Hallo ihr,

mein Lapi (Beschreibung siehe oben) ist recht schnell sehr heiß, trotz externem Kühler.

Läd auch sehr langsam.

Hatte wegen dem Trojaner-Fehler gestern schonmal FRST Analyse hier eingestellt, da wurde mir geschrieben, dass auch Addware drauf ist.

Könnt ihr mir Laien helfen, die zu entfernen?

Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by Siggi (administrator) on SIGGI-PC on 02-07-2015 10:59:25
Running from C:\Users\Siggi\Downloads
Loaded Profiles: Siggi (Available Profiles: Siggi)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
() D:\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Glarysoft Ltd) D:\Glary Utilities 5\Integrator.exe
(Salfeld Computer) C:\Windows\System32\cchservice.exe
() C:\Program Files\System Control Manager\edd.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
(TomTom) D:\TomTom HOME 2\TomTomHOMEService.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() D:\Program Files\Winamp\winampa.exe
(MSI) C:\Program Files\System Control Manager\MGSysCtrl.exe
() C:\Windows\BisonCam\BsMnt.exe
() C:\Windows\BisonCam\BisonHK.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(G DATA Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(phonostar) D:\Program Files\phonostar\ps_timer.exe
(TomTom) D:\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Salfeld Computer) C:\Windows\System32\cc32\webtmr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ChicoSys] => C:\Windows\system32\cc32\webtmr.exe [5635736 2008-01-21] (Salfeld Computer)
HKLM\...\Run: [GDFirewallTray] => C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Run: [WinampAgent] => D:\Program Files\Winamp\winampa.exe [37888 2009-03-09] ()
HKLM\...\Run: [MGSysCtrl] => C:\Program Files\System Control Manager\MGSysCtrl.exe [561152 2007-09-07] (MSI)
HKLM\...\Run: [LanguageShortcut] => D:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM\...\Run: [BsMnt] => C:\Windows\BisonCam\BsMnt.exe [172032 2007-03-15] ()
HKLM\...\Run: [BisonHK] => C:\Windows\BisonCam\BisonHK.exe [32768 2007-03-15] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files\g data\internetsecurity\avkkid\avkcks.exe,
HKU\S-1-5-21-4239085852-1190954522-594501458-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4239085852-1190954522-594501458-1000\...\Run: [CCWinTray] => C:\Windows\tray\wintmr.exe [5975704 2008-01-21] (Salfeld Computer)
HKU\S-1-5-21-4239085852-1190954522-594501458-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4239085852-1190954522-594501458-1000\...\Run: [PhonostarTimer] => D:\Program Files\phonostar\ps_timer.exe [126976 2008-07-14] (phonostar)
HKU\S-1-5-21-4239085852-1190954522-594501458-1000\...\Run: [TomTomHOME.exe] => D:\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom)
HKU\S-1-5-21-4239085852-1190954522-594501458-1000\...\MountPoints2: {1b1c2251-0290-11e4-a605-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-4239085852-1190954522-594501458-1000\...\MountPoints2: {1b1c22b0-0290-11e4-a605-404e57434401} - F:\AutoRun.exe
HKU\S-1-5-21-4239085852-1190954522-594501458-1000\...\MountPoints2: {b4cd255c-e6bb-11df-ae51-001d9258f93e} - G:\InstallTomTomHOME.exe
HKU\S-1-5-21-4239085852-1190954522-594501458-1000\...\MountPoints2: {bb228150-9713-11e3-814d-404e57434401} - F:\setup.exe
HKU\S-1-5-21-4239085852-1190954522-594501458-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GdScrSv.scr [2229880 2015-02-20] (G Data Software AG)
Startup: C:\Users\Siggi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2009-05-13]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-4239085852-1190954522-594501458-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
URLSearchHook: HKU\S-1-5-21-4239085852-1190954522-594501458-1000 - (No Name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -  No File
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKLM -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKLM -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKU\S-1-5-21-4239085852-1190954522-594501458-1000 -> DefaultScope {FC09AA4A-ED15-4AC1-8983-01F3169C16C3} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
SearchScopes: HKU\S-1-5-21-4239085852-1190954522-594501458-1000 -> {6DFAB371-A8D5-4157-BCE1-0EFFACBE2534} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-4239085852-1190954522-594501458-1000 -> {774B8359-0018-4A16-8C95-0713F67F4D6A} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-4239085852-1190954522-594501458-1000 -> {78B67B9E-D578-4F1C-9A27-39B6907FD777} URL = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4239085852-1190954522-594501458-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={A588F55F-0378-436F-8973-6FC4058DC93E}&mid=ba5c59f7eac047d0864e910711a7adf2-ffdf2b2309074f949113bb882d3fcaad5d0f03f1&lang=de&ds=od011&pr=sa&d=2012-06-12 21:05:09&v=12.2.5.32&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4239085852-1190954522-594501458-1000 -> {B7191055-BECA-4ED5-AD57-95CD7A0F0179} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKU\S-1-5-21-4239085852-1190954522-594501458-1000 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4239085852-1190954522-594501458-1000 -> {FA784A59-064C-4814-9A15-32BD22856DD9} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKU\S-1-5-21-4239085852-1190954522-594501458-1000 -> {FC09AA4A-ED15-4AC1-8983-01F3169C16C3} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: Winamp Toolbar Loader -> {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} -> C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19] (AOL LLC.)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {B922D405-6D13-4A2B-AE89-08A030DA4402} ->  No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO: No Name -> {E312764E-7706-43F1-8DAB-FCDD2B1E416D} ->  No File
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19] (AOL LLC.)
Toolbar: HKU\S-1-5-21-4239085852-1190954522-594501458-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-4239085852-1190954522-594501458-1000 -> Winamp Toolbar - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19] (AOL LLC.)
Toolbar: HKU\S-1-5-21-4239085852-1190954522-594501458-1000 -> No Name - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{631A12C0-C54D-4042-91BF-3033F9A95258}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{A600EB07-35E8-419C-A5B0-4EEFF01B59A5}: [DhcpNameServer] 10.74.210.210 10.74.210.211

