Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird

PoseidoPferd · 28.01.2018, 22:29

- Seit November/Dezember 2017 ist bei jedem Öffnen von Firefox (mittlerweile Quantum / Firefox 58.0) Bing die Standardsuchmaschine.
- Etwa zeitgleich begann es, daß Firefox im Windows Task Manager / Processes mehrere Zeilen einnimmt ("Image Name" ist jedes Mal "firefox.exe")
- Etwa zeitgleich oder noch jünger: Hin und wieder ist unten links im Bildschirm die blaue Titelleiste eines kleinen Fensters (etwa so breit wie eine Firefox-Registerkarte) zu sehen; der Rest des leeren Fensters ist aus dem Bildschirm geschoben. Ich kann das Fenster zwar verschieben, aber nicht schließen.

Ich habe in der Folge u.a. Malwarebytes genutzt, das Programm fand mehrere Probleme (s.u.; anschließend der aktuelle Report). Die o.g. Themen blieben unverändert.

- Leider schon länger wird mein Rechner in unregelmäßigen Abständen sehr langsam.
Oft (aber keineswegs immer) weist schließlich ein Fenster (meist, ohne sich in den Vordergrund zu drängen) in Firefox oder Thunderbird auf ein nicht reagierendes Script hin. Titelleiste: "Warning: Unresponsive Script". Links ein weißes Fragezeichen auf blauem Grund, daneben der Text: "A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.
Script: chrome://messenger/content/tabmail.xml:463 [das Ende variiert]
[checkbox] Don't ask me again
[buttons] continue stop script"
Wenn ich das Script stoppe, wird der Rechner erstmal wieder schneller, klar... Übrigens habe ich nie (Google-)Chrome installiert.

Als Virenscanner benutze ich Avira. Wie kann ich da ein Logfile, einen "Report" o.ä. abrufen?

Vielen Dank im voraus für Eure Hilfe!!!

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by ~.~ (administrator) on CUNEGONDE (26-01-2018 21:23:41)
Running from C:\Users\~.~\Desktop
Loaded Profiles: ~.~ (Available Profiles: ~.~ & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program_Files_(x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program_Files_(x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Intel(R) Corporation) C:\Program Files (x86)\WiFi\bin\EvtEng.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Thunderbird\thunderbird.exe
(Avira Operations GmbH & Co. KG) C:\Program_Files_(x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program_Files_(x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program_Files_(x86)\Microsoft-Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2017-12-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: F - F:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: {639bc51d-6b30-11e3-83cb-00269eac1f3a} - G:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{43B9CFB8-8F73-46EA-9AD6-9C0B1223138D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5050B7FC-F0E4-4BB6-B5F4-06FAE4F1E617}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{831887B8-28F5-4B9E-AF0A-13C6C8652B11}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-765177893-555145608-490344441-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-765177893-555145608-490344441-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: x2ie0fsf.default-1468139344231-1515350849047
FF ProfilePath: C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 [2018-01-26]
FF Session Restore: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> is enabled.
FF Extension: (ADB Helper) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\adbhelper@mozilla.org [2018-01-09] [Legacy]
FF Extension: (Ghostery) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\firefox@ghostery.com.xpi [2018-01-10]
FF Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2018-01-07]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-01-25] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program_Files_(x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-01-15] (pdfforge GmbH)
StartMenuInternet: FIREFOX.EXE - C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\~.~\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-10-30]

