PC voll von Viren? ADWCleaner zeigt eine sehr lange Log-File!

LederLappen · 01.06.2015, 20:47

Hier die Log-Dateien! Danke schon mal für schnelle Antwort

FRST first und danach Killer!

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Helge (administrator) on HANSA on 01-06-2015 21:11:41
Running from C:\Documents and Settings\Helge\Desktop
Loaded Profiles: Helge (Available Profiles: Helge)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Program Files\Winamp\winampa.exe
(Siano Mobile Silicon) C:\Program Files\Siano Mobile Silicon\SMS\SmsIRProcess.exe
(Apple Inc.) C:\creezy\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\ArcSoft TV 5.0\TMTV5Monitor.exe
(Dropbox, Inc.) C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Realtek Semiconductor Corp.) C:\DOCUME~1\Helge\LOCALS~1\Temp\RtkBtMnt.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Spotify Ltd) C:\SpotifyWebHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1028096 2009-08-08] (Synaptics, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16858112 2009-08-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [86016 2009-08-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2009-08-08] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2009-08-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [999424 2008-01-09] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [1101824 2008-01-09] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\Winampa.exe [12288 2003-04-17] ()
HKLM\...\Run: [SmsIrProcess] => C:\Program Files\Siano Mobile Silicon\SMS\SmsIrProcess.exe [90112 2014-04-27] (Siano Mobile Silicon)
HKLM\...\Run: [iTunesHelper] => C:\creezy\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [Taplika] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\Helge\APPLIC~1\Taplika\UpdateProc\bkup.dat"
HKU\S-1-5-19\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Run: [Spotify Web Helper] => C:\SpotifyWebHelper.exe [2021944 2015-06-01] (Spotify Ltd)
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\RunOnce: [Taplika] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\Helge\APPLIC~1\Taplika\UpdateProc\bkup.dat"
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\MountPoints2: {cedb9ff6-6c91-11e2-a41d-001f3b23b875} - G:\PMCsetup.exe
HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [Taplika] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\Helge\APPLIC~1\Taplika\UpdateProc\bkup.dat"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk [2016-03-05]
ShortcutTarget: TMMonitor.lnk -> C:\Program Files\ArcSoft\ArcSoft TV 5.0\TMTV5Monitor.exe (ArcSoft, Inc.)
Startup: C:\Documents and Settings\Helge\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-20]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1424766930&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908LK2735K2735
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1424766930&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908LK2735K2735&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1424766930&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908LK2735K2735
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424766930&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908LK2735K2735&q={searchTerms}
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1424766930&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908LK2735K2735
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://taplika.com/?f=2&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424766930&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908LK2735K2735&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1343024091-562591055-1801674531-1004 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1343024091-562591055-1801674531-1004 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2015-03-20] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2015-03-20] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 25 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2015-03-20] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\creezy\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF user.js: detected! => C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\user.js [2015-02-26]
FF SearchPlugin: C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\searchplugins\Taplika.xml [2015-02-26]
FF Extension: Avira Browser Safety - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\abs@avira.com [2015-05-29]
FF Extension: SmartSaver+ 8.1 - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\KUKDSXGS67213349@EDCBUFV5900769.com [2015-05-29]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-03-20]
FF Extension: Browser Good 1.0.1 - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\{62eca849-70b6-47ed-932e-18163afa5bee}.xpi [2015-02-26]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\extensions\faststartff@gmail.com
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-01]

