Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Laptop startet plöztlich extrem langsam (15 min) - Samsung R70, Win 7, 32 bit (https://www.trojaner-board.de/159968-laptop-startet-ploeztlich-extrem-langsam-15-min-samsung-r70-win-7-32-bit.html)

puntaara 21.10.2014 20:00
Laptop startet plöztlich extrem langsam (15 min) - Samsung R70, Win 7, 32 bit
 
Hallo zusammen,

ich habe ein Problem mit meinem schon etwas älteren Laptop (Samsung R70). Dieser ist zwar nicht mehr der neueste und schnellste, jedoch verhält er sich seit ein paar Tagen sehr seltsam.

Angefangen hatte es, als ich den Laptop im Schlafmodus hatte und wieder "erweckt" habe. Alles war eingefroren. Ab diesem Zeitpunkt dauert der Start des Systems gut und gerne 15-20 Minuten. Es kommt das Windows Logo, die Login Seite, dann der normale Desktop nur liegen dazwischen Minuten und alles zieht sich extrem. Sobald das Hochfahren dann aber abgeschlossen ist, läuft das System meiner Meinung normal.

Ich weiß nicht ob es sich um einen Virus, ein Software- oder Hardwareproblem handelt, habe aber mal ein paar Scans angefertigt.

System: Samsung R70, 2 GB RAM, 32-bit, Windows 7 (wurde ursprünglich mit Vista ausgeliefert, habe ich im Studium aufgerüstet)

Wäre nett, wenn mal jemand über die Logs schauen könnte oder sonst einen Tipp hat, was mit dem Rechner sein könnte.

Achja, vor einigen Tagen gab es mal ein größeres Windows-Update. Ob es damit zusammen hängen könnte? Wollte das System per Systemwiederherstellung auf diesen Stand zurücksetzen, es gibt allerdings eine Fehlermeldund von Windows, dass die Wiederherstellung zu diesem Punkt fehlschlägt.

defogger_disable_log:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:32 on 21/10/2014 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST.txt:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2014
Ran by *** (administrator) on MW-PC on 21-10-2014 17:45:42
Running from C:\Users\***\Desktop
Loaded Profile: *** (Available profiles: ***)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(TransAction Software, D 81737 Munich) D:\Opel\bin\tbmux32.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(SAMSUNG Electronics) C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
() D:\Opel\Apache Group\Apache\ApchT2kW.exe
() D:\Opel\Apache Group\Apache\ApchT2kW.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SAMSUNG Electronics Co., Ltd.) C:\Program Files\SamSung\MagicKBD\MagicKBD.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11487848 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [MagicKeyboard] => C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [151552 2006-05-14] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [839680 2010-11-06] (Synaptics, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\...\Run: [] => [X]
AppInit_DLLs: t => t File Not Found
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 1.179.128.2:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDFCAC6BA62DCCB01
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {822D8992-2E48-49BA-B3E2-E2946D8B5C98} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rzgi5nyf.default
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ReminderFox - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rzgi5nyf.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-05-02]
FF Extension: ImTranslator - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rzgi5nyf.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-09-05]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rzgi5nyf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-08]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-02-25]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-03-12]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.spiegel.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-09]
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]
CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-09]
CHR Extension: (Google-Suche) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-09]
CHR Extension: (AdBlock) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-09]
CHR Extension: (avast! Online Security) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-08]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-03-21]
CHR Extension: (Google Wallet) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx [2014-08-06]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-03-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 COSIDS_TB; D:\OPEL\BIN\TbMux32.exe [165376 2001-11-20] (TransAction Software, D 81737 Munich) [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [666696 2011-07-08] (Juniper Networks)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [73728 2007-06-28] () [File not signed]
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 TIS 2000 Apache Web Server; D:\Opel\Apache Group\Apache\ApchT2kW.exe [4096 1999-03-23] () [File not signed]
S2 ShellfireVPN2Service; "C:\Program Files\ShellfireVPN\jre6\bin\java.exe" "-classpath" "C:\Program Files\ShellfireVPN\ShellfireVPN2.exe" "-Xrs" "-Dwrapper.service=true" "-Dwrapper.working.dir=C:\Program Files\ShellfireVPN" "-Dwrapper.config=C:\Users\***\AppData\Roaming\ShellfireVPN\start.conf" "-Dwrapper.additional.1x=-Xrs" "-Dwrapper.stop.conf=C:\Users\***\AppData\Roaming\ShellfireVPN\stop.conf" "-Djna_tmpdir=C:\Users\***\AppData\Local\Temp" "org.rzo.yajsw.boot.WrapperServiceBooter"

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-06] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed]
R0 DiskSec; C:\Windows\system32\Drivers\DiskSec.sys [14208 2008-04-04] (MAGIX) [File not signed]
R2 DOSMEMIO; C:\Windows\system32\MEMIO.SYS [4300 2000-08-24] () [File not signed]
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2009-12-09] (Juniper Networks)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [134144 2013-02-22] (Prolific Technology Inc.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed]
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2010-11-06] (Vimicro Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 ADDMEM; \??\C:\Users\***\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X]
S3 cpuz132; \??\C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 17:38 - 2014-10-21 17:40 - 00038693 _____ () C:\Users\***\Desktop\Addition.txt
2014-10-21 17:34 - 2014-10-21 17:46 - 00022909 _____ () C:\Users\***\Desktop\FRST.txt
2014-10-21 17:34 - 2014-10-21 17:45 - 00000000 ____D () C:\FRST
2014-10-21 17:33 - 2014-10-21 17:34 - 01102336 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-10-21 17:32 - 2014-10-21 17:33 - 00000476 _____ () C:\Users\***\Desktop\defogger_disable.log
2014-10-21 17:31 - 2014-10-21 17:31 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2014-10-21 01:26 - 2014-10-21 01:28 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 01:25 - 2014-10-21 01:27 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-21 01:25 - 2014-10-21 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-21 01:25 - 2014-10-21 01:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-21 01:25 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-21 01:25 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 10:02 - 2014-10-20 10:02 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-20 10:01 - 2014-10-20 10:01 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-20 10:01 - 2014-10-20 10:01 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-20 10:01 - 2014-10-20 10:01 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-20 10:01 - 2014-10-20 10:01 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-20 10:01 - 2014-10-20 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-18 10:30 - 2014-10-18 10:30 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET
2014-10-18 10:27 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-18 10:27 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-18 10:27 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-18 10:27 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-18 10:27 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-18 10:27 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-18 10:27 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-18 10:27 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-18 10:27 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-18 10:27 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-18 10:27 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-18 10:27 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-18 10:27 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-18 10:27 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-18 10:27 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-18 10:27 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-18 10:27 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-18 10:27 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-18 10:27 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-18 10:27 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-18 10:27 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-18 10:27 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-18 10:27 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-18 10:27 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-18 10:27 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-18 10:27 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-18 10:27 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-18 10:27 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-18 10:27 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-18 10:27 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-18 10:27 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-18 10:27 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-18 10:27 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-18 10:27 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-18 10:27 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-18 10:27 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-18 10:27 - 2014-08-29 03:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-18 10:27 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-18 10:27 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-18 10:27 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-18 10:27 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-18 10:27 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-18 10:27 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-18 10:27 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-18 10:27 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-18 10:26 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-18 10:26 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-18 10:26 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-18 10:26 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-18 10:26 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-10 02:02 - 2014-10-20 09:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-10 02:02 - 2014-10-20 09:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-10 01:21 - 2014-10-10 01:21 - 00854704 _____ (Adobe Systems Incorporated) C:\Users\***\Downloads\uninstall_flash_player.exe
2014-10-04 10:52 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 14:37 - 2014-10-01 14:37 - 00000982 _____ () C:\Users\Public\Desktop\ShellfireVPN.lnk
2014-10-01 14:35 - 2014-10-01 14:35 - 65539831 _____ () C:\Users\***\Downloads\ShellfireVPN-2.4-install.exe
2014-09-27 18:09 - 2014-09-27 19:11 - 00000000 ____D () C:\Users\***\Desktop\bilder wohnung
2014-09-25 11:20 - 2014-09-25 11:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 10:06 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 12:04 - 2014-09-24 12:04 - 00000000 ____D () C:\Windows\Hewlett-Packard

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 17:38 - 2013-02-09 02:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 17:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-10-21 15:56 - 2009-07-14 06:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 15:56 - 2009-07-14 06:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 15:53 - 2010-11-05 01:17 - 01522915 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 15:50 - 2010-11-18 00:06 - 00000000 ____D () C:\Users\***\AppData\Local\CrashDumps
2014-10-21 15:49 - 2014-03-11 23:46 - 00000000 ____D () C:\Windows\hsperfdata_SYSTEM
2014-10-21 15:47 - 2013-02-09 02:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 15:47 - 2013-01-25 05:54 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-21 15:47 - 2009-07-14 06:39 - 00189186 _____ () C:\Windows\setupact.log
2014-10-21 15:46 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 01:25 - 2012-08-28 03:04 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-21 01:25 - 2011-10-01 05:51 - 00000000 ____D () C:\Users\***\AppData\Roaming\Malwarebytes
2014-10-21 01:25 - 2011-10-01 05:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 00:21 - 2010-11-05 01:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 22:40 - 2010-11-06 01:40 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2014-10-20 11:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-20 10:03 - 2013-10-01 14:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-20 10:01 - 2011-04-27 22:10 - 00000000 ____D () C:\Program Files\Java
2014-10-20 09:54 - 2014-09-19 09:47 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
2014-10-19 10:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-19 09:22 - 2009-07-14 06:33 - 00307608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 02:00 - 2014-04-23 12:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 11:05 - 2011-03-15 00:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 11:00 - 2013-07-15 01:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 10:33 - 2010-11-05 12:23 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 23:00 - 2014-09-15 22:56 - 00000000 ___RD () C:\Program Files\Skype
2014-10-15 23:00 - 2010-11-06 01:40 - 00000000 ____D () C:\ProgramData\Skype
2014-10-01 14:38 - 2013-02-08 03:36 - 00000000 ____D () C:\Program Files\ShellfireVPN
2014-10-01 11:58 - 2013-09-15 22:30 - 00000000 ____D () C:\Users\***\AppData\Roaming\HpUpdate
2014-10-01 11:11 - 2012-08-28 03:04 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 11:11 - 2013-01-16 05:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 10:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 12:06 - 2013-09-15 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-24 12:06 - 2013-09-15 22:28 - 00000000 ____D () C:\Program Files\HP

Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\***\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\***\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\***\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\***\AppData\Local\Temp\ShellfireVPN_installer7807331020567699179.exe
C:\Users\***\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
Addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-10-2014
Ran by *** at 2014-10-21 17:48:23
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Any Video Converter 5.0.7 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Biet-O-Matic v2.14.8 (HKLM\...\Biet-O-Matic v2.14.8) (Version: Biet-O-Matic v2.14.8 - BOM Development Team)
Bild Albelli Fotoservice (HKCU\...\{4E97552A-D0D2-47E3-B4A0-82E5A57A4198}_is1) (Version:  - Bild Albelli)
BILDmobil (HKLM\...\BILDmobil) (Version: 11.301.08.01.35 - Huawei Technologies Co.,Ltd)
Business - Kommunikationstrainer English (HKLM\...\KTE_14_669070) (Version:  - digital publishing AG)
Business - Sprachführer English (HKLM\...\SPE_14_669073) (Version:  - digital publishing AG)
Business - Sprachkurs English (HKLM\...\BTEIK_14_674328) (Version:  - digital publishing AG)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2474 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Dr Kawashima (HKCU\...\DrKawashima) (Version: 1.0 - )
Druckerdeinstallation für EPSON SX600FW Series (HKLM\...\EPSON SX600FW Series) (Version:  - SEIKO EPSON Corporation)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.1 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.0.14 - )
Elevated Installer (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (HKLM\...\ElsterFormular 13.2.0.8623p) (Version: 13.2.0.8623p - Landesfinanzdirektion Thüringen)
ElsterFormular-Update (HKLM\...\ElsterFormular für Privatanwender 12.2.0.6412p) (Version: 1.0 - Landesfinanzdirektion Thüringen)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Fotosizer 1.32 (HKLM\...\Fotosizer) (Version: 1.32 - Fotosizer.com)
Free YouTube to MP3 Converter version 3.12.0.128 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.0.128 - DVDVideoSoft Ltd.)
Garmin Express (HKLM\...\{d6f59919-3fd4-48c5-8404-def6f92d8422}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
GMX ProfiFax (HKLM\...\GMX ProfiFax) (Version: 2.00.222 - GMX GmbH)
GMX SMS-Manager (HKLM\...\com.unitedinternet.ums.sms-mms-manager) (Version: 2.1 - 1 und 1 Internet AG)
GMX SMS-Manager (Version: 2.1 - 1 und 1 Internet AG) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
HoDoKu (HKLM\...\{7B21DE80-CBC2-4D47-87D7-5142E2B4C7F7}) (Version: 2.2.0.1 - hobiwan)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{63EA2A2E-E67D-4A5A-9245-2A50353E2340}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
inSSIDer 2.0 (HKLM\...\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}) (Version: 2.0.7 - MetaGeek)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (Version: 2.1.71.14 - Oracle, Inc.) Hidden
Juniper Networks Network Connect 6.5.0 (HKLM\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.14951 - Juniper Networks)
Juniper Networks Network Connect 7.0.0 (HKLM\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.18809 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.5.10685 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Magic Keyboard (HKLM\...\{BD723E53-A42C-4702-AA04-1D74A0311590}) (Version: 7.0.1.4 - )
MAGIX PC Check & Tuning 2010 Download-Version 5.0.25.701 (D) (HKLM\...\MAGIX PC Check & Tuning 2010 Download-Version D) (Version: 5.0.25.701 - MAGIX AG)
MAGIX Screenshare (HKLM\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
O&O SafeErase (HKLM\...\{DCD786A9-31EF-4D35-B7CC-EFB8F548AEE2}) (Version: 2.7.523 - O&O Software GmbH)
office wörterbuch pro 3 (HKLM\...\office wörterbuch pro 3) (Version: 3.0 - Lingenio GmbH)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Architect (HKLM\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDF Blender (HKLM\...\PDF Blender) (Version:  - )
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.205.0 - Tracker Software Products Ltd)
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PL-2303 USB-to-Serial (HKLM\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.1 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Samsung Recovery Solution II (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 1.0.3.21 - Samsung)
Samsung SCX-4100 Series (HKLM\...\Samsung SCX-4100 Series) (Version:  - )
Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden
Secunia PSI (3.0.0.3001) (HKLM\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
Secure Download Manager (HKLM\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
ShellfireVPN 2.4 (HKLM\...\ShellfireVPN) (Version: 2.4 - )
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpoQ Training Gym Pro (HKLM\...\SpoQ Training Gym Pro) (Version:  - )
SPSS 15.0 für Windows [Auswertung Version] (HKLM\...\{6D9B9CF3-1E9C-45B6-B41E-5CF568605556}) (Version: 15.0.1 - SPSS Inc.)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.15.0 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
TeXnicCenter Version 1.0 Stable RC1 (HKLM\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinSCP 4.3.3 (HKLM\...\winscp3_is1) (Version: 4.3.3 - Martin Prikryl)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{0F130AC8-CDF1-4DAA-AA9B-7B4083F49EA4}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\PtContainerUI.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{40D7C9AD-E126-4D66-A5FE-B9D589DC3C84}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\widgets\minigames\minigamesctrl.ocx No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{492042A2-4432-44A1-9A39-85B2D3C0119E}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\PtContainerUI.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Users\***\AppData\Local\Temp\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{876FA801-2B5E-4201-9E6B-2EF2C05A5C6B}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\WidgetbarAPI.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{89425F5E-A2BD-44CD-9E4F-F1498522F0E5}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\WidgetbarManagerUI.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{9642D229-6B2E-49FD-B6BB-43B37BD97B6B}\localserver32 -> "C:\Poker\Betfair.com Poker\widgetbar\PTContainerOle.exe" No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{F6F8856F-374D-4397-BB1C-80AB57E60529}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\WidgetbarAPI.dll No File

==================== Restore Points  =========================

15-09-2014 21:39:21 Windows Update
23-09-2014 15:18:32 Geplanter Prüfpunkt
24-09-2014 10:04:31 Installed HP Update.
25-09-2014 08:06:25 Windows Update
02-10-2014 18:44:53 Geplanter Prüfpunkt
04-10-2014 08:52:36 Windows Update
13-10-2014 09:52:40 Geplanter Prüfpunkt
18-10-2014 08:28:27 Windows Update
20-10-2014 07:56:42 Installed Java 7 Update 71
21-10-2014 11:46:38 Wiederherstellungsvorgang

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2012-09-12 15:04 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0012840F-B1F0-4CE9-8E7A-28145C05E157} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)
Task: {13CFA97E-6913-4041-8267-E61C93CC95DA} - System32\Tasks\{D0EE6062-49E5-4653-A2A9-53654686A780} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111.259&LastError=500
Task: {1444C24F-220E-4A14-AD63-3D43F19B6E88} - System32\Tasks\{5DC46035-45F4-46A5-8D3C-38DA4F0EC836} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.111.259/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12002&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {31EB0489-D0BD-4ED3-B292-4718C9397209} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)
Task: {320CD898-6B38-43E8-BBF2-4EAF49AE1780} - System32\Tasks\{D4F9D07E-4F26-40A3-B209-05386BE711A8} => C:\Program Files\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {32C6D770-BAF0-48F6-B483-08759FC0CA13} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-06] (AVAST Software)
Task: {3F163037-72CF-4084-9F52-E4E47F1BF486} - System32\Tasks\{16860F19-E699-42B5-A14F-F4C44CB9E09A} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.111.259/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12002&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {657127C2-FC7D-41D7-B2AE-6262FA504D31} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-01-02] (SAMSUNG Electronics co., LTD.)
Task: {6F6E4020-CB5D-4236-862E-575D7B925966} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2007-10-17] (SAMSUNG Electronics)
Task: {7004E57D-44B5-4158-BD97-DBF48CAA55EA} - System32\Tasks\{C7C93778-A855-437D-AD51-F248F5D83500} => C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2013-08-14] (Microsoft Corporation)
Task: {8D3666EC-5665-4FDF-942F-0DE3B4569F15} - System32\Tasks\{8E4D79ED-DE12-46C7-BED6-F6A8E15C0F09} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111.259&LastError=12002
Task: {92430ECB-5A61-4779-AF88-D4B121CBEEA6} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2007-12-28] (Samsung Electronics Co., Ltd.)
Task: {D298E68C-31CA-4A0D-BBBF-7F44C57D31EF} - System32\Tasks\{87F27F3E-7143-4991-A95D-DC7E45A93CB7} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111.259&LastError=12002
Task: {E5B64DE8-C86B-41BB-A57A-70A1F23DA336} - System32\Tasks\{CA5AB1D0-201A-4AB3-BFC8-6A1BB8629204} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111.259&LastError=12002

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-29 17:29 - 2014-07-02 21:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-08-06 15:25 - 2014-08-06 15:25 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-21 12:59 - 2014-10-21 12:59 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14102100\algo.dll
2011-07-15 00:38 - 2006-12-04 01:25 - 00022723 _____ () C:\Windows\System32\SSGR3l3.dll
2003-07-11 03:09 - 2003-07-11 03:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2012-05-02 04:15 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2012-05-02 04:15 - 2006-09-19 01:52 - 00028672 _____ () C:\Program Files\Samsung\Easy Display Manager\WinMove.dll
2010-11-06 21:55 - 2006-08-12 13:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
2014-03-11 23:46 - 1999-03-23 21:07 - 00004096 _____ () D:\Opel\Apache Group\Apache\ApchT2kW.exe
2014-03-11 23:46 - 2001-01-15 10:35 - 00269824 _____ () D:\Opel\Apache Group\Apache\ApacheCore.dll
2014-03-11 23:46 - 2001-09-06 17:58 - 00119808 _____ () d:\opel\apache group\apache\modules\T2KApacheModuleJServ.dll
2014-08-06 15:25 - 2014-08-06 15:25 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-05-02 04:09 - 2005-07-12 07:34 - 00045056 _____ () C:\Program Files\SamSung\MagicKBD\EasyBoxDll.dll
2014-09-25 11:20 - 2014-09-25 11:20 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Samsung Update Plus => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk => C:\Windows\pss\BTTray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Device Detection => C:\Program Files\Lidl_Fotos\dd.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2791256138-4108016520-4061832491-500 - Administrator - Disabled)
Gast (S-1-5-21-2791256138-4108016520-4061832491-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2791256138-4108016520-4061832491-1002 - Limited - Enabled)
*** (S-1-5-21-2791256138-4108016520-4061832491-1001 - Administrator - Enabled) => C:\Users\***

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2014 03:49:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PerformanceManager.exe, Version: 1.0.2.0, Zeitstempel: 0x477c744e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00052c26
ID des fehlerhaften Prozesses: 0x10bc
Startzeit der fehlerhaften Anwendung: 0xPerformanceManager.exe0
Pfad der fehlerhaften Anwendung: PerformanceManager.exe1
Pfad des fehlerhaften Moduls: PerformanceManager.exe2
Berichtskennung: PerformanceManager.exe3

Error: (10/21/2014 03:49:40 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0x80070017.

Error: (10/21/2014 03:28:27 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0x80070017.