FireFox:
========
FF ProfilePath: C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\5uy80lee.default-1398415569638
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-01] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Users\Siggi\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32asw.dll [2004-07-02] (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll [2011-09-16] (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Extension: Allin1Convert - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\5uy80lee.default-1398415569638\Extensions\8hffxtbr@download.allin1convert.com [2015-06-07]
FF Extension: dp Launcher Plugin - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\5uy80lee.default-1398415569638\Extensions\dplauncher@digitalpublishing.de [2015-01-27]
FF Extension: Securita Scout - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\5uy80lee.default-1398415569638\Extensions\isec@securitascout.com [2014-04-25]
FF Extension: Search Settings Plugin - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com [2015-06-02]
FF Extension: pdfforge Toolbar Plugin - C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2015-06-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2528888 2015-04-16] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2876888 2015-04-07] (G Data Software AG)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2539560 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 Internet Manager. RunOuc; C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2011-06-17] ()
S2 ksupmgr; C:\Windows\system32\ksupmgr.exe [765592 2010-08-25] (Salfeld Computer)
S2 MBAMService; D:\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NishService; C:\Program Files\System Control Manager\edd.exe [61440 2007-08-23] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
R2 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2008-07-29] ()
R2 TomTomHOMEService; D:\TomTom HOME 2\TomTomHOMEService.exe [93040 2015-04-30] (TomTom)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 Achernar; C:\Windows\System32\Drivers\Achernar.sys [18432 2007-02-05] (NewSoft Technology Corporation) [File not signed]
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [306816 2008-09-28] (AfaTech                  )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 AVMBTPARALLEL; C:\Windows\System32\DRIVERS\avmbtpar.sys [61952 2007-07-03] (AVM GmbH)
R3 AVMBTSERIAL; C:\Windows\System32\DRIVERS\avmbtser.sys [60928 2007-07-03] (AVM GmbH)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64512 2007-07-03] (AVM GmbH)
R3 BFHU_CFG; C:\Windows\System32\DRIVERS\bfhu_cfg.sys [6656 2007-07-03] (AVM Berlin)
S3 bfubase; C:\Windows\System32\DRIVERS\bfubase.sys [882688 2007-07-03] (AVM Berlin)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-07-18] (Glarysoft Ltd)
R3 CAPI_CIP; C:\Windows\System32\DRIVERS\capi_cip.sys [374144 2007-07-03] (AVM Berlin)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [22912 2007-01-12] (eMPIA Technology, Inc.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [108032 2015-06-27] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB32.sys [24192 2015-06-27] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20352 2015-06-27] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [161792 2015-06-27] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [73216 2015-06-27] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2015-06-27] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2015-07-02] (G Data Software)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17344 2014-10-17] (Glarysoft Ltd)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [87040 2015-06-27] (G Data Software AG)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70016 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 MGHwCtrl; C:\Windows\system32\drivers\MGHwCtrl.sys [19456 2006-12-22] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 MTOnlPktAlyX; D:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS [17536 2006-10-09] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [File not signed]
R2 thomedav; C:\Windows\system32\drivers\thomedav.sys [83072 2008-08-07] () [File not signed]
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [361728 2007-01-29] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [39680 2007-01-29] (eMPIA Technology, Inc.)
R3 cpuz132; \??\C:\Users\Siggi\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249472 2012-04-20] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIV.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 10:59 - 2015-07-02 11:03 - 00020430 _____ C:\Users\Siggi\Downloads\FRST.txt
2015-07-02 10:47 - 2015-07-02 10:59 - 00000000 ____D C:\FRST
2015-07-02 10:46 - 2015-07-02 10:46 - 01636352 _____ (Farbar) C:\Users\Siggi\Downloads\FRST.exe
2015-07-02 10:26 - 2015-07-02 10:26 - 00572456 _____ (F-Secure Corporation) C:\Users\Siggi\Downloads\F-SecureOnlineScanner.exe
2015-07-02 10:26 - 2015-07-02 10:26 - 00000000 ____D C:\Users\Siggi\AppData\Local\F-Secure
2015-07-02 10:26 - 2015-07-02 10:26 - 00000000 ____D C:\ProgramData\F-Secure
2015-07-01 22:20 - 2015-07-01 22:20 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\Siggi\Downloads\flashplayer18_ha_install.exe
2015-06-28 16:30 - 2015-06-28 16:31 - 04532776 _____ (Piriform Ltd) C:\Users\Siggi\Downloads\dfsetup219.exe
2015-06-27 22:51 - 2015-06-27 22:51 - 00024192 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBB32.sys
2015-06-27 22:51 - 2015-06-27 22:51 - 00000657 _____ C:\Windows\setupact.log
2015-06-27 22:51 - 2015-06-27 22:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_GDKBB32_01007.Wdf
2015-06-27 22:51 - 2015-06-27 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2015-06-27 22:51 - 2015-06-27 22:51 - 00000000 _____ C:\Windows\setuperr.log
2015-06-27 22:49 - 2015-06-27 22:49 - 00002078 _____ C:\Windows\DPINST.LOG
2015-06-23 15:47 - 2015-06-23 15:47 - 00000588 _____ C:\Users\Public\Desktop\Ev. Gesangbuch 3.0.lnk