Chrome: 
=======
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir="
CHR DefaultSearchKeyword: Default -> taplika.com
CHR DefaultSearchURL: Default -> hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll No File
CHR Profile: C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (avast! WebRep) - C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-09-02]
CHR Extension: (Taplika New Tab) - C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn [2015-03-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1343024091-562591055-1801674531-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825856 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [823296 2008-01-09] (Intel Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [438272 2008-04-14] (Microsoft Corporation) [File not signed]
R2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [159812 2008-06-18] (NVIDIA Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2008-01-09] (Intel Corporation) [File not signed]
R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1187840 2008-01-09] (Intel Corporation ) [File not signed]
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2012-09-02] (Cisco Systems, Inc.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [107400 2015-05-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2015-05-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-24] (Avira Operations GmbH & Co. KG)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-02] (DT Soft Ltd)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2009-08-08] (Atheros Communications, Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2529280 2008-01-09] (Intel Corporation)
R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [6010752 2008-06-18] (NVIDIA Corporation) [File not signed]
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-12] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-12] (Microsoft Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12288 2008-01-02] (Intel Corporation)
S3 smsbda; C:\WINDOWS\System32\drivers\smsbda.sys [71944 2014-03-23] (Siano)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH)
R1 {15005ce0-4adb-4842-9f2a-405172e87bce}t; C:\WINDOWS\System32\drivers\{15005ce0-4adb-4842-9f2a-405172e87bce}t.sys [55832 2015-03-12] () [File not signed]
R1 {62eca849-70b6-47ed-932e-18163afa5bee}Gt; C:\WINDOWS\System32\drivers\{62eca849-70b6-47ed-932e-18163afa5bee}Gt.sys [55832 2015-02-26] () [File not signed]
R1 {c44114b8-1134-4aeb-950a-2e0ff4eceaae}t; C:\WINDOWS\System32\drivers\{c44114b8-1134-4aeb-950a-2e0ff4eceaae}t.sys [55832 2015-03-10] () [File not signed]
S3 cpuz134; \??\C:\DOCUME~1\Helge\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-05 07:59 - 2016-03-05 07:59 - 00001675 _____ () C:\Documents and Settings\Helge\Desktop\ArcSoft TV 5.0.lnk
2016-03-05 07:59 - 2016-03-05 07:59 - 00000000 ____D () C:\Program Files\ArcSoft
2016-03-05 07:59 - 2016-03-05 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft TV
2016-03-05 07:59 - 2005-07-16 03:35 - 00245408 _____ (Microsoft Corporation) C:\WINDOWS\system32\unicows.dll
2016-03-05 07:56 - 2016-03-05 07:56 - 00000000 ____D () C:\Program Files\Siano Mobile Silicon
2016-03-05 07:56 - 2016-03-05 07:56 - 00000000 ____D () C:\Program Files\Common Files\Siano Mobile Silicon
2016-03-05 07:56 - 2014-03-23 17:32 - 00071944 _____ (Siano) C:\WINDOWS\system32\Drivers\smsbda.sys
2016-03-05 07:56 - 2014-03-23 17:32 - 00021768 _____ (Siano) C:\WINDOWS\system32\smsprops.dll
2016-03-04 15:26 - 2016-03-04 15:26 - 00009642 _____ () C:\WINDOWS\KB2868038.log
2016-03-04 15:26 - 2016-03-04 15:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2016-03-04 15:25 - 2016-03-04 15:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2016-03-04 15:25 - 2016-03-04 15:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2016-03-04 15:24 - 2016-03-04 15:25 - 00008561 _____ () C:\WINDOWS\KB2803821-v2.log
2016-03-04 15:24 - 2016-03-04 15:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2016-03-04 15:23 - 2016-03-04 15:23 - 00008474 _____ () C:\WINDOWS\KB2909210-IE8.log
2016-03-04 15:23 - 2016-03-04 15:23 - 00006743 _____ () C:\WINDOWS\KB2510531-IE8.log