Error: (10/21/2014 03:28:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PerformanceManager.exe, Version: 1.0.2.0, Zeitstempel: 0x477c744e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00052c26
ID des fehlerhaften Prozesses: 0x1030
Startzeit der fehlerhaften Anwendung: 0xPerformanceManager.exe0
Pfad der fehlerhaften Anwendung: PerformanceManager.exe1
Pfad des fehlerhaften Moduls: PerformanceManager.exe2
Berichtskennung: PerformanceManager.exe3

Error: (10/21/2014 02:36:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

GMER.txt:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-21 20:36:07
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2035GSS rev.DK022A 186,31GB
Running: 3gol8ee1.exe; Driver: C:\Users\***\AppData\Local\Temp\pxldypoc.sys


---- System - GMER 2.1 ----

SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwAddBootEntry [0x8A320BA6]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwAssignProcessToJobObject [0x8A321684]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwCreateEvent [0x8A32D6F8]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwCreateEventPair [0x8A32D744]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwCreateIoCompletion [0x8A32D8DE]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwCreateMutant [0x8A32D666]
SSDT  \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwCreateSection [0x89F7DDF0]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwCreateSemaphore [0x8A32D6AE]
SSDT  \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwCreateThread [0x89F7E080]
SSDT  \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwCreateThreadEx [0x89F7E16A]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwCreateTimer [0x8A32D898]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwDebugActiveProcess [0x8A322472]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwDeleteBootEntry [0x8A320C0C]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwDuplicateObject [0x8A325C68]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwLoadDriver [0x8A3207F8]
SSDT  \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwMapViewOfSection [0x89F7DED0]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwModifyBootEntry [0x8A320C72]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwNotifyChangeKey [0x8A32605E]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwNotifyChangeMultipleKeys [0x8A322F5A]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwOpenEvent [0x8A32D722]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwOpenEventPair [0x8A32D766]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwOpenIoCompletion [0x8A32D902]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwOpenMutant [0x8A32D68C]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwOpenProcess [0x8A325560]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwOpenSection [0x8A32D816]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwOpenSemaphore [0x8A32D6D6]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwOpenThread [0x8A32594C]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwOpenTimer [0x8A32D8BC]
SSDT  \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwProtectVirtualMemory [0x89F7DC6E]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwQueryObject [0x8A322DCE]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwQueueApcThreadEx [0x8A322ADC]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwSetBootEntryOrder [0x8A320CD8]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwSetBootOptions [0x8A320D3E]
SSDT  \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwSetContextThread [0x89F7DFCC]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwSetSystemInformation [0x8A320892]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwSetSystemPowerState [0x8A320A64]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwShutdownSystem [0x8A3209F2]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwSuspendProcess [0x8A32263C]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwSuspendThread [0x8A32279E]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwSystemDebugControl [0x8A320AEC]
SSDT  \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwTerminateProcess [0x89F7DD3C]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwTerminateThread [0x8A3222CC]
SSDT  \SystemRoot\system32\drivers\aswSnx.sys                                                                              ZwVdmControl [0x8A320DA4]
SSDT  \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwWriteVirtualMemory [0x89F7DBA0]

---- Kernel code sections - GMER 2.1 ----

.text  ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                            834379A5 1 Byte  [06]
.text  ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              83457512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntoskrnl.exe!KeRemoveQueueEx + 1393                                                                                  8345E988 4 Bytes  [A6, 0B, 32, 8A]
.text  ntoskrnl.exe!KeRemoveQueueEx + 141B                                                                                  8345EA10 4 Bytes  [84, 16, 32, 8A]
.text  ntoskrnl.exe!KeRemoveQueueEx + 146F                                                                                  8345EA64 8 Bytes  [F8, D6, 32, 8A, 44, D7, 32, ...] {CLC ; SALC ; XOR CL, [EDX-0x75cd28bc]}
.text  ntoskrnl.exe!KeRemoveQueueEx + 147B                                                                                  8345EA70 4 Bytes  [DE, D8, 32, 8A]
.text  ntoskrnl.exe!KeRemoveQueueEx + 1497                                                                                  8345EA8C 4 Bytes  [66, D6, 32, 8A]
.text  ...                                                                                                                 

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[108] kernel32.dll!GetBinaryTypeW + 70                        771B6AAC 1 Byte  [62]
.text  C:\Windows\system32\agrsmsvc.exe[344] kernel32.dll!GetBinaryTypeW + 70                                              771B6AAC 1 Byte  [62]
.text  C:\Windows\Explorer.EXE[356] kernel32.dll!GetBinaryTypeW + 70                                                        771B6AAC 1 Byte  [62]
.text  C:\Windows\system32\csrss.exe[468] kernel32.dll!GetBinaryTypeW + 70                                                  771B6AAC 1 Byte  [62]
.text  D:\OPEL\BIN\TbMux32.exe[488] kernel32.dll!GetBinaryTypeW + 70                                                        771B6AAC 1 Byte  [62]
.text  ...                                                                                                                 
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] kernel32.dll!SetUnhandledExceptionFilter                    7719F5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] kernel32.dll!GetBinaryTypeW + 70                            771B6AAC 1 Byte  [62]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1632] kernel32.dll!GetBinaryTypeW + 70              771B6AAC 1 Byte  [62]
.text  C:\Windows\system32\taskhost.exe[1728] kernel32.dll!GetBinaryTypeW + 70                                              771B6AAC 1 Byte  [62]
.text  C:\Windows\System32\spoolsv.exe[1892] kernel32.dll!GetBinaryTypeW + 70                                              771B6AAC 1 Byte  [62]
.text  C:\Windows\system32\svchost.exe[1928] kernel32.dll!GetBinaryTypeW + 70                                              771B6AAC 1 Byte  [62]
.text  ...                                                                                                                 
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[4180] kernel32.dll!SetUnhandledExceptionFilter                    7719F5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[4180] kernel32.dll!GetBinaryTypeW + 70                            771B6AAC 1 Byte  [62]
.text  C:\Program Files\SamSung\MagicKBD\MagicKBD.exe[4264] kernel32.dll!GetBinaryTypeW + 70                                771B6AAC 1 Byte  [62]
.text  C:\Program Files\HP\HP Software Update\hpwuschd2.exe[4312] kernel32.dll!GetBinaryTypeW + 70                          771B6AAC 1 Byte  [62]
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[4332] kernel32.dll!GetBinaryTypeW + 70                    771B6AAC 1 Byte  [62]
.text  C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe[4396] kernel32.dll!GetBinaryTypeW + 70  771B6AAC 1 Byte  [62]
.text  ...                                                                                                                 

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002787565a0                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002787565a0@a87e33f9f904                            0x3A 0x9A 0xC5 0x7B ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002787565a0 (not active ControlSet)                     
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002787565a0@a87e33f9f904                                0x3A 0x9A 0xC5 0x7B ...
Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                               
Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE02.07.00.01MSWINDOWS                                94FAAF35EAAEBE0D24AF713C27573F7D04EC34C1F75CE29BA5665444A1C0C8AADB32DAD087ADDF0A7E6B0D4BD70645A29828120BC03D2C29223EA03B32085B2B53D6461EBC5432F30452B68BEF1BC9B9137F31CE557A1B9D6DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CFEBC9E127BECC74CBA7FD869164D6794DEB610F28445FCA8A767D61F60F40B794DA07ADED7563BC79613D174BFA2D4F44DBC580EB8EE12D1ED4F83B8D55CA521AF9D69EA80CB02A95624BE9736AF03CCD81919D79CE2DABFD30D0C1DD1104F3D4F9F8F7DA2B2505F5441B884069E5279CD05C21E63190504C106660AB483CD9FD25506E3F0191EA093FE9FBA4BB40FAEAD1F19323AB15375D77F5DC158CEF85E144CBBF390AD7A62CBD7A53E195D1CE62CE9B76BBF709D2E65A60E0C88AD3DD522FB748398C785E1E728549873A3EEDD334B08A086BA4F0DEF09EA3205811BA5BF3A466E18DD752008320856D6BB93165D0ECC32969DE734B29BB80482CB2530E2451B958F8F9360001BED88B07BA6D47BE19A7FE945F8871AB511D3A835859CB53D335C729B3B2BD6EC8C4362DADB2213D65A70EF86ACB4471162F7928BF8D518A4A0292C675FCBC7133A9FC1F9774B5C6447EC0BD73CA690CEEECA52BB4D8B9B664AE8187C8
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active                                 
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@87F3E94E                          1639

---- EOF - GMER 2.1 ----

schrauber 22.10.2014 06:20
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

puntaara 22.10.2014 17:22
Danke für deine Antwort.

Habe ComboFix laufen lassen. Der erste Durchlauf dauerte sehr lange und obwohl der Lauf abgeschlossen wurde, gab es kein Logfile. Zumindest wurde kein Fenster geöffnet und auch eine Datei c:\combofix.txt konnte ich nicht finden.

Habe es noch ein zweites Mal laufen lassen, dann ging es:

