Hallo, habe Windows Vista "Home Premium 32 Bit und AVG Virenprogramm.

Habe gestern über Web.de den Firefox Restaurator angeklickt und seitdem jede Menge Werbung und meine Systhemwiederherstellung klappt seit längerem auch nicht mehr..

Würde mich über Hilfsantworten sehr freuen!!! Vielen Dank im Vorraus

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

PUP.Opional.RegCleanerPro 23.07.2015 14:02:14 Datei C: Windows System32 Tasks ASP

PUP.Optional.APNToolBar.Gen 23.07.2015 14:02:14 Ordner C: ProgramData APN APN-Stub


[CODE]Additional
FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

scan result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by Gaby Knauer at 2015-07-24 18:16:00
Running from C:\Users\Gaby Knauer\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2644797885-2660399231-1723101960-500 - Administrator - Disabled)
Gaby Knauer (S-1-5-21-2644797885-2660399231-1723101960-1000 - Administrator - Enabled) => C:\Users\Gaby Knauer
Gast (S-1-5-21-2644797885-2660399231-1723101960-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2644797885-2660399231-1723101960-1002 - Limited - Enabled) => C:\Users\UpdatusUser.GabyKnauer-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6081 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6081 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (de-DE) (Version: 15.0.1001.604 - AVG Technologies) Hidden
AVG PC TuneUp Language Pack (de-DE) (Version: 12.0.4000.108 - AVG Technologies) Hidden
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (Version: 100.0.239.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2220_ProductContext (Version: 100.0.292.000 - Hewlett-Packard) Hidden
F2200 (Version: 100.0.206.000 - Ihr Firmenname) Hidden
F2220_Help (Version: 100.0.292.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
GTOneCare (Version: 2.0.42 - Microsoft) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{D77D43B5-ED55-426b-B67B-E21F804F6102}) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
king.com (remove only) (HKLM\...\king.com) (Version:  - Midasplayer Ltd (king.com))
Lager (Version: 1.0.0.0 - Hewlett-Packard) Hidden
LightScribe Applications (HKLM\...\{7373184D-8E8F-4308-912A-3901071FA1AD}) (Version: 1.4.128.1 - Ihr Firmenname)
LightScribe System Software  1.10.19.1 (HKLM\...\{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}) (Version: 1.10.19.1 - Ihr Firmenname)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDVD-VR Recorder (Version: 1.0 - Mediostream) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Opera Stable 30.0.1835.125 (HKLM\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Philips Intelligent Agent (HKLM\...\Philips Intelligent Agent_is1) (Version: 2.2 - Philips)
Philips SPC530NC Webcam (HKLM\...\{69D598A7-A9C5-4396-8C92-39465FF2C874}) (Version: 1.00.000 - Philips)
Philips VLounge (HKLM\...\{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}) (Version:  - ArcSoft)
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
PX Engine (Version: 4.02 - Sonic) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5567 - Realtek Semiconductor Corp.)
Roxio WinOnCD 9 Basic (HKLM\...\{DCFFB64E-A757-4430-A455-B947F029BFD4}) (Version: 9.0.603 - Roxio)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
Sonic MyDVD-VR (HKLM\...\InstallShield_{897CA0D9-948F-4E5B-A20E-535E1060D3E6}) (Version: 1.0 - Mediostream)
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Fotogalerie (HKLM\...\{A1D08B90-AE1A-4885-AC29-731496FD397E}) (Version: 12.0.1347.0718 - Microsoft Corporation)
Windows Live installer (HKLM\...\{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{2B091530-69AA-442E-AB09-39ED06B58220}) (Version: 8.5.1302.1018 - Microsoft Corporation)
Windows Live Toolbar (HKLM\...\Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation)
Windows Live Writer (HKLM\...\{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}) (Version: 12.0.1370.0325 - Microsoft Corporation)
Windows-Treiberpaket - Philips (SPC530) Image  (02/27/2008 1.00.4.6100) (HKLM\...\756BFB266C8760D1D00122B70966CA693484E29B) (Version: 02/27/2008 1.00.4.6100 - Philips)
Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA  (02/19/2008 1.0.2.9) (HKLM\...\A2F03250749AF7ECADB8B8894CA30D5E0AD9CBEF) (Version: 02/19/2008 1.0.2.9 - Philips CL)
Windows-Treiberpaket - Philips USB  (02/27/2008 1.00.4.6100) (HKLM\...\4DF2FC2746A5836BEBDF1850FF4983FB4E9192D5) (Version: 02/27/2008 1.00.4.6100 - Philips)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2644797885-2660399231-1723101960-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2644797885-2660399231-1723101960-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2644797885-2660399231-1723101960-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)

==================== Restore Points =========================

07-07-2015 15:31:53 Geplanter Prüfpunkt
08-07-2015 16:23:58 Geplanter Prüfpunkt
09-07-2015 21:12:51 Geplanter Prüfpunkt
11-07-2015 15:02:39 Geplanter Prüfpunkt
12-07-2015 09:06:11 Geplanter Prüfpunkt
14-07-2015 18:24:06 Geplanter Prüfpunkt
15-07-2015 11:37:34 Geplanter Prüfpunkt
16-07-2015 00:00:27 Windows Update
17-07-2015 12:41:49 Geplanter Prüfpunkt
18-07-2015 08:14:25 Geplanter Prüfpunkt
19-07-2015 16:04:30 Geplanter Prüfpunkt
20-07-2015 13:46:46 Geplanter Prüfpunkt
21-07-2015 08:39:17 Geplanter Prüfpunkt
21-07-2015 09:18:02 Windows Update
22-07-2015 00:34:09 Geplanter Prüfpunkt
22-07-2015 11:41:19 Wiederherstellungsvorgang
22-07-2015 11:53:02 Wiederherstellungsvorgang
22-07-2015 13:05:34 Wiederherstellungsvorgang
22-07-2015 13:42:36 Wiederherstellungsvorgang
22-07-2015 14:02:41 Wiederherstellungsvorgang
22-07-2015 14:25:55 Wiederherstellungsvorgang
23-07-2015 09:51:11 Wiederherstellungsvorgang
23-07-2015 17:20:02 Wiederherstellungsvorgang