2015-06-23 15:47 - 2015-06-23 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bibel digital
2015-06-23 15:46 - 2015-06-25 22:07 - 00000000 ____D C:\Users\Siggi\Documents\bibel digital
2015-06-23 15:46 - 2015-06-23 15:46 - 00000000 ____D C:\Users\Siggi\AppData\Roaming\c-software
2015-06-10 17:13 - 2015-04-24 17:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 17:12 - 2015-05-21 16:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 17:12 - 2015-05-09 01:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 17:01 - 2015-05-05 00:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 17:01 - 2015-05-05 00:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 17:01 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 17:01 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 17:01 - 2015-05-04 23:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 08:32 - 2015-05-31 01:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 08:32 - 2015-05-31 01:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 08:32 - 2015-05-31 01:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 08:32 - 2015-05-31 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 08:32 - 2015-05-31 01:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 08:32 - 2015-05-31 01:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 08:32 - 2015-05-31 01:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 08:32 - 2015-05-31 01:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 08:32 - 2015-05-31 01:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 08:32 - 2015-05-31 01:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 08:32 - 2015-05-31 01:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-10 08:32 - 2015-05-31 01:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 08:32 - 2015-05-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 08:32 - 2015-05-31 01:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 08:32 - 2015-05-31 01:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-10 08:32 - 2015-05-31 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 08:32 - 2015-05-31 01:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 08:32 - 2015-05-31 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 08:32 - 2015-05-31 01:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-10 08:32 - 2015-05-31 01:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-10 08:31 - 2015-05-31 02:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 08:31 - 2015-05-31 01:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-02 21:59 - 2015-06-03 14:11 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 11:03 - 2014-12-11 19:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-02 11:03 - 2011-11-12 10:24 - 00000109 _____ C:\Windows\system32\SWCTL.DLL
2015-07-02 11:02 - 2008-01-21 03:35 - 01725796 _____ C:\Windows\WindowsUpdate.log
2015-07-02 10:55 - 2008-07-31 11:30 - 00000000 ____D C:\Users\Siggi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-07-02 10:54 - 2014-08-21 20:51 - 00000294 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2015-07-02 10:54 - 2006-11-02 14:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-02 10:54 - 2006-11-02 14:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-02 10:53 - 2012-06-30 10:24 - 00000360 _____ C:\Windows\Tasks\PCCT - MAGIX AG.job
2015-07-02 10:53 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-02 10:52 - 2015-05-16 14:36 - 00000996 _____ C:\Windows\PFRO.log
2015-07-02 10:48 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-02 10:29 - 2012-09-22 08:56 - 00015192 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2015-07-02 10:29 - 2011-11-14 18:15 - 00029528 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2015-07-01 22:21 - 2013-04-02 08:49 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-01 22:21 - 2011-05-31 15:17 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-01 22:20 - 2008-07-29 19:38 - 00000000 ____D C:\Users\Siggi\AppData\Local\Adobe
2015-07-01 17:24 - 2011-11-13 19:49 - 00016586 _____ C:\Windows\system32\cchservice.err
2015-07-01 06:17 - 2014-08-21 20:51 - 00000000 ____D C:\Users\Siggi\AppData\Roaming\DiskDefrag
2015-06-29 17:50 - 2008-12-14 17:47 - 00002469 _____ C:\Users\Siggi\Desktop\Microsoft Office Word 2007.lnk
2015-06-28 16:32 - 2012-01-29 11:49 - 00001672 _____ C:\Users\Public\Desktop\Defraggler.lnk
2015-06-28 16:32 - 2012-01-29 11:49 - 00000000 ____D C:\Program Files\Defraggler
2015-06-27 22:56 - 2008-10-14 19:56 - 00073216 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2015-06-27 22:51 - 2014-10-11 07:18 - 00001809 _____ C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-06-27 22:51 - 2014-05-04 16:06 - 00020352 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt32.sys
2015-06-27 22:50 - 2011-11-14 17:56 - 00161792 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2015-06-27 22:50 - 2011-11-14 17:56 - 00108032 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2015-06-27 22:50 - 2011-11-14 17:56 - 00087040 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2015-06-27 22:50 - 2011-11-14 17:56 - 00053248 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys
2015-06-27 22:49 - 2011-11-14 17:55 - 00000000 ____D C:\Program Files\Common Files\G Data
2015-06-10 19:01 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2015-06-10 18:44 - 2014-03-04 10:28 - 00275144 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 17:13 - 2008-12-14 17:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 17:12 - 2013-07-23 17:00 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 17:03 - 2006-11-02 12:24 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-10 17:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2015-06-03 14:11 - 2012-05-05 21:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-02 22:54 - 2008-12-14 17:48 - 00002475 _____ C:\Users\Siggi\Desktop\Microsoft Office Excel 2007.lnk