Code:
ComboFix 14-10-21.01 - *** 22.10.2014  17:39:43.4.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2046.989 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-09-22 bis 2014-10-22  ))))))))))))))))))))))))))))))
.
.
2014-10-22 15:54 . 2014-10-22 15:54        --------        d-----w-        c:\users\Public\AppData\Local\temp
2014-10-22 15:54 . 2014-10-22 15:54        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-10-21 15:34 . 2014-10-21 15:45        --------        d-----w-        C:\FRST
2014-10-20 23:26 . 2014-10-20 23:28        114904        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-20 23:25 . 2014-10-01 09:11        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-10-20 23:25 . 2014-10-01 09:11        75480        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-10-20 23:25 . 2014-10-20 23:27        --------        d-----w-        c:\program files\Malwarebytes Anti-Malware
2014-10-20 08:02 . 2014-10-20 08:02        --------        d-----w-        c:\program files\Common Files\Java
2014-10-20 08:01 . 2014-10-20 08:01        96680        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2014-10-18 08:30 . 2014-10-18 08:30        --------        d-----w-        c:\program files\Microsoft ASP.NET
2014-10-18 08:26 . 2014-09-05 01:52        5703168        ----a-w-        c:\windows\system32\mstscax.dll
2014-10-18 08:26 . 2014-09-18 01:32        2363904        ----a-w-        c:\windows\system32\msi.dll
2014-10-18 08:26 . 2014-06-18 22:23        156824        ----a-w-        c:\windows\system32\mscorier.dll
2014-10-18 08:26 . 2014-06-18 22:23        1131664        ----a-w-        c:\windows\system32\dfshim.dll
2014-10-18 08:26 . 2014-06-18 22:23        81560        ----a-w-        c:\windows\system32\mscories.dll
2014-10-10 00:02 . 2014-10-20 07:54        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-10 00:02 . 2014-10-20 07:54        701104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-10-04 08:52 . 2014-09-25 01:40        519680        ----a-w-        c:\windows\system32\qdvd.dll
2014-09-25 08:06 . 2014-09-09 21:47        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-24 10:04 . 2014-09-24 10:04        --------        d-----w-        c:\windows\Hewlett-Packard
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-01 09:11 . 2012-08-28 01:04        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-08-28 20:33 . 2010-06-24 00:33        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 01:46 . 2014-08-28 21:53        305152        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-06 13:26 . 2013-02-08 11:29        414520        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-08-06 13:25 . 2014-01-06 23:23        71944        ----a-w-        c:\windows\system32\drivers\aswstm.sys
2014-08-06 13:25 . 2014-08-06 13:25        24184        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-08-06 13:25 . 2013-03-04 00:46        192352        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-08-06 13:25 . 2013-03-04 00:46        49944        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-08-06 13:25 . 2013-02-08 11:29        81768        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-08-06 13:25 . 2013-02-08 11:29        779536        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2014-08-06 13:25 . 2013-02-08 11:29        67824        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-08-06 13:25 . 2014-08-06 13:25        43152        ----a-w-        c:\windows\avastSS.scr
2014-08-06 13:25 . 2013-02-08 11:29        276432        ----a-w-        c:\windows\system32\aswBoot.exe
2014-08-01 11:35 . 2014-09-15 21:38        793600        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-07-25 13:50 . 2014-07-29 15:03        1291280        ----a-w-        c:\windows\system32\nvspbridge.dll
2014-07-25 13:50 . 2014-04-23 14:42        1126480        ----a-w-        c:\windows\system32\nvspcap.dll
2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 04:49        281760        ----a-w-        c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-06 13:25        578240        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8500 A910 (NET)"="c:\program files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-11-06 839680]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-06 4085896]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-07-25 1126480]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [BU]
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57        959904        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-12-18 18:42        40312        ----a-w-        c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-25 16:08        2569616        ----a-w-        c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection]
c:\program files\Lidl_Fotos\dd.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2013-12-13 09:36        1095000        ----a-w-        c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
c:\program files\Malwarebytes' Anti-Malware\mbam.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54        4240760        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2013-10-02 19:28        1090912        ----a-w-        c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-07-25 13:51        2403104        ----a-w-        c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2014-07-04 10:40        191528        ----a-w-        c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
c:\program files\Unlocker\UnlockerAssistant.exe [BU]
.
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-13 250712]
R2 ShellfireVPN2Service;ShellfireVPN2Service;c:\program files\ShellfireVPN\jre6\bin\java.exe [2011-05-04 145184]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 ADDMEM;ADDMEM;c:\users\***\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-22 112128]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
R3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\DRIVERS\ser2pl.sys [2013-02-22 134144]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-18 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-01 1343400]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys [2009-07-14 20480]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 DiskSec;Magix Volume Filter Driver; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-08-06 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-08-06 414520]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-08-06 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-08-06 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-08-06 71944]
S2 COSIDS_TB;COSIDS_TB;d:\opel\BIN\TbMux32.exe [2001-11-20 165376]
S2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2000-08-24 4300]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 13312]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 17536800]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [2013-01-09 1324104]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [2013-01-09 795208]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2012-07-25 681056]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]
S3 NETwLv32;    Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 19232]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2010-11-06 243840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-17 08:39        1089352        ----a-w-        c:\program files\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-09 00:04]
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-09 00:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.spiegel.de/
uInternet Settings,ProxyServer = 1.179.128.2:8080
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rzgi5nyf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE02.07.00.01MSWINDOWS"="94FAAF35EAAEBE0D24AF713C27573F7D04EC34C1F75CE29BA5665444A1C0C8AADB32DAD087ADDF0A7E6B0D4BD70645A29828120BC03D2C29223EA03B32085B2B53D6461EBC5432F30452B68BEF1BC9B9137F31CE557A1B9D6DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CFEBC9E127BECC74CBA7FD869164D6794DEB610F28445FCA8A767D61F60F40B794DA07ADED7563BC79613D174BFA2D4F44DBC580EB8EE12D1ED4F83B8D55CA521AF9D69EA80CB02A95624BE9736AF03CCD81919D79CE2DABFD30D0C1DD1104F3D4F9F8F7DA2B2505F5441B884069E5279CD05C21E63190504C106660AB483CD9FD25506E3F0191EA093FE9FBA4BB40FAEAD1F19323AB15375D77F5DC158CEF85E144CBBF390AD7A62CBD7A53E195D1CE62CE9B76BBF709D2E65A60E0C88AD3DD522FB748398C785E1E728549873A3EEDD334B08A086BA4F0DEF09EA3205811BA5BF3A466E18DD752008320856D6BB93165D0ECC32969DE734B29BB80482CB2530E2451B958F8F9360001BED88B07BA6D47BE19A7FE945F8871AB511D3A835859CB53D335C729B3B2BD6EC8C4362DADB2213D65A70EF86ACB4471162F7928BF8D518A4A0292C675FCBC7133A9FC1F9774B5C6447EC0BD73CA690CEEECA52BB4D8B9B664AE8187C865443E0A23A9919D5E24365F4E21454F6117FF1CBACE9DBE8B0864E6B0A8887C6976C8BC533A620E4BBE89745C4543A41E950E162FD52A3C37C538B92024159CF2D1A2BF72F1D16A571221EF2080CEC11EBF5E9F1A7F7ECE86A32B3A146FB6662F1D83F605722ABAFDE767D09A56DF2F21495398A123A3A793904BE5054E4485306E7A67B584EB1AD2723236A1C9F7785268863132DEC2E2A6C600A29AB9E3B0CCDBA299762B11EDAAE195B4AEB3D49FB265D60C46BD71143C990540BCE3DA00AF1F8EED9AACC0A8D9DFB58331CD65B9DDF538A2EC3B84E9F5E1442A7464A7EDE5D7D06B96917B4A96224B10036EDC4C5E1E1A1AFB03E76B1F79CDC881D42FA2EC058DD035B79FEA9AE9F61E0C67A41647CB2C900AF0DBCFBAA129185E395E43410CDCED541D1EE1CF52CC55D5F66ADFB47210929C5BCF817CD8D2ECE2DA92DBB045390A45F722FA37242A14C18918EA39B41CC88F6D828307BDDE9E691D8E7A61916C13900228D76A0071ADB07CF89871758E15050E1E9069286DB25ACEECEEA0E76E1AD6D1AFA5DC2D83B0B4DE56B661E5D7E065F4C016FB83DFE331DACBD90E606D672F9888D385DC6F1300990A01355803882B500D5D1516C361086C737376D0DEA4B7910807A39969272637F3E7626228974EB58752B8BB245901369DE0D2D074BCEC4463028E2C051500453F98940D8D45E1C260E0BD26353D7EAAEFD59"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-22  17:58:15
ComboFix-quarantined-files.txt  2014-10-22 15:58
.
Vor Suchlauf: 9.288.040.448 Bytes frei
Nach Suchlauf: 8.988.110.848 Bytes frei
.
- - End Of File - - 099359EDD9407AC62B2B169B4B60DB55
D7AD5AA31A559120C3BA48FD0A1B1636

schrauber 23.10.2014 11:08
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

puntaara 23.10.2014 14:06
Danke dir für die Antwort. Anbei die Logs:

mbam.txt
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 23.10.2014
Suchlauf-Zeit: 12:19:32
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.10.23.03
Rootkit Datenbank: v2014.10.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: ***

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 313561
Verstrichene Zeit: 33 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-2791256138-4108016520-4061832491-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [5ec169af9be18bab89d35cc63cc703fd],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 17
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\images, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\de, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\en, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\es, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\fr, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\it, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\ja, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\nl, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\pl, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\pt, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\ru, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\tr, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\zh_CN, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\zh_TW, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],

Dateien: 35
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\background.html, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\background.js, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\dvs_freeyoutubedownload.css, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\dvs_freeyoutubedownload.js, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\dvs_logo.ico, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\dvs_logo_128.png, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\dvs_logo_32.png, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\dvs_logo_48.png, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\errorRunProgramm.html, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\manifest.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\np_dvs_plugin.dll, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\options.html, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\options.js, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\page_action.html, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\images\backbar.png, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\images\download.png, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\images\fs.png, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\images\headphone.png, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\images\logo.png, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\images\manager.png, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\images\YoutubeDownloader.png, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\images\YoutubeToMp3.png, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\de\messages.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\en\messages.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\es\messages.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\fr\messages.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\it\messages.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\ja\messages.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\nl\messages.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\pl\messages.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\pt\messages.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\ru\messages.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\tr\messages.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\zh_CN\messages.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\_locales\zh_TW\messages.json, In Quarantäne, [9986cc4ce399979fe8febf58a45f7c84],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
AdwCleaner:
Code:
# AdwCleaner v4.001 - Bericht erstellt am 23/10/2014 um 13:56:51
# DB v2014-10-21.1
# Aktualisiert 20/10/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : *** - MW-PC
# Gestartet von : C:\Users\***\Desktop\AdwCleaner_4.001.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\***\AppData\Local\eSupport.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\ProgramData\SecTaskMan

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_spss_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_spss_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 de)