2016-03-04 15:23 - 2016-03-04 15:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2016-03-04 15:23 - 2015-02-10 22:23 - 00000000 ____D () C:\WINDOWS\ie8updates
2016-03-04 15:23 - 2015-02-10 22:02 - 00019174 _____ () C:\WINDOWS\KB2936068-IE8.log
2016-03-04 15:19 - 2016-03-04 15:19 - 00004470 _____ () C:\WINDOWS\KB2914368.log
2016-03-04 15:19 - 2016-03-04 15:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2016-03-04 14:42 - 2008-04-14 06:42 - 00363520 _____ () C:\WINDOWS\system32\PsisDecd.dll
2016-03-04 14:42 - 2008-04-14 06:42 - 00363520 _____ () C:\WINDOWS\system32\dllcache\psisdecd.dll
2016-03-04 14:42 - 2008-04-14 06:42 - 00056832 _____ () C:\WINDOWS\system32\MSDvbNP.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00056832 _____ () C:\WINDOWS\system32\dllcache\msdvbnp.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00033280 _____ () C:\WINDOWS\system32\PsisRndr.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00033280 _____ () C:\WINDOWS\system32\dllcache\psisrndr.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdaPlgIn.ax
2016-03-04 14:42 - 2008-04-14 01:16 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MPE.sys
2016-03-04 14:42 - 2008-04-14 01:16 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys
2016-03-04 14:42 - 2008-04-14 01:16 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BdaSup.sys
2016-03-04 14:42 - 2008-04-14 01:16 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2016-03-04 14:40 - 2016-03-05 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ArcSoft
2016-03-04 14:40 - 2016-03-04 14:40 - 00000000 ____D () C:\Documents and Settings\Helge\Application Data\ArcSoft
2016-03-04 14:40 - 2005-02-23 15:58 - 00011776 _____ (Arcsoft, Inc.) C:\WINDOWS\system32\Drivers\afc.sys
2015-06-01 21:11 - 2015-06-01 21:12 - 00023289 _____ () C:\Documents and Settings\Helge\Desktop\FRST.txt
2015-06-01 21:11 - 2015-06-01 21:11 - 00000000 ____D () C:\FRST
2015-06-01 21:10 - 2015-06-01 21:10 - 01147392 _____ (Farbar) C:\Documents and Settings\Helge\Desktop\FRST.exe
2015-06-01 18:37 - 2015-06-01 18:38 - 00000000 ____D () C:\AdwCleaner
2015-06-01 13:30 - 2015-06-01 13:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-06-01 03:10 - 2015-06-01 03:10 - 00000000 ____D () C:\Documents and Settings\Helge\Desktop\New Folder
2015-05-20 23:44 - 2015-05-31 20:45 - 00000000 ___RD () C:\Documents and Settings\Helge\My Documents\Dropbox
2015-05-20 23:43 - 2015-05-20 23:43 - 00000000 ____D () C:\Program Files\Dropbox
2015-05-20 23:43 - 2015-05-20 23:43 - 00000000 ____D () C:\Documents and Settings\Helge\Start Menu\Programs\Dropbox
2015-05-20 23:41 - 2015-05-31 20:25 - 00000000 ____D () C:\Documents and Settings\Helge\Application Data\Dropbox
2015-05-15 10:51 - 2015-06-01 14:25 - 00000020 _____ () C:\inst_ver.dat
2015-05-15 10:51 - 2015-06-01 14:24 - 41287224 _____ () C:\libcef.dll
2015-05-15 10:51 - 2015-06-01 14:24 - 10457856 _____ () C:\icudtl.dat
2015-05-15 10:51 - 2015-06-01 14:24 - 07323192 _____ (Spotify Ltd) C:\Spotify.exe
2015-05-15 10:51 - 2015-06-01 14:24 - 04253463 _____ () C:\devtools_resources.pak
2015-05-15 10:51 - 2015-06-01 14:24 - 03457592 _____ (Microsoft Corporation) C:\d3dcompiler_47.dll
2015-05-15 10:51 - 2015-06-01 14:24 - 02106424 _____ (Microsoft Corporation) C:\d3dcompiler_43.dll
2015-05-15 10:51 - 2015-06-01 14:24 - 02021944 _____ (Spotify Ltd) C:\SpotifyWebHelper.exe
2015-05-15 10:51 - 2015-06-01 14:24 - 02018406 _____ () C:\cef.pak
2015-05-15 10:51 - 2015-06-01 14:24 - 01488440 _____ () C:\libGLESv2.dll
2015-05-15 10:51 - 2015-06-01 14:24 - 00968248 _____ (The Chromium Authors) C:\ffmpegsumo.dll
2015-05-15 10:51 - 2015-06-01 14:24 - 00777272 _____ (Spotify Ltd) C:\SpotifyCrashService.exe
2015-05-15 10:51 - 2015-06-01 14:24 - 00598403 _____ () C:\cef_200_percent.pak
2015-05-15 10:51 - 2015-06-01 14:24 - 00444515 _____ () C:\cef_100_percent.pak
2015-05-15 10:51 - 2015-06-01 14:24 - 00124472 _____ (Spotify Ltd) C:\SpotifyLauncher.exe
2015-05-15 10:51 - 2015-06-01 14:24 - 00079928 _____ () C:\libEGL.dll
2015-05-15 10:51 - 2015-06-01 14:24 - 00073272 _____ () C:\wow_helper.exe
2015-05-15 10:51 - 2015-06-01 14:24 - 00000000 ____D () C:\locales