Opera: 
=======
StartMenuInternet: (HKLM) Opera - C:\Program_Files_(x86)\Opera\Opera.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AntiVirMailService; C:\Program_Files_(x86)\Avira\AntiVir Desktop\avmailc7.exe [1128944 2017-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program_Files_(x86)\Avira\AntiVir Desktop\sched.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program_Files_(x86)\Avira\AntiVir Desktop\avguard.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program_Files_(x86)\Avira\AntiVir Desktop\avwebg7.exe [1526832 2017-12-18] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [444600 2017-12-21] (Avira Operations GmbH & Co. KG)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1283336 2017-12-18] ()
R2 EvtEng; C:\Program Files (x86)\WiFi\bin\EvtEng.exe [631024 2014-01-08] (Intel(R) Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [774736 2017-09-05] (Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (Â© pdfforge GmbH.)
R2 PDF24; C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-09-02] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [196344 2017-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153072 2017-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-25] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-07] (Malwarebytes)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7680512 2010-03-18] (Intel Corporation) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-26 21:23 - 2018-01-26 21:27 - 000012414 _____ C:\Users\~.~\Desktop\FRST.txt
2018-01-26 21:21 - 2018-01-26 21:21 - 000000941 _____ C:\Users\~.~\Desktop\brrr,mal-wieder - Shortcut.lnk
2018-01-26 21:15 - 2018-01-26 21:15 - 002393088 _____ (Farbar) C:\Users\~.~\Desktop\FRST64.exe
2018-01-18 21:33 - 2018-01-18 21:33 - 000001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-01-18 21:33 - 2018-01-18 21:33 - 000001038 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-01-18 21:32 - 2018-01-18 21:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-01-12 20:45 - 2018-01-12 20:45 - 000033857 _____ C:\Users\~.~\.recently-used.xbel
2018-01-12 07:23 - 2018-01-12 07:23 - 000001230 _____ C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LRC2003_Lernprogramm.lnk
2018-01-08 00:06 - 2018-01-08 00:06 - 000001749 _____ C:\Users\~.~\Desktop\Bing, pls help.txt
2018-01-08 00:03 - 2018-01-08 00:26 - 000000000 ____D C:\AdwCleaner
2018-01-08 00:03 - 2018-01-08 00:03 - 008198432 _____ (Malwarebytes) C:\Users\~.~\Desktop\adwcleaner_7.0.6.0.exe
2018-01-07 23:21 - 2018-01-07 23:21 - 000001696 _____ C:\Users\Public\Desktop\PDF24.lnk
2018-01-07 23:21 - 2018-01-07 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2018-01-07 23:17 - 2016-09-23 12:16 - 000000109 _____ C:\Users\~.~\Desktop\Online PDF Tools.url
2018-01-07 22:05 - 2018-01-07 22:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-07 22:04 - 2018-01-07 22:04 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-07 22:04 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-28 23:48 - 2017-12-28 23:48 - 000000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-26 21:23 - 2016-07-03 21:09 - 000000000 ____D C:\FRST
2018-01-26 21:21 - 2010-08-17 00:05 - 000000000 ____D C:\abracadabra
2018-01-26 20:04 - 2017-09-28 07:50 - 000003316 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2018-01-26 20:02 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\tracing
2018-01-26 19:37 - 2017-09-05 23:04 - 000000000 ____D C:\Users\~.~\AppData\LocalLow\Mozilla
2018-01-26 18:49 - 2015-09-27 02:43 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2018-01-26 07:03 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-26 07:02 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-22 22:34 - 2010-08-16 14:54 - 000000000 ____D C:\Program_Files_(x86)
2018-01-22 22:28 - 2016-12-20 23:39 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-01-22 22:28 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-22 00:35 - 2017-03-06 21:33 - 000000000 ____D C:\ProgramData\ProductData
2018-01-22 00:33 - 2009-07-14 05:45 - 000333376 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-21 22:45 - 2010-08-16 21:14 - 000076888 _____ C:\Users\~.~\AppData\Local\GDIPFONTCACHEV1.DAT
2018-01-18 21:33 - 2017-03-06 19:15 - 000000000 ____D C:\Users\~.~\AppData\Roaming\TeamViewer
2018-01-18 16:59 - 2009-07-14 06:13 - 000006222 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-18 00:32 - 2017-10-21 22:24 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-18 00:32 - 2013-07-25 19:33 - 000000000 ____D C:\Windows\system32\MRT
2018-01-18 00:32 - 2010-08-18 19:56 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-12 20:53 - 2010-09-23 11:55 - 000000000 ____D C:\Users\~.~\.gimp-2.6
2018-01-12 20:45 - 2010-09-23 12:20 - 000000000 ____D C:\Users\~.~\AppData\Roaming\gtk-2.0
2018-01-12 20:45 - 2010-08-15 06:32 - 000000000 ____D C:\Users\~.~
2018-01-11 07:56 - 2010-08-17 00:16 - 000000000 ____D C:\Bilder
2018-01-11 07:37 - 2015-11-19 14:13 - 000000000 ____D C:\Users\~.~\AppData\Local\Opera Software
2018-01-11 07:37 - 2015-11-19 14:12 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Opera Software
2018-01-08 07:06 - 2015-10-14 12:51 - 000001048 _____ C:\Users\~.~\Desktop\Desktop-Dateien.lnk
2018-01-08 00:09 - 2017-01-04 19:36 - 000000000 ____D C:\Users\~.~\AppData\Local\Downloaded Installations
2018-01-08 00:09 - 2016-01-25 13:17 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Lavasoft
2018-01-08 00:08 - 2017-05-12 12:33 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\IObit
2018-01-08 00:08 - 2017-03-06 21:26 - 000000000 ____D C:\ProgramData\IObit
2018-01-08 00:08 - 2017-03-06 21:25 - 000000000 ____D C:\Users\~.~\AppData\Roaming\IObit
2018-01-08 00:08 - 2016-01-25 13:17 - 000000000 ____D C:\ProgramData\Lavasoft
2018-01-07 22:26 - 2017-11-19 03:31 - 000000000 ____D C:\00_USB-Stift_19.11.17
2018-01-07 22:04 - 2016-04-03 14:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-07 21:36 - 2010-09-24 16:54 - 000000000 ____D C:\ProgramData\Skype
2018-01-07 21:32 - 2010-09-24 16:54 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Skype
2018-01-07 21:27 - 2012-12-28 18:13 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-07 21:27 - 2010-08-16 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-05 01:00 - 2010-08-16 14:55 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Mozilla
2018-01-04 22:46 - 2015-02-10 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-01-04 22:46 - 2014-08-12 17:29 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-01 20:36 - 2014-03-14 21:50 - 000000000 ____D C:\Users\~.~\AppData\Local\.elfohilfe
2018-01-01 12:26 - 2012-10-01 21:30 - 000000000 ____D C:\Windows\SysWOW64\SupportAppCB
2018-01-01 12:25 - 2012-10-01 21:30 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-01 12:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-01-01 12:23 - 2017-03-06 21:27 - 000000000 ____D C:\Program Files (x86)\AVG
2018-01-01 12:23 - 2017-03-06 21:26 - 000000000 ____D C:\ProgramData\Avg
2018-01-01 12:22 - 2017-03-06 21:26 - 000000000 ____D C:\Users\~.~\AppData\Local\AvgSetupLog
2018-01-01 01:42 - 2017-03-06 21:25 - 000000000 ____D C:\Program Files (x86)\IObit

==================== Files in the root of some directories =======

2017-12-25 01:54 - 2017-12-25 01:56 - 000009849 _____ () C:\Users\~.~\AppData\Roaming\.ptbt0
2013-02-24 18:33 - 2013-02-24 21:13 - 000000568 _____ () C:\Users\~.~\AppData\Roaming\AutoGK.ini
2012-10-03 12:51 - 2013-10-21 23:44 - 000000028 _____ () C:\Users\~.~\AppData\Roaming\PhonerLitesettings.ini
2011-01-06 19:22 - 2011-01-06 19:22 - 000003584 _____ () C:\Users\~.~\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-07 00:57 - 2016-04-04 20:45 - 000007605 _____ () C:\Users\~.~\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2011-09-09 18:45 - 2012-12-24 16:02 - 000248008 _____ (Ask.com) C:\Users\Administrator.Cunegonde\AppData\Local\Temp\AskSLib.dll
2017-03-17 16:14 - 2017-03-17 16:14 - 014456872 _____ (Microsoft Corporation) C:\Users\~.~\AppData\Local\Temp\vc_redist.x86.exe
2017-10-21 21:36 - 2017-11-04 22:18 - 000910504 _____ () C:\Users\~.~\AppData\Local\Temp\WCN001.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-20 21:15

==================== End of FRST.txt ============================

--- --- ---

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by ~.~ (26-01-2018 21:28:40)
Running from C:\Users\~.~\Desktop
Windows 7 Professional Service Pack 1 (X64) (2010-08-15 05:32:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-765177893-555145608-490344441-500 - Administrator - Enabled) => C:\Users\Administrator.Cunegonde
Guest (S-1-5-21-765177893-555145608-490344441-501 - Limited - Disabled)
~.~ (S-1-5-21-765177893-555145608-490344441-1000 - Administrator - Enabled) => C:\Users\~.~