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [6824 octets] - [23/10/2014 13:49:19]
AdwCleaner[S0].txt - [6638 octets] - [23/10/2014 13:56:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6698 octets] ##########
JRT.txt:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Professional x86
Ran by *** on 23.10.2014 at 14:18:12,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1BC2423E-5A5E-419B-9AFC-E8DD3D75EF4B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1EC10DA5-8982-422D-AC82-9733D53DAD8C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2A1A832E-9C86-484C-805A-9C2E660CF333}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{447487AE-37A9-4AEA-8FB0-2DA3EA6B4C62}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{53D71009-6817-415A-B325-D26E4B5039EA}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{76E5790A-4018-4812-B968-930E0F09B8F7}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CA8869F3-856E-413E-BE71-4BCBEB4C9BEB}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D3FCAF7E-214E-43C2-8863-1F8DC37A3608}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E555D918-DE51-41FD-B983-436A9EFFF0AA}



~~~ FireFox

Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\rzgi5nyf.default\minidumps [173 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.10.2014 at 14:21:55,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2014
Ran by *** (administrator) on MW-PC on 23-10-2014 14:49:54
Running from C:\Users\***\Desktop
Loaded Profile: *** (Available profiles: ***)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(TransAction Software, D 81737 Munich) D:\Opel\bin\tbmux32.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(SAMSUNG Electronics) C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SAMSUNG Electronics Co., Ltd.) C:\Program Files\SamSung\MagicKBD\MagicKBD.exe
(Samsung Electronics Co. Ltd.) C:\Program Files\SamSung\MagicKBD\PerformanceManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
() D:\Opel\Apache Group\Apache\ApchT2kW.exe
() D:\Opel\Apache Group\Apache\ApchT2kW.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11487848 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [MagicKeyboard] => C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [151552 2006-05-14] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [839680 2010-11-06] (Synaptics, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 1.179.128.2:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDFCAC6BA62DCCB01
SearchScopes: HKCU - {822D8992-2E48-49BA-B3E2-E2946D8B5C98} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rzgi5nyf.default
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ReminderFox - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rzgi5nyf.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-05-02]
FF Extension: ImTranslator - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rzgi5nyf.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-09-05]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rzgi5nyf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-08]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-02-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.spiegel.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-09]
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]
CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-09]
CHR Extension: (Google-Suche) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-09]
CHR Extension: (AdBlock) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-09]
CHR Extension: (Avast Online Security) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-08]
CHR Extension: (Google Wallet) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 COSIDS_TB; D:\OPEL\BIN\TbMux32.exe [165376 2001-11-20] (TransAction Software, D 81737 Munich) [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [666696 2011-07-08] (Juniper Networks)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [73728 2007-06-28] () [File not signed]
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 TIS 2000 Apache Web Server; D:\Opel\Apache Group\Apache\ApchT2kW.exe [4096 1999-03-23] () [File not signed]
S2 ShellfireVPN2Service; "C:\Program Files\ShellfireVPN\jre6\bin\java.exe" "-classpath" "C:\Program Files\ShellfireVPN\ShellfireVPN2.exe" "-Xrs" "-Dwrapper.service=true" "-Dwrapper.working.dir=C:\Program Files\ShellfireVPN" "-Dwrapper.config=C:\Users\***\AppData\Roaming\ShellfireVPN\start.conf" "-Dwrapper.additional.1x=-Xrs" "-Dwrapper.stop.conf=C:\Users\***\AppData\Roaming\ShellfireVPN\stop.conf" "-Djna_tmpdir=C:\Users\***\AppData\Local\Temp" "org.rzo.yajsw.boot.WrapperServiceBooter"

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-06] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed]
R0 DiskSec; C:\Windows\system32\Drivers\DiskSec.sys [14208 2008-04-04] (MAGIX) [File not signed]
R2 DOSMEMIO; C:\Windows\system32\MEMIO.SYS [4300 2000-08-24] () [File not signed]
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2009-12-09] (Juniper Networks)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [134144 2013-02-22] (Prolific Technology Inc.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed]
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2010-11-06] (Vimicro Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 ADDMEM; \??\C:\Users\***\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X]
S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 14:49 - 2014-10-23 14:51 - 00021574 _____ () C:\Users\***\Desktop\FRST.txt
2014-10-23 14:49 - 2014-10-23 14:49 - 00000000 ____D () C:\Users\***\Desktop\Logs Virenscans
2014-10-23 14:21 - 2014-10-23 14:47 - 00001692 _____ () C:\Users\***\Desktop\JRT.txt
2014-10-23 14:17 - 2014-10-23 14:17 - 00000000 ____D () C:\Windows\ERUNT
2014-10-23 14:13 - 2014-10-23 14:13 - 01706144 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe
2014-10-23 14:10 - 2014-10-23 14:10 - 00006758 _____ () C:\Users\***\Desktop\AdwCleaner[S0].txt
2014-10-23 13:49 - 2014-10-23 13:56 - 00000000 ____D () C:\AdwCleaner
2014-10-23 13:48 - 2014-10-23 13:48 - 01962496 _____ () C:\Users\***\Desktop\AdwCleaner_4.001.exe
2014-10-23 13:47 - 2014-10-23 13:47 - 00012757 _____ () C:\Users\***\Desktop\mbam.txt
2014-10-22 17:58 - 2014-10-22 17:58 - 00018990 _____ () C:\ComboFix.txt
2014-10-22 16:39 - 2014-10-22 17:58 - 00000000 ____D () C:\Qoobox
2014-10-22 16:39 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-22 16:39 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-22 16:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-22 16:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-22 16:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-22 16:39 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-22 16:39 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-22 16:39 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-22 16:37 - 2014-10-22 16:37 - 05584933 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2014-10-21 19:51 - 2014-10-21 19:51 - 00380416 _____ () C:\Users\***\Desktop\3gol8ee1.exe
2014-10-21 17:34 - 2014-10-23 14:50 - 00000000 ____D () C:\FRST
2014-10-21 17:33 - 2014-10-23 14:48 - 01103360 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-10-21 17:31 - 2014-10-21 17:31 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2014-10-21 01:26 - 2014-10-23 13:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 01:25 - 2014-10-21 01:27 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-21 01:25 - 2014-10-21 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-21 01:25 - 2014-10-21 01:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-21 01:25 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-21 01:25 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 10:02 - 2014-10-20 10:02 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-20 10:01 - 2014-10-20 10:01 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-20 10:01 - 2014-10-20 10:01 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-20 10:01 - 2014-10-20 10:01 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-20 10:01 - 2014-10-20 10:01 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-20 10:01 - 2014-10-20 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-18 10:30 - 2014-10-18 10:30 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET
2014-10-18 10:27 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-18 10:27 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-18 10:27 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-18 10:27 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-18 10:27 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-18 10:27 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-18 10:27 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-18 10:27 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-18 10:27 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-18 10:27 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-18 10:27 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-18 10:27 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-18 10:27 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-18 10:27 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-18 10:27 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-18 10:27 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-18 10:27 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-18 10:27 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-18 10:27 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-18 10:27 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-18 10:27 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-18 10:27 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-18 10:27 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-18 10:27 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-18 10:27 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-18 10:27 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-18 10:27 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-18 10:27 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-18 10:27 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-18 10:27 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-18 10:27 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-18 10:27 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-18 10:27 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-18 10:27 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-18 10:27 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-18 10:27 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-18 10:27 - 2014-08-29 03:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-18 10:27 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-18 10:27 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-18 10:27 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-18 10:27 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-18 10:27 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-18 10:27 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-18 10:27 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-18 10:27 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-18 10:26 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-18 10:26 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-18 10:26 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-18 10:26 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-18 10:26 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-10 02:02 - 2014-10-20 09:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-10 02:02 - 2014-10-20 09:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-10 01:21 - 2014-10-10 01:21 - 00854704 _____ (Adobe Systems Incorporated) C:\Users\***\Downloads\uninstall_flash_player.exe
2014-10-04 10:52 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 14:37 - 2014-10-01 14:37 - 00000982 _____ () C:\Users\Public\Desktop\ShellfireVPN.lnk
2014-10-01 14:35 - 2014-10-01 14:35 - 65539831 _____ () C:\Users\***\Downloads\ShellfireVPN-2.4-install.exe
2014-09-27 18:09 - 2014-09-27 19:11 - 00000000 ____D () C:\Users\***\Desktop\bilder wohnung
2014-09-25 11:20 - 2014-09-25 11:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 10:06 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 12:04 - 2014-09-24 12:04 - 00000000 ____D () C:\Windows\Hewlett-Packard

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 14:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-10-23 14:38 - 2013-02-09 02:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 14:17 - 2009-07-14 06:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-23 14:17 - 2009-07-14 06:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 14:16 - 2010-11-05 01:17 - 01583461 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 14:09 - 2014-03-11 23:46 - 00000000 ____D () C:\Windows\hsperfdata_SYSTEM
2014-10-23 14:08 - 2009-07-14 06:39 - 00189858 _____ () C:\Windows\setupact.log
2014-10-23 14:07 - 2013-02-09 02:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 14:07 - 2013-01-25 05:54 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-23 14:07 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 14:05 - 2010-11-05 12:55 - 00887074 _____ () C:\Windows\PFRO.log
2014-10-23 13:40 - 2010-11-18 00:06 - 00000000 ____D () C:\Users\***\AppData\Local\CrashDumps
2014-10-23 13:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Vss
2014-10-22 23:03 - 2010-11-06 01:40 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2014-10-22 17:54 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-22 02:07 - 2013-07-17 09:56 - 00000000 ____D () C:\Users\***\BWINCOMPokerDir
2014-10-21 01:25 - 2012-08-28 03:04 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-21 01:25 - 2011-10-01 05:51 - 00000000 ____D () C:\Users\***\AppData\Roaming\Malwarebytes
2014-10-21 01:25 - 2011-10-01 05:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 00:21 - 2010-11-05 01:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 11:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-20 10:03 - 2013-10-01 14:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-20 10:01 - 2011-04-27 22:10 - 00000000 ____D () C:\Program Files\Java
2014-10-20 09:54 - 2014-09-19 09:47 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
2014-10-19 10:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-19 09:22 - 2009-07-14 06:33 - 00307608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 02:00 - 2014-04-23 12:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 11:05 - 2011-03-15 00:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 11:00 - 2013-07-15 01:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 10:33 - 2010-11-05 12:23 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 23:00 - 2014-09-15 22:56 - 00000000 ___RD () C:\Program Files\Skype
