6575E4A)
Partition 1: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=249.2 GB) - (Type=07 NTFS)

==================== End of log ============================

grüße