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.17 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0917-000001000000}) (Version: 9.17.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Audacity 1.3.12 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
Avira (HKLM-x32\...\{518c54f5-fd43-4aa6-936b-8d7fd8c85cbd}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{E3F659C3-7936-4321-B886-4DA527DA72FE}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.34.17 - Avira Operations GmbH & Co. KG)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
calibre 64bit (HKLM\...\{022ED169-3871-4D3E-963E-322226C5F455}) (Version: 2.13.0 - Kovid Goyal)
ClipGrab 3.6.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 18.3.0 - Thüringer Landesfinanzdirektion)
f.lux (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Flux) (Version:  - )
Finale NotePad 2008 (HKLM-x32\...\Finale NotePad 2008) (Version: 13.0.0.0 - MakeMusic)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version:  - )
FreeRIP v3.45 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.45 - MGShareware)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Hugin 2012.0.0 (HKLM-x32\...\Hugin) (Version: 2012.0.0 hg_a6e4184ad538 - The Hugin Development Team)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
JavaScript Tools (HKLM-x32\...\HSJS) (Version:  - )
Konz 2013 (HKLM-x32\...\{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden
LRC 2003, Version 0.4 (HKLM-x32\...\LRC 2003_is1) (Version: 0.4 - Jakob Lemler)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Motorola Driver Installation 3.9.0 (HKLM\...\{3E2DA560-EE3E-45C2-9CC7-B1B0A06C6BE6}) (Version: 3.9.0 - Motorola Inc.)
Mozilla Firefox (3.6.23) (HKLM-x32\...\Mozilla Firefox (3.6.23)) (Version: 3.6.23 (en-US) - Mozilla)
Mozilla Firefox 57.0.4 (x64 en-US) (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 en-US)) (Version: 24.2.0 - Mozilla)
Mozilla Thunderbird 52.5.2 (x86 en-US) (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Mozilla Thunderbird 52.5.2 (x86 en-US)) (Version: 52.5.2 - Mozilla)
OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 6.2.1 - CEWE Stiftung u Co. KGaA)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version:  - Oxelon)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF24 Creator 8.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program_Files_(x86)\7-Zip\7-zip.dll [2010-10-04] (Igor Pavlov)
ContextMenuHandlers1-x32: [OpenWithCtxMenuExt] -> {AC94BA2C-8211-45D4-AB5C-C2A9BCCC8FB6} => C:\Program_Files_(x86)\OxelonMedia_File-Converter\menuext.dll [2009-03-11] ()
ContextMenuHandlers1-x32: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH)
ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program_Files_(x86)\Avira\AntiVir Desktop\shlext64.dll [2017-12-18] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program_Files_(x86)\7-Zip\7-zip.dll [2010-10-04] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program_Files_(x86)\Avira\AntiVir Desktop\shlext64.dll [2017-12-18] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26A5A08A-7C32-4F2E-AD95-7C28491EC43C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {26CE1389-5D43-4568-98A2-AD6415912602} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {57F3203C-992C-4D7C-8B5E-57690269996C} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {60CBC99E-9B8B-4C73-8D62-5DCE59522290} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {6AAF6128-83BA-4BE3-B832-D04C58063F9B} - System32\Tasks\{8E0384D6-D1F2-407F-AAD8-65C63C261FC0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {6AD3FA40-972D-46D1-97F4-73F93B9228F2} - System32\Tasks\{8DC8F86E-7B5D-48BC-9CA6-3C225074A363} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187.259/en/abandoninstall?source=lightinstaller&page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {80E627F7-4174-481E-B32E-2FAFF5D3709A} - System32\Tasks\{A7629334-9837-41B2-9256-9AA357C731C5} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Flash_Disinfector.exe -d C:\Users\~.~\Desktop
Task: {8223F5D9-D0C6-4B65-A95E-5BD77567AB68} - System32\Tasks\{905CA972-BE80-49B1-AB0D-EB111501DFF9} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {A0CFECD4-DBE7-44F0-A1A8-715C167F78F8} - System32\Tasks\{18789D0E-3618-4737-B263-8CE0EC630E7D} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\Swf2Avi_Setup[1].exe" -d C:\Users\~.~\Desktop
Task: {A56B82D2-35C8-43F2-8EFD-21A7B5A616E4} - System32\Tasks\{523506CD-98C8-4C61-B478-64DD49AE03C0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {BEC7200B-93D8-4530-BDFE-D2436114707A} - System32\Tasks\{3EEADEBC-0E71-4265-906E-9C87C7213985} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {D6F79C35-7D3D-42CE-976E-7E8BE0C5B833} - System32\Tasks\{E387F2EE-50F0-4801-89D6-C6591AE5B325} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\oxelonplugins[1].exe" -d C:\Users\~.~\Desktop
Task: {DC9F395E-A399-4AE6-87E6-A668443FC0D3} - System32\Tasks\{D3C540CA-7EAC-4D61-ADD2-2453D051F568} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Swf2Avi_Setup.exe -d C:\Users\~.~\Desktop
Task: {E42EBC54-BAE9-408C-ABF7-8911E9E5ACCE} - System32\Tasks\Avira_Antivirus_Systray => C:\Program_Files_(x86)\Avira\AntiVir Desktop\avgnt.exe [2017-12-18] (Avira Operations GmbH & Co. KG)
Task: {FE43990C-1489-44A6-9F88-BA66D29825BF} - System32\Tasks\{D1566649-4421-4B84-A531-8A311AD3B1EC} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Align Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_align_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_auto_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2008-10-24 15:35 - 2008-10-24 15:35 - 000128296 _____ () C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
2018-01-07 22:04 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-765177893-555145608-490344441-1000\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2010-09-24 15:29 - 000620296 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  ads.active.com
127.0.0.1  am1.activemeter.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  ad2games.com
127.0.0.1  cms.ad2click.nl
127.0.0.1  ads.ad2games.com
127.0.0.1  content.ad20.net
127.0.0.1  core.ad20.net
127.0.0.1  as.ad611.com

There are 14742 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\startupfolder: C:^Users^~.~^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Skype^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: f.lux => "C:\Users\~.~\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{87C6CA73-8565-4CC8-A631-52DF2587208B}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [UDP Query User{C3DD9A55-B77C-44B9-9493-03CA95431174}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [{3AE68BFF-6C63-41C3-8C4C-74FAF25FE1A2}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [{FBD8C0CC-F333-4157-820D-6901A9C2430C}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [TCP Query User{90F4AF0A-BEBB-4442-A482-B036E46CEFEE}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [UDP Query User{9B99392F-C4D5-42A3-AEE0-9A8BBE715C85}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [{C7DECCB3-F652-4250-B6ED-D638AE67E15D}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{A2867E64-8572-4B4A-BF4A-6063E72D6673}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{58EA7E47-8BCD-44A3-A77A-E95F9BB356F5}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{91A9A53E-C2E8-4D75-826C-59FC1CD8331F}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{B9E3ED79-D949-4F1B-B962-D40904521A1B}] => (Allow) C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{807F3222-0A3B-4F97-9E3D-D08E9CD4CC2E}C:\program_files_(x86)\mozilla_firefox\firefox.exe] => (Block) C:\program_files_(x86)\mozilla_firefox\firefox.exe
FirewallRules: [UDP Query User{7CB7E04B-6D81-4FF7-8CB7-B5179B0EE3F5}C:\program_files_(x86)\mozilla_firefox\firefox.exe] => (Block) C:\program_files_(x86)\mozilla_firefox\firefox.exe
FirewallRules: [{1A6CA4B9-F34B-4C72-9B83-543A4ECD7BE8}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6FA1DC9A-43A6-4D07-A432-EB6F13ACF4F3}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0AFA25DC-EC09-4659-A923-6592797C04C9}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F508EFF9-743F-49D1-BCC9-02137D90EFFB}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{47FF30F7-4483-49A6-A6D0-D5CA1792D3C6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D7861C54-8C4B-45A0-8039-6B2886562FAF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DA0C5372-B11B-4CA6-B085-573AF6700701}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{17402D57-941A-4821-979E-A6A7A81F09A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

13-01-2018 11:53:46 Windows Update
17-01-2018 23:56:46 Windows Update
19-01-2018 18:48:07 Windows Update

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2018 06:31:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The first DWORD in the Data section contains the error code.