==================== Files in the root of some directories =======

2008-07-29 18:53 - 2012-07-16 19:57 - 0001356 _____ () C:\Users\Siggi\AppData\Local\d3d9caps.dat
2008-07-29 21:31 - 2014-05-19 15:18 - 0027136 _____ () C:\Users\Siggi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-08-31 12:18 - 2008-08-31 12:18 - 0000093 _____ () C:\Users\Siggi\AppData\Local\fusioncache.dat
2010-06-06 11:50 - 2010-12-29 23:27 - 0017408 _____ () C:\Users\Siggi\AppData\Local\WebpageIcons.db
2009-06-03 17:34 - 2009-12-21 20:39 - 0000088 __RSH () C:\ProgramData\8677DC198C.sys
2009-06-03 17:34 - 2009-12-21 20:39 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-02 11:08

==================== End of log ============================
         

--- --- ---


[CODE]Additional
FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by Siggi at 2015-07-02 11:04:21
Running from C:\Users\Siggi\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4239085852-1190954522-594501458-500 - Administrator - Disabled)
ASPNET (S-1-5-21-4239085852-1190954522-594501458-1002 - Limited - Enabled)
Gast (S-1-5-21-4239085852-1190954522-594501458-501 - Limited - Disabled)
Siggi (S-1-5-21-4239085852-1190954522-594501458-1000 - Administrator - Enabled) => C:\Users\Siggi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA INTERNET SECURITY (Disabled - Out of date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Disabled - Out of date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSee 8 (HKLM\...\{AA2E6BFE-4351-481C-A720-47CB3506570B}) (Version: 8.0.41 - ACD Systems Ltd.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ArcSoft TotalMedia 3 (HKLM\...\{FF68083C-E11E-4A91-B54B-CD72AB5A0CF5}) (Version:  - ArcSoft)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.1 - Atheros)
bcTester 4.9 (de) (HKLM\...\{B18D4784-45FF-4787-A81E-012873CA6515}) (Version: 4.9.2 - QS QualitySoft GmbH)
BisonCam (HKLM\...\{4A57592C-FF92-4083-97A9-92783BD5AFB4}) (Version: 6.32.0.07 - Bisont Electrocnics. Inc.)
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Canon MX320 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series) (Version:  - )
ccc-core-static (Version: 2007.1101.2317.39832 - Ihr Firmenname) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dupehunter Professional (HKLM\...\Dupehunter Professional) (Version: 9.6.0.3933 - Carsten Heidtke Software)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.0.15910 - Landesfinanzdirektion Thüringen)
G DATA INTERNET SECURITY (HKLM\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.4 - G DATA Software AG)
Glary Utilities 5.21 (HKLM\...\Glary Utilities 5) (Version: 5.21.0.40 - Glarysoft Ltd)
Internet Manager (HKLM\...\Internet Manager) (Version: 22.001.18.68.55 - Huawei Technologies Co.,Ltd)
Kindersicherung 2011 (HKLM\...\Kindersicherung_is1) (Version:  - Salfeld Computer GmbH)
MAGIX PC Check & Tuning Free 2011 (HKLM\...\MAGIX_MSI_PC_Check_Tuning_Free_2011) (Version: 6.0.403.1050 - MAGIX AG)