2015-05-15 10:51 - 2015-05-15 10:51 - 00000000 ____D () C:\pdf.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-05 07:58 - 2012-10-10 20:12 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2016-03-05 07:58 - 2012-09-03 21:22 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2016-03-05 07:52 - 2013-01-11 19:17 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
2016-03-05 07:52 - 2013-01-11 19:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2016-03-04 15:25 - 2014-05-31 15:24 - 00012818 _____ () C:\WINDOWS\KB2893294.log
2016-03-04 15:24 - 2014-05-31 15:24 - 00012318 _____ () C:\WINDOWS\KB2892075.log
2016-03-04 15:23 - 2013-04-08 17:33 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2016-03-04 15:23 - 2012-09-02 01:15 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2016-02-27 07:02 - 2014-07-07 19:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Diablo
2015-06-01 21:12 - 2012-09-01 22:39 - 00000000 ____D () C:\Documents and Settings\Helge\Local Settings\Temp
2015-06-01 20:50 - 2012-09-02 00:14 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 20:36 - 2015-02-24 10:36 - 00003090 _____ () C:\WINDOWS\Tasks\11a623c5-4868-4253-879e-252a0911b26b-1-6.job
2015-06-01 17:17 - 2012-09-01 23:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-06-01 16:21 - 2015-02-10 21:05 - 00000000 ____D () C:\Documents and Settings\Helge\Local Settings\Application Data\Spotify
2015-06-01 16:05 - 2015-02-10 21:04 - 00000000 ____D () C:\Documents and Settings\Helge\Application Data\Spotify
2015-06-01 11:53 - 2012-09-02 00:05 - 00000507 _____ () C:\WINDOWS\system32\nvapps.xml
2015-06-01 11:11 - 2012-09-01 20:43 - 01426023 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-01 10:50 - 2012-09-02 00:14 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 20:29 - 2012-09-01 21:32 - 00521886 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-31 20:25 - 2004-08-12 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-31 20:24 - 2012-09-01 21:35 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-05-31 20:24 - 2012-09-01 21:35 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-05-31 20:23 - 2015-02-10 22:35 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-05-31 20:23 - 2012-09-01 22:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-31 20:22 - 2012-09-01 22:39 - 00000178 ___SH () C:\Documents and Settings\Helge\ntuser.ini
2015-05-31 20:22 - 2012-09-01 22:39 - 00000000 ____D () C:\Documents and Settings\Helge
2015-05-31 20:22 - 2012-09-01 22:36 - 00032552 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-31 14:49 - 2012-09-01 22:38 - 00000000 __SHD () C:\WINDOWS\CSC
2015-05-24 15:21 - 2015-03-20 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-05-24 15:21 - 2012-09-01 22:36 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-05-24 15:19 - 2015-03-20 00:51 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-24 15:19 - 2015-03-20 00:51 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-24 15:19 - 2015-03-20 00:51 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-05-21 15:04 - 2013-04-03 16:58 - 00464547 _____ () C:\WINDOWS\setupapi.log
2015-05-15 11:05 - 2012-09-01 21:31 - 00123728 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 16:14 - 2015-02-10 21:05 - 00001860 _____ () C:\Documents and Settings\Helge\Start Menu\Programs\Spotify.lnk
2015-05-13 12:39 - 2012-09-02 00:07 - 00020440 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-13 12:16 - 2015-03-20 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Documents and Settings\Helge\Application Data\ACFAF
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Documents and Settings\Helge\Application Data\SQKPEW
2015-02-27 11:43 - 2015-03-20 01:08 - 0000110 _____ () C:\Documents and Settings\Helge\Application Data\WB.CFG
2012-09-03 21:41 - 2015-03-26 04:52 - 0035328 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-09 08:29 - 2015-03-09 08:29 - 0274045 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\dsi1.dat
2015-03-09 08:29 - 2015-03-09 08:29 - 0161916 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\dsi2.dat
2012-09-02 00:24 - 2012-09-02 00:24 - 0007199 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\HWVendorDetection.log