Error: (01/22/2018 06:31:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/22/2018 06:30:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The first DWORD in the Data section contains the error code.

Error: (01/22/2018 06:30:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/22/2018 06:30:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The first DWORD in the Data section contains the error code.

Error: (01/22/2018 06:30:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/22/2018 06:21:49 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (01/18/2018 04:59:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/18/2018 04:59:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/18/2018 12:22:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (01/26/2018 07:03:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (01/22/2018 07:54:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (01/22/2018 12:31:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (01/20/2018 07:56:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Avira.ServiceHost service.

Error: (01/20/2018 07:55:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

Error: (01/18/2018 07:14:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (01/18/2018 07:17:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/18/2018 07:08:32 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:07:17 AM on ‎1/‎18/‎2018 was unexpected.

Error: (01/16/2018 10:21:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (01/12/2018 06:51:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {46986115-84D6-459C-8F95-52DD653E532E} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2018-01-09 23:30:37.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:37.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:36.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:36.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:57.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:57.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 64%
Total physical RAM: 3932.86 MB
Available physical RAM: 1400.41 MB
Total Virtual: 7863.92 MB
Available Virtual: 4412.63 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:60.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3068127E)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

--- --- ---

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/7/18
Scan Time: 10:05 PM
Log File: 8da7875e-f3ee-11e7-ba98-00269eac1f3a.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3645
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cunegonde\~.~

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347872
Threats Detected: 11
Threats Quarantined: 11
Time Elapsed: 37 min, 20 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 8
PUP.Optional.FaceMoods, HKLM\SOFTWARE\CLASSES\APPID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}, Quarantined, [3211], [392823],1.0.3645
PUP.Optional.FaceMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}, Quarantined, [3211], [392823],1.0.3645
PUP.Optional.FaceMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}, Quarantined, [3211], [392823],1.0.3645
PUP.Optional.UltimateShoppingSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\eiibddcohpjhajbnfkpboacmohommppp, Quarantined, [7251], [405203],1.0.3645
PUP.Optional.GreatDealz, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\lobonlhedgiilkfmbbbfhkaoefacipgj, Quarantined, [1871], [466866],1.0.3645
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASC_RASAPI32, Quarantined, [686], [333222],1.0.3645
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASC_RASMANCS, Quarantined, [686], [333222],1.0.3645
PUP.Optional.ChipDe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\chip 1-click download service, Quarantined, [8741], [463412],1.0.3645

Registry Value: 1
PUP.Optional.UltimateShoppingSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|@ULTIMATESHOPPINGSEARCH, Quarantined, [7251], [379681],1.0.3645

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.UltimateShoppingSearch, C:\PROGRAM FILES (X86)\ULTIMATESHOPPINGSEARCH, Quarantined, [7251], [457861],1.0.3645

File: 1
PUP.Optional.UltimateShoppingSearch, C:\Program Files (x86)\UltimateShoppingSearch\eiibddcohpjhajbnfkpboacmohommppp.crx, Quarantined, [7251], [457861],1.0.3645

Physical Sector: 0
(No malicious items detected)


(end)

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/27/18
Scan Time: 7:32 PM
Log File: 7a65e74c-0390-11e8-be35-00269eac1f3a.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3801
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cunegonde\~.~

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345161
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 hr, 58 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

cosinus · 29.01.2018, 11:42

Bitte Avira deinstallieren. Wir deinstallieren dann am besten auch gleich weiteren unnötigen oder veralteten Krempel.

Avira empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

7-Zip 9.17 (x64 edition)

Adobe Acrobat Reader DC

Adobe AIR

Audacity 1.3.12 (Unicode)

Avira

Avira Antivirus

Java 7 Update 25

Java 7 Update 45 (64-bit)

Microsoft Office Professional Edition 2003

Mozilla Firefox (3.6.23)

Mozilla Thunderbird 24.2.0 (x86 en-US)

OpenOffice.org 3.3
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Gib Bescheid wenn Avira weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!

PoseidoPferd · 30.01.2018, 10:53

Cosinus, danke für die schnelle Reaktion!!

Ich habe mit den Deinstallationen angefangen... und jetzt weder Firefox noch Thunderbird?! Da ich laut Renovo zuvor jeweils zwei Versionen (alt + neu) auf dem Computer hatte und Renovo bei jeder Deinstallation etwas von Restore-Point (o.ä.) schrieb, hatte ich einfach blauäugig "die alten Versionen" deinstalliert. Aber jetzt sind beide Programme komplett weg, und ich finde in Renovo auch keine Restore-Option. Wie komme ich nun an meine Daten wieder ran (große und mir wichtige Lesezeichen-Sammlung in Firefox... womöglich auch zahllose wichtige Emails bzw. Entwürfe in Thunderbird??)?? Mein letzter Restore-Point (über Windows) liegt leider Monate zurück. Da würden mir noch immer viele Daten fehlen... außerdem wäre das vermutlich auch nicht in Deinem Sinne??... Gibt es eine Alternative??

Und schon im voraus: 'Muß' ich unbedingt Microsoft Office deinstallieren? Das ist meine einzige (legal erworbene) Kopie, die kann ich dann nicht reinstallieren. Und ich ziehe mein englisches Office2003 jedem deutschen und/oder Office2007+ deutlich vor (Ribbons finde ich eh furchtbar & auch die Shortcuts verändern sich ja andauernd). Laut IT'ler an meinem damaligen Fachbereich sollte sie automatisch Updates herunterladen. Habe ich dämlicherweise nicht überprüft, stimmt. Du bist hier der Chef: Wenn Du sagst, mit dem Officepaket wird mein Rechner nicht mehr sauber, ist das so. Wäre halt nur sehr, sehr bitter, daher meine Nachfrage.

Übrigens zur Info: Dein letzter Spiegelpunkt - Reste löschen - wurde mir auf meinem Rechner nur ohne die Buttons angezeigt. Jetzt sehe ich - über einen anderen Rechner - die Buttons. Ist das ein weiteres Problem meines Rechners?

[Entschuldige die verzögerte Antwort, weil ich ja jetzt keinen Browser mehr habe (& obendrein krank geworden bin): Opera habe ich vor ein paar Wochen bei meiner Fehlersuche de- und noch nicht wieder reinstalliert... und IE benutze ich seit Jahren nicht = dem müssen so viele Updates fehlen, daß ich ihn auch jetzt nicht verwenden mag. Oder ist das für die aktuellen Zwecke egal??]

cosinus · 30.01.2018, 11:11

Ja das ist blöd, eigentlich sollte damit nur das alte Programm aber nicht das noch benutzte Profil gelöscht werden

Office 2003 ist jedenfalls uralt und muss weg.