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {042E0F7F-2A3E-4AD9-AD77-37F495BF397F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {0E10D536-4DEE-44D3-8F48-AE4E2FE23188} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {1009F2A8-3BF7-4587-8406-AB6CE9B73FC5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {3A3C4A38-F5D8-4593-8EC4-3C88F21CE4E8} - System32\Tasks\{BC9DCFD9-3D03-4DD7-8B98-E012E0A21104} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.166&LastError=206
Task: {60504EC9-01F0-484D-8ADD-EBC6E1958412} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {6A868283-B98B-4457-B34E-A852A55FFEF4} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {723A412F-A508-4C9F-B336-800E5E1E9A92} - System32\Tasks\Auf Updates für Windows Live Toolbar prüfen => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19] (Microsoft Corporation)
Task: {9CD00A61-C7CD-4E17-B7A4-47E172A8316D} - System32\Tasks\{BB0A14CE-C826-4D15-8665-11A0F69F7382} => C:\Program Files\Skype\Phone\Skype.exe
Task: {A2E04672-9ECF-4A30-A382-C29EE35E6814} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {AF1708D5-EB90-4520-AE2A-2ADF5FE3921F} - \ASP No Task File <==== ATTENTION
Task: {CDB2DD39-C75A-4626-B098-A590CF8A2130} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {E1D40C0F-B948-4629-8FD4-30085A001936} - System32\Tasks\Opera scheduled Autoupdate 1429692264 => C:\Program Files\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {E9E7D3C3-3655-4592-9AC8-C60A98087ACB} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F77E72C5-0D9E-4277-BCFE-A3732A14E3EE} - System32\Tasks\{187D873F-65FC-4761-89E1-C48B591D872C} => C:\Program Files\Skype\Phone\Skype.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (Whitelisted) ==============

2007-07-12 14:55 - 2007-07-12 14:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 16:43 - 2007-08-14 16:43 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 14:55 - 2007-07-12 14:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2015-04-08 21:53 - 2015-04-08 21:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\OneCareMP => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2644797885-2660399231-1723101960-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img34.jpg
HKU\S-1-5-21-2644797885-2660399231-1723101960-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{5F025DEE-B875-442D-85D0-604BC99D11CD}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F23D3C88-7AB8-4144-BFD3-1EFA3A1FD2E5}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{376E07C2-315A-421C-AF4B-540206E19A76}] => (Allow) F:\SymNRT.exe
FirewallRules: [{4F9DCD82-DADE-4402-8EA0-5DE0C6042E98}] => (Allow) F:\SymNRT.exe
FirewallRules: [{287FB4E5-5EF3-4B51-AC8D-80534AEF57D9}] => (Allow) \\192.168.2.210\install\INST86\Software\NIS RemoveTool\SymNRT.exe
FirewallRules: [{F75CC7A9-9BDD-461C-8789-CF2D3A4B4570}] => (Allow) \\192.168.2.210\install\INST86\Software\NIS RemoveTool\SymNRT.exe
FirewallRules: [{B4A29D0B-CFBD-4640-949E-E0573DDBD8EE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A44804B6-F907-4A18-91F7-FC08A252ACDF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{93739EC9-3BCE-4032-9369-81A94D7A316B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{03312E83-4830-4019-9458-23010CD533C3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{38846055-5BCE-4993-A218-2F4FC4A20271}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{BECA4370-3E29-486D-94D9-E505A333539E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{8EF62979-2C9B-45EC-A63D-CB600BAE00DA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F432EFFA-60A5-42D3-84DF-83BFE5F0E8F5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D53919FB-3292-40BE-8F59-145994D18250}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{50EDAAE6-DF61-41E7-A365-98577B47098F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{8C97030D-E56E-4519-8D33-6717A701660E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\Lager\hpiscnapp.exe
FirewallRules: [{1FED0A27-8C30-4AD9-842B-DDF6274A6975}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\Lager\hpiscnapp.exe
FirewallRules: [{ECE77B87-F7F2-4B94-BF7F-9778CFD27571}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\Lager\hpqkygrp.exe
FirewallRules: [{E0FFAA43-003F-4443-8F8C-734F97ABD687}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\Lager\hpqkygrp.exe
FirewallRules: [{3E2E7CD4-23BA-46DC-9006-6B7DC9FC4EAE}] => (Allow) LPort=80
FirewallRules: [{FC518707-EAC5-4DB6-82F5-E33D1A3520D1}] => (Allow) LPort=80
FirewallRules: [{46A82F74-84DE-450F-99C6-CD80CE7AA8D9}] => (Allow) LPort=80
FirewallRules: [{8B72C2C7-D141-4448-B9A2-7DA2BEBF9096}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C5172C6C-80A6-4523-AA93-066E0993B00C}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{21A6186F-C99B-4A92-A156-8FCE81940246}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{0E270C47-4D1B-401B-AA43-5C0928748674}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{68F259D2-9BBD-4F22-84F0-97367A17D540}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{A5028A32-86FD-458B-A99C-16248DD6B535}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6E8A47E7-0D66-4A4E-BB4D-ADC27F55B22D}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{26430A6F-D0DC-4511-9CB4-BE4871B1570E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{59F94235-F87E-4C84-93C9-4D6F9A055656}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{9A0AF003-F75E-4BF8-BDDD-C2646D169381}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{38997EEE-EA28-4F4F-9F62-6C0B783EBF96}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D854DB0A-7C94-44DE-AC6C-80AA8343A948}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{B1D3FBC5-BE5B-4973-889C-D46B502AA44B}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{338A3B1C-5C9C-4166-A42B-989E3E58751F}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{7C5C9402-1AEF-4340-8E93-578A41B89AAF}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{BD588EEA-C400-4B7B-B971-5CD3A2AD59B0}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{903AA193-7495-453C-BA45-A1B88163541C}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{ED37A59F-FAC1-4844-9253-4D669DD2F4E6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{8D5FD096-F950-4EA1-BED5-E2A3C1AA1174}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E8041663-08D9-4965-8227-6327C2D55D1D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{3E09FDB6-9B39-492C-8259-35897336CCC9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F0BD0D45-0E2C-4DA4-A95D-86A596471788}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2015 10:11:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung WksWP.exe, Version 9.7.613.0, Zeitstempel 0x466fad27, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0x15f8, Anwendungsstartzeit WksWP.exe0.