2014-10-15 23:00 - 2010-11-06 01:40 - 00000000 ____D () C:\ProgramData\Skype
2014-10-01 14:38 - 2013-02-08 03:36 - 00000000 ____D () C:\Program Files\ShellfireVPN
2014-10-01 11:58 - 2013-09-15 22:30 - 00000000 ____D () C:\Users\***\AppData\Roaming\HpUpdate
2014-10-01 11:11 - 2012-08-28 03:04 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 11:11 - 2013-01-16 05:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 10:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 12:06 - 2013-09-15 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-24 12:06 - 2013-09-15 22:28 - 00000000 ____D () C:\Program Files\HP

Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\Quarantine.exe
C:\Users\***\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 12:24

==================== End Of Log ============================
--- --- ---

--- --- ---



Addition.txt:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2014
Ran by *** at 2014-10-23 14:52:36
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Any Video Converter 5.0.7 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Biet-O-Matic v2.14.8 (HKLM\...\Biet-O-Matic v2.14.8) (Version: Biet-O-Matic v2.14.8 - BOM Development Team)
Bild Albelli Fotoservice (HKCU\...\{4E97552A-D0D2-47E3-B4A0-82E5A57A4198}_is1) (Version:  - Bild Albelli)
BILDmobil (HKLM\...\BILDmobil) (Version: 11.301.08.01.35 - Huawei Technologies Co.,Ltd)
Business - Kommunikationstrainer English (HKLM\...\KTE_14_669070) (Version:  - digital publishing AG)
Business - Sprachführer English (HKLM\...\SPE_14_669073) (Version:  - digital publishing AG)
Business - Sprachkurs English (HKLM\...\BTEIK_14_674328) (Version:  - digital publishing AG)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2474 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Dr Kawashima (HKCU\...\DrKawashima) (Version: 1.0 - )
Druckerdeinstallation für EPSON SX600FW Series (HKLM\...\EPSON SX600FW Series) (Version:  - SEIKO EPSON Corporation)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.1 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.0.14 - )
Elevated Installer (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (HKLM\...\ElsterFormular 13.2.0.8623p) (Version: 13.2.0.8623p - Landesfinanzdirektion Thüringen)
ElsterFormular-Update (HKLM\...\ElsterFormular für Privatanwender 12.2.0.6412p) (Version: 1.0 - Landesfinanzdirektion Thüringen)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Fotosizer 1.32 (HKLM\...\Fotosizer) (Version: 1.32 - Fotosizer.com)
Free YouTube to MP3 Converter version 3.12.0.128 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.0.128 - DVDVideoSoft Ltd.)
Garmin Express (HKLM\...\{d6f59919-3fd4-48c5-8404-def6f92d8422}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
GMX ProfiFax (HKLM\...\GMX ProfiFax) (Version: 2.00.222 - GMX GmbH)
GMX SMS-Manager (HKLM\...\com.unitedinternet.ums.sms-mms-manager) (Version: 2.1 - 1 und 1 Internet AG)
GMX SMS-Manager (Version: 2.1 - 1 und 1 Internet AG) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
HoDoKu (HKLM\...\{7B21DE80-CBC2-4D47-87D7-5142E2B4C7F7}) (Version: 2.2.0.1 - hobiwan)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{63EA2A2E-E67D-4A5A-9245-2A50353E2340}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
inSSIDer 2.0 (HKLM\...\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}) (Version: 2.0.7 - MetaGeek)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (Version: 2.1.71.14 - Oracle, Inc.) Hidden
Juniper Networks Network Connect 6.5.0 (HKLM\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.14951 - Juniper Networks)
Juniper Networks Network Connect 7.0.0 (HKLM\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.18809 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.5.10685 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Magic Keyboard (HKLM\...\{BD723E53-A42C-4702-AA04-1D74A0311590}) (Version: 7.0.1.4 - )
MAGIX PC Check & Tuning 2010 Download-Version 5.0.25.701 (D) (HKLM\...\MAGIX PC Check & Tuning 2010 Download-Version D) (Version: 5.0.25.701 - MAGIX AG)
MAGIX Screenshare (HKLM\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
O&O SafeErase (HKLM\...\{DCD786A9-31EF-4D35-B7CC-EFB8F548AEE2}) (Version: 2.7.523 - O&O Software GmbH)
office wörterbuch pro 3 (HKLM\...\office wörterbuch pro 3) (Version: 3.0 - Lingenio GmbH)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Architect (HKLM\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDF Blender (HKLM\...\PDF Blender) (Version:  - )
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.205.0 - Tracker Software Products Ltd)
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
PL-2303 USB-to-Serial (HKLM\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.1 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Samsung Recovery Solution II (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 1.0.3.21 - Samsung)
Samsung SCX-4100 Series (HKLM\...\Samsung SCX-4100 Series) (Version:  - )
Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden
Secunia PSI (3.0.0.3001) (HKLM\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
Secure Download Manager (HKLM\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
ShellfireVPN 2.4 (HKLM\...\ShellfireVPN) (Version: 2.4 - )
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpoQ Training Gym Pro (HKLM\...\SpoQ Training Gym Pro) (Version:  - )
SPSS 15.0 für Windows [Auswertung Version] (HKLM\...\{6D9B9CF3-1E9C-45B6-B41E-5CF568605556}) (Version: 15.0.1 - SPSS Inc.)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.15.0 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{C71067FC-288F-4E0B-88C6-44DFDA8311E2}) (Version: 4.5.9.0 - Husdawg, LLC)
TeXnicCenter Version 1.0 Stable RC1 (HKLM\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinSCP 4.3.3 (HKLM\...\winscp3_is1) (Version: 4.3.3 - Martin Prikryl)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{0F130AC8-CDF1-4DAA-AA9B-7B4083F49EA4}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\PtContainerUI.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{40D7C9AD-E126-4D66-A5FE-B9D589DC3C84}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\widgets\minigames\minigamesctrl.ocx No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{492042A2-4432-44A1-9A39-85B2D3C0119E}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\PtContainerUI.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Users\***\AppData\Local\Temp\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{876FA801-2B5E-4201-9E6B-2EF2C05A5C6B}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\WidgetbarAPI.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{89425F5E-A2BD-44CD-9E4F-F1498522F0E5}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\WidgetbarManagerUI.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{9642D229-6B2E-49FD-B6BB-43B37BD97B6B}\localserver32 -> "C:\Poker\Betfair.com Poker\widgetbar\PTContainerOle.exe" No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2791256138-4108016520-4061832491-1001_Classes\CLSID\{F6F8856F-374D-4397-BB1C-80AB57E60529}\InprocServer32 -> C:\Poker\Betfair.com Poker\widgetbar\WidgetbarAPI.dll No File

==================== Restore Points  =========================

15-09-2014 21:39:21 Windows Update
23-09-2014 15:18:32 Geplanter Prüfpunkt
24-09-2014 10:04:31 Installed HP Update.
25-09-2014 08:06:25 Windows Update
02-10-2014 18:44:53 Geplanter Prüfpunkt
04-10-2014 08:52:36 Windows Update
13-10-2014 09:52:40 Geplanter Prüfpunkt
18-10-2014 08:28:27 Windows Update
20-10-2014 07:56:42 Installed Java 7 Update 71
21-10-2014 11:46:38 Wiederherstellungsvorgang

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2012-09-12 15:04 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0012840F-B1F0-4CE9-8E7A-28145C05E157} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)
Task: {13CFA97E-6913-4041-8267-E61C93CC95DA} - System32\Tasks\{D0EE6062-49E5-4653-A2A9-53654686A780} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111.259&LastError=500
Task: {1444C24F-220E-4A14-AD63-3D43F19B6E88} - System32\Tasks\{5DC46035-45F4-46A5-8D3C-38DA4F0EC836} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.111.259/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12002&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {31EB0489-D0BD-4ED3-B292-4718C9397209} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-09] (Google Inc.)
Task: {320CD898-6B38-43E8-BBF2-4EAF49AE1780} - System32\Tasks\{D4F9D07E-4F26-40A3-B209-05386BE711A8} => C:\Program Files\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {32C6D770-BAF0-48F6-B483-08759FC0CA13} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-06] (AVAST Software)
Task: {3F163037-72CF-4084-9F52-E4E47F1BF486} - System32\Tasks\{16860F19-E699-42B5-A14F-F4C44CB9E09A} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.111.259/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12002&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {657127C2-FC7D-41D7-B2AE-6262FA504D31} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-01-02] (SAMSUNG Electronics co., LTD.)
Task: {6F6E4020-CB5D-4236-862E-575D7B925966} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2007-10-17] (SAMSUNG Electronics)
Task: {7004E57D-44B5-4158-BD97-DBF48CAA55EA} - System32\Tasks\{C7C93778-A855-437D-AD51-F248F5D83500} => C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2013-08-14] (Microsoft Corporation)
Task: {8D3666EC-5665-4FDF-942F-0DE3B4569F15} - System32\Tasks\{8E4D79ED-DE12-46C7-BED6-F6A8E15C0F09} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111.259&LastError=12002
Task: {92430ECB-5A61-4779-AF88-D4B121CBEEA6} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2007-12-28] (Samsung Electronics Co., Ltd.)
Task: {D298E68C-31CA-4A0D-BBBF-7F44C57D31EF} - System32\Tasks\{87F27F3E-7143-4991-A95D-DC7E45A93CB7} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111.259&LastError=12002
Task: {E5B64DE8-C86B-41BB-A57A-70A1F23DA336} - System32\Tasks\{CA5AB1D0-201A-4AB3-BFC8-6A1BB8629204} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111.259&LastError=12002

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-29 17:29 - 2014-07-02 21:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-08-06 15:25 - 2014-08-06 15:25 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-23 13:39 - 2014-10-23 13:39 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102301\algo.dll
2011-07-15 00:38 - 2006-12-04 01:25 - 00022723 _____ () C:\Windows\System32\SSGR3l3.dll
2012-05-02 04:15 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2012-05-02 04:15 - 2006-09-19 01:52 - 00028672 _____ () C:\Program Files\Samsung\Easy Display Manager\WinMove.dll
2012-05-02 04:09 - 2005-07-12 07:34 - 00045056 _____ () C:\Program Files\SamSung\MagicKBD\EasyBoxDll.dll
2014-08-06 15:25 - 2014-08-06 15:25 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-11 23:46 - 1999-03-23 21:07 - 00004096 _____ () D:\Opel\Apache Group\Apache\ApchT2kW.exe
2014-03-11 23:46 - 2001-01-15 10:35 - 00269824 _____ () D:\Opel\Apache Group\Apache\ApacheCore.dll
2014-03-11 23:46 - 2001-09-06 17:58 - 00119808 _____ () d:\opel\apache group\apache\modules\T2KApacheModuleJServ.dll
2014-09-25 11:20 - 2014-09-25 11:20 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2003-07-11 03:09 - 2003-07-11 03:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Samsung Update Plus => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk => C:\Windows\pss\BTTray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Device Detection => C:\Program Files\Lidl_Fotos\dd.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: IJNetworkScanUtility => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2791256138-4108016520-4061832491-500 - Administrator - Disabled)
Gast (S-1-5-21-2791256138-4108016520-4061832491-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2791256138-4108016520-4061832491-1002 - Limited - Enabled)
*** (S-1-5-21-2791256138-4108016520-4061832491-1001 - Administrator - Enabled) => C:\Users\***

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/23/2014 02:52:05 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/23/2014 02:51:56 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/23/2014 02:51:48 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/23/2014 02:51:39 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/23/2014 02:51:30 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/23/2014 02:51:22 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/23/2014 02:51:13 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/23/2014 02:51:04 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/23/2014 02:50:56 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (10/23/2014 02:39:39 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.


Microsoft Office Sessions:
=========================
Error: (12/03/2012 01:43:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/22/2011 08:45:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 58797 seconds with 13380 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
Percentage of memory in use: 60%
Total physical RAM: 2046.43 MB
Available physical RAM: 799.88 MB
Total Pagefile: 4092.86 MB
Available Pagefile: 2573.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:88.31 GB) (Free:8.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:88 GB) (Free:5.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: 8C2E858D)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=88.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=88 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 24.10.2014 08:05

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

puntaara 25.10.2014 21:43
Hallo, anbei die Logs.

Das Problem besteht leider nach wie vor unverändert. Habe mal die Zeiten gestoppt, um es zu verdeutlichen:

Zeit (mm:ss)
00:00 Systemstart (Bildschirm geht an, bleibt aber schwarz/dunkel)
02:00 Schriftzug "Windows wird gestartet" erscheint
03:10 Das zugehörige Windowszeichen erscheint über dem Schriftzug
07:35 Bildschirm wird wieder schwarz
08:40 Login-Bildschirm erscheint --> Passworteingabe
09:30 Desktop erscheint
ca. 12:00 Rechner ist soweit hochgefahren, dass man ihn nutzen kann.

V.a. die Zeit bis zum Login zieht sich extrem, so dass man quasi denkt der Rechner "hängt". Dabei leuchtet fast ununterbrochen die Festplatten-Leuchte. Wenn der Rechner dann mal hochgefahren ist, arbeitet er eigentlich normal.