PoseidoPferd · 30.01.2018, 15:17

Ach du Sch... Also restore, um wenigstens ein bißchen zu retten? Oder geht das doch über Revo? Es liegt ja jetzt ziemlich viel im Papierkorb. Ist davon noch etwas brauchbar? - Hinter den Profilen steckt einige Arbeit, aber auch Freizeitpläne usw. Die sind mir enorm wichtig.

(Und dann noch Office! "Darf" ich mir wenigstens schon mal ein aktuelles OpenOffice runterladen, wenn ich wieder einen Browser habe??)

cosinus · 30.01.2018, 15:34

Hau erstmal den alten Schund runter. Und ja, deine Profile könnten noch im Papierkorb schlummern.

Office-Ersatz wenn wir hier durch sind!

PoseidoPferd · 31.01.2018, 14:20

Ich habe da vermutlich etwas verbockt... oder?

Ich habe den Rechner auf einen Restore Point zurückgesetzt, habe die Daten von Firefox & Thunderbird gespeichert und wollte jetzt einfach alles erneut deinstallieren... aber:
- Firefox stand nur noch als aktuelle Version in Revo gelistet. Ich habe es vorsichtshalber trotzdem nochmal komplett deinstalliert... und reinstalliert, weil ich irgendeinen Browser brauche, um mit Dir zu kommunizieren. [Jetzt liegt das Programm in einem anderen Ordner, nämlich "Program Files", den konnte ich bei der Installation nicht ändern.] Ich landete auf der letzten besuchten Seite (dieser hier) & habe noch alle Lesezeichen, was ja dagegen spricht, daß wirklich alle Daten entfernt wurden. Immerhin: Bing ist jetzt weg! (Hurra!!!) Unter Task Manager > Processes wird Firefox immer noch über mehrere Zeilen gelistet.
- Thunderbird erschien überhaupt nicht mehr in Revo, auch nicht als Programm von Windows ("Programs and Features"), lief aber wieder einwandfrei. Ich habe es daraufhin über den programmeigenen uninstall-Ordner deinstalliert, den Thunderbird-Ordner unter "Program Files (86)" gelöscht... das Programm reinstalliert (das Profil & die Emails waren noch da)... jetzt erschien es in Revo, also re-deinstalliert... dann re-reinstalliert... Profil & Emails wiederum noch da. Ist das normal? Ich hätte erwartet, daß das Programm wirklich mit allen seinen Ordnern, Archiven und Rollkoffern deinstalliert wird??
- OpenOffice-Dateien waren bei der Restore-Aktion auch wiederauferstanden. Erst als ich wieder einen Teil des Programms ordnungsgemäß installiert hatte, erschien es auch in Revo. Aber als ich's dann über Revo deinstalliert habe, blieben immer noch 3678 Dateien mit insg. 561 MB im Ordner "OpenOffice". Einfach per Hand löschen?
- Blöderweise habe ich dabei noch versehentlich den TeamViewer deinstalliert & gleich reinstalliert. Ich hoffe, das zählt nicht unter "nix mehr ohne Absprache installieren".

Sprich: Firefox & Thunderbird sind jetzt ein paarmal de- und reinstalliert (entschuldige, falls das Probleme schafft, s.o.!!), OpenOffice ist "halb-entfernt". Ich hoffe, das hat nicht allzu viel Durcheinander geschaffen... Sollte ich für die genannten Programme jetzt noch weitere Dateien deinstallieren, löschen o.ä.? (Nur laß mir bitte möglichst [m]einen Browser, um hier zu schreiben, danke.) Oder was ist der nächste Schritt?

cosinus · 31.01.2018, 14:26

Du solltest doch nur die alten Versionen von Firefox und Thunderbird entfernen!

Die aktuellen Versionen hab ich ja auch garnicht in meiner Liste aufgeführt!

Konntest du die Profile mitsamt den Mails jetzt wiederherstellen?

PoseidoPferd · 31.01.2018, 14:38

Habe ja schon geschrieben: "vermutlich verbockt"...

Danke, die Daten habe ich... und habe sie vor allem jetzt extern gespeichert, so daß ich sie hoffentlich auch zukünftig noch nutzen kann, falls Du jetzt doch sämtliche Programme mit allen Profildaten erstmal vom Rechner löschen möchtest.

cosinus · 31.01.2018, 15:10

Mach einfach nur das was in meinen Anweisungen steht! Nix hineindichten oder ergänzen!

Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

cosinus · 31.01.2018, 15:10

Mach einfach nur das was in meinen Anweisungen steht! Nix hineindichten oder ergänzen!

Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

PoseidoPferd · 03.02.2018, 11:38

Zitat:

Zitat von cosinus

Mach einfach nur das was in meinen Anweisungen steht! Nix hineindichten oder ergänzen!

Bereits mein Mathelehrer empfahl mir (schriftlich), ich solle doch einen Spickzettel etwa diesen Inhalts in die Abiturprüfung mitnehmen...

Jedenfalls stehe ich wieder fester auf den Beinen, und daraufhin gibt's jetzt Logs. "Addition" war übrigens schon angehakt.

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by ~.~ (administrator) on CUNEGONDE (02-02-2018 22:14:14)
Running from C:\Users\~.~\Desktop
Loaded Profiles: ~.~ & Administrator (Available Profiles: ~.~ & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Intel(R) Corporation) C:\Program Files (x86)\WiFi\bin\EvtEng.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\architect.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\ws.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Users\~.~\AppData\Local\Temp\ose00000.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [PDFPrint] => C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: F - F:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: {639bc51d-6b30-11e3-83cb-00269eac1f3a} - G:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-765177893-555145608-490344441-500\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{43B9CFB8-8F73-46EA-9AD6-9C0B1223138D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5050B7FC-F0E4-4BB6-B5F4-06FAE4F1E617}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{831887B8-28F5-4B9E-AF0A-13C6C8652B11}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-765177893-555145608-490344441-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-765177893-555145608-490344441-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: x2ie0fsf.default-1468139344231-1515350849047
FF ProfilePath: C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 [2018-02-02]
FF Homepage: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> is enabled.
FF Extension: (ADB Helper) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\adbhelper@mozilla.org [2018-01-09] [Legacy]
FF Extension: (Ghostery) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\firefox@ghostery.com.xpi [2018-01-31]
FF Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2018-01-07]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2018-01-31] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program_Files_(x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\~.~\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-10-30]