Error: (07/24/2015 06:28:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 05:34:32 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: .

Error: (07/23/2015 05:28:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 10:01:20 AM) (Source: System Restore) (EventID: 8209) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: .

Error: (07/23/2015 09:57:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 07:34:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 02:44:14 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: .

Error: (07/22/2015 02:41:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 02:21:12 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: .


System errors:
=============
Error: (07/24/2015 06:30:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (07/24/2015 06:29:41 AM) (Source: MSFWDrv) (EventID: 9) (User: )
Description: Das Gerät  hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (07/24/2015 06:29:42 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/23/2015 05:29:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/23/2015 09:59:13 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/23/2015 07:35:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/22/2015 02:42:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/22/2015 02:19:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/22/2015 01:54:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/22/2015 01:14:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service


Microsoft Office:
=========================
Error: (07/24/2015 10:11:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WksWP.exe9.7.613.0466fad27unknown0.0.0.000000000c00000050000000015f801d0c5e80d683522

Error: (07/24/2015 06:28:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 05:34:32 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Geplanter Prüfpunkt

Error: (07/23/2015 05:28:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 10:01:20 AM) (Source: System Restore) (EventID: 8209) (User: )
Description: Geplanter Prüfpunkt

Error: (07/23/2015 09:57:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 07:34:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 02:44:14 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Geplanter Prüfpunkt

Error: (07/22/2015 02:41:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 02:21:12 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Geplanter Prüfpunkt


CodeIntegrity Errors:
===================================
  Date: 2015-07-24 18:15:51.159
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:50.377
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:49.596
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:48.815
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:47.846
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:47.049
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:46.268
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:45.471
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:44.174
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:43.393
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 61%
Total physical RAM: 1982.52 MB
Available physical RAM: 764.5 MB
Total Virtual: 4206.29 MB
Available Virtual: 2268.75 MB

==================== Drives ================================

Drive c: (VISTA) (Fixed) (Total:225.07 GB) (Free:154.65 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (!!! NICHT LOESCHEN !!!) (Fixed) (Total:7.81 GB) (Free:3.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 23E0F472)
Partition 1: (Active) - (Size=225.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.8 GB) - (Type=07 NTFS)

==================== End of log ============================
         

--- --- ---
[CODE]Additional
FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