Some files in TEMP:
====================
C:\Documents and Settings\Helge\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Helge\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\Helge\Local Settings\Temp\binkw32.dll
C:\Documents and Settings\Helge\Local Settings\Temp\d2l_Install.exe
C:\Documents and Settings\Helge\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\Helge\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsunzpg.dll
C:\Documents and Settings\Helge\Local Settings\Temp\ReimagePackage.exe
C:\Documents and Settings\Helge\Local Settings\Temp\ReiSysUpdate.exe
C:\Documents and Settings\Helge\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Helge\Local Settings\Temp\supoptsetup.exe
C:\Documents and Settings\Helge\Local Settings\Temp\sysrestore.exe
C:\Documents and Settings\Helge\Local Settings\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Helge at 2015-06-01 21:12:30
Running from C:\Documents and Settings\Helge\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1343024091-562591055-1801674531-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1343024091-562591055-1801674531-1005 - Limited - Enabled)
Guest (S-1-5-21-1343024091-562591055-1801674531-501 - Limited - Disabled)
Helge (S-1-5-21-1343024091-562591055-1801674531-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Helge
HelpAssistant (S-1-5-21-1343024091-562591055-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1343024091-562591055-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TV 5.0 (HKLM\...\{94ED52E0-24A0-4AD8-9BFD-0560CA680A80}) (Version: 5.0.28.218 - ArcSoft, Inc.)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM\...\Battle.net) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Good (HKLM\...\Browser Good) (Version: 2015.02.26.150430 - Browser Good) <==== ATTENTION
Command & Conquer Renegade (HKLM\...\Renegade) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Diablo (HKLM\...\Diablo) (Version:  - )
Dropbox (HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Far Cry (Version: 1.00.0000 - Ihr Firmenname) Hidden
Frontschweine (HKLM\...\Hogs Of War) (Version: 1.0 - Infogrames)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0.0 - Intel Corporation)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
mCore (Version: 11.50.0000 - Intel Corporation) Hidden
mDriver (Version: 11.50.0000 - Intel) Hidden
mDrWiFi (Version: 11.50.0000 - Intel Corporation) Hidden
mHelp (Version: 11.50.0000 - Intel) Hidden
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mIWA (Version: 11.50.0000 - Intel Corporation) Hidden
mLogView (Version: 11.50.0000 - Intel Corporation) Hidden
mMHouse (Version: 11.50.0000 - Intel Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
mPfMgr (Version: 11.50.0000 - Intel Corporation) Hidden
mPfWiz (Version: 11.50.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSCfg (Version: 11.50.0000 - Intel Corporation) Hidden
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MUI Help Package - DEU (Version:  - Microsoft Corporation) Hidden
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mZConfig (Version: 11.50.0000 - Intel Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Prey (HKLM\...\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}) (Version: 1.0 - Human Head Studios)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Sid Meier's Colonization 1.0 (HKLM\...\Sid Meier's Colonization) (Version: 1.0 - 2K Games)
SMS (HKLM\...\InstallShield_{CA86CD92-22BB-4BBE-A6A5-BF1B4BAD791A}) (Version: 5.1.59 - Siano Mobile Silicon)
SMS (Version: 5.1.59 - Siano Mobile Silicon) Hidden
Spotify (HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics)
Titan Quest (HKLM\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
VirtualDJ Home FREE (HKLM\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (nur entfernen) (HKLM\...\Winamp) (Version:  - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