MAGIX PC Check & Tuning Free 2011 (Version: 6.0.403.1050 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM\...\{B63DFA23-5C10-44B4-881D-45EFBF4A4761}) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MediaShow (HKLM\...\{D5A9B7C0-8751-11D8-9D75-000129760D75}) (Version: 3.0.4325 - CyberLink Corporation)
Mediencenter Software Version 6.02.15 31.10.08 (HKLM\...\Mediencenter Software_is1) (Version:  - Deutsche Telekom AG)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
office Convert Pdf to Jpg Jpeg Tiff Free 6.4 (HKLM\...\office Convert Pdf to Jpg Jpeg Tiff Free_is1) (Version:  - Officeconvert Software, Inc.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.1 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v1.0 (HKLM\...\{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}) (Version: 1.00.0000 - GreenTree Applications, Inc.) <==== ATTENTION
phonostar-Player Version 2.01.4 (HKLM\...\phonostarRadioPlayer_is1) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corporation)
PowerDVD Copy (HKLM\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.3716a - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
Presto! Digital Converter (HKLM\...\{EEFD47F3-3122-4A9C-8FFA-199F624378C6}) (Version: 1.09.00 - NewSoft)
Presto! VideoWorks 6 (HKLM\...\{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}) (Version: 6.30.00 - NewSoft)
Primo (Version: 1.00.0000 - Your Company Name) Hidden
QRreader (HKLM\...\com.dansl.QRreader) (Version: 1.5 - UNKNOWN)
QRreader (Version: 1.5 - UNKNOWN) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - )
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Runtime (Version: 1.00.0000 - Your Company Name) Hidden
Safari (HKLM\...\{C5C649A8-1D21-4C83-9B08-7B3752E580F4}) (Version: 4.30.17.0 - Apple Inc.)
Skins (Version: 2007.1101.2317.39832 - ATI) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
System Control Manager (HKLM\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 1.0207.0907.G100.30 - )
TomTom HOME (HKLM\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME (HKLM\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
T-Online 6.0 (HKLM\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
Ulead Burn.Now 4.5 (Version: 4.5.0 - InterVideo Digital Technology Corporation) Hidden
Ulead Burn.Now 4.5 SE (HKLM\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - InterVideo Digital Technology Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
USB Video Device Driver (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 1.00 - eMPIA)
VideoLAN VLC media player 0.8.6i (HKLM\...\VLC media player) (Version: 0.8.6i - VideoLAN Team)
Winamp (HKLM\...\Winamp) (Version: 5.551  - Nullsoft, Inc)
Winamp Toolbar (HKLM\...\Winamp Toolbar) (Version:  - ) <==== ATTENTION
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\x264vfw) (Version:  - )
Zattoo 3.3.4 Beta (HKLM\...\Zattoo) (Version: 3.3.4 Beta - Zattoo Inc.)
Zattoo4 4.0.5 (HKLM\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)
Zylom Games Player Plugin (HKLM\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4239085852-1190954522-594501458-1000_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