scan result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by Gaby Knauer at 2015-07-24 18:16:00
Running from C:\Users\Gaby Knauer\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2644797885-2660399231-1723101960-500 - Administrator - Disabled)
Gaby Knauer (S-1-5-21-2644797885-2660399231-1723101960-1000 - Administrator - Enabled) => C:\Users\Gaby Knauer
Gast (S-1-5-21-2644797885-2660399231-1723101960-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2644797885-2660399231-1723101960-1002 - Limited - Enabled) => C:\Users\UpdatusUser.GabyKnauer-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6081 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6081 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (de-DE) (Version: 15.0.1001.604 - AVG Technologies) Hidden
AVG PC TuneUp Language Pack (de-DE) (Version: 12.0.4000.108 - AVG Technologies) Hidden
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (Version: 100.0.239.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2220_ProductContext (Version: 100.0.292.000 - Hewlett-Packard) Hidden
F2200 (Version: 100.0.206.000 - Ihr Firmenname) Hidden
F2220_Help (Version: 100.0.292.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
GTOneCare (Version: 2.0.42 - Microsoft) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{D77D43B5-ED55-426b-B67B-E21F804F6102}) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
king.com (remove only) (HKLM\...\king.com) (Version:  - Midasplayer Ltd (king.com))
Lager (Version: 1.0.0.0 - Hewlett-Packard) Hidden
LightScribe Applications (HKLM\...\{7373184D-8E8F-4308-912A-3901071FA1AD}) (Version: 1.4.128.1 - Ihr Firmenname)
LightScribe System Software  1.10.19.1 (HKLM\...\{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}) (Version: 1.10.19.1 - Ihr Firmenname)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDVD-VR Recorder (Version: 1.0 - Mediostream) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Opera Stable 30.0.1835.125 (HKLM\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Philips Intelligent Agent (HKLM\...\Philips Intelligent Agent_is1) (Version: 2.2 - Philips)
Philips SPC530NC Webcam (HKLM\...\{69D598A7-A9C5-4396-8C92-39465FF2C874}) (Version: 1.00.000 - Philips)
Philips VLounge (HKLM\...\{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}) (Version:  - ArcSoft)
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
PX Engine (Version: 4.02 - Sonic) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5567 - Realtek Semiconductor Corp.)
Roxio WinOnCD 9 Basic (HKLM\...\{DCFFB64E-A757-4430-A455-B947F029BFD4}) (Version: 9.0.603 - Roxio)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
Sonic MyDVD-VR (HKLM\...\InstallShield_{897CA0D9-948F-4E5B-A20E-535E1060D3E6}) (Version: 1.0 - Mediostream)
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Fotogalerie (HKLM\...\{A1D08B90-AE1A-4885-AC29-731496FD397E}) (Version: 12.0.1347.0718 - Microsoft Corporation)
Windows Live installer (HKLM\...\{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}) (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{2B091530-69AA-442E-AB09-39ED06B58220}) (Version: 8.5.1302.1018 - Microsoft Corporation)
Windows Live Toolbar (HKLM\...\Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation)
Windows Live Writer (HKLM\...\{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}) (Version: 12.0.1370.0325 - Microsoft Corporation)
Windows-Treiberpaket - Philips (SPC530) Image  (02/27/2008 1.00.4.6100) (HKLM\...\756BFB266C8760D1D00122B70966CA693484E29B) (Version: 02/27/2008 1.00.4.6100 - Philips)
Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA  (02/19/2008 1.0.2.9) (HKLM\...\A2F03250749AF7ECADB8B8894CA30D5E0AD9CBEF) (Version: 02/19/2008 1.0.2.9 - Philips CL)
Windows-Treiberpaket - Philips USB  (02/27/2008 1.00.4.6100) (HKLM\...\4DF2FC2746A5836BEBDF1850FF4983FB4E9192D5) (Version: 02/27/2008 1.00.4.6100 - Philips)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2644797885-2660399231-1723101960-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2644797885-2660399231-1723101960-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-2644797885-2660399231-1723101960-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)

==================== Restore Points =========================

07-07-2015 15:31:53 Geplanter Prüfpunkt
08-07-2015 16:23:58 Geplanter Prüfpunkt
09-07-2015 21:12:51 Geplanter Prüfpunkt
11-07-2015 15:02:39 Geplanter Prüfpunkt
12-07-2015 09:06:11 Geplanter Prüfpunkt
14-07-2015 18:24:06 Geplanter Prüfpunkt
15-07-2015 11:37:34 Geplanter Prüfpunkt
16-07-2015 00:00:27 Windows Update
17-07-2015 12:41:49 Geplanter Prüfpunkt
18-07-2015 08:14:25 Geplanter Prüfpunkt
19-07-2015 16:04:30 Geplanter Prüfpunkt
20-07-2015 13:46:46 Geplanter Prüfpunkt
21-07-2015 08:39:17 Geplanter Prüfpunkt
21-07-2015 09:18:02 Windows Update
22-07-2015 00:34:09 Geplanter Prüfpunkt
22-07-2015 11:41:19 Wiederherstellungsvorgang
22-07-2015 11:53:02 Wiederherstellungsvorgang
22-07-2015 13:05:34 Wiederherstellungsvorgang
22-07-2015 13:42:36 Wiederherstellungsvorgang
22-07-2015 14:02:41 Wiederherstellungsvorgang
22-07-2015 14:25:55 Wiederherstellungsvorgang
23-07-2015 09:51:11 Wiederherstellungsvorgang
23-07-2015 17:20:02 Wiederherstellungsvorgang

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {042E0F7F-2A3E-4AD9-AD77-37F495BF397F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {0E10D536-4DEE-44D3-8F48-AE4E2FE23188} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {1009F2A8-3BF7-4587-8406-AB6CE9B73FC5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {3A3C4A38-F5D8-4593-8EC4-3C88F21CE4E8} - System32\Tasks\{BC9DCFD9-3D03-4DD7-8B98-E012E0A21104} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.166&LastError=206
Task: {60504EC9-01F0-484D-8ADD-EBC6E1958412} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {6A868283-B98B-4457-B34E-A852A55FFEF4} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {723A412F-A508-4C9F-B336-800E5E1E9A92} - System32\Tasks\Auf Updates für Windows Live Toolbar prüfen => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19] (Microsoft Corporation)
Task: {9CD00A61-C7CD-4E17-B7A4-47E172A8316D} - System32\Tasks\{BB0A14CE-C826-4D15-8665-11A0F69F7382} => C:\Program Files\Skype\Phone\Skype.exe
Task: {A2E04672-9ECF-4A30-A382-C29EE35E6814} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {AF1708D5-EB90-4520-AE2A-2ADF5FE3921F} - \ASP No Task File <==== ATTENTION
Task: {CDB2DD39-C75A-4626-B098-A590CF8A2130} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {E1D40C0F-B948-4629-8FD4-30085A001936} - System32\Tasks\Opera scheduled Autoupdate 1429692264 => C:\Program Files\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {E9E7D3C3-3655-4592-9AC8-C60A98087ACB} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F77E72C5-0D9E-4277-BCFE-A3732A14E3EE} - System32\Tasks\{187D873F-65FC-4761-89E1-C48B591D872C} => C:\Program Files\Skype\Phone\Skype.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (Whitelisted) ==============