30-01-2016 11:14:46 System Checkpoint
02-02-2016 11:17:01 System Checkpoint
15-02-2016 11:17:54 System Checkpoint
20-02-2016 11:14:49 System Checkpoint
22-02-2016 11:16:20 System Checkpoint
23-02-2016 11:16:31 System Checkpoint
27-02-2016 05:46:25 System Checkpoint
28-02-2016 06:04:27 System Checkpoint
29-02-2016 06:40:39 System Checkpoint
01-03-2016 06:54:40 System Checkpoint
04-03-2016 14:39:52 Installiert ArcSoft TV
04-03-2016 14:40:53 Installed SMS
04-03-2016 14:42:33 Unsigned driver install
04-03-2016 14:47:50 Unsigned driver install
04-03-2016 14:50:49 Configured SMS
04-03-2016 14:53:31 Entfernt ArcSoft TV
04-03-2016 14:53:59 Configured SMS
04-03-2016 14:54:27 Installed SMS
04-03-2016 14:57:35 Installiert ArcSoft TV
04-03-2016 15:00:07 Unsigned driver install
04-03-2016 15:02:11 Unsigned driver install
04-03-2016 15:03:02 Entfernt ArcSoft TV
04-03-2016 15:03:29 Configured SMS
04-03-2016 15:04:11 Installed SMS
04-03-2016 15:04:47 Unsigned driver install
04-03-2016 15:06:36 Installiert ArcSoft TV
04-03-2016 15:10:54 Unsigned driver install
04-03-2016 15:19:46 Software Distribution Service 3.0
05-03-2016 07:54:23 Configured SMS
05-03-2016 07:55:34 Entfernt ArcSoft TV
05-03-2016 07:56:37 Installed SMS
05-03-2016 07:57:44 Unsigned driver install
05-03-2016 07:58:57 Installiert ArcSoft TV
15-09-2014 19:45:23 System Checkpoint
18-09-2014 19:54:17 System Checkpoint
23-09-2014 20:21:32 System Checkpoint
25-09-2014 20:43:43 System Checkpoint
30-09-2014 20:24:33 System Checkpoint
06-10-2014 21:47:10 System Checkpoint
08-10-2014 20:23:13 System Checkpoint
09-10-2014 20:46:48 System Checkpoint
15-10-2014 20:59:33 System Checkpoint
20-10-2014 19:54:04 System Checkpoint
21-10-2014 20:45:14 System Checkpoint
22-10-2014 21:20:50 System Checkpoint
27-10-2014 21:44:41 System Checkpoint
28-10-2014 21:53:16 System Checkpoint
30-10-2014 21:53:18 System Checkpoint
03-11-2014 21:47:25 System Checkpoint
06-11-2014 22:03:10 System Checkpoint
11-11-2014 21:23:59 System Checkpoint
13-11-2014 21:52:42 System Checkpoint
17-11-2014 21:46:31 System Checkpoint
18-11-2014 22:02:13 System Checkpoint
20-11-2014 21:48:34 System Checkpoint
24-11-2014 20:39:52 System Checkpoint
25-11-2014 22:51:23 System Checkpoint
27-11-2014 22:31:27 System Checkpoint
10-12-2014 21:06:43 System Checkpoint
06-01-2015 22:01:29 System Checkpoint
08-01-2015 21:25:06 System Checkpoint
12-01-2015 21:07:08 System Checkpoint
13-01-2015 22:03:21 System Checkpoint
15-01-2015 22:00:01 System Checkpoint
16-01-2015 22:04:35 System Checkpoint
30-01-2015 21:53:47 System Checkpoint
09-02-2015 22:30:01 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
09-02-2015 22:30:26 OpenOffice 4.1.1 wird installiert
10-02-2015 21:30:38 iTunes wird installiert
10-02-2015 22:02:18 Software Distribution Service 3.0
11-02-2015 04:31:12 Software Distribution Service 3.0
24-02-2015 10:34:56 Uniblue SpeedUpMyPC installation
24-02-2015 10:35:52 Uniblue DriverScanner installation
26-02-2015 17:43:20 Software Distribution Service 3.0
10-03-2015 21:19:27 Unsigned driver install
12-03-2015 12:42:40 System Checkpoint
20-03-2015 01:01:41 Avira Free Antivirus - 3/20/2015 0:01
20-03-2015 01:09:29 avast! Free Antivirus Setup
20-03-2015 01:13:00 Avira Free Antivirus - 3/20/2015 0:12
20-03-2015 01:18:09 Software Distribution Service 3.0
20-03-2015 01:59:57 Software Distribution Service 3.0
24-03-2015 22:00:01 System Checkpoint
25-03-2015 22:03:46 System Checkpoint
26-03-2015 20:23:38 Unsigned driver install
29-03-2015 03:32:04 System Checkpoint
30-03-2015 17:32:00 System Checkpoint
02-04-2015 13:03:00 System Checkpoint
03-04-2015 22:07:58 System Checkpoint
13-04-2015 12:21:25 System Checkpoint
13-05-2015 17:20:00 System Checkpoint
14-05-2015 21:39:59 System Checkpoint
21-05-2015 01:40:27 System Checkpoint
23-05-2015 00:36:32 System Checkpoint
24-05-2015 16:12:46 System Checkpoint
25-05-2015 16:28:21 System Checkpoint
27-05-2015 13:31:36 System Checkpoint
28-05-2015 20:38:20 System Checkpoint
29-05-2015 20:58:40 System Checkpoint
30-05-2015 21:08:26 System Checkpoint
01-06-2015 16:36:30 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-12 14:00 - 2004-08-12 14:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\11a623c5-4868-4253-879e-252a0911b26b-1-6.job => C:\Program Files\ss8\11a623c5-4868-4253-879e-252a0911b26b-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2008-01-09 09:49 - 2008-01-09 09:49 - 00245760 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2012-09-02 00:05 - 2008-06-18 07:46 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2003-04-17 08:54 - 2003-04-17 08:54 - 00012288 _____ () C:\Program Files\Winamp\Winampa.exe
2016-03-05 07:59 - 2007-04-19 10:33 - 00035584 _____ () C:\Program Files\ArcSoft\ArcSoft TV 5.0\uPiApi.dll
2007-04-02 18:19 - 2007-04-02 18:19 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll
2016-03-05 07:59 - 2013-09-02 10:45 - 00016384 _____ () C:\Program Files\ArcSoft\ArcSoft TV 5.0\uTVMUIEngine.dll
2015-05-31 20:25 - 2015-05-31 20:25 - 00043008 _____ () c:\Documents and Settings\Helge\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsunzpg.dll
2015-05-20 23:43 - 2015-03-04 23:45 - 00750080 _____ () C:\Documents and Settings\Helge\Application Data\Dropbox\bin\libGLESv2.dll
2015-05-20 23:43 - 2015-03-04 23:45 - 00047616 _____ () C:\Documents and Settings\Helge\Application Data\Dropbox\bin\libEGL.dll
2015-05-20 23:43 - 2015-03-04 23:45 - 00865280 _____ () C:\Documents and Settings\Helge\Application Data\Dropbox\bin\plugins\platforms\qwindows.dll
2015-05-20 23:43 - 2015-03-04 23:45 - 00200704 _____ () C:\Documents and Settings\Helge\Application Data\Dropbox\bin\plugins\imageformats\qjpeg.dll
2007-12-14 15:11 - 2007-12-14 15:11 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2015-03-20 14:29 - 2015-03-20 14:29 - 16858288 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Helge\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe] => Enabled:Far Cry
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Helge\Application Data\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Dienst "Bonjour"
StandardProfile\AuthorizedApplications: [C:\creezy\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

Name: USB Device
Description: USB Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).


System errors:
=============
Error: (03/05/2016 08:12:53 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Error: (03/05/2016 08:12:53 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (03/05/2016 07:57:53 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (03/05/2016 07:57:53 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (03/05/2016 07:49:57 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll.
Reference error message: The operation completed successfully.
.

Error: (03/05/2016 07:49:57 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: Manifest Parse Error : XML document must have a top level element.
.

Error: (03/05/2016 07:49:57 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : XML document must have a top level element.
1" on line Manifest Parse Error : XML document must have a top level element.
2.

Error: (03/05/2016 07:49:49 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\ArcSoft\ArcSoft TV 5.0\EndPointCtrl.dll.
Reference error message: The operation completed successfully.
.

Error: (03/05/2016 07:49:49 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: Manifest Parse Error : XML document must have a top level element.
.

Error: (03/05/2016 07:49:49 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : XML document must have a top level element.
1" on line Manifest Parse Error : XML document must have a top level element.
2.


Microsoft Office:
=========================
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 44%
Total physical RAM: 3070.36 MB
Available physical RAM: 1718.8 MB
Total Pagefile: 4955.57 MB
Available Pagefile: 3477.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:204.27 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: C3BA16E0)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of log ============================

PC voll von Viren? ADWCleaner zeigt eine sehr lange Log-File!

Log-Analyse und Auswertung: PC voll von Viren? ADWCleaner zeigt eine sehr lange Log-File!

PC voll von Viren? ADWCleaner zeigt eine sehr lange Log-File!

Ähnliche Themen: PC voll von Viren? ADWCleaner zeigt eine sehr lange Log-File!