==================== Restore Points =========================

01-07-2015 06:32:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01B7A51D-24D3-45A4-8052-DC7A32592EAE} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Siggi => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {1AAF2817-A24A-43F9-96D7-D2DF7B679B97} - System32\Tasks\GU5SkipUAC => D:\Glary Utilities 5\Integrator.exe [2015-03-16] (Glarysoft Ltd)
Task: {1B67DC94-BACD-4D58-B05D-5B6D7AB1C9F7} - System32\Tasks\{C44B8DA2-6025-40A6-9DFF-4811ECCF645F} => pcalua.exe -a C:\Users\Siggi\Downloads\wmp11-windowsxp-x86-DE-DE.exe -d C:\Users\Siggi\Downloads
Task: {4370A0A0-DD09-4B2B-90F6-D98AE738473B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {4B8210A4-E843-4E82-8462-B8736358E725} - System32\Tasks\{717A6EC0-A77E-47D8-B6D5-218F1026EB52} => pcalua.exe -a C:\Users\Siggi\Downloads\Authorware_Web_Player_Plugin.exe -d C:\Users\Siggi\Downloads
Task: {662A8FB6-6D5B-42E9-BBD8-42B5B8E1F513} - \GlaryInitialize No Task File <==== ATTENTION
Task: {79EB6516-3EF3-46E8-AED2-CD9EBF701525} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-01] (Adobe Systems Incorporated)
Task: {7E1BA93B-92A1-43AC-9167-44C7D693147C} - System32\Tasks\PCCT - MAGIX AG => D:\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe [2010-11-08] ()
Task: {A9C070FE-8EB0-4E4F-9FE2-96691689961C} - System32\Tasks\GlaryInitialize 5 => D:\Glary Utilities 5\Initialize.exe [2015-03-16] (Glarysoft Ltd)
Task: {AE6AF6D3-E193-4677-9C86-43A73480AB38} - System32\Tasks\{70A4791E-B853-41E4-B81D-FF295EFDD551} => pcalua.exe -a "C:\Users\Siggi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYHSBRIO\No23Recorder21[1].exe" -d C:\Users\Siggi
Task: {C1AE4C93-00EF-4445-947A-921A81AC2481} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {D2C6F9A0-FCCD-4623-83AB-E01A5FA98570} - \GlaryInitialize 4 No Task File <==== ATTENTION
Task: {DCF84E1F-08A2-4F48-90DD-1B00EC5EB819} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION
Task: {E87CB479-1CC2-46BB-B09C-9EA2C39003FF} - System32\Tasks\{55D37320-8274-4E92-A1AF-153BB56260CB} => pcalua.exe -a F:\avm_bluefritz!usb_v20v10_vista_xp_2000_070703.exe -d F:\