2007-07-12 14:55 - 2007-07-12 14:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 16:43 - 2007-08-14 16:43 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 14:55 - 2007-07-12 14:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2015-04-08 21:53 - 2015-04-08 21:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\OneCareMP => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2644797885-2660399231-1723101960-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img34.jpg
HKU\S-1-5-21-2644797885-2660399231-1723101960-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{5F025DEE-B875-442D-85D0-604BC99D11CD}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F23D3C88-7AB8-4144-BFD3-1EFA3A1FD2E5}] => (Allow) C:\Program Files\Windows Live\Messenger\livecall.exe
FirewallRules: [{376E07C2-315A-421C-AF4B-540206E19A76}] => (Allow) F:\SymNRT.exe
FirewallRules: [{4F9DCD82-DADE-4402-8EA0-5DE0C6042E98}] => (Allow) F:\SymNRT.exe
FirewallRules: [{287FB4E5-5EF3-4B51-AC8D-80534AEF57D9}] => (Allow) \\192.168.2.210\install\INST86\Software\NIS RemoveTool\SymNRT.exe
FirewallRules: [{F75CC7A9-9BDD-461C-8789-CF2D3A4B4570}] => (Allow) \\192.168.2.210\install\INST86\Software\NIS RemoveTool\SymNRT.exe
FirewallRules: [{B4A29D0B-CFBD-4640-949E-E0573DDBD8EE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A44804B6-F907-4A18-91F7-FC08A252ACDF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{93739EC9-3BCE-4032-9369-81A94D7A316B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{03312E83-4830-4019-9458-23010CD533C3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{38846055-5BCE-4993-A218-2F4FC4A20271}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{BECA4370-3E29-486D-94D9-E505A333539E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{8EF62979-2C9B-45EC-A63D-CB600BAE00DA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F432EFFA-60A5-42D3-84DF-83BFE5F0E8F5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D53919FB-3292-40BE-8F59-145994D18250}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{50EDAAE6-DF61-41E7-A365-98577B47098F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{8C97030D-E56E-4519-8D33-6717A701660E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\Lager\hpiscnapp.exe
FirewallRules: [{1FED0A27-8C30-4AD9-842B-DDF6274A6975}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\Lager\hpiscnapp.exe
FirewallRules: [{ECE77B87-F7F2-4B94-BF7F-9778CFD27571}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\Lager\hpqkygrp.exe
FirewallRules: [{E0FFAA43-003F-4443-8F8C-734F97ABD687}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\Lager\hpqkygrp.exe
FirewallRules: [{3E2E7CD4-23BA-46DC-9006-6B7DC9FC4EAE}] => (Allow) LPort=80
FirewallRules: [{FC518707-EAC5-4DB6-82F5-E33D1A3520D1}] => (Allow) LPort=80
FirewallRules: [{46A82F74-84DE-450F-99C6-CD80CE7AA8D9}] => (Allow) LPort=80
FirewallRules: [{8B72C2C7-D141-4448-B9A2-7DA2BEBF9096}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C5172C6C-80A6-4523-AA93-066E0993B00C}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{21A6186F-C99B-4A92-A156-8FCE81940246}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{0E270C47-4D1B-401B-AA43-5C0928748674}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{68F259D2-9BBD-4F22-84F0-97367A17D540}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{A5028A32-86FD-458B-A99C-16248DD6B535}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6E8A47E7-0D66-4A4E-BB4D-ADC27F55B22D}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{26430A6F-D0DC-4511-9CB4-BE4871B1570E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{59F94235-F87E-4C84-93C9-4D6F9A055656}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{9A0AF003-F75E-4BF8-BDDD-C2646D169381}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{38997EEE-EA28-4F4F-9F62-6C0B783EBF96}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D854DB0A-7C94-44DE-AC6C-80AA8343A948}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{B1D3FBC5-BE5B-4973-889C-D46B502AA44B}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{338A3B1C-5C9C-4166-A42B-989E3E58751F}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{7C5C9402-1AEF-4340-8E93-578A41B89AAF}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{BD588EEA-C400-4B7B-B971-5CD3A2AD59B0}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{903AA193-7495-453C-BA45-A1B88163541C}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{ED37A59F-FAC1-4844-9253-4D669DD2F4E6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{8D5FD096-F950-4EA1-BED5-E2A3C1AA1174}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E8041663-08D9-4965-8227-6327C2D55D1D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{3E09FDB6-9B39-492C-8259-35897336CCC9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F0BD0D45-0E2C-4DA4-A95D-86A596471788}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2015 10:11:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung WksWP.exe, Version 9.7.613.0, Zeitstempel 0x466fad27, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,
Prozess-ID 0x15f8, Anwendungsstartzeit WksWP.exe0.

Error: (07/24/2015 06:28:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 05:34:32 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: .

Error: (07/23/2015 05:28:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 10:01:20 AM) (Source: System Restore) (EventID: 8209) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: .

Error: (07/23/2015 09:57:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 07:34:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 02:44:14 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: .

Error: (07/22/2015 02:41:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 02:21:12 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Geplanter Prüfpunkt). Zusätzliche Informationen: .


System errors:
=============
Error: (07/24/2015 06:30:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (07/24/2015 06:29:41 AM) (Source: MSFWDrv) (EventID: 9) (User: )
Description: Das Gerät  hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (07/24/2015 06:29:42 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/23/2015 05:29:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/23/2015 09:59:13 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/23/2015 07:35:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/22/2015 02:42:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/22/2015 02:19:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/22/2015 01:54:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/22/2015 01:14:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service


Microsoft Office:
=========================
Error: (07/24/2015 10:11:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WksWP.exe9.7.613.0466fad27unknown0.0.0.000000000c00000050000000015f801d0c5e80d683522

Error: (07/24/2015 06:28:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 05:34:32 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Geplanter Prüfpunkt

Error: (07/23/2015 05:28:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 10:01:20 AM) (Source: System Restore) (EventID: 8209) (User: )
Description: Geplanter Prüfpunkt

Error: (07/23/2015 09:57:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 07:34:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 02:44:14 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Geplanter Prüfpunkt

Error: (07/22/2015 02:41:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 02:21:12 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Geplanter Prüfpunkt


CodeIntegrity Errors:
===================================
  Date: 2015-07-24 18:15:51.159
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:50.377
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:49.596
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:48.815
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:47.846
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:47.049
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:46.268
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:45.471
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:44.174
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 18:15:43.393
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 61%
Total physical RAM: 1982.52 MB
Available physical RAM: 764.5 MB
Total Virtual: 4206.29 MB
Available Virtual: 2268.75 MB

==================== Drives ================================

Drive c: (VISTA) (Fixed) (Total:225.07 GB) (Free:154.65 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (!!! NICHT LOESCHEN !!!) (Fixed) (Total:7.81 GB) (Free:3.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 23E0F472)
Partition 1: (Active) - (Size=225.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.8 GB) - (Type=07 NTFS)

==================== End of log ============================
         

--- --- ---

--- --- ---

Du hast 2x dieselbe Additon.txt gepostet.

Ohne FRST Log (BHOs, Treiber, Registry) wird das nix.

Das FRST.txt Log befindet sich im selben Verzeichnis wie FRST.exe, wenn es noch nicht gelöscht wurde. Wenn die .txt weg ist, dann musst Du den Farbar Scan nochmal machen.

Sorry, war mir gar nicht aufgefallen.

Malwarebytes Anti-Malware , hatte:
PUP.Optional.RegCleanerPRO
PUP.Optional.APNToolBar.Gen
gefunden und in die Quarantäne verschoben.

Eine Scan Liste habe ich nicht gefunden. Auch bei meinem AVG nicht.

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Gaby Knauer (administrator) on GABYKNAUER-PC on 24-07-2015 18:14:15
Running from C:\Users\Gaby Knauer\Downloads
Loaded Profiles: Gaby Knauer & UpdatusUser (Available Profiles: Gaby Knauer & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Philips) C:\Windows\VPro530.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4915200 2008-02-13] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [225280 2007-03-12] (Sonic Solutions)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2644797885-2660399231-1723101960-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-10-18] (Hewlett-Packard Company)
HKU\S-1-5-21-2644797885-2660399231-1723101960-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-2644797885-2660399231-1723101960-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2644797885-2660399231-1723101960-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2644797885-2660399231-1723101960-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009-09-13]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPro530.lnk [2009-09-18]
ShortcutTarget: VPro530.lnk -> C:\Windows\VPro530.exe (Philips)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2644797885-2660399231-1723101960-1000] => 179.191.52.30:8081
HKU\S-1-5-21-2644797885-2660399231-1723101960-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={BC2E8807-EA0D-43DF-9688-25F99297DC6D}&mid=5224f57ff89647d18fffd154d4130562-06ce4fc639803a2e3563922518183d8e94088cb9&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-06 11:00:22&v=4.0.0.19&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-2644797885-2660399231-1723101960-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={BC2E8807-EA0D-43DF-9688-25F99297DC6D}&mid=5224f57ff89647d18fffd154d4130562-06ce4fc639803a2e3563922518183d8e94088cb9&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-06 11:00:22&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2644797885-2660399231-1723101960-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=ie_search_box_PMM_with_IM
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} ->  No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-2644797885-2660399231-1723101960-1000 -> Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2644797885-2660399231-1723101960-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-2644797885-2660399231-1723101960-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [2007-10-18] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6253FAEC-036A-4846-BB1D-F40B12D33C28}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Gaby Knauer\AppData\Roaming\Mozilla\Firefox\Profiles\jwlj4esq.default-1437553706676
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: WEB.DE Suche
FF Homepage: chrome://unitedtb/content/newtab/startpage.xhtml
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "195.5.246.171"
FF NetworkProxy: "ftp_port", 443
FF NetworkProxy: "http", "195.5.246.171"
FF NetworkProxy: "http_port", 443
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "195.5.246.171"
FF NetworkProxy: "socks_port", 443
FF NetworkProxy: "ssl", "195.5.246.171"
FF NetworkProxy: "ssl_port", 443
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-08-02] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmidas.dll [2010-03-08] (Midasplayer Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-11-06]
FF Extension: WEB.DE MailCheck - C:\Users\Gaby Knauer\AppData\Roaming\Mozilla\Firefox\Profiles\jwlj4esq.default-1437553706676\Extensions\mailcheck@web.de [2015-07-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-09]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\program files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\program files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\program files\Google\Chrome\Application\38.0.2125.111\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (king.com - Game controller for firefox) - C:\Program Files\Mozilla Firefox\plugins\npmidas.dll (Midasplayer Ltd)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Gaby Knauer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gaby Knauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-06]
CHR Extension: (YouTube) - C:\Users\Gaby Knauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-16]
CHR Extension: (Google Search) - C:\Users\Gaby Knauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-16]
CHR Extension: (Google Wallet) - C:\Users\Gaby Knauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Gmail) - C:\Users\Gaby Knauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 msfwsvc; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [869952 2007-11-27] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 OneCareMP; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [18704 2007-12-19] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2007-03-12] (Sonic Solutions) [File not signed]
S2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2007-03-12] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2007-02-14] (MicroVision Development, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [231856 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [170464 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [70928 2007-07-06] (Microsoft Corporation)
R2 MSFWDrv; C:\Windows\System32\DRIVERS\msfwdrv.sys [91200 2007-11-27] (Microsoft Corporation)
R1 MSFWHLPR; C:\Windows\System32\DRIVERS\msfwhlpr.sys [37440 2007-11-27] (Microsoft Corporation)
R3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [118310 2008-03-07] (Philips Applied Technologies)
S4 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [50688 2006-12-02] (Sonic Solutions) [File not signed]
R3 SPC530; C:\Windows\System32\drivers\SPC530.sys [484864 2008-03-05] (                                                            )
R3 SPC530m; C:\Windows\System32\drivers\SPC530m.sys [7680 2008-03-05] (                                                            )
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-24 18:14 - 2015-07-24 18:15 - 00020194 _____ C:\Users\Gaby Knauer\Downloads\FRST.txt
2015-07-24 18:13 - 2015-07-24 18:14 - 00000000 ____D C:\FRST
2015-07-24 18:11 - 2015-07-24 18:12 - 01638912 _____ (Farbar) C:\Users\Gaby Knauer\Downloads\FRST.exe
2015-07-23 13:58 - 2015-07-24 13:12 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-23 13:57 - 2015-07-23 17:34 - 00000904 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-23 13:57 - 2015-07-23 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-23 13:57 - 2015-07-23 17:34 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-07-23 13:57 - 2015-07-23 13:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-23 13:57 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-23 13:57 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-23 13:57 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-23 13:51 - 2015-07-23 13:51 - 00000683 _____ C:\Users\Gaby Knauer\Desktop\Download - Verknüpfung.lnk
2015-07-22 15:04 - 2015-07-22 15:04 - 00000000 ____D C:\Users\Gaby Knauer\AppData\Roaming\ASP
2015-07-22 15:03 - 2015-07-03 13:07 - 00017392 _____ () C:\Windows\system32\roboot.exe
2015-07-22 13:29 - 2015-07-22 13:29 - 00000845 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-07-22 13:29 - 2015-07-22 13:29 - 00000833 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-07-21 09:18 - 2015-07-14 18:02 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 09:18 - 2015-07-14 16:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-16 00:13 - 2015-07-03 18:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-16 00:13 - 2015-06-25 04:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-16 00:12 - 2015-06-17 18:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-16 00:12 - 2015-06-17 17:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-16 00:12 - 2015-06-12 18:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-16 00:03 - 2015-05-31 10:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-16 00:02 - 2015-06-27 18:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-16 00:02 - 2015-06-27 18:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-16 00:02 - 2015-06-27 18:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-16 00:02 - 2015-06-27 18:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-16 00:02 - 2015-06-27 16:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-16 00:02 - 2015-06-27 16:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-16 00:02 - 2015-06-12 15:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-16 00:02 - 2015-01-09 02:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 08:12 - 2015-07-03 07:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 08:12 - 2015-07-03 07:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 08:12 - 2015-06-17 03:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 08:12 - 2015-06-17 03:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 08:12 - 2015-06-17 03:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 08:12 - 2015-06-17 03:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 08:12 - 2015-06-17 03:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 08:12 - 2015-06-17 03:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 08:12 - 2015-06-17 03:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 08:12 - 2015-06-17 03:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 08:12 - 2015-06-17 03:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 08:12 - 2015-06-17 03:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-15 08:12 - 2015-06-17 03:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 08:12 - 2015-06-17 03:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 08:12 - 2015-06-17 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 08:12 - 2015-06-17 03:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 08:12 - 2015-06-17 03:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 08:12 - 2015-06-17 03:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-15 08:12 - 2015-06-17 03:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-15 08:12 - 2015-06-17 03:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-15 08:11 - 2015-06-17 03:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 08:11 - 2015-06-17 03:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-26 09:49 - 2015-06-26 09:49 - 00231856 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-24 18:11 - 2013-02-20 07:56 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-24 17:52 - 2008-09-15 19:22 - 01363817 _____ C:\Windows\WindowsUpdate.log
2015-07-24 17:35 - 2012-04-29 18:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-24 17:25 - 2008-03-12 13:52 - 00000270 _____ C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
2015-07-24 16:27 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-24 16:27 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-24 10:13 - 2013-05-30 02:02 - 01619968 _____ C:\Users\Gaby Knauer\Desktop\Proxy.wps
2015-07-24 10:13 - 2008-09-20 15:47 - 00005452 _____ C:\Users\Gaby Knauer\AppData\Roaming\wklnhst.dat
2015-07-24 08:18 - 2011-08-14 17:28 - 00000000 ____D C:\ProgramData\MFAData
2015-07-24 06:27 - 2013-02-20 07:56 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-24 06:27 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-23 23:41 - 2006-11-02 15:01 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-23 17:25 - 2013-04-15 18:35 - 00000000 ___RD C:\Users\UpdatusUser.GabyKnauer-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-23 17:25 - 2013-04-15 18:35 - 00000000 ___RD C:\Users\UpdatusUser.GabyKnauer-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-23 17:25 - 2013-04-15 18:35 - 00000000 ____D C:\Users\UpdatusUser.GabyKnauer-PC
2015-07-23 17:25 - 2010-02-28 11:47 - 00000000 ____D C:\Program Files\TeamViewer
2015-07-23 17:25 - 2006-11-02 13:18 - 00000000 __RSD C:\Windows\Media
2015-07-23 17:25 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2015-07-23 17:25 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2015-07-23 14:33 - 2013-07-01 19:27 - 00000000 ____D C:\ProgramData\APN
2015-07-23 13:51 - 2008-09-20 14:42 - 00000000 ____D C:\Users\Gaby Knauer
2015-07-23 08:12 - 2011-06-29 12:12 - 00894976 _____ C:\Users\Gaby Knauer\Documents\Pizzarezept.wps
2015-07-22 14:34 - 2015-04-22 10:44 - 00000000 ____D C:\Program Files\Opera
2015-07-22 14:34 - 2014-05-31 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-22 14:34 - 2013-02-20 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-21 17:05 - 2008-12-29 22:50 - 00827392 _____ C:\Users\Gaby Knauer\Documents\Arbeitsamt.wps
2015-07-21 12:46 - 2006-11-02 14:47 - 00428056 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-19 20:10 - 2011-06-15 12:37 - 00035840 _____ C:\Users\Gaby Knauer\Documents\Unbenanntes Dokument.wps
2015-07-18 22:49 - 2015-04-27 17:40 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-16 07:12 - 2008-01-21 09:16 - 01567488 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 00:12 - 2013-07-16 21:13 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 12:35 - 2012-04-29 18:25 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 12:35 - 2011-05-19 13:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-14 20:52 - 2011-08-01 17:15 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-14 10:18 - 2014-08-28 12:49 - 00000000 ____D C:\Users\Gaby Knauer\AppData\Local\Adobe
2015-07-10 09:46 - 2014-10-23 15:01 - 00000863 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-07-03 14:51 - 2012-05-08 16:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-03 09:48 - 2013-11-06 23:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-03 08:49 - 2006-11-02 12:24 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-07-01 15:16 - 2009-09-13 12:23 - 00000000 ____D C:\Users\Gaby Knauer\Documents\Eigene Scans