Ok, hier nun die Logs:

ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=41b6c67cb52f3f40873e4fd9173d952a
# engine=20771
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-25 12:39:11
# local_time=2014-10-25 02:39:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 92 794215 178661240 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 40698319 165871941 0 0
# scanned=290992
# found=4
# cleaned=0
# scan_time=19612
sh=F101F8DA2DC7A00C8736A3879EB26EFF46C1F717 ft=1 fh=89b810c1a910143c vn="Win32/Toggle evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michael\Downloads\installer_sunbird_german.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michael\Downloads\PDFCreator-1_7_3_setup.exe"
sh=84759E10CDC7E47332D55DA5D542643ABE283FDB ft=1 fh=28647e58fac799f1 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Michael\Downloads\rcsetup148.exe"
sh=4F99986C8FB3DBBD8A09754400B26A6B660415CD ft=1 fh=31688d33e6b4469d vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Michael\Downloads\winscp433setup.exe"
Security Check:
Code:
Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.3001) 
 Java 7 Update 71 
 Java version out of Date!
 Adobe Flash Player        15.0.0.189 
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
 Mozilla Firefox 32.0.3 Firefox out of Date! 
 Google Chrome 37.0.2062.124 
 Google Chrome 38.0.2125.104 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-10-2014
Ran by *** (administrator) on MW-PC on 25-10-2014 15:14:42
Running from C:\Users\***\Desktop
Loaded Profile: *** (Available profiles: ***)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(TransAction Software, D 81737 Munich) D:\Opel\bin\tbmux32.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(SAMSUNG Electronics) C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SAMSUNG Electronics Co., Ltd.) C:\Program Files\SamSung\MagicKBD\MagicKBD.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
() D:\Opel\Apache Group\Apache\ApchT2kW.exe
() D:\Opel\Apache Group\Apache\ApchT2kW.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11487848 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [MagicKeyboard] => C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [151552 2006-05-14] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [839680 2010-11-06] (Synaptics, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-2791256138-4108016520-4061832491-1001\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 1.179.128.2:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDFCAC6BA62DCCB01
SearchScopes: HKCU - {822D8992-2E48-49BA-B3E2-E2946D8B5C98} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rzgi5nyf.default
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ReminderFox - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rzgi5nyf.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-05-02]
FF Extension: ImTranslator - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rzgi5nyf.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-09-05]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rzgi5nyf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-08]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-02-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.spiegel.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-09]
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]
CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-09]
CHR Extension: (Google-Suche) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-09]
CHR Extension: (AdBlock) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-09]
CHR Extension: (Avast Online Security) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-08]
CHR Extension: (Google Wallet) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 COSIDS_TB; D:\OPEL\BIN\TbMux32.exe [165376 2001-11-20] (TransAction Software, D 81737 Munich) [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [666696 2011-07-08] (Juniper Networks)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [73728 2007-06-28] () [File not signed]
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 TIS 2000 Apache Web Server; D:\Opel\Apache Group\Apache\ApchT2kW.exe [4096 1999-03-23] () [File not signed]
S2 ShellfireVPN2Service; "C:\Program Files\ShellfireVPN\jre6\bin\java.exe" "-classpath" "C:\Program Files\ShellfireVPN\ShellfireVPN2.exe" "-Xrs" "-Dwrapper.service=true" "-Dwrapper.working.dir=C:\Program Files\ShellfireVPN" "-Dwrapper.config=C:\Users\***\AppData\Roaming\ShellfireVPN\start.conf" "-Dwrapper.additional.1x=-Xrs" "-Dwrapper.stop.conf=C:\Users\***\AppData\Roaming\ShellfireVPN\stop.conf" "-Djna_tmpdir=C:\Users\***\AppData\Local\Temp" "org.rzo.yajsw.boot.WrapperServiceBooter"

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-06] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed]
R0 DiskSec; C:\Windows\system32\Drivers\DiskSec.sys [14208 2008-04-04] (MAGIX) [File not signed]
R2 DOSMEMIO; C:\Windows\system32\MEMIO.SYS [4300 2000-08-24] () [File not signed]
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2009-12-09] (Juniper Networks)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [134144 2013-02-22] (Prolific Technology Inc.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed]
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2010-11-06] (Vimicro Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 ADDMEM; \??\C:\Users\***\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X]
S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 15:09 - 2014-10-25 15:09 - 00000000 ____D () C:\Users\***\Desktop\FRST-OlderVersion
2014-10-25 15:08 - 2014-10-25 15:08 - 00000997 _____ () C:\Users\***\Desktop\checkup.txt
2014-10-25 14:46 - 2014-10-25 14:46 - 00854448 _____ () C:\Users\***\Desktop\SecurityCheck.exe
2014-10-24 13:06 - 2014-10-24 13:06 - 00000000 ____D () C:\Program Files\ESET
2014-10-24 13:05 - 2014-10-24 13:05 - 02347384 _____ (ESET) C:\Users\***\Desktop\esetsmartinstaller_deu.exe
2014-10-23 14:52 - 2014-10-23 14:53 - 00033238 _____ () C:\Users\***\Desktop\Addition.txt
2014-10-23 14:49 - 2014-10-25 15:14 - 00021901 _____ () C:\Users\***\Desktop\FRST.txt
2014-10-23 14:49 - 2014-10-23 14:49 - 00000000 ____D () C:\Users\***\Desktop\Logs Virenscans
2014-10-23 14:21 - 2014-10-23 14:47 - 00001692 _____ () C:\Users\***\Desktop\JRT.txt
2014-10-23 14:17 - 2014-10-23 14:17 - 00000000 ____D () C:\Windows\ERUNT
2014-10-23 14:13 - 2014-10-23 14:13 - 01706144 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe
2014-10-23 14:10 - 2014-10-23 14:10 - 00006758 _____ () C:\Users\***\Desktop\AdwCleaner[S0].txt
2014-10-23 13:49 - 2014-10-23 13:56 - 00000000 ____D () C:\AdwCleaner
2014-10-23 13:48 - 2014-10-23 13:48 - 01962496 _____ () C:\Users\***\Desktop\AdwCleaner_4.001.exe
2014-10-23 13:47 - 2014-10-23 14:58 - 00012545 _____ () C:\Users\***\Desktop\mbam.txt
2014-10-22 17:58 - 2014-10-22 17:58 - 00018990 _____ () C:\ComboFix.txt
2014-10-22 16:39 - 2014-10-22 17:58 - 00000000 ____D () C:\Qoobox
2014-10-22 16:39 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-22 16:39 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-22 16:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-22 16:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-22 16:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-22 16:39 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-22 16:39 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-22 16:39 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-22 16:37 - 2014-10-22 16:37 - 05584933 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe
2014-10-21 19:51 - 2014-10-21 19:51 - 00380416 _____ () C:\Users\***\Desktop\3gol8ee1.exe
2014-10-21 17:34 - 2014-10-25 15:14 - 00000000 ____D () C:\FRST
2014-10-21 17:33 - 2014-10-25 15:09 - 01104384 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-10-21 17:31 - 2014-10-21 17:31 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2014-10-21 01:26 - 2014-10-23 13:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 01:25 - 2014-10-21 01:27 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-21 01:25 - 2014-10-21 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-21 01:25 - 2014-10-21 01:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-21 01:25 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-21 01:25 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 10:02 - 2014-10-20 10:02 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-20 10:01 - 2014-10-20 10:01 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-20 10:01 - 2014-10-20 10:01 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-20 10:01 - 2014-10-20 10:01 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-20 10:01 - 2014-10-20 10:01 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-20 10:01 - 2014-10-20 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-18 10:30 - 2014-10-18 10:30 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET
2014-10-18 10:27 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-18 10:27 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-18 10:27 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-18 10:27 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-18 10:27 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-18 10:27 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-18 10:27 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-18 10:27 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-18 10:27 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-18 10:27 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-18 10:27 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-18 10:27 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-18 10:27 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-18 10:27 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-18 10:27 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-18 10:27 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-18 10:27 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-18 10:27 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-18 10:27 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-18 10:27 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-18 10:27 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-18 10:27 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-18 10:27 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-18 10:27 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-18 10:27 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-18 10:27 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-18 10:27 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-18 10:27 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-18 10:27 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-18 10:27 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-18 10:27 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-18 10:27 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-18 10:27 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-18 10:27 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-18 10:27 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-18 10:27 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-18 10:27 - 2014-08-29 03:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-18 10:27 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-18 10:27 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-18 10:27 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-18 10:27 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-18 10:27 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-18 10:27 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-18 10:27 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-18 10:27 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-18 10:26 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-18 10:26 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-18 10:26 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-18 10:26 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-18 10:26 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-10 02:02 - 2014-10-20 09:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-10 02:02 - 2014-10-20 09:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-10 01:21 - 2014-10-10 01:21 - 00854704 _____ (Adobe Systems Incorporated) C:\Users\***\Downloads\uninstall_flash_player.exe
2014-10-04 10:52 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 14:37 - 2014-10-01 14:37 - 00000982 _____ () C:\Users\Public\Desktop\ShellfireVPN.lnk
2014-10-01 14:35 - 2014-10-01 14:35 - 65539831 _____ () C:\Users\***\Downloads\ShellfireVPN-2.4-install.exe
2014-09-27 18:09 - 2014-09-27 19:11 - 00000000 ____D () C:\Users\***\Desktop\bilder wohnung
2014-09-25 11:20 - 2014-09-25 11:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 10:06 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 15:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-10-25 14:39 - 2013-02-09 02:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-25 14:25 - 2010-11-06 01:40 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2014-10-25 13:43 - 2010-11-05 01:17 - 01637095 _____ () C:\Windows\WindowsUpdate.log
2014-10-25 09:10 - 2009-07-14 06:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-25 09:10 - 2009-07-14 06:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-25 09:03 - 2014-03-11 23:46 - 00000000 ____D () C:\Windows\hsperfdata_SYSTEM
2014-10-25 09:02 - 2009-07-14 06:39 - 00190026 _____ () C:\Windows\setupact.log
2014-10-25 09:01 - 2013-02-09 02:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-25 09:01 - 2013-01-25 05:54 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-25 09:00 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 12:56 - 2010-11-05 01:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-23 14:05 - 2010-11-05 12:55 - 00887074 _____ () C:\Windows\PFRO.log
2014-10-23 13:40 - 2010-11-18 00:06 - 00000000 ____D () C:\Users\***\AppData\Local\CrashDumps
2014-10-23 13:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Vss
2014-10-22 17:54 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-22 02:07 - 2013-07-17 09:56 - 00000000 ____D () C:\Users\***\BWINCOMPokerDir
2014-10-21 01:25 - 2012-08-28 03:04 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-21 01:25 - 2011-10-01 05:51 - 00000000 ____D () C:\Users\***\AppData\Roaming\Malwarebytes