Opera: 
=======
StartMenuInternet: (HKLM) Opera - C:\Program_Files_(x86)\Opera\Opera.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1283336 2017-12-18] ()
R2 EvtEng; C:\Program Files (x86)\WiFi\bin\EvtEng.exe [631024 2014-01-08] (Intel(R) Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [774736 2017-09-05] (Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (Â© pdfforge GmbH.)
R2 PDF24; C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
R2 TeamViewer; C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-07] (Malwarebytes)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7680512 2010-03-18] (Intel Corporation) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-02 22:14 - 2018-02-02 22:14 - 000000000 ____D C:\Users\~.~\Desktop\FRST-OlderVersion
2018-02-01 22:09 - 2018-02-01 22:09 - 000000118 _____ C:\Users\~.~\Desktop\Breun.txt
2018-01-31 14:10 - 2018-01-31 14:10 - 000000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000861 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000849 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\TeamViewer
2018-01-31 13:49 - 2018-01-31 13:49 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-31 13:49 - 2018-01-31 13:49 - 000000935 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-01-31 13:49 - 2018-01-31 13:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-31 13:32 - 2018-01-31 13:32 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\PDF Architect 4
2018-01-31 13:29 - 2018-01-31 13:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-31 13:09 - 2018-01-31 13:12 - 000000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2018-01-31 12:52 - 2018-01-31 12:52 - 000006853 _____ C:\Users\~.~\.recently-used.xbel
2018-01-31 11:36 - 2018-01-31 11:36 - 000000000 ____D C:\Users\~.~\Documents\PDF Architect
2018-01-30 13:41 - 2018-01-30 13:41 - 000000000 ____D C:\Users\~.~\AppData\Local\CEWE FOTOSERVICE
2018-01-30 13:41 - 2018-01-30 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEWE FOTOSERVICE
2018-01-30 13:33 - 2018-01-30 13:33 - 000000000 ____D C:\Users\~.~\AppData\Roaming\hps-install
2018-01-30 01:25 - 2018-01-30 01:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-01-27 22:40 - 2018-01-27 22:40 - 000001238 _____ C:\Users\~.~\Desktop\Malwarebytes_18-01-27_report.txt
2018-01-27 22:39 - 2018-01-27 22:39 - 000001238 _____ C:\Users\~.~\Desktop\Malwarebytes_18-01-27_summary.txt
2018-01-26 21:28 - 2018-01-26 21:29 - 000035000 _____ C:\Users\~.~\Desktop\Addition.txt
2018-01-26 21:23 - 2018-02-02 22:15 - 000010351 _____ C:\Users\~.~\Desktop\FRST.txt
2018-01-26 21:21 - 2018-01-26 21:21 - 000000941 _____ C:\Users\~.~\Desktop\brrr,mal-wieder - Shortcut.lnk
2018-01-26 21:15 - 2018-02-02 22:14 - 002393088 _____ (Farbar) C:\Users\~.~\Desktop\FRST64.exe
2018-01-12 07:23 - 2018-01-12 07:23 - 000001230 _____ C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LRC2003_Lernprogramm.lnk
2018-01-08 00:06 - 2018-01-08 00:06 - 000001749 _____ C:\Users\~.~\Desktop\Bing, pls help.txt
2018-01-08 00:03 - 2018-01-08 00:26 - 000000000 ____D C:\AdwCleaner
2018-01-08 00:03 - 2018-01-08 00:03 - 008198432 _____ (Malwarebytes) C:\Users\~.~\Desktop\adwcleaner_7.0.6.0.exe
2018-01-07 23:21 - 2018-01-07 23:21 - 000001696 _____ C:\Users\Public\Desktop\PDF24.lnk
2018-01-07 23:21 - 2018-01-07 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2018-01-07 23:17 - 2016-09-23 12:16 - 000000109 _____ C:\Users\~.~\Desktop\Online PDF Tools.url
2018-01-07 22:05 - 2018-01-07 22:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-07 22:04 - 2018-01-07 22:04 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-07 22:04 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-02 22:14 - 2016-07-03 21:09 - 000000000 ____D C:\FRST
2018-02-02 22:08 - 2010-08-16 14:54 - 000000000 ____D C:\Program_Files_(x86)
2018-02-02 22:08 - 2009-07-14 08:46 - 000000000 ____D C:\Windows\ShellNew
2018-02-02 22:08 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-02 22:02 - 2017-09-05 23:04 - 000000000 ____D C:\Users\~.~\AppData\LocalLow\Mozilla
2018-02-02 21:59 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\tracing
2018-02-02 09:35 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-02 09:35 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-31 13:34 - 2015-09-27 02:43 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2018-01-31 13:32 - 2016-12-20 23:39 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-01-31 13:32 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-31 13:22 - 2009-07-14 05:45 - 000333056 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-31 12:52 - 2010-09-23 12:20 - 000000000 ____D C:\Users\~.~\AppData\Roaming\gtk-2.0
2018-01-31 12:52 - 2010-09-23 11:55 - 000000000 ____D C:\Users\~.~\.gimp-2.6
2018-01-31 12:52 - 2010-08-15 06:32 - 000000000 ____D C:\Users\~.~
2018-01-31 11:40 - 2011-04-16 20:22 - 000000000 ____D C:\Users\~.~\AppData\Roaming\vlc
2018-01-31 11:38 - 2016-01-25 13:22 - 000000000 ____D C:\Program Files\PDF Architect 4
2018-01-31 11:37 - 2016-01-25 13:22 - 000000000 ____D C:\Program Files (x86)\PDF Architect 4
2018-01-31 08:58 - 2015-11-12 20:35 - 000000000 ____D C:\eBücher
2018-01-30 18:05 - 2009-07-14 06:13 - 000006222 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-30 14:51 - 2014-01-19 21:51 - 000000000 ____D C:\ProgramData\tmp
2018-01-30 14:51 - 2014-01-19 21:51 - 000000000 ____D C:\ProgramData\hps
2018-01-30 10:19 - 2010-08-17 00:05 - 000000000 ____D C:\abracadabra
2018-01-30 01:54 - 2014-08-12 17:29 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-29 07:20 - 2017-03-06 21:33 - 000000000 ____D C:\ProgramData\ProductData
2018-01-21 22:45 - 2010-08-16 21:14 - 000076888 _____ C:\Users\~.~\AppData\Local\GDIPFONTCACHEV1.DAT
2018-01-18 00:32 - 2017-10-21 22:24 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-18 00:32 - 2013-07-25 19:33 - 000000000 ____D C:\Windows\system32\MRT
2018-01-18 00:32 - 2010-08-18 19:56 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-11 07:56 - 2010-08-17 00:16 - 000000000 ____D C:\Bilder
2018-01-11 07:37 - 2015-11-19 14:13 - 000000000 ____D C:\Users\~.~\AppData\Local\Opera Software
2018-01-11 07:37 - 2015-11-19 14:12 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Opera Software
2018-01-08 07:06 - 2015-10-14 12:51 - 000001048 _____ C:\Users\~.~\Desktop\Desktop-Dateien.lnk
2018-01-08 00:09 - 2017-01-04 19:36 - 000000000 ____D C:\Users\~.~\AppData\Local\Downloaded Installations
2018-01-08 00:09 - 2016-01-25 13:17 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Lavasoft
2018-01-08 00:08 - 2017-05-12 12:33 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\IObit
2018-01-08 00:08 - 2017-03-06 21:26 - 000000000 ____D C:\ProgramData\IObit
2018-01-08 00:08 - 2017-03-06 21:25 - 000000000 ____D C:\Users\~.~\AppData\Roaming\IObit
2018-01-08 00:08 - 2016-01-25 13:17 - 000000000 ____D C:\ProgramData\Lavasoft
2018-01-07 22:26 - 2017-11-19 03:31 - 000000000 ____D C:\00_USB-Stift_19.11.17
2018-01-07 22:04 - 2016-04-03 14:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-07 21:36 - 2010-09-24 16:54 - 000000000 ____D C:\ProgramData\Skype
2018-01-07 21:32 - 2010-09-24 16:54 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Skype
2018-01-07 21:27 - 2012-12-28 18:13 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-07 21:27 - 2010-08-16 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-05 01:00 - 2010-08-16 14:55 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Mozilla