==================== Files in the root of some directories =======

2008-09-20 15:47 - 2015-07-24 10:13 - 0005452 _____ () C:\Users\Gaby Knauer\AppData\Roaming\wklnhst.dat
2012-10-29 22:11 - 2015-05-04 12:34 - 0005120 _____ () C:\Users\Gaby Knauer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-09-13 11:56 - 2010-02-27 22:56 - 0004772 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-24 06:35

==================== End of log ============================
         

Warum kannst du nicht einfach das Log von MBAM posten....?!

Ich hoffe es ist jetzt richtig, mußte den Suchlauf nochmal starten um die Log Datei zu erhalten

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 25.07.2015
Suchlaufzeit: 18:54:15
Protokolldatei: 12.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.25.02
Rootkit-Datenbank: v2015.07.22.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Gaby Knauer

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 390062
Abgelaufene Zeit: 28 Min., 3 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

MBAM speichert die Log. Unter Verlauf => Anwendungsprotokolle => Suchlauf-Protokolle

War das jetzt richtig?

Du hast meinen letzten Beitrag gelesen?

Was muß ich jetzt tun?

Meine Beiträge lesen???

Hauskran:

Cosinus möchte das Log, das zeigt, wie Du die 2 Dateien in Quarantäne verschoben hast.
Er möchte kein Log von einem späteren Scan!

DAS heisst: Log vom 23.07. um 14:02 Uhr --> zu finden unter Menüpunkt (Doppelklick auf Malwarebytes-Verknüpfung) --> Verlauf => Anwendungsprotokolle => Suchlauf-Protokolle

Betreffendes Log vom 23.07. 14:02 Uhr dann "Export" als .txt und hier in Code Tags (#) posten.

Vielen dank Avenger77 für die genaue Beschreibung, hatte vorher die Liste nicht gefunden, warum auch immer, aber jetzt habe ich sie endlich gefunden, war schon am verzweifeln, denn lesen kann ich.

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 23.07.2015
Suchlaufzeit: 14:02:14
Protokolldatei: 15.txt
Administrator: Ja

Version: 2.01.6.1022
Malware-Datenbank: v2015.07.23.02
Rootkit-Datenbank: v2015.07.22.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Gaby Knauer

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 389922
Abgelaufene Zeit: 23 Min., 25 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 1
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, In Quarantäne, [26087570375365d18c8a689e1ce7c33d], 

Dateien: 1
PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\ASP, In Quarantäne, [e54938adaddd3df957baa48dfd06728e], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

Gern geschehen!

Du hast da Proxys aus Brasilien und derzeit Frankreich drin...
Benutzt Du Torrents? Ist Dir Roxio bekannt?