2014-10-21 01:25 - 2011-10-01 05:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-20 11:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-20 10:03 - 2013-10-01 14:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-20 10:01 - 2011-04-27 22:10 - 00000000 ____D () C:\Program Files\Java
2014-10-20 09:54 - 2014-09-19 09:47 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
2014-10-19 10:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-19 09:22 - 2009-07-14 06:33 - 00307608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 02:00 - 2014-04-23 12:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 11:05 - 2011-03-15 00:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 11:00 - 2013-07-15 01:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 10:33 - 2010-11-05 12:23 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 23:00 - 2014-09-15 22:56 - 00000000 ___RD () C:\Program Files\Skype
2014-10-15 23:00 - 2010-11-06 01:40 - 00000000 ____D () C:\ProgramData\Skype
2014-10-01 14:38 - 2013-02-08 03:36 - 00000000 ____D () C:\Program Files\ShellfireVPN
2014-10-01 11:58 - 2013-09-15 22:30 - 00000000 ____D () C:\Users\***\AppData\Roaming\HpUpdate
2014-10-01 11:11 - 2012-08-28 03:04 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 11:11 - 2013-01-16 05:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 10:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\Quarantine.exe
C:\Users\***\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 12:24

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---
P.S. Die "Out of Date" Programme habe ich jetzt aktualisiert. (bis auf Java - da wird mir angezeigt, die Version sei die aktuelle)

schrauber 26.10.2014 16:03
http://www.deeprybka.trojaner-board....r/wraioneu.PNG
  • Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
  • Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
  • Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.
http://deeprybka.trojaner-board.de/b...srepair271.png





Gewusst wie: Durchführen eines sauberen Neustarts in Windows

Bitte einen Clean Boot machen. Wenn das Problem dann weg ist, einzeln wieder Dienste aktivieren, dazwischen immer einen Reboot machen. Solange bis Du weißt welcher Dienst die Probleme macht.

Diesen dann hier benennen.

puntaara 26.10.2014 18:59
Mir hat jetzt ein Bekannter gezeigt, wie ich in Windows die Ereignisanzeige aufrufen und mir Fehlermeldungen anschauen kann. Dort bekomme ich folgende Fehlermeldungen:

Code:
"Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0"
Diese Fehlermeldung beginnt ein paar Sekunden nach Systemstart und erscheint im Abstand von ca. 8-9 Sekunden erneut. Insgesamt ca. 30 mal.

Im Anschluss gibt es noch ein paar Dienste, die wohl nicht gestartet werden können. Z.B.:
Code:
"Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung."
und dann:
Code:
"Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht."
Bedeutet das einen Hardware-Defekt (einzelne Sektoren der Festplatte hinüber)? Erst wird ja sehr oft versucht, auf den/die Sektor/en zuzugreifen und dann werden den Diensten noch bis zu 30sec. Wartezeit gewährt -> Daher wohl die lange Boot-Zeit?

Habe jetzt "Windows Repair" noch nicht ausgeführt. Macht das auch unter diesen Umständen Sinn?

Vielen Dank für Deine Hilfe.

schrauber 27.10.2014 12:26
Ja, da Windows repair auch Checkdisk laufen lässt um die Festplatte zu untersuchen.

puntaara 28.10.2014 01:34
Habe Windows Repair ausgeführt und mir die Logdateien zusammengesucht (s.unten).

Das Problem besteht leider nach wie vor. Auch ein Clean Boot hat keine Veränderung gebracht.
Beim Clean Boot ist es mir allerdings nicht gelungen Avast zu deaktivieren. Der Dienst hat sich nach "alle deaktivieren" wieder selbst aktiviert nachdem man auf "übernehmen" geklickt hat.

CHKDSK:
Code:
Dateisystem auf C: wird überprüft.
Der Typ des Dateisystems ist NTFS.


Einer der Datenträger muss auf Konsistenz überprüft werden.
Sie können die Datenträgerüberprüfung abbrechen, aber es
wird ausdrücklich empfohlen, den Vorgang fortzusetzen.
Die Datenträgerüberprüfung wird jetzt ausgeführt.       

CHKDSK überprüft Dateien (Phase 1 von 3)...
  467456 Datensätze verarbeitet.                                         
Dateiüberprüfung beendet.
  2213 große Datensätze verarbeitet.                                     
0 ungültige Datensätze verarbeitet.                                 
2 E/A-Datensätze verarbeitet.                                       
103 Analysedatensätze verarbeitet.                                 

CHKDSK überprüft Indizes (Phase 2 von 3)...
  531430 Indexeinträge verarbeitet.                                     
Indexüberprüfung beendet.
  0 nicht indizierte Dateien überprüft.                               
0 nicht indizierte Dateien wiederhergestellt.       
             
CHKDSK überprüft Sicherheitsbeschreibungen (Phase 3 von 3)...
  467456 SDs/SIDs verarbeitet.                                           
2583 nicht verwendete Indexeinträge aus Index $SII der Datei 0x9 werden aufgeräumt.
2583 nicht verwendete Indexeinträge aus Index $SDH der Datei 0x9 werden aufgeräumt.
2583 nicht verwendete Sicherheitsbeschreibungen werden aufgeräumt.
CHKDSK komprimiert den Datenstrom für die Sicherheitsbeschreibung
  31988 Datendateien verarbeitet.                                       

CHKDSK überprüft USN-Journal...
  35364704 USN-Bytes verarbeitet.                                         
Die Überprüfung von USN-Journal ist abgeschlossen.
CHKDSK hat freien Speicher gefunden, der in der MFT-Bitmap (Master
File Table) als zugeordnet gekennzeichnet ist.
Fehler in Volumebitmap werden berichtigt.
Windows hat Probleme im Dateisystem behoben.

  92599295 KB Speicherplatz auf dem Datenträger insgesamt
  81806472 KB in 242387 Dateien
    119332 KB in 31991 Indizes
        0 KB in fehlerhaften Sektoren
    572755 KB vom System benutzt
    65536 KB von der Protokolldatei belegt
  10100736 KB auf dem Datenträger verfügbar

      4096 Bytes in jeder Zuordnungseinheit
  23149823 Zuordnungseinheiten auf dem Datenträger insgesamt
  2525184 Zuordnungseinheiten auf dem Datenträger verfügbar

Interne Informationen:
00 22 07 00 d3 2f 04 00 b4 1a 07 00 00 00 00 00  .".../..........
d0 0e 00 00 67 00 00 00 00 00 00 00 00 00 00 00  ....g...........
15 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00  ................

Die Überprüfung des Datenträgers wurde abgeschlossen.
Bitte warten Sie bis der Computer neu gestartet wurde.
_Windows_Repair_Log.txt:
Code:
Tweaking.com - Windows Repair v2.10.0
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Professional
OS Architecture: 32-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: MW-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile: C:\Users\***
Current Profile SID: S-1-5-21-2791256138-4108016520-4061832491-1001
Current Profile Classes: S-1-5-21-2791256138-4108016520-4061832491-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\***\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:46:46

Process Count: 75
Commit Total: 1,05 GB
Commit Limit: 4,00 GB
Commit Peak: 1,55 GB
Handle Count: 18679
Kernel Total: 332,42 MB
Kernel Paged: 279,95 MB
Kernel Non Paged: 52,47 MB
System Cache: 1,12 GB
Thread Count: 833
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2,00 GB
Memory Used: 1.003,41 MB(49,032%)
Memory Avail.: 1,02 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2,00 GB
Memory Used: 775,24 MB(37,8827%)
Memory Avail.: 1,24 GB
--------------------------------------------------------------------------------

Starting Repairs...
  Started at (27.10.2014 14:41:49)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 150
 
01 - Reset Registry Permissions 01/03
  HKEY_CURRENT_USER & Sub Keys
  Start (27.10.2014 14:41:52)
  Running Repair Under Current User Account
  Done (27.10.2014 14:42:24)

01 - Reset Registry Permissions 02/03
  HKEY_LOCAL_MACHINE & Sub Keys
  Start (27.10.2014 14:42:24)
  Running Repair Under System Account
  Done (27.10.2014 14:48:20)

01 - Reset Registry Permissions 03/03
  HKEY_CLASSES_ROOT & Sub Keys
  Start (27.10.2014 14:48:21)
  Running Repair Under System Account
  Done (27.10.2014 14:50:05)

03 - Reset Service Permissions
  Start (27.10.2014 14:50:05)
  Running Repair Under System Account
  Done (27.10.2014 14:51:05)

04 - Register System Files
  Start (27.10.2014 14:51:05)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 14:51:37)

05 - Repair WMI
  Start (27.10.2014 14:51:37)

  Starting Security Center So We Can Export The Security Info.

  Exporting Antivirus Info...
  avast! Antivirus Exported.

  Exporting AntiSpyware Info...
  Windows Defender Exported.
  avast! Antivirus Exported.

  Exporting 3rd Party Firewall Info...
  No Firewall Products Reported.

  Running Repair Under Current User Account
  Done (27.10.2014 14:59:17)

06 - Repair Windows Firewall
  Start (27.10.2014 14:59:17)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:00:01)

07 - Repair Internet Explorer
  Start (27.10.2014 15:00:01)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:00:25)

08 - Repair MDAC/MS Jet
  Start (27.10.2014 15:00:25)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:00:36)

09 - Repair Hosts File
  Start (27.10.2014 15:00:36)
  Running Repair Under System Account
  Done (27.10.2014 15:00:38)

10 - Remove Policies Set By Infections
  Start (27.10.2014 15:00:38)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:00:40)

11 - Repair Start Menu Icons Removed By Infections
  Start (27.10.2014 15:00:40)
  Running Repair Under System Account
  Done (27.10.2014 15:00:42)

12 - Repair Icons
  Start (27.10.2014 15:00:42)
  Running Repair Under Current User Account
  Done (27.10.2014 15:00:43)

13 - Repair Winsock & DNS Cache
  Start (27.10.2014 15:00:43)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:01:07)

15 - Repair Proxy Settings
  Start (27.10.2014 15:01:07)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:01:13)

17 - Repair Windows Updates
  Start (27.10.2014 15:01:13)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
  Done (27.10.2014 15:01:58)

18 - Repair CD/DVD Missing/Not Working
  Start (27.10.2014 15:01:58)
  iTunes not found, not applying UpperFilters iTunes Reg Key
  Done (27.10.2014 15:01:58)

19 - Repair Volume Shadow Copy Service
  Start (27.10.2014 15:01:58)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:02:23)

21 - Repair MSI (Windows Installer)
  Start (27.10.2014 15:02:23)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:02:39)

23.01 - Repair bat Association
  Start (27.10.2014 15:02:39)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:02:41)

23.02 - Repair cmd Association
  Start (27.10.2014 15:02:41)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:02:44)

23.03 - Repair com Association
  Start (27.10.2014 15:02:44)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:02:46)

23.04 - Repair Directory Association
  Start (27.10.2014 15:02:46)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:02:48)

23.05 - Repair Drive Association
  Start (27.10.2014 15:02:48)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:02:50)

23.06 - Repair exe Association
  Start (27.10.2014 15:02:50)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:02:53)

23.07 - Repair Folder Association
  Start (27.10.2014 15:02:53)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:02:55)

23.08 - Repair inf Association
  Start (27.10.2014 15:02:55)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:02:57)

23.09 - Repair lnk (Shortcuts) Association
  Start (27.10.2014 15:02:57)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:03:00)

23.10 - Repair msc Association
  Start (27.10.2014 15:03:00)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:03:02)

23.11 - Repair reg Association
  Start (27.10.2014 15:03:02)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:03:04)

23.12 - Repair scr Association
  Start (27.10.2014 15:03:04)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:03:06)

24 - Repair Windows Safe Mode
  Start (27.10.2014 15:03:07)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:03:09)

25 - Repair Print Spooler
  Start (27.10.2014 15:03:09)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:03:28)

26 - Restore Important Windows Services
  Start (27.10.2014 15:03:28)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:03:39)

27 - Set Windows Services To Default Startup
  Start (27.10.2014 15:03:39)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:03:52)

  Skipping Repair.
  Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
  Current version: 6.1

  Skipping Repair.
  Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
  Current version: 6.1

  Skipping Repair.
  Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
  Current version: 6.1

31 - Repair Windows 'New' Submenu
  Start (27.10.2014 15:03:53)
  Running Repair Under Current User Account
  Running Repair Under System Account
  Done (27.10.2014 15:03:55)

Cleaning up empty logs...

All Selected Repairs Done.
  Done at (27.10.2014 15:03:55)
  Total Repair Time: 00:22:08


...YOU MUST RESTART YOUR SYSTEM...
Dazu gibt es noch eine Reihe weiterer Logs zu den einzelnen Repair-Schritten. Könnte ich bei Bedarf nachreichen.

schrauber 28.10.2014 19:19
Ich würde jetzt erstmal die Festplatte richtig checken. Seatools für Windows ist da gut.

puntaara 29.10.2014 20:00
Liste der Anhänge anzeigen (Anzahl: 2)
Habe mir Seatools besorgt und mit einer bootfähigen Disk die Festplatte getestet. Der Kurzzeittest wurde bestanden, der Langzeittest nicht. Dabei wurden ein paar Errors gefunden.

Weitere Infos dazu gibts leider nicht. Laut Tool werden normalerweise Fehlercodes ausgegeben, die man in der Hilfe nachschlagen kann. Dies scheint aber evtl. nur für Seagate-HDDs zu funktionieren, meine ist von Toshiba. Toshiba selbst bietet leider keine Tools zum Überprüfen an.

Komisch: wenn man mit Windows (Rechtsklick auf c:, Eigenschaften, Tools, Fehlerüberprüfung) nach fehlerhaften Sektoren sucht, werden keine gefunden.


Anhang 70467

Anhang 70468

schrauber 30.10.2014 16:05
Ich würde jetzt erstmal Daten sichern und mir dann eine HDD besorgen.

puntaara 02.11.2014 00:58
Dann werde ich mal Daten sichern und mir überlegen, ob es sich noch lohnt Geld in den alten Rechner zu stecken oder bald mal was neues anzuschaffen.

"Reparieren" kann man solche Sektoren nicht bzw. den Rechner dazu bringen, eben diese Sektoren nicht mehr zu nutzen?

Vielen Dank jedenfalls für deine Hilfe hier im Thread! :dankeschoen:


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:38 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131