==================== Files in the root of some directories =======

2017-12-25 01:54 - 2017-12-25 01:56 - 000009849 _____ () C:\Users\~.~\AppData\Roaming\.ptbt0
2013-02-24 18:33 - 2013-02-24 21:13 - 000000568 _____ () C:\Users\~.~\AppData\Roaming\AutoGK.ini
2012-10-03 12:51 - 2013-10-21 23:44 - 000000028 _____ () C:\Users\~.~\AppData\Roaming\PhonerLitesettings.ini
2011-01-06 19:22 - 2011-01-06 19:22 - 000003584 _____ () C:\Users\~.~\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-07 00:57 - 2016-04-04 20:45 - 000007605 _____ () C:\Users\~.~\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2011-09-09 18:45 - 2012-12-24 16:02 - 000248008 _____ (Ask.com) C:\Users\Administrator.Cunegonde\AppData\Local\Temp\AskSLib.dll
2018-02-02 22:08 - 2003-07-28 17:28 - 000089136 _____ (Microsoft Corporation) C:\Users\~.~\AppData\Local\Temp\ose00000.exe
2017-03-17 16:14 - 2017-03-17 16:14 - 014456872 _____ (Microsoft Corporation) C:\Users\~.~\AppData\Local\Temp\vc_redist.x86.exe
2017-10-21 21:36 - 2017-11-04 22:18 - 000910504 _____ () C:\Users\~.~\AppData\Local\Temp\WCN001.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-30 09:38

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

[CODE]Additional
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by ~.~ (02-02-2018 22:15:54)
Running from C:\Users\~.~\Desktop
Windows 7 Professional Service Pack 1 (X64) (2010-08-15 05:32:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-765177893-555145608-490344441-500 - Administrator - Enabled) => C:\Users\Administrator.Cunegonde
Guest (S-1-5-21-765177893-555145608-490344441-501 - Limited - Disabled)
~.~ (S-1-5-21-765177893-555145608-490344441-1000 - Administrator - Enabled) => C:\Users\~.~

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
calibre 64bit (HKLM\...\{022ED169-3871-4D3E-963E-322226C5F455}) (Version: 2.13.0 - Kovid Goyal)
CEWE FOTOSERVICE (HKLM-x32\...\CEWE FOTOSERVICE) (Version: 6.3.1 - CEWE Stiftung u Co. KGaA)
ClipGrab 3.6.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 18.3.0 - Thüringer Landesfinanzdirektion)
f.lux (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Flux) (Version:  - )
Finale NotePad 2008 (HKLM-x32\...\Finale NotePad 2008) (Version: 13.0.0.0 - MakeMusic)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version:  - )
FreeRIP v3.45 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.45 - MGShareware)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Hugin 2012.0.0 (HKLM-x32\...\Hugin) (Version: 2012.0.0 hg_a6e4184ad538 - The Hugin Development Team)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
JavaScript Tools (HKLM-x32\...\HSJS) (Version:  - )
Konz 2013 (HKLM-x32\...\{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden
LRC 2003, Version 0.4 (HKLM-x32\...\LRC 2003_is1) (Version: 0.4 - Jakob Lemler)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Motorola Driver Installation 3.9.0 (HKLM\...\{3E2DA560-EE3E-45C2-9CC7-B1B0A06C6BE6}) (Version: 3.9.0 - Motorola Inc.)
Mozilla Firefox 58.0.1 (x64 de) (HKLM\...\Mozilla Firefox 58.0.1 (x64 de)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.6.0 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 de)) (Version: 52.6.0 - Mozilla)
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version:  - Oxelon)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF24 Creator 8.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ContextMenuHandlers1-x32: [OpenWithCtxMenuExt] -> {AC94BA2C-8211-45D4-AB5C-C2A9BCCC8FB6} => C:\Program_Files_(x86)\OxelonMedia_File-Converter\menuext.dll [2009-03-11] ()
ContextMenuHandlers1-x32: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26A5A08A-7C32-4F2E-AD95-7C28491EC43C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {26CE1389-5D43-4568-98A2-AD6415912602} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {57F3203C-992C-4D7C-8B5E-57690269996C} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {60CBC99E-9B8B-4C73-8D62-5DCE59522290} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {6AAF6128-83BA-4BE3-B832-D04C58063F9B} - System32\Tasks\{8E0384D6-D1F2-407F-AAD8-65C63C261FC0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {6AD3FA40-972D-46D1-97F4-73F93B9228F2} - System32\Tasks\{8DC8F86E-7B5D-48BC-9CA6-3C225074A363} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187.259/en/abandoninstall?source=lightinstaller&page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {80E627F7-4174-481E-B32E-2FAFF5D3709A} - System32\Tasks\{A7629334-9837-41B2-9256-9AA357C731C5} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Flash_Disinfector.exe -d C:\Users\~.~\Desktop
Task: {8223F5D9-D0C6-4B65-A95E-5BD77567AB68} - System32\Tasks\{905CA972-BE80-49B1-AB0D-EB111501DFF9} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {A0CFECD4-DBE7-44F0-A1A8-715C167F78F8} - System32\Tasks\{18789D0E-3618-4737-B263-8CE0EC630E7D} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\Swf2Avi_Setup[1].exe" -d C:\Users\~.~\Desktop
Task: {A56B82D2-35C8-43F2-8EFD-21A7B5A616E4} - System32\Tasks\{523506CD-98C8-4C61-B478-64DD49AE03C0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {BEC7200B-93D8-4530-BDFE-D2436114707A} - System32\Tasks\{3EEADEBC-0E71-4265-906E-9C87C7213985} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {D6F79C35-7D3D-42CE-976E-7E8BE0C5B833} - System32\Tasks\{E387F2EE-50F0-4801-89D6-C6591AE5B325} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\oxelonplugins[1].exe" -d C:\Users\~.~\Desktop
Task: {DC9F395E-A399-4AE6-87E6-A668443FC0D3} - System32\Tasks\{D3C540CA-7EAC-4D61-ADD2-2453D051F568} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Swf2Avi_Setup.exe -d C:\Users\~.~\Desktop
Task: {FE43990C-1489-44A6-9F88-BA66D29825BF} - System32\Tasks\{D1566649-4421-4B84-A531-8A311AD3B1EC} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Align Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_align_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_auto_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2008-10-24 15:35 - 2008-10-24 15:35 - 000128296 _____ () C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
2018-01-07 22:04 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-08-05 15:58 - 2016-08-05 15:58 - 000199680 _____ () C:\Program Files\PDF Architect 4\libidn.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-765177893-555145608-490344441-1000\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2010-09-24 15:29 - 000620296 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  ads.active.com
127.0.0.1  am1.activemeter.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  ad2games.com
127.0.0.1  cms.ad2click.nl
127.0.0.1  ads.ad2games.com
127.0.0.1  content.ad20.net
127.0.0.1  core.ad20.net
127.0.0.1  as.ad611.com