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => D:\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\PCCT - MAGIX AG.job => D:\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe

==================== Loaded Modules (Whitelisted) ==============

2010-11-08 18:08 - 2010-11-08 18:08 - 02644248 _____ () D:\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe
2010-11-04 12:21 - 2010-11-04 12:21 - 00635904 _____ () D:\MAGIX\PC_Check_Tuning_Free_2011\MFL_u_VC9.dll
2007-09-05 16:42 - 2007-09-05 16:42 - 00638976 _____ () D:\MAGIX\PC_Check_Tuning_Free_2011\PlayRIpl.dll
2007-11-01 17:09 - 2007-11-01 17:09 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-03-14 17:27 - 2011-03-14 17:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2014-07-03 11:22 - 2011-06-17 13:04 - 00224096 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2014-07-03 11:22 - 2009-01-10 12:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2014-07-03 11:22 - 2009-06-22 20:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2014-07-03 11:22 - 2010-05-05 10:47 - 02415104 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2014-07-03 11:22 - 2010-02-10 16:10 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2015-03-16 09:28 - 2015-03-16 09:28 - 00080160 _____ () D:\Glary Utilities 5\zlib1.dll
2008-07-29 19:32 - 2007-08-23 14:37 - 00061440 _____ () C:\Program Files\System Control Manager\edd.exe
2008-07-31 10:06 - 2006-12-19 17:23 - 00272024 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-07-29 20:37 - 2008-07-29 21:13 - 01251720 _____ () C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
2008-07-29 20:37 - 2008-07-29 21:13 - 00362376 _____ () C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
2015-02-20 05:42 - 2015-02-20 05:42 - 00317560 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
2014-07-17 12:35 - 2011-06-17 13:04 - 01434464 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
2014-07-03 11:22 - 2010-02-10 16:43 - 09515520 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll
2014-07-17 12:35 - 2012-10-08 03:41 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll
2014-07-17 12:35 - 2012-10-08 03:41 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll
2009-03-09 17:49 - 2009-03-09 17:49 - 00037888 _____ () D:\Program Files\Winamp\winampa.exe
2008-07-29 19:32 - 2004-07-06 15:12 - 00290816 _____ () C:\Program Files\System Control Manager\CmSuppX.dll
2008-07-29 19:32 - 2007-09-07 15:52 - 00110592 _____ () C:\Windows\system32\MGHwCtrl.dll
2008-07-29 19:32 - 2005-08-26 11:41 - 00010752 _____ () C:\Program Files\System Control Manager\MGKBHook.dll
2008-07-30 07:06 - 2007-03-15 16:34 - 00172032 _____ () C:\Windows\BisonCam\BsMnt.exe
2008-07-30 07:06 - 2007-03-15 16:37 - 00032768 _____ () C:\Windows\BisonCam\BisonHK.exe
2008-07-30 07:06 - 2007-03-15 16:35 - 00024576 _____ () C:\Windows\BisonCam\KBHookDLL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ksupmgr => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4239085852-1190954522-594501458-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img36.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Siggi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Medien-Prüfung.lnk => C:\Windows\pss\PMB Medien-Prüfung.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => 
MSCONFIG\startupreg: gStart => 
MSCONFIG\startupreg: GUDelayStartup => "D:\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: PDFPrint => 
MSCONFIG\startupreg: RemoteControl => "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: ToADiMon.exe => D:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
MSCONFIG\startupreg: TomTomHOME.exe => "D:\TomTom HOME 2\TomTomHOMERunner.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{435646A2-87BD-4BCE-B12C-8F77B5B9E167}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{CEF2E1B1-5A2A-4784-A0D9-31277285BB4E}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{862E90DC-47A7-45CE-9DA3-F0AEC188192F}] => (Allow) D:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE
FirewallRules: [{5BD63FC5-667E-43CB-9D5F-7F4775111473}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{40B7FED8-896D-44EC-9F1D-369F0573DDB7}] => (Allow) D:\Program Files\MSI\ArcSoft\TotalMedia\TotalMedia.exe
FirewallRules: [{30822FFF-9222-40B2-B21C-7DF5B579C8BA}] => (Allow) D:\Program Files\MSI\ArcSoft\TotalMedia\TotalMedia.exe
FirewallRules: [{434CF9CC-5E1C-4F17-BEA0-19931473AF4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{761EA6FC-9C02-463E-84B0-3FF78B70B401}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AAAC93D4-ACB9-42B6-AB71-60E3779D23BF}] => (Allow) D:\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{40AE9DFD-5E87-4D4C-9897-C982E305FFB7}] => (Allow) D:\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{650A8962-9133-4956-B426-43622836BA21}] => (Allow) LPort=80
FirewallRules: [{000A310B-E026-493E-B1F7-89CEDE8E840A}] => (Allow) LPort=80
FirewallRules: [{8A9A7414-0D99-4D42-AB2A-EE6DDAEB3A67}] => (Allow) LPort=80
FirewallRules: [{D821B09A-27FD-4D52-845E-E3FF04243EC9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E003EE87-8BF4-4397-B0F1-F8B6DB9927AF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E712949A-C008-422C-A97B-8DDF4AD814F8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2015 10:54:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 09:03:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2015 10:21:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung explorer.exe, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0015fbe9,
Prozess-ID 0x3794, Anwendungsstartzeit explorer.exe0.

Error: (07/01/2015 08:47:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2015 06:37:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2015 05:22:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2015 04:05:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2015 03:24:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2015 01:41:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2015 00:25:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/02/2015 11:08:16 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (07/02/2015 10:57:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: UPnP-GerätehostSSDP-Suche%%1058

Error: (07/02/2015 10:57:04 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (07/02/2015 10:54:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Internet Manager. OUC%%1053

Error: (07/02/2015 10:54:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Internet Manager. OUC

Error: (07/02/2015 10:53:39 AM) (Source: netbt) (EventID: 4321) (User: )
Description: Der Name "SIGGI-PC       :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.103
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/02/2015 10:53:39 AM) (Source: netbt) (EventID: 4321) (User: )
Description: Der Name "SIGGI-PC       :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.103
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/02/2015 09:11:43 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (07/02/2015 09:05:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: UPnP-GerätehostSSDP-Suche%%1058

Error: (07/02/2015 09:05:09 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}


Microsoft Office:
=========================
Error: (09/13/2011 10:25:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6351 seconds with 420 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-07-02 11:03:42.905
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\GDBehave.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-02 11:03:41.206
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\GDBehave.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-02 11:03:39.818
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\GDBehave.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-02 11:03:37.477
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\GDBehave.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-02 11:02:31.017
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-02 11:02:29.188
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-02 11:02:27.570
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-02 11:02:25.674
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-02 11:02:16.787
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\GDBehave.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-02 11:02:14.821
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\GDBehave.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57
Percentage of memory in use: 43%
Total physical RAM: 3582.45 MB
Available physical RAM: 2037.1 MB
Total Virtual: 9632.18 MB
Available Virtual: 7607.52 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:43.95 GB) (Free:7.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:246.33 GB) (Free:164.17 GB) NTFS
Drive f: () (Removable) (Total:1.86 GB) (Free:1.76 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 73154E03)
Partition 1: (Not Active) - (Size=7.8 GB) - (Type=27)
Partition 2: (Active) - (Size=43.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=246.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================
         

--- --- ---

Den andern Thread pack ich dann in die Mülltonne.

Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

• Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
• Klicke auf Optionen und wähle als Sprache Deutsch.
• Suche im Uninstallerfeld nach den Programmen:
  
  pdfforge Toolbar v1.0
  
  Winamp Toolbar
  
  
  
• Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
• Wähle anschließend den Modus "Moderat" aus.
  
• Reste löschen:
  Klicke auf dann auf und dann auf .

 

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

anders rum, beide Threads wandern in die Tonne, du hast schon ein Thema bei Cosinus in Arbeit.