There are 14742 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-765177893-555145608-490344441-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator.Cunegonde\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\startupfolder: C:^Users^~.~^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Skype^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: f.lux => "C:\Users\~.~\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{87C6CA73-8565-4CC8-A631-52DF2587208B}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [UDP Query User{C3DD9A55-B77C-44B9-9493-03CA95431174}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [{3AE68BFF-6C63-41C3-8C4C-74FAF25FE1A2}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [{FBD8C0CC-F333-4157-820D-6901A9C2430C}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [TCP Query User{90F4AF0A-BEBB-4442-A482-B036E46CEFEE}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [UDP Query User{9B99392F-C4D5-42A3-AEE0-9A8BBE715C85}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [{C7DECCB3-F652-4250-B6ED-D638AE67E15D}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{A2867E64-8572-4B4A-BF4A-6063E72D6673}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{58EA7E47-8BCD-44A3-A77A-E95F9BB356F5}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{91A9A53E-C2E8-4D75-826C-59FC1CD8331F}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{B9E3ED79-D949-4F1B-B962-D40904521A1B}] => (Allow) C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1A6CA4B9-F34B-4C72-9B83-543A4ECD7BE8}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6FA1DC9A-43A6-4D07-A432-EB6F13ACF4F3}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0AFA25DC-EC09-4659-A923-6592797C04C9}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F508EFF9-743F-49D1-BCC9-02137D90EFFB}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DB187DA7-A638-44FC-BF20-68F9045F2F7C}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8169384E-87BD-4453-8D98-6F73E738A87B}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11CB155E-AD17-454A-9CC8-0ECCDE4CFA32}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AFA0DDAE-C4C8-45E7-A5CD-EB3B97441A00}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

30-01-2018 19:19:22 Revo Uninstaller's restore point - OpenOffice.org 3.3
31-01-2018 11:34:41 Installed PDF Architect 4 View Module
31-01-2018 11:36:47 Installed PDF Architect 4 Create Module
31-01-2018 11:38:03 Installed PDF Architect 4 Edit Module
31-01-2018 13:08:28 Installed OpenOffice.org 3.2
31-01-2018 13:11:24 Revo Uninstaller's restore point - OpenOffice.org 3.2
31-01-2018 13:17:48 Revo Uninstaller's restore point - Mozilla Firefox 58.0.1 (x64 en-US)
31-01-2018 13:42:07 Revo Uninstaller's restore point - Mozilla Firefox 58.0.1 (x64 de)
31-01-2018 13:43:37 Revo Uninstaller's restore point - TeamViewer 13
31-01-2018 14:01:45 Revo Uninstaller's restore point - Mozilla Thunderbird 52.6.0 (x86 de)
02-02-2018 22:05:10 Revo Uninstaller's restore point - Microsoft Office Professional Edition 2003

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2018 01:48:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:42:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ef75e46e-c92c-48bd-b694-a5ced25cf008}

Error: (01/31/2018 01:37:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:37:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:33:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:33:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:29:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:28:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:28:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:27:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (02/02/2018 09:30:28 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/02/2018 12:08:18 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/01/2018 07:33:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/01/2018 04:07:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/01/2018 12:44:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/01/2018 08:41:58 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/01/2018 03:54:59 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/31/2018 10:26:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/31/2018 02:54:46 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/31/2018 02:39:50 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


CodeIntegrity:
===================================
  Date: 2018-01-09 23:30:37.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:37.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:36.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:36.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:57.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:57.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 22%
Total physical RAM: 3932.86 MB
Available physical RAM: 3048.59 MB
Total Virtual: 7863.92 MB
Available Virtual: 6563.99 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:64.3 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3068127E)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

--- --- ---

--- --- ---

--- --- ---

Nachtrag vom 3.2., falls relevant:

Als ich eben den Rechner aus seinem Winterschlaf-Modus weckte, stand als erstes wieder eine gestopptes-Script-Fehlermeldung auf dem Bildschirm (jetzt auf deutsch; Firefox & Thunderbird habe ich auf deutsch reinstalliert). Neu war, daß es direkt nach dem "Einschalten" kam... und diesmal ging's um:
Skript: chrome://messenger/content/toolbarIconColor.js:53

Thunderbird war übrigens eingefroren.

cosinus · 03.02.2018, 14:57

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

PoseidoPferd · 03.02.2018, 18:39

Malwarebytes Anti-Rootkit habe ich laufen lassen, es hat nur lapidar ausgegeben:

"Cleanup:
Congratulations, no cleanup is required!

[Häkchen] Scan Finished: No malware found!"

Dementsprechend gab's keinen Cleanup-Button, keinen Neustart, keinen erneuten Scan.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.02.03.03
  rootkit: v2018.01.23.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
~.~ :: CUNEGONDE [administrator]

03.Feb.2018 16:17:12
mbar-log-2018-02-03 (16-17-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 291098
Time elapsed: 1 hour(s), 10 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Hm, schon das letzte Code-Einfügen hatte ich genau so gemacht wie im Lesetip beschrieben... und jetzt wieder. Bei mir wird's in der Vorschau auch wieder "richtig" angezeigt. Falls bei Dir nicht, gib Bescheid, ja?

cosinus · 05.02.2018, 09:29

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

adwCleaner v7.x

Downloade Dir bitte

AdwCleaner auf Deinen Desktop (Bebilderte Anleitung).

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- Tracing Schlüssel
- Prefetch Dateien
- Proxy
- Winsock
- IE Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

30.01.2018, 11:11	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Ja das ist blöd, eigentlich sollte damit nur das alte Programm aber nicht das noch benutzte Profil gelöscht werden Office 2003 ist jedenfalls uralt und muss weg. __________________ Logfiles bitte immer in CODE-Tags posten

31.01.2018, 15:10	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Mach einfach nur das was in meinen Anweisungen steht! Nix hineindichten oder ergänzen! Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken. __________________ Logfiles bitte immer in CODE-Tags posten

31.01.2018, 15:10	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird Mach einfach nur das was in meinen Anweisungen steht! Nix hineindichten oder ergänzen! Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken. __________________ Logfiles bitte immer in CODE-Tags posten

Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird

Log-Analyse und Auswertung: Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird