Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Laptop wirkt verlangsamt und allgemeiner Check (https://www.trojaner-board.de/165426-windows-7-laptop-wirkt-verlangsamt-allgemeiner-check.html)

karl-heinz00 23.03.2015 21:40
Windows 7: Laptop wirkt verlangsamt und allgemeiner Check
 
Hallo liebes Trojaner-Board,

würde euch gern mal meinen Lappi durchchecken lassen. Der kam mir schonmal schneller vor und es wird mal wieder Zeit, dass mal wieder jemand drüberschaut. Wäre nett, wenn mir jemand helfen könnte..

Danke und LG

frst

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Kerstin (administrator) on KERSTIN-PC on 23-03-2015 20:58:12
Running from C:\Users\Kerstin\Downloads
Loaded Profiles: Kerstin (Available profiles: Kerstin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Kerstin\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> DefaultScope {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll [2011-03-11] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-04] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-04] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-24] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-21]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-05-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-05-09]

Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.com/de"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-15]
CHR Extension: (Google Drive) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-15]
CHR Extension: (YouTube) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-15]
CHR Extension: (Google Search) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-15]
CHR Extension: (SiteAdvisor) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-10-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR Extension: (Gmail) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-06]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [30208 2006-11-07] (AVM GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 kgdiafoc; \??\C:\Users\Kerstin\AppData\Local\Temp\kgdiafoc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 20:55 - 2015-03-23 20:55 - 02095616 _____ (Farbar) C:\Users\Kerstin\Downloads\FRST64 (1).exe
2015-03-23 20:54 - 2015-03-23 20:54 - 00380416 _____ () C:\Users\Kerstin\Downloads\rv6xpvvp.exe
2015-03-23 20:12 - 2015-03-23 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-24 04:15 - 2015-03-23 20:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 04:15 - 2015-02-24 04:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-24 04:15 - 2015-02-24 04:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 20:58 - 2013-12-24 22:49 - 00019978 _____ () C:\Users\Kerstin\Downloads\FRST.txt
2015-03-23 20:58 - 2013-12-24 22:48 - 00000000 ____D () C:\FRST
2015-03-23 20:49 - 2013-10-15 14:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-23 19:38 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-23 19:38 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-23 19:31 - 2013-12-25 02:40 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-23 19:31 - 2011-03-27 14:20 - 00000000 ____D () C:\ProgramData\clear.fi
2015-03-23 19:30 - 2013-10-15 14:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-23 19:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 19:30 - 2009-07-14 05:51 - 00243650 _____ () C:\Windows\setupact.log
2015-03-22 07:38 - 2011-02-01 14:56 - 00659238 _____ () C:\Windows\system32\perfh007.dat
2015-03-22 07:38 - 2011-02-01 14:56 - 00132776 _____ () C:\Windows\system32\perfc007.dat
2015-03-22 07:38 - 2009-07-14 06:13 - 01512418 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 03:26 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Skype
2015-03-07 01:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-06 17:12 - 2011-02-01 06:05 - 00097028 _____ () C:\Windows\PFRO.log
2015-02-25 01:49 - 2014-04-09 01:10 - 00000000 ____D () C:\Users\Kerstin\.matplotlib
2015-02-24 04:57 - 2014-09-18 23:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-24 04:57 - 2011-04-02 04:39 - 00000000 ____D () C:\ProgramData\Skype
2015-02-24 04:20 - 2011-06-28 12:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2011-10-30 21:36 - 2011-10-31 15:36 - 0000000 ____H () C:\Users\Kerstin\AppData\Roaming\windrvconfig.txt
2012-11-14 15:18 - 2012-11-14 15:18 - 0000337 _____ () C:\Users\Kerstin\AppData\Local\Perfmon.PerfmonCfg
2011-12-02 04:25 - 2013-10-15 15:13 - 0007602 _____ () C:\Users\Kerstin\AppData\Local\Resmon.ResmonCfg
2011-02-01 06:34 - 2011-02-01 06:43 - 0016243 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-02 04:42 - 2011-04-02 04:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\Kerstin\CTX.DAT


Some content of TEMP:
====================
C:\Users\Kerstin\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Kerstin\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Kerstin\AppData\Local\Temp\MSN2.exe
C:\Users\Kerstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Kerstin\AppData\Local\Temp\sqlite3.dll
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387729963429_3f9979_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388078529334_c44289_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388143015269_e25c23_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1389741798020_e25c23_de.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 19:38

==================== End Of Log ============================
addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2013 01
Ran by Kerstin at 2013-12-24 22:52:20
Running from C:\Users\Kerstin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

AAVUpdateManager (x32 Version: 15.00.0000)
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1395.4512)
Acer Backup Manager (x32 Version: 3.0.0.69)
Acer Crystal Eye Webcam (x32 Version: 1.0.1306)
Acer ePower Management (x32 Version: 6.00.3000)
Acer eRecovery Management (x32 Version: 5.00.3001)
Acer GameZone Console (x32 Version: 6.1.0.9)
Acer Registration (x32 Version: 1.03.3003)
Acer ScreenSaver (x32 Version: 1.1.0707.2010)
Acer Updater (x32 Version: 1.02.3001)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.102.64)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.2) - Deutsch (x32 Version: 10.1.2)
Amazonia (x32)
AMD Fuel (Version: 2010.1118.1603.28745)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)
ATI Catalyst Install Manager (Version: 3.0.800.0)
Backup Manager V3 (x32 Version: 3.0.0.69)
Cake Mania (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1118.1603.28745)
Catalyst Control Center InstallProxy (x32 Version: 2010.1118.1603.28745)
Catalyst Control Center Localization All (x32 Version: 2010.1118.1603.28745)
Catalyst Control Center Profiles Mobile (x32 Version: 2010.1118.1603.28745)
CCC Help Chinese Standard (x32 Version: 2010.1118.1602.28745)
CCC Help Chinese Traditional (x32 Version: 2010.1118.1602.28745)
CCC Help Czech (x32 Version: 2010.1118.1602.28745)
CCC Help Danish (x32 Version: 2010.1118.1602.28745)
CCC Help Dutch (x32 Version: 2010.1118.1602.28745)
CCC Help English (x32 Version: 2010.1118.1602.28745)
CCC Help Finnish (x32 Version: 2010.1118.1602.28745)
CCC Help French (x32 Version: 2010.1118.1602.28745)
CCC Help German (x32 Version: 2010.1118.1602.28745)
CCC Help Greek (x32 Version: 2010.1118.1602.28745)
CCC Help Hungarian (x32 Version: 2010.1118.1602.28745)
CCC Help Italian (x32 Version: 2010.1118.1602.28745)
CCC Help Japanese (x32 Version: 2010.1118.1602.28745)
CCC Help Korean (x32 Version: 2010.1118.1602.28745)
CCC Help Norwegian (x32 Version: 2010.1118.1602.28745)
CCC Help Polish (x32 Version: 2010.1118.1602.28745)
CCC Help Portuguese (x32 Version: 2010.1118.1602.28745)
CCC Help Russian (x32 Version: 2010.1118.1602.28745)
CCC Help Spanish (x32 Version: 2010.1118.1602.28745)
CCC Help Swedish (x32 Version: 2010.1118.1602.28745)
CCC Help Thai (x32 Version: 2010.1118.1602.28745)
ccc-core-static (x32 Version: 2010.1118.1603.28745)
ccc-utility64 (Version: 2010.1118.1603.28745)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.0.10057)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.10057)
clear.fi (x32 Version: 1.0.1223.00)
clear.fi Client (x32 Version: 1.00.3008)
Conexant HD Audio (Version: 8.41.1.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Dream Day First Home (x32)
eBay Worldwide (x32 Version: 2.1.0901)
Epson Easy Photo Print 2 (x32 Version: 2.1.0.0)
Epson Event Manager (x32 Version: 2.30.01)
EPSON Scan (x32)
Epson Stylus SX510W_TX550W Handbuch (x32)
EPSON SX510W Series Printer Uninstall
EpsonNet Print (x32 Version: 2.4i)
EpsonNet Setup (x32 Version: 3.1c)
ESET Online Scanner v3 (x32)
ETDWare PS/2-X64 8.0.6.0_WHQL (Version: 8.0.6.0)
Farm Frenzy 2 (x32)
Free YouTube to MP3 Converter version 3.11.37.1212 (x32 Version: 3.11.37.1212)
Galapago (x32)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
GPL Ghostscript 8.71
Heroes of Hellas (x32)
Identity Card (x32 Version: 1.00.3003)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 5.0.5)
Malwarebytes Anti-Malware Version 1.65.1.1000 (x32 Version: 1.65.1.1000)
McAfee Internet Security Suite (x32 Version: 12.8.856)
MediaEspresso (x32 Version: 1.0.1210_33255)
Merriam Websters Spell Jam (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MiKTeX 2.9 (x32 Version: 2.9)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
NTI Media Maker 9 (x32 Version: 9.0.2.8939)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
PDF24 Creator 5.4.0 (x32)
Poker Pop (x32)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30122)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 5.10 (x32 Version: 5.10.116)
Sony Ericsson Update Engine (x32 Version: 2.12.4.17)
Sony PC Companion 2.10.094 (x32 Version: 2.10.094)
Spin & Win (x32)
Steuer-Sparer 2011 (x32 Version: 16.12)
TeXnicCenter Version 2.0 Beta 1 (x32 Version: 2.0 Beta 1)
Uninstall 1.0.0.1 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Veetle TV 0.9.18 (x32 Version: 0.9.18)
Welcome Center (x32 Version: 1.02.3005)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WMV9/VC-1 Video Playback (Version: 1.00.0000)

==================== Restore Points  =========================

11-10-2013 12:43:24 Windows Update
12-10-2013 01:00:28 Windows Update
22-10-2013 14:51:58 Geplanter Prüfpunkt
30-10-2013 15:59:10 Geplanter Prüfpunkt
11-11-2013 21:43:25 Geplanter Prüfpunkt
19-11-2013 14:43:04 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-09-04 16:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03CCB95E-50E3-424C-882E-1CDF9C451175} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {059CB88E-3DB2-4949-8FB9-77D3485A6BD5} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated)
Task: {32D0AA94-94F2-4260-B87E-0B676C3C99D8} - System32\Tasks\{365B1BB6-0DBB-4A2E-BF02-61988F376446} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {34F51131-442B-49E7-AACB-B74042D3B613} - System32\Tasks\{3CDF03BA-C92E-46CA-8900-61A3C00E2A78} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {45F961C0-77A4-4E5A-B387-B405B5A3F58F} - System32\Tasks\{075A127A-1303-4C3B-8201-3E5C0447364D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {884424F8-F8D9-4A3B-B400-E369F6430795} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink)
Task: {ABE42175-8175-4B87-98F8-D03771ACDFAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {CF4F2F69-2E57-4131-A063-4F8DC334E5BC} - System32\Tasks\{F163F189-5888-4976-9F05-E032A555EA94} => Firefox.exe hxxp://ui.skype.com/ui/0/5.2.60.113/de/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
Task: {F0EB3259-108C-419C-BDA3-C445975EC1B9} - System32\Tasks\{A307B3C9-5AAF-42D1-A256-CEEC2E201A4D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.2.60.113/de/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
Task: {FFAFB065-20A0-4B1C-A2CE-F7989394D72E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-12 02:22 - 2010-11-12 02:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2010-12-23 14:46 - 2010-12-23 14:46 - 00210312 ____N () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2013-12-06 10:05 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 10:05 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 10:05 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 10:05 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 10:05 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-06 10:05 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2013 09:56:29 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (12/24/2013 09:55:18 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2

Error: (12/22/2013 05:19:44 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (12/22/2013 05:19:14 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2

Error: (12/19/2013 09:02:01 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (12/19/2013 09:00:13 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2

Error: (12/18/2013 05:21:22 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (12/18/2013 05:20:49 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2

Error: (12/18/2013 02:45:51 PM) (Source: Application Hang) (User: )
Description: Programm TitanPSetupUninstall1387370074849_77bb75_de.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1050

Startzeit: 01cefbf6d57ee941

Endzeit: 31

Anwendungspfad: C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exe

Berichts-ID: af96073d-67ea-11e3-9520-889ffa1b7285

Error: (12/18/2013 00:40:02 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed


System errors:
=============
Error: (12/22/2013 07:30:39 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/22/2013 05:16:54 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎20.‎12.‎2013 um 16:46:38 unerwartet heruntergefahren.

Error: (12/19/2013 11:15:06 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/18/2013 02:47:12 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/15/2013 10:42:03 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/11/2013 04:57:31 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (12/11/2013 11:24:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Anti-Spam Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/11/2013 11:24:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/11/2013 11:24:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee Platform Services" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/11/2013 11:24:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee VirusScan Announcer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (12/24/2013 09:56:29 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (12/24/2013 09:55:18 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (12/22/2013 05:19:44 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (12/22/2013 05:19:14 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (12/19/2013 09:02:01 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (12/19/2013 09:00:13 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (12/18/2013 05:21:22 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (12/18/2013 05:20:49 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (12/18/2013 02:45:51 PM) (Source: Application Hang)(User: )
Description: TitanPSetupUninstall1387370074849_77bb75_de.exe1.0.0.1105001cefbf6d57ee94131C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exeaf96073d-67ea-11e3-9520-889ffa1b7285

Error: (12/18/2013 00:40:02 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed


CodeIntegrity Errors:
===================================
  Date: 2011-11-30 23:53:38.203
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-11-30 23:53:38.000
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 2794.9 MB
Available physical RAM: 1310.75 MB
Total Pagefile: 5587.98 MB
Available Pagefile: 3898.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:282.99 GB) (Free:186.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 73F766B1)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

==================== End Of Log ============================
gmer

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-23 21:21:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-22ZEST0 rev.01.01A01 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Kerstin\AppData\Local\Temp\kgdiafoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075dd1465 2 bytes [DD, 75]
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075dd14bb 2 bytes [DD, 75]
.text  ...                                                                                                                                  * 2
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        0000000075dd1465 2 bytes [DD, 75]
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000075dd14bb 2 bytes [DD, 75]
.text  ...                                                                                                                                  * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [1200:4968]                                                                                          0000000005f5325c
Thread  C:\Windows\system32\svchost.exe [1200:4980]                                                                                          0000000005f53120

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                                      67050

---- EOF - GMER 2.1 ----

cosinus 23.03.2015 22:13
Hi,

Zitat:
Version: 23-12-2013 01
Uraltversion von FRST? Hast wohl kein neues addition.txt Log erstellt...

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png


Zukünftig bitte beachten:
Zitat:
Running from C:\Users\Kerstin\Downloads
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

karl-heinz00 23.03.2015 22:38
Sorry, irgendwie verpeilt.

Hier die aktuellen Logs:

frst


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Kerstin (administrator) on KERSTIN-PC on 23-03-2015 22:31:15
Running from C:\Users\Kerstin\Desktop
Loaded Profiles: Kerstin (Available profiles: Kerstin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> DefaultScope {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll [2011-03-11] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-04] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-04] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-24] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-21]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-05-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-05-09]

Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.com/de"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-15]
CHR Extension: (Google Drive) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-15]
CHR Extension: (YouTube) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-15]
CHR Extension: (Google Search) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-15]
CHR Extension: (SiteAdvisor) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-10-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR Extension: (Gmail) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-06]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [30208 2006-11-07] (AVM GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 kgdiafoc; \??\C:\Users\Kerstin\AppData\Local\Temp\kgdiafoc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 22:31 - 2015-03-23 22:31 - 00019831 _____ () C:\Users\Kerstin\Desktop\FRST.txt
2015-03-23 22:29 - 2015-03-23 22:29 - 02095616 _____ (Farbar) C:\Users\Kerstin\Desktop\FRST64.exe
2015-03-23 21:21 - 2015-03-23 21:21 - 00001898 _____ () C:\Users\Kerstin\Desktop\gmer.log
2015-03-23 21:03 - 2015-03-23 21:03 - 00380416 _____ () C:\Users\Kerstin\Downloads\Gmer-19357.exe
2015-03-23 20:54 - 2015-03-23 20:54 - 00380416 _____ () C:\Users\Kerstin\Downloads\rv6xpvvp.exe
2015-03-23 20:12 - 2015-03-23 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-24 04:15 - 2015-03-23 22:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 04:15 - 2015-02-24 04:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-24 04:15 - 2015-02-24 04:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 22:31 - 2013-12-24 22:48 - 00000000 ____D () C:\FRST
2015-03-23 22:30 - 2013-12-24 22:49 - 00060599 _____ () C:\Users\Kerstin\Downloads\FRST.txt
2015-03-23 21:49 - 2013-10-15 14:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-23 21:00 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-23 21:00 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-23 19:31 - 2013-12-25 02:40 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-23 19:31 - 2011-03-27 14:20 - 00000000 ____D () C:\ProgramData\clear.fi
2015-03-23 19:30 - 2013-10-15 14:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-23 19:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 19:30 - 2009-07-14 05:51 - 00243650 _____ () C:\Windows\setupact.log
2015-03-22 07:38 - 2011-02-01 14:56 - 00659238 _____ () C:\Windows\system32\perfh007.dat
2015-03-22 07:38 - 2011-02-01 14:56 - 00132776 _____ () C:\Windows\system32\perfc007.dat
2015-03-22 07:38 - 2009-07-14 06:13 - 01512418 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 03:26 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Skype
2015-03-07 01:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-06 17:12 - 2011-02-01 06:05 - 00097028 _____ () C:\Windows\PFRO.log
2015-02-25 01:49 - 2014-04-09 01:10 - 00000000 ____D () C:\Users\Kerstin\.matplotlib
2015-02-24 04:57 - 2014-09-18 23:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-24 04:57 - 2011-04-02 04:39 - 00000000 ____D () C:\ProgramData\Skype
2015-02-24 04:20 - 2011-06-28 12:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2011-10-30 21:36 - 2011-10-31 15:36 - 0000000 ____H () C:\Users\Kerstin\AppData\Roaming\windrvconfig.txt
2012-11-14 15:18 - 2012-11-14 15:18 - 0000337 _____ () C:\Users\Kerstin\AppData\Local\Perfmon.PerfmonCfg
2011-12-02 04:25 - 2013-10-15 15:13 - 0007602 _____ () C:\Users\Kerstin\AppData\Local\Resmon.ResmonCfg
2011-02-01 06:34 - 2011-02-01 06:43 - 0016243 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-02 04:42 - 2011-04-02 04:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\Kerstin\CTX.DAT


Some content of TEMP:
====================
C:\Users\Kerstin\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Kerstin\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Kerstin\AppData\Local\Temp\MSN2.exe
C:\Users\Kerstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Kerstin\AppData\Local\Temp\sqlite3.dll
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387729963429_3f9979_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388078529334_c44289_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388143015269_e25c23_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1389741798020_e25c23_de.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 19:38

==================== End Of Log ============================
--- --- ---


addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Kerstin at 2015-03-23 22:33:07
Running from C:\Users\Kerstin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{B82157D3-6D31-4650-93B4-FC39BB08D6CE}) (Version: 15.00.0000 - Akademische Arbeitsgemeinschaft)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1306 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1306 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3001 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
ccc-core-static (x32 Version: 2010.1118.1603.28745 - Ihr Firmenname) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.41.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.20141009 - Landesfinanzdirektion Thüringen)
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Epson Stylus SX510W_TX550W Handbuch (HKLM-x32\...\Epson Stylus SX510W_TX550W Benutzerhandbuch) (Version:  - )
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
File Type Advisor 1.4 (HKLM-x32\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.5 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version:  - Oberon Media)
PyQt4 - PyQwt5 5.2.1-5 (HKLM-x32\...\PyQt4 - PyQwt5 5.2.1-5) (Version: 5.2.1-5 - pythonxy.com)
PyQt4 - QtHelp 4.8.3-1 (HKLM-x32\...\PyQt4 - QtHelp 4.8.3-1) (Version: 4.8.3-1 - pythonxy.com)
Python 2.7 - cx_Freeze 4.3.1-1 (HKLM-x32\...\Python 2.7 - cx_Freeze 4.3.1-1) (Version: 4.3.1-1 - pythonxy.com)
Python 2.7 - distribute 0.6.32-2 (HKLM-x32\...\Python 2.7 - distribute 0.6.32-2) (Version: 0.6.32-2 - pythonxy.com)
Python 2.7 - docutils 0.9.1 (HKLM-x32\...\Python 2.7 - docutils 0.9.1) (Version: 0.9.1 - pythonxy.com)
Python 2.7 - EnthoughtToolSuite 4.2.0-1 (HKLM-x32\...\Python 2.7 - EnthoughtToolSuite 4.2.0-1) (Version: 4.2.0-1 - pythonxy.com)
Python 2.7 - formlayout 1.0.9 (HKLM-x32\...\Python 2.7 - formlayout 1.0.9) (Version: 1.0.9 - pythonxy.com)
Python 2.7 - Gnuplot 1.8.0.3 (HKLM-x32\...\Python 2.7 - Gnuplot 1.8.0.3) (Version: 1.8.0.3 - pythonxy.com)
Python 2.7 - guidata 1.5.1-1 (HKLM-x32\...\Python 2.7 - guidata 1.5.1-1) (Version: 1.5.1-1 - pythonxy.com)
Python 2.7 - guiqwt 2.2.1-1 (HKLM-x32\...\Python 2.7 - guiqwt 2.2.1-1) (Version: 2.2.1-1 - pythonxy.com)
Python 2.7 - h5py 2.1.0 (HKLM-x32\...\Python 2.7 - h5py 2.1.0) (Version: 2.1.0 - pythonxy.com)
Python 2.7 - IPython 0.13.1-1 (HKLM-x32\...\Python 2.7 - IPython 0.13.1-1) (Version: 0.13.1-1 - pythonxy.com)
Python 2.7 - jinja2 2.6.0.1 (HKLM-x32\...\Python 2.7 - jinja2 2.6.0.1) (Version: 2.6.0.1 - pythonxy.com)
Python 2.7 - matplotlib 1.1.1 (HKLM-x32\...\Python 2.7 - matplotlib 1.1.1) (Version: 1.1.1 - pythonxy.com)
Python 2.7 - nose 1.2.1 (HKLM-x32\...\Python 2.7 - nose 1.2.1) (Version: 1.2.1 - pythonxy.com)
Python 2.7 - numexpr 2.0.1 (HKLM-x32\...\Python 2.7 - numexpr 2.0.1) (Version: 2.0.1 - pythonxy.com)
Python 2.7 - numpy 1.6.2 (HKLM-x32\...\Python 2.7 - numpy 1.6.2) (Version: 1.6.2 - pythonxy.com)
Python 2.7 - pandas 0.9.1-2 (HKLM-x32\...\Python 2.7 - pandas 0.9.1-2) (Version: 0.9.1-2 - pythonxy.com)
Python 2.7 - PIL 1.1.7.2 (HKLM-x32\...\Python 2.7 - PIL 1.1.7.2) (Version: 1.1.7.2 - pythonxy.com)
Python 2.7 - ply 3.4 (HKLM-x32\...\Python 2.7 - ply 3.4) (Version: 3.4 - pythonxy.com)
Python 2.7 - psutils 0.6.1 (HKLM-x32\...\Python 2.7 - psutils 0.6.1) (Version: 0.6.1 - pythonxy.com)
Python 2.7 - py2exe 0.6.9 (HKLM-x32\...\Python 2.7 - py2exe 0.6.9) (Version: 0.6.9 - pythonxy.com)
Python 2.7 - pyfits 3.1 (HKLM-x32\...\Python 2.7 - pyfits 3.1) (Version: 3.1 - pythonxy.com)
Python 2.7 - pygments 1.5.0 (HKLM-x32\...\Python 2.7 - pygments 1.5.0) (Version: 1.5.0 - pythonxy.com)
Python 2.7 - pylint 0.26-1 (HKLM-x32\...\Python 2.7 - pylint 0.26-1) (Version: 0.26-1 - pythonxy.com)
Python 2.7 - PyOpenGL 3.0.2-1 (HKLM-x32\...\Python 2.7 - PyOpenGL 3.0.2-1) (Version: 3.0.2-1 - pythonxy.com)
Python 2.7 - PyQt4 4.9.5-2 (HKLM-x32\...\Python 2.7 - PyQt4 4.9.5-2) (Version: 4.9.5-2 - pythonxy.com)
Python 2.7 - pyreadline 1.7.1 (HKLM-x32\...\Python 2.7 - pyreadline 1.7.1) (Version: 1.7.1 - pythonxy.com)
Python 2.7 - pytables 2.4.0 (HKLM-x32\...\Python 2.7 - pytables 2.4.0) (Version: 2.4.0 - pythonxy.com)
Python 2.7 - pywin32 218-1 (HKLM-x32\...\Python 2.7 - pywin32 218-1) (Version: 218-1 - pythonxy.com)
Python 2.7 - pyzmq 2.2.0.1-1 (HKLM-x32\...\Python 2.7 - pyzmq 2.2.0.1-1) (Version: 2.2.0.1-1 - pythonxy.com)
Python 2.7 - reportlab 2.6 (HKLM-x32\...\Python 2.7 - reportlab 2.6) (Version: 2.6 - pythonxy.com)
Python 2.7 - scipy 0.11.0 (HKLM-x32\...\Python 2.7 - scipy 0.11.0) (Version: 0.11.0 - pythonxy.com)
Python 2.7 - sphinx 1.1.3.1 (HKLM-x32\...\Python 2.7 - sphinx 1.1.3.1) (Version: 1.1.3.1 - pythonxy.com)
Python 2.7 - spyder 2.1.11 (HKLM-x32\...\Python 2.7 - spyder 2.1.11) (Version: 2.1.11 - pythonxy.com)
Python 2.7 - sqlalchemy 0.7.9-2 (HKLM-x32\...\Python 2.7 - sqlalchemy 0.7.9-2) (Version: 0.7.9-2 - pythonxy.com)
Python 2.7 - tornado 2.4.1-1 (HKLM-x32\...\Python 2.7 - tornado 2.4.1-1) (Version: 2.4.1-1 - pythonxy.com)
Python 2.7 - veusz 1.16 (HKLM-x32\...\Python 2.7 - veusz 1.16) (Version: 1.16 - pythonxy.com)
Python 2.7 - virtualenv 1.8.4-2 (HKLM-x32\...\Python 2.7 - virtualenv 1.8.4-2) (Version: 1.8.4-2 - pythonxy.com)
Python 2.7 - vitables 2.1.0.3 (HKLM-x32\...\Python 2.7 - vitables 2.1.0.3) (Version: 2.1.0.3 - pythonxy.com)
Python 2.7 - vtk 5.10.0 (HKLM-x32\...\Python 2.7 - vtk 5.10.0) (Version: 5.10.0 - pythonxy.com)
Python 2.7 - wxPython 2.8.12.1 (HKLM-x32\...\Python 2.7 - wxPython 2.8.12.1) (Version: 2.8.12.1 - pythonxy.com)
Python 2.7 - xy 1.2.16-1 (HKLM-x32\...\Python 2.7 - xy 1.2.16-1) (Version: 1.2.16-1 - pythonxy.com)
Python 2.7.3 (x32 Version: 2.7.3150 - Python Software Foundation) Hidden
Python(x,y) - console 2.0.148-8 (HKLM-x32\...\Python(x,y) - console 2.0.148-8) (Version: 2.0.148-8 - pythonxy.com)
Python(x,y) - mingw 4.5.2.3 (HKLM-x32\...\Python(x,y) - mingw 4.5.2.3) (Version: 4.5.2.3 - pythonxy.com)
Python(x,y) - SciTE 3.2.2-1 (HKLM-x32\...\Python(x,y) - SciTE 3.2.2-1) (Version: 3.2.2-1 - pythonxy.com)
Python(x,y) - xydoc 1.0.5.1 (HKLM-x32\...\Python(x,y) - xydoc 1.0.5.1) (Version: 1.0.5.1 - pythonxy.com)
Python(x,y) (HKLM-x32\...\Python(x,y)) (Version: 2.7.3.1 - www.pythonxy.com)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.4.17 - Sony Ericsson Mobile Communications AB)
Sony PC Companion 2.10.094 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.094 - Sony)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
Steuer-Sparer 2011 (HKLM-x32\...\{3499BB0F-E68A-4353-B6F0-701D0AD1CE2F}) (Version: 16.12 - Akademische Arbeitsgemeinschaft Verlag)
TeXnicCenter Version 2.0 Beta 1 (HKLM-x32\...\TeXnicCenter_is1) (Version: 2.0 Beta 1 - The TeXnicCenter Team)
VideoLAN VLC media player 0.8.5 (HKLM-x32\...\VLC media player) (Version: 0.8.5 - VideoLAN Team)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-10-2014 15:30:27 Geplanter Prüfpunkt
02-11-2014 16:51:19 Geplanter Prüfpunkt
13-11-2014 20:59:27 Geplanter Prüfpunkt
24-11-2014 17:21:22 Geplanter Prüfpunkt
25-12-2014 17:07:40 Geplanter Prüfpunkt
26-01-2015 19:00:14 Geplanter Prüfpunkt
03-02-2015 17:46:16 Geplanter Prüfpunkt
10-02-2015 23:35:43 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-06-03 07:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03CCB95E-50E3-424C-882E-1CDF9C451175} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {059CB88E-3DB2-4949-8FB9-77D3485A6BD5} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated)
Task: {0BEEB9D2-7194-4B1D-8CEC-5C6F34F60860} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {32D0AA94-94F2-4260-B87E-0B676C3C99D8} - System32\Tasks\{365B1BB6-0DBB-4A2E-BF02-61988F376446} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {34F51131-442B-49E7-AACB-B74042D3B613} - System32\Tasks\{3CDF03BA-C92E-46CA-8900-61A3C00E2A78} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {45F961C0-77A4-4E5A-B387-B405B5A3F58F} - System32\Tasks\{075A127A-1303-4C3B-8201-3E5C0447364D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {6534A55B-A4A0-454D-9C91-1D7A907E1489} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-24] (Adobe Systems Incorporated)
Task: {6A8EDEC6-F055-41FC-8655-11A5E837A011} - System32\Tasks\{DC5B2564-B5CB-4967-B07B-9FB23D130316} => pcalua.exe -a C:\Users\Kerstin\Desktop\Downloads\JabRef-2.8.1-setup.exe -d C:\Users\Kerstin\Desktop\Downloads
Task: {884424F8-F8D9-4A3B-B400-E369F6430795} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink)
Task: {ABE42175-8175-4B87-98F8-D03771ACDFAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {C5074024-3B27-441F-9CEB-E898CD0DB864} - System32\Tasks\{5A7B0BE9-1FA8-4AA8-AD61-8AD850E53D4E} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.106&amp;LastError=2
Task: {CF4F2F69-2E57-4131-A063-4F8DC334E5BC} - System32\Tasks\{F163F189-5888-4976-9F05-E032A555EA94} => Firefox.exe hxxp://ui.skype.com/ui/0/5.2.60.113/de/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
Task: {DCD52E09-71A7-4501-9125-43D951150F9C} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-09-04] (filetypeadvisor.com                                        )
Task: {F0EB3259-108C-419C-BDA3-C445975EC1B9} - System32\Tasks\{A307B3C9-5AAF-42D1-A256-CEEC2E201A4D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.2.60.113/de/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
Task: {F89AABCC-F8A2-4013-B15C-F2F3D3FD3097} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-09-04] (File Type Advisor)
Task: {FFAFB065-20A0-4B1C-A2CE-F7989394D72E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-06-03 23:36 - 2011-06-03 23:36 - 00056832 _____ () C:\Windows\system32\windowtcodecsext.dll
2010-11-18 16:13 - 2010-11-18 16:13 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2010-11-18 16:14 - 2010-11-18 16:14 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2010-11-12 02:22 - 2010-11-12 02:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2010-12-23 14:46 - 2010-12-23 14:46 - 00210312 ____N () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2015-03-23 19:52 - 2015-03-14 11:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-23 19:52 - 2015-03-14 11:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-23 19:52 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-23 19:52 - 2015-03-14 11:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

==================== Accounts: =============================

Administrator (S-1-5-21-3817438319-2950311145-3816183397-500 - Administrator - Disabled)
Gast (S-1-5-21-3817438319-2950311145-3816183397-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3817438319-2950311145-3816183397-1003 - Limited - Enabled)
Kerstin (S-1-5-21-3817438319-2950311145-3816183397-1001 - Administrator - Enabled) => C:\Users\Kerstin

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2015 10:31:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1130

Startzeit: 01d065b06f5bd472

Endzeit: 38

Anwendungspfad: C:\Users\Kerstin\Downloads\FRST64.exe

Berichts-ID:

Error: (03/23/2015 08:55:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rv6xpvvp.exe, Version 2.1.19357.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1794

Startzeit: 01d065a337275fa5

Endzeit: 27

Anwendungspfad: C:\Users\Kerstin\Downloads\rv6xpvvp.exe

Berichts-ID: 82b55797-d196-11e4-a3f8-1c7508c137ad

Error: (03/23/2015 08:13:19 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/21/2015 04:33:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: McSvHost.exe, Version: 3.8.703.0, Zeitstempel: 0x51f7deae
Name des fehlerhaften Moduls: HOMENE~3.DLL, Version: 6.8.718.0, Zeitstempel: 0x537aebe5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000226ce1
ID des fehlerhaften Prozesses: 0x834
Startzeit der fehlerhaften Anwendung: 0xMcSvHost.exe0
Pfad der fehlerhaften Anwendung: McSvHost.exe1
Pfad des fehlerhaften Moduls: McSvHost.exe2
Berichtskennung: McSvHost.exe3

Error: (02/20/2015 04:35:03 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/17/2015 04:49:39 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/16/2015 06:52:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/15/2015 01:58:16 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/15/2015 00:53:00 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/12/2015 11:36:07 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT-AUTORITÄT)
Description: McShield crashed.
Error Code:c0000005


System errors:
=============
Error: (03/20/2015 07:38:52 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (03/15/2015 08:23:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%1115

Error: (03/06/2015 07:50:00 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/25/2015 05:08:21 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/22/2015 01:40:04 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/21/2015 04:34:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee Anti-Spam Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/21/2015 04:34:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/21/2015 04:34:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee Platform Services" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/21/2015 04:34:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee VirusScan Announcer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/21/2015 04:34:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee Personal Firewall Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (03/23/2015 10:31:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe0.0.0.0113001d065b06f5bd47238C:\Users\Kerstin\Downloads\FRST64.exe

Error: (03/23/2015 08:55:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rv6xpvvp.exe2.1.19357.0179401d065a337275fa527C:\Users\Kerstin\Downloads\rv6xpvvp.exe82b55797-d196-11e4-a3f8-1c7508c137ad

Error: (03/23/2015 08:13:19 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/21/2015 04:33:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaeHOMENE~3.DLL6.8.718.0537aebe5c00000050000000000226ce183401d04d3920b7c599C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exec:\PROGRA~1\COMMON~1\mcafee\mhn\HOMENE~3.DLL6f9fbe9f-b97a-11e4-b584-1c7508c137ad

Error: (02/20/2015 04:35:03 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/17/2015 04:49:39 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/16/2015 06:52:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/15/2015 01:58:16 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/15/2015 00:53:00 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/12/2015 11:36:07 AM) (Source: AVLogEvent) (EventID: 5004) (User: NT-AUTORITÄT)
Description: c0000005


CodeIntegrity Errors:
===================================
  Date: 2011-11-30 23:53:38.203
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-11-30 23:53:38.000
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD E-350 Processor
Percentage of memory in use: 60%
Total physical RAM: 2794.9 MB
Available physical RAM: 1113.93 MB
Total Pagefile: 5587.98 MB
Available Pagefile: 3336.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:282.99 GB) (Free:184.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 73F766B1)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 24.03.2015 09:48
Bitte mit MBAR fortfahren:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

karl-heinz00 11.05.2015 21:42
Hallo, hab es leider total vernachlässigt weiter zu machen, nach dem letzten Post, weil ich dachte "so schlimm isses ja nich" und danach einfach vergessen. Jetzt hab ich aber das Gefühl es gibt doch einige Probleme und ich brauche eure Hilfe.

Ich hab mal Scan mit Avira gemacht:

Avira:
Code:

Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 27. April 2015  22:09


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira Antivirus Free
Seriennummer  : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : KERSTIN-PC

Versionsinformationen:
BUILD.DAT      : 15.0.9.504    94784 Bytes  24.03.2015 14:59:00
AVSCAN.EXE    : 15.0.9.504  1027528 Bytes  20.04.2015 15:26:41
AVSCANRC.DLL  : 15.0.9.460    64760 Bytes  20.04.2015 15:26:41
LUKE.DLL      : 15.0.9.460    60664 Bytes  20.04.2015 15:26:57
AVSCPLR.DLL    : 15.0.9.460    95536 Bytes  20.04.2015 15:26:41
REPAIR.DLL    : 15.0.9.504    374064 Bytes  20.04.2015 15:26:41
REPAIR.RDF    : 1.0.7.40      857439 Bytes  25.04.2015 18:48:04
AVREG.DLL      : 15.0.9.460    273712 Bytes  20.04.2015 15:26:40
AVLODE.DLL    : 15.0.9.504    596272 Bytes  20.04.2015 15:26:39
AVLODE.RDF    : 14.0.4.64      79226 Bytes  20.04.2015 15:26:36
XBV00019.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00020.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00021.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00022.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00023.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00024.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00025.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00026.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00027.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00028.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00029.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00030.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00031.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00032.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00033.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00034.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00035.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00036.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00037.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00038.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00039.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00040.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00041.VDF  : 8.11.165.190    2048 Bytes  07.08.2014 11:02:04
XBV00071.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00072.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00073.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00074.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00075.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00076.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00077.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00078.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00079.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00080.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00081.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00082.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00083.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00084.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00085.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00086.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00087.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:02
XBV00088.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00089.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00090.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00091.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00092.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00093.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00094.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00095.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00096.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00097.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00098.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00099.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00100.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00101.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00102.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00103.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00104.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00105.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00106.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00107.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00108.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00109.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00110.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:03
XBV00111.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00112.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00113.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00114.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00115.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00116.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00117.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00118.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00119.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00120.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00121.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00122.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00123.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00124.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00125.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00126.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00127.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00128.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00129.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00130.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00131.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00132.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:04
XBV00133.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00134.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00135.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00136.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00137.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00138.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00139.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00140.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00141.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00142.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00143.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00144.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00145.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00146.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00147.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00148.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00149.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00150.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00151.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00152.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00153.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00154.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00155.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:05
XBV00156.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00157.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00158.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00159.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00160.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00161.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00162.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00163.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00164.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00165.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00166.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00167.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00168.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00169.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00170.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00171.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00172.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00173.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00174.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00175.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00176.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00177.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:06
XBV00178.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00179.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00180.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00181.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00182.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00183.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00184.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00185.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00186.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00187.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00188.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00189.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00190.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00191.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00192.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00193.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00194.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00195.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00196.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00197.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00198.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00199.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:07
XBV00200.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00201.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00202.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00203.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00204.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00205.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00206.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00207.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00208.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00209.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00210.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00211.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00212.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00213.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00214.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00215.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00216.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00217.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00218.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:08
XBV00219.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00220.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00221.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00222.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00223.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00224.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00225.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00226.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00227.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00228.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00229.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00230.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00231.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00232.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00233.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00234.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00235.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00236.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00237.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00238.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00239.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00240.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00241.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:09
XBV00242.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00243.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00244.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00245.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00246.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00247.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00248.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00249.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00250.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00251.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00252.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00253.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00254.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00255.VDF  : 8.11.225.88    2048 Bytes  22.04.2015 15:19:10
XBV00000.VDF  : 7.11.70.0  66736640 Bytes  04.04.2013 11:02:04
XBV00001.VDF  : 7.11.74.226  2201600 Bytes  30.04.2013 11:02:04
XBV00002.VDF  : 7.11.80.60  2751488 Bytes  28.05.2013 11:02:04
XBV00003.VDF  : 7.11.85.214  2162688 Bytes  21.06.2013 11:02:04
XBV00004.VDF  : 7.11.91.176  3903488 Bytes  23.07.2013 11:02:04
XBV00005.VDF  : 7.11.98.186  6822912 Bytes  29.08.2013 11:02:04
XBV00006.VDF  : 7.11.139.38 15708672 Bytes  27.03.2014 11:02:04
XBV00007.VDF  : 7.11.152.100  4193792 Bytes  02.06.2014 11:02:04
XBV00008.VDF  : 8.11.165.192  4251136 Bytes  07.08.2014 11:02:04
XBV00009.VDF  : 8.11.172.30  2094080 Bytes  15.09.2014 11:02:04
XBV00010.VDF  : 8.11.178.32  1581056 Bytes  14.10.2014 11:02:04
XBV00011.VDF  : 8.11.184.50  2178560 Bytes  11.11.2014 11:02:04
XBV00012.VDF  : 8.11.190.32  1876992 Bytes  03.12.2014 11:02:04
XBV00013.VDF  : 8.11.201.28  2973696 Bytes  14.01.2015 11:02:04
XBV00014.VDF  : 8.11.206.252  2695680 Bytes  04.02.2015 11:02:04
XBV00015.VDF  : 8.11.213.84  3175936 Bytes  03.03.2015 11:02:04
XBV00016.VDF  : 8.11.213.176  212480 Bytes  05.03.2015 11:02:04
XBV00017.VDF  : 8.11.219.166  2033664 Bytes  25.03.2015 15:27:02
XBV00018.VDF  : 8.11.225.88  2367488 Bytes  22.04.2015 15:19:00
XBV00042.VDF  : 8.11.225.112    23040 Bytes  22.04.2015 15:19:00
XBV00043.VDF  : 8.11.225.138    2048 Bytes  22.04.2015 15:19:00
XBV00044.VDF  : 8.11.225.164    43520 Bytes  22.04.2015 15:19:00
XBV00045.VDF  : 8.11.225.188    27136 Bytes  22.04.2015 15:19:00
XBV00046.VDF  : 8.11.225.190    2048 Bytes  22.04.2015 15:19:00
XBV00047.VDF  : 8.11.225.192    24064 Bytes  22.04.2015 15:19:00
XBV00048.VDF  : 8.11.225.196    35328 Bytes  23.04.2015 15:19:01
XBV00049.VDF  : 8.11.225.198    14848 Bytes  23.04.2015 15:19:01
XBV00050.VDF  : 8.11.225.202    2048 Bytes  23.04.2015 15:19:01
XBV00051.VDF  : 8.11.225.224    30208 Bytes  23.04.2015 15:19:01
XBV00052.VDF  : 8.11.225.244    2048 Bytes  23.04.2015 21:59:02
XBV00053.VDF  : 8.11.226.8    21504 Bytes  23.04.2015 21:59:02
XBV00054.VDF  : 8.11.226.30    35328 Bytes  23.04.2015 05:35:14
XBV00055.VDF  : 8.11.226.34    2048 Bytes  24.04.2015 05:35:14
XBV00056.VDF  : 8.11.226.42    32256 Bytes  24.04.2015 05:35:14
XBV00057.VDF  : 8.11.226.44    39424 Bytes  24.04.2015 18:48:02
XBV00058.VDF  : 8.11.226.46    7680 Bytes  24.04.2015 18:48:02
XBV00059.VDF  : 8.11.226.48    6656 Bytes  24.04.2015 18:48:02
XBV00060.VDF  : 8.11.226.68    14336 Bytes  24.04.2015 18:48:02
XBV00061.VDF  : 8.11.226.88    19456 Bytes  24.04.2015 18:48:02
XBV00062.VDF  : 8.11.226.112    24576 Bytes  24.04.2015 18:48:02
XBV00063.VDF  : 8.11.226.134    55808 Bytes  25.04.2015 18:48:02
XBV00064.VDF  : 8.11.226.136    2560 Bytes  25.04.2015 18:48:02
XBV00065.VDF  : 8.11.226.138    9728 Bytes  25.04.2015 18:48:02
XBV00066.VDF  : 8.11.226.140    12800 Bytes  25.04.2015 18:48:02
XBV00067.VDF  : 8.11.226.160    94208 Bytes  26.04.2015 17:16:16
XBV00068.VDF  : 8.11.226.178    10240 Bytes  26.04.2015 17:16:16
XBV00069.VDF  : 8.11.226.196    10240 Bytes  26.04.2015 17:16:16
XBV00070.VDF  : 8.11.226.214    7680 Bytes  26.04.2015 17:16:16
LOCAL000.VDF  : 8.11.226.214 128078848 Bytes  26.04.2015 17:16:49
Engineversion  : 8.3.30.24
AEVDF.DLL      : 8.3.1.6      133992 Bytes  17.03.2015 11:01:51
AESCRIPT.DLL  : 8.2.2.62      567208 Bytes  20.04.2015 15:26:36
AESCN.DLL      : 8.3.2.2      139456 Bytes  17.03.2015 11:01:51
AESBX.DLL      : 8.2.20.34    1615784 Bytes  17.03.2015 11:01:51
AERDL.DLL      : 8.2.1.20      731040 Bytes  17.03.2015 11:01:51
AEPACK.DLL    : 8.4.0.62      793456 Bytes  17.03.2015 11:01:51
AEOFFICE.DLL  : 8.3.1.22      363376 Bytes  25.04.2015 18:48:01
AEMOBILE.DLL  : 8.1.7.2      281720 Bytes  25.04.2015 18:48:02
AEHEUR.DLL    : 8.1.4.1658  8289400 Bytes  25.04.2015 18:48:01
AEHELP.DLL    : 8.3.2.0      281456 Bytes  20.04.2015 15:26:33
AEGEN.DLL      : 8.1.7.40      456608 Bytes  17.03.2015 11:01:51
AEEXP.DLL      : 8.4.2.82      260968 Bytes  20.04.2015 15:26:36
AEEMU.DLL      : 8.1.3.4      399264 Bytes  17.03.2015 11:01:51
AEDROID.DLL    : 8.4.3.116    1050536 Bytes  17.03.2015 11:01:51
AECORE.DLL    : 8.3.4.0      243624 Bytes  17.03.2015 11:01:51
AEBB.DLL      : 8.1.2.0        60448 Bytes  17.03.2015 11:01:51
AVWINLL.DLL    : 15.0.9.460    26872 Bytes  20.04.2015 15:26:30
AVPREF.DLL    : 15.0.9.460    52984 Bytes  20.04.2015 15:26:40
AVREP.DLL      : 15.0.9.460    220464 Bytes  20.04.2015 15:26:40
AVARKT.DLL    : 15.0.9.460    228088 Bytes  20.04.2015 15:26:36
AVEVTLOG.DLL  : 15.0.9.460    193328 Bytes  20.04.2015 15:26:38
SQLITE3.DLL    : 15.0.9.460    455472 Bytes  20.04.2015 15:26:59
AVSMTP.DLL    : 15.0.9.460    79096 Bytes  20.04.2015 15:26:41
NETNT.DLL      : 15.0.9.460    15152 Bytes  20.04.2015 15:26:57
CommonImageRc.dll: 15.0.9.460  4355376 Bytes  20.04.2015 15:26:30
CommonTextRc.DLL: 15.0.9.476    70960 Bytes  20.04.2015 15:26:30

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 27. April 2015  22:09

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '170' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'AMD Reservation Manager.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'MMDx64Fx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'CxAudMsg64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'Fuel.Service.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'clear.fiAgent.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMREngine.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrlHelper.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeXnicCenter.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'IEXPLORE.EXE' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2729' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
C:\$RECYCLE.BIN\S-1-5-21-3817438319-2950311145-3816183397-1001\$RTXKITX.exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Yontoo.76240
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\WindowtCodecsExt.dll
  [FUND]      Ist das Trojanische Pferd TR/Mediyes.Gen6

Beginne mit der Desinfektion:
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\WindowtCodecsExt.dll
  [FUND]      Ist das Trojanische Pferd TR/Mediyes.Gen6
  [HINWEIS]  Die Datei wurde gelöscht.
C:\$RECYCLE.BIN\S-1-5-21-3817438319-2950311145-3816183397-1001\$RTXKITX.exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Yontoo.76240
  [HINWEIS]  Die Datei wurde gelöscht.


Ende des Suchlaufs: Dienstag, 28. April 2015  01:33
Benötigte Zeit:  3:18:57 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  43550 Verzeichnisse wurden überprüft
 1585122 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      2 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1585120 Dateien ohne Befall
  8749 Archive wurden durchsucht
      0 Warnungen
      2 Hinweise
 848418 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
AdwCleaner Quarantäne-Log vom Januar:

Code:
C:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir
C:\Users\Kerstin\AppData\Roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm.vir
C:\Program Files (x86)\SearchProtect\EULA.txt->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\EULA.txt.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\settings.html.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\style.css.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Icon.ico->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\Icon.ico.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js.vir
C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js.vir
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir
C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\rep\cfi.bin.vir
C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\rep\edk.bin.vir
C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\rep\pni.bin.vir
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat.vir
C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\rep\trn.bin.vir
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir
C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir
C:\Users\Kerstin\AppData\Local\SearchProtect\UI\rep\UIRepository.dat->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Local\SearchProtect\UI\rep\UIRepository.dat.vir
C:\Users\Kerstin\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat.vir
C:\Users\Kerstin\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat.vir
C:\Users\Kerstin\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat.vir
C:\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\7366.ico->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\7366.ico.vir
C:\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\asd3xcy2.exe->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\asd3xcy2.exe.vir
C:\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\du339c.exe->C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\du339c.exe.vir

Scans mit MBAM (läuft gerade), MBAR und eine frisches FRST-File reiche ich dann gleich nach.

Danke im Vorraus und Liebe Grüße

MBAM

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 11.05.2015
Suchlauf-Zeit: 17:02:12
Logdatei: log.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.05.11.03
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Kerstin

Suchlauf-Art: Benutzerdefinierter Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 609785
Verstrichene Zeit: 4 Std, 42 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 15
PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir, , [c674a1ceee9c989e66590faf827fa858],
PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir, , [3505a9c6f694ac8ac0fffec037cac739],
PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir, , [1a20a8c7c1c93ef8fcc37f3f28d9c13f],
PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir, , [61d974fb038738fe417e6955659cb54b],
PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir, , [d56558174f3b51e515aa0ab428d9639d],
PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir, , [92a8640ba8e2a393c3fc506e4ab735cb],
PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir, , [a298aac5c2c8de5800bff0ce728fd729],
PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir, , [ed4d0966e4a6b77f38877b431ae7619f],
PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir, , [40fa026d3852211510af3c82a160c040],
PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir, , [be7c7ef14b3f60d6289703bb7d8456aa],
PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir, , [2b0f7ff06a20ff37af108e30d82936ca],
PUP.Optional.SearchProtect.A, C:\AdwCleaner\Quarantine\C\Users\Kerstin\AppData\Roaming\RHEng\FB6E0BECC8C743EB94961B28AAD1C595\asd3xcy2.exe.vir, , [44f62649c5c5af87e2cd268db15012ee],
PUP.Optional.Softonic.A, C:\System Volume Information\SystemRestore\FRStaging\Users\Kerstin\Desktop\Downloads\SoftonicDownloader_fuer_regcleaner.exe, , [9d9d640b44467eb80e483d16b34ea15f],
PUP.Optional.Conduit.A, C:\Users\Kerstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CO3BV437\spstub[1].exe, , [83b7026d8bff8da92304a316e819ac54],
PUP.Optional.SearchProtect.A, C:\Users\Kerstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGJ19T2Y\SPSetup[1].exe, , [28128be48604ad89635c3a840cf503fd],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
MBAR

Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Kerstin :: KERSTIN-PC [administrator]

11.05.2015 21:51:54
mbar-log-2015-05-11 (21-51-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 344769
Time elapsed: 26 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
frisches FRST-log


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Kerstin (administrator) on KERSTIN-PC on 11-05-2015 22:40:04
Running from C:\Users\Kerstin\Desktop
Loaded Profiles: Kerstin (Available profiles: Kerstin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> DefaultScope {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-04] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-04] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-21]

Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.com/de"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-15]
CHR Extension: (Google Drive) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-15]
CHR Extension: (YouTube) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-15]
CHR Extension: (Google Search) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-15]
CHR Extension: (Bookmark Manager) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (Google Wallet) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR Extension: (Gmail) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [30208 2006-11-07] (AVM GmbH)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-11 22:39 - 2015-05-11 22:39 - 00000000 ____D () C:\Users\Kerstin\Desktop\FRST-OlderVersion
2015-05-11 22:34 - 2015-05-11 22:34 - 00275496 _____ () C:\Windows\Minidump\051115-21216-01.dmp
2015-05-11 21:47 - 2015-05-11 21:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kerstin\Desktop\mbar-1.09.1.1004.exe
2015-05-11 16:52 - 2015-05-11 16:52 - 00275496 _____ () C:\Windows\Minidump\051115-23883-01.dmp
2015-04-29 10:26 - 2015-04-29 10:27 - 00275496 _____ () C:\Windows\Minidump\042915-26832-01.dmp
2015-04-27 01:13 - 2015-04-27 01:13 - 00275496 _____ () C:\Windows\Minidump\042715-21403-01.dmp
2015-04-27 01:02 - 2015-04-27 01:02 - 00022531 _____ () C:\Users\Kerstin\Downloads\Tutorium_komplett_SS2015.zip
2015-04-20 17:35 - 2013-09-16 19:46 - 00000910 _____ () C:\Users\Kerstin\Desktop\Downloads.lnk
2015-04-20 17:28 - 2015-04-20 17:28 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-20 17:25 - 2015-04-20 17:33 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Avira
2015-04-20 17:25 - 2015-04-20 17:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-20 17:24 - 2015-05-05 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-20 17:23 - 2015-05-05 12:44 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-20 17:23 - 2015-05-05 12:44 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-20 17:23 - 2015-04-20 17:31 - 00000000 ____D () C:\ProgramData\Avira
2015-04-20 17:23 - 2015-04-20 17:28 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-20 17:23 - 2015-03-17 13:01 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-20 17:23 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-20 16:12 - 2015-04-20 16:12 - 00275552 _____ () C:\Windows\Minidump\042015-26925-01.dmp
2015-04-19 05:12 - 2015-04-19 05:13 - 00275496 _____ () C:\Windows\Minidump\041915-28314-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-11 22:40 - 2015-03-23 23:31 - 00015611 _____ () C:\Users\Kerstin\Desktop\FRST.txt
2015-05-11 22:40 - 2013-12-24 23:48 - 00000000 ____D () C:\FRST
2015-05-11 22:39 - 2015-03-23 23:29 - 02102784 _____ (Farbar) C:\Users\Kerstin\Desktop\FRST64.exe
2015-05-11 22:39 - 2011-02-01 15:56 - 00659238 _____ () C:\Windows\system32\perfh007.dat
2015-05-11 22:39 - 2011-02-01 15:56 - 00132776 _____ () C:\Windows\system32\perfc007.dat
2015-05-11 22:39 - 2009-07-14 07:13 - 01512418 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-11 22:36 - 2013-12-25 03:40 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-11 22:35 - 2013-12-25 00:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-11 22:35 - 2011-03-27 15:20 - 00000000 ____D () C:\ProgramData\clear.fi
2015-05-11 22:34 - 2013-10-15 15:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-11 22:34 - 2011-05-09 19:45 - 382813359 _____ () C:\Windows\MEMORY.DMP
2015-05-11 22:34 - 2011-05-09 19:45 - 00000000 ____D () C:\Windows\Minidump
2015-05-11 22:34 - 2011-02-01 07:05 - 00552176 _____ () C:\Windows\PFRO.log
2015-05-11 22:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-11 22:34 - 2009-07-14 06:51 - 00246898 _____ () C:\Windows\setupact.log
2015-05-11 22:21 - 2013-12-25 00:44 - 00000000 ____D () C:\Users\Kerstin\Desktop\mbar
2015-05-11 22:20 - 2015-02-24 05:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-11 21:50 - 2014-07-01 14:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 21:49 - 2013-10-15 15:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-11 21:48 - 2014-07-01 14:31 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 21:46 - 2011-01-17 19:22 - 00000000 ____D () C:\Windows\oem
2015-05-11 17:00 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-11 17:00 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-11 15:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-08 12:33 - 2014-10-07 12:34 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\FileAdvisor
2015-05-08 12:33 - 2014-09-21 12:33 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2015-05-07 22:54 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-29 12:37 - 2011-04-02 05:41 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Skype
2015-04-20 17:50 - 2011-01-17 19:18 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-20 17:50 - 2011-01-17 19:18 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-20 17:28 - 2011-02-01 07:08 - 01703796 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 23:20 - 2015-02-24 05:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-19 23:20 - 2015-02-24 05:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-19 23:20 - 2011-06-28 13:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 01:19 - 2014-09-19 00:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 01:19 - 2011-04-02 05:39 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2011-10-30 22:36 - 2011-10-31 16:36 - 0000000 ____H () C:\Users\Kerstin\AppData\Roaming\windrvconfig.txt
2012-11-14 16:18 - 2012-11-14 16:18 - 0000337 _____ () C:\Users\Kerstin\AppData\Local\Perfmon.PerfmonCfg
2011-12-02 05:25 - 2013-10-15 16:13 - 0007602 _____ () C:\Users\Kerstin\AppData\Local\Resmon.ResmonCfg
2011-02-01 07:34 - 2011-02-01 07:43 - 0016243 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-02 05:42 - 2011-04-02 05:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\Kerstin\CTX.DAT


Some content of TEMP:
====================
C:\Users\Kerstin\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Kerstin\AppData\Local\Temp\avgnt.exe
C:\Users\Kerstin\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Kerstin\AppData\Local\Temp\MSN2.exe
C:\Users\Kerstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Kerstin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kerstin\AppData\Local\Temp\sqlite3.dll
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387729963429_3f9979_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388078529334_c44289_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388143015269_e25c23_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1389741798020_e25c23_de.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-05 12:06

==================== End Of Log ============================
--- --- ---

cosinus 12.05.2015 01:01
Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


karl-heinz00 12.05.2015 11:46
adwCleaner

Code:
# AdwCleaner v4.203 - Bericht erstellt 12/05/2015 um 12:42:08
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Kerstin - KERSTIN-PC
# Gestarted von : C:\Users\Kerstin\Desktop\AdwCleaner_4.203.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM

***** [ Internetbrowser ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Google Chrome v42.0.2311.135

[C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp
[C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Default_Search_Provider_Data] :

*************************

AdwCleaner[R3].txt - [1408 Bytes] - [12/05/2015 12:42:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1467  Bytes] ##########
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Home Premium x64
Ran by Kerstin on 12.05.2015 at 12:49:04,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.05.2015 at 12:55:30,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Kerstin (administrator) on KERSTIN-PC on 12-05-2015 12:58:46
Running from C:\Users\Kerstin\Desktop
Loaded Profiles: Kerstin (Available profiles: Kerstin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-04] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-04] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-21]

Chrome:
=======
CHR Profile: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [30208 2006-11-07] (AVM GmbH)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-12 12:55 - 2015-05-12 12:55 - 00000602 _____ () C:\Users\Kerstin\Desktop\JRT.txt
2015-05-12 12:49 - 2015-05-12 12:49 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KERSTIN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-12 12:49 - 2015-05-12 12:49 - 00000000 ____D () C:\RegBackup
2015-05-12 12:36 - 2015-05-12 12:42 - 00000000 ____D () C:\AdwCleaner
2015-05-12 12:35 - 2015-05-12 12:35 - 02720307 _____ (Thisisu) C:\Users\Kerstin\Desktop\JRT.exe
2015-05-12 12:33 - 2015-05-12 12:33 - 02204160 _____ () C:\Users\Kerstin\Desktop\AdwCleaner_4.203.exe
2015-05-12 11:36 - 2015-05-12 11:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kerstin\Downloads\revosetup95.exe
2015-05-12 11:36 - 2015-05-12 11:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kerstin\Downloads\revosetup95 (1).exe
2015-05-12 11:36 - 2015-05-12 11:36 - 00000748 _____ () C:\Users\Kerstin\Desktop\Revo Uninstaller.lnk
2015-05-11 22:34 - 2015-05-11 22:34 - 00275496 _____ () C:\Windows\Minidump\051115-21216-01.dmp
2015-05-11 21:47 - 2015-05-11 21:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kerstin\Desktop\mbar-1.09.1.1004.exe
2015-05-11 16:52 - 2015-05-11 16:52 - 00275496 _____ () C:\Windows\Minidump\051115-23883-01.dmp
2015-04-29 10:26 - 2015-04-29 10:27 - 00275496 _____ () C:\Windows\Minidump\042915-26832-01.dmp
2015-04-27 01:13 - 2015-04-27 01:13 - 00275496 _____ () C:\Windows\Minidump\042715-21403-01.dmp
2015-04-27 01:02 - 2015-04-27 01:02 - 00022531 _____ () C:\Users\Kerstin\Downloads\Tutorium_komplett_SS2015.zip
2015-04-20 17:35 - 2013-09-16 19:46 - 00000910 _____ () C:\Users\Kerstin\Desktop\Downloads.lnk
2015-04-20 17:28 - 2015-04-20 17:28 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-20 17:25 - 2015-04-20 17:33 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Avira
2015-04-20 17:25 - 2015-04-20 17:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-20 17:24 - 2015-05-05 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-20 17:23 - 2015-05-05 12:44 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-20 17:23 - 2015-05-05 12:44 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-20 17:23 - 2015-04-20 17:31 - 00000000 ____D () C:\ProgramData\Avira
2015-04-20 17:23 - 2015-04-20 17:28 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-20 17:23 - 2015-03-17 13:01 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-20 17:23 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-20 16:12 - 2015-04-20 16:12 - 00275552 _____ () C:\Windows\Minidump\042015-26925-01.dmp
2015-04-19 05:12 - 2015-04-19 05:13 - 00275496 _____ () C:\Windows\Minidump\041915-28314-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-12 12:58 - 2015-03-23 23:31 - 00011702 _____ () C:\Users\Kerstin\Desktop\FRST.txt
2015-05-12 12:58 - 2013-12-24 23:48 - 00000000 ____D () C:\FRST
2015-05-12 12:57 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-12 12:57 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-12 12:49 - 2013-10-15 15:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 12:48 - 2011-02-01 15:56 - 00659238 _____ () C:\Windows\system32\perfh007.dat
2015-05-12 12:48 - 2011-02-01 15:56 - 00132776 _____ () C:\Windows\system32\perfc007.dat
2015-05-12 12:48 - 2009-07-14 07:13 - 01512418 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-12 12:43 - 2013-12-25 03:40 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-12 12:43 - 2013-10-15 15:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 12:43 - 2011-03-27 15:20 - 00000000 ____D () C:\ProgramData\clear.fi
2015-05-12 12:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-12 12:43 - 2009-07-14 06:51 - 00247010 _____ () C:\Windows\setupact.log
2015-05-12 12:20 - 2015-02-24 05:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-12 11:31 - 2011-02-01 07:05 - 00552530 _____ () C:\Windows\PFRO.log
2015-05-11 22:39 - 2015-03-23 23:29 - 02102784 _____ (Farbar) C:\Users\Kerstin\Desktop\FRST64.exe
2015-05-11 22:35 - 2013-12-25 00:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-11 22:34 - 2011-05-09 19:45 - 382813359 _____ () C:\Windows\MEMORY.DMP
2015-05-11 22:34 - 2011-05-09 19:45 - 00000000 ____D () C:\Windows\Minidump
2015-05-11 22:34 - 2011-01-17 19:22 - 00000000 ____D () C:\Windows\oem
2015-05-11 22:21 - 2013-12-25 00:44 - 00000000 ____D () C:\Users\Kerstin\Desktop\mbar
2015-05-11 21:50 - 2014-07-01 14:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 21:48 - 2014-07-01 14:31 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 15:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-08 12:33 - 2014-10-07 12:34 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\FileAdvisor
2015-05-08 12:33 - 2014-09-21 12:33 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2015-05-07 22:54 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-29 12:37 - 2011-04-02 05:41 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Skype
2015-04-20 17:50 - 2011-01-17 19:18 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-20 17:50 - 2011-01-17 19:18 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-20 17:28 - 2011-02-01 07:08 - 01703796 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 23:20 - 2015-02-24 05:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-19 23:20 - 2015-02-24 05:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-19 23:20 - 2011-06-28 13:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 01:19 - 2014-09-19 00:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 01:19 - 2011-04-02 05:39 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2011-10-30 22:36 - 2011-10-31 16:36 - 0000000 ____H () C:\Users\Kerstin\AppData\Roaming\windrvconfig.txt
2012-11-14 16:18 - 2012-11-14 16:18 - 0000337 _____ () C:\Users\Kerstin\AppData\Local\Perfmon.PerfmonCfg
2011-12-02 05:25 - 2013-10-15 16:13 - 0007602 _____ () C:\Users\Kerstin\AppData\Local\Resmon.ResmonCfg
2011-02-01 07:34 - 2011-02-01 07:43 - 0016243 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-02 05:42 - 2011-04-02 05:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\Kerstin\CTX.DAT


Some content of TEMP:
====================
C:\Users\Kerstin\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Kerstin\AppData\Local\Temp\avgnt.exe
C:\Users\Kerstin\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Kerstin\AppData\Local\Temp\MSN2.exe
C:\Users\Kerstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Kerstin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kerstin\AppData\Local\Temp\sqlite3.dll
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387729963429_3f9979_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388078529334_c44289_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388143015269_e25c23_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1389741798020_e25c23_de.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-05 12:06

==================== End Of Log ============================
--- --- ---

cosinus 12.05.2015 16:14
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

karl-heinz00 12.05.2015 18:06

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Kerstin (administrator) on KERSTIN-PC on 12-05-2015 18:52:59
Running from C:\Users\Kerstin\Desktop
Loaded Profiles: Kerstin (Available profiles: Kerstin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\qtiplot.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The TeXnicCenter Team) C:\Program Files (x86)\TeXnicCenter\TeXnicCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3817438319-2950311145-3816183397-1001 -> {1C1FF02F-5E7F-4F8D-B314-9284B7F2C809} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE453D20110509&p={SearchTerms}
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-04] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-04] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-21]

Chrome:
=======
CHR Profile: C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [30208 2006-11-07] (AVM GmbH)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-12 12:55 - 2015-05-12 12:55 - 00000602 _____ () C:\Users\Kerstin\Desktop\JRT.txt
2015-05-12 12:49 - 2015-05-12 12:49 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KERSTIN-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-12 12:49 - 2015-05-12 12:49 - 00000000 ____D () C:\RegBackup
2015-05-12 12:36 - 2015-05-12 12:42 - 00000000 ____D () C:\AdwCleaner
2015-05-12 12:35 - 2015-05-12 12:35 - 02720307 _____ (Thisisu) C:\Users\Kerstin\Desktop\JRT.exe
2015-05-12 12:33 - 2015-05-12 12:33 - 02204160 _____ () C:\Users\Kerstin\Desktop\AdwCleaner_4.203.exe
2015-05-12 11:36 - 2015-05-12 11:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kerstin\Downloads\revosetup95.exe
2015-05-12 11:36 - 2015-05-12 11:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kerstin\Downloads\revosetup95 (1).exe
2015-05-12 11:36 - 2015-05-12 11:36 - 00000748 _____ () C:\Users\Kerstin\Desktop\Revo Uninstaller.lnk
2015-05-11 22:34 - 2015-05-11 22:34 - 00275496 _____ () C:\Windows\Minidump\051115-21216-01.dmp
2015-05-11 21:47 - 2015-05-11 21:47 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kerstin\Desktop\mbar-1.09.1.1004.exe
2015-05-11 16:52 - 2015-05-11 16:52 - 00275496 _____ () C:\Windows\Minidump\051115-23883-01.dmp
2015-04-29 10:26 - 2015-04-29 10:27 - 00275496 _____ () C:\Windows\Minidump\042915-26832-01.dmp
2015-04-27 01:13 - 2015-04-27 01:13 - 00275496 _____ () C:\Windows\Minidump\042715-21403-01.dmp
2015-04-27 01:02 - 2015-04-27 01:02 - 00022531 _____ () C:\Users\Kerstin\Downloads\Tutorium_komplett_SS2015.zip
2015-04-20 17:35 - 2013-09-16 19:46 - 00000910 _____ () C:\Users\Kerstin\Desktop\Downloads.lnk
2015-04-20 17:28 - 2015-04-20 17:28 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-20 17:25 - 2015-04-20 17:33 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Avira
2015-04-20 17:25 - 2015-04-20 17:28 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-20 17:24 - 2015-05-05 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-20 17:23 - 2015-05-05 12:44 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-20 17:23 - 2015-05-05 12:44 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-20 17:23 - 2015-04-20 17:31 - 00000000 ____D () C:\ProgramData\Avira
2015-04-20 17:23 - 2015-04-20 17:28 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-20 17:23 - 2015-03-17 13:01 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-20 17:23 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-20 16:12 - 2015-04-20 16:12 - 00275552 _____ () C:\Windows\Minidump\042015-26925-01.dmp
2015-04-19 05:12 - 2015-04-19 05:13 - 00275496 _____ () C:\Windows\Minidump\041915-28314-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-12 18:53 - 2015-03-23 23:31 - 00012726 _____ () C:\Users\Kerstin\Desktop\FRST.txt
2015-05-12 18:53 - 2013-12-24 23:48 - 00000000 ____D () C:\FRST
2015-05-12 18:49 - 2013-10-15 15:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 18:20 - 2015-02-24 05:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-12 14:31 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-12 14:31 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-12 12:48 - 2011-02-01 15:56 - 00659238 _____ () C:\Windows\system32\perfh007.dat
2015-05-12 12:48 - 2011-02-01 15:56 - 00132776 _____ () C:\Windows\system32\perfc007.dat
2015-05-12 12:48 - 2009-07-14 07:13 - 01512418 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-12 12:43 - 2013-12-25 03:40 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-12 12:43 - 2013-10-15 15:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 12:43 - 2011-03-27 15:20 - 00000000 ____D () C:\ProgramData\clear.fi
2015-05-12 12:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-12 12:43 - 2009-07-14 06:51 - 00247010 _____ () C:\Windows\setupact.log
2015-05-12 11:31 - 2011-02-01 07:05 - 00552530 _____ () C:\Windows\PFRO.log
2015-05-11 22:39 - 2015-03-23 23:29 - 02102784 _____ (Farbar) C:\Users\Kerstin\Desktop\FRST64.exe
2015-05-11 22:35 - 2013-12-25 00:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-11 22:34 - 2011-05-09 19:45 - 382813359 _____ () C:\Windows\MEMORY.DMP
2015-05-11 22:34 - 2011-05-09 19:45 - 00000000 ____D () C:\Windows\Minidump
2015-05-11 22:34 - 2011-01-17 19:22 - 00000000 ____D () C:\Windows\oem
2015-05-11 22:21 - 2013-12-25 00:44 - 00000000 ____D () C:\Users\Kerstin\Desktop\mbar
2015-05-11 21:50 - 2014-07-01 14:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 21:48 - 2014-07-01 14:31 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 15:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-08 12:33 - 2014-10-07 12:34 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\FileAdvisor
2015-05-08 12:33 - 2014-09-21 12:33 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2015-05-07 22:54 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-29 12:37 - 2011-04-02 05:41 - 00000000 ____D () C:\Users\Kerstin\AppData\Roaming\Skype
2015-04-20 17:50 - 2011-01-17 19:18 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-20 17:50 - 2011-01-17 19:18 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-20 17:28 - 2011-02-01 07:08 - 01703796 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 23:20 - 2015-02-24 05:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-19 23:20 - 2015-02-24 05:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-19 23:20 - 2011-06-28 13:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 01:19 - 2014-09-19 00:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 01:19 - 2011-04-02 05:39 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2011-10-30 22:36 - 2011-10-31 16:36 - 0000000 ____H () C:\Users\Kerstin\AppData\Roaming\windrvconfig.txt
2012-11-14 16:18 - 2012-11-14 16:18 - 0000337 _____ () C:\Users\Kerstin\AppData\Local\Perfmon.PerfmonCfg
2011-12-02 05:25 - 2013-10-15 16:13 - 0007602 _____ () C:\Users\Kerstin\AppData\Local\Resmon.ResmonCfg
2011-02-01 07:34 - 2011-02-01 07:43 - 0016243 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-02 05:42 - 2011-04-02 05:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\Kerstin\CTX.DAT


Some content of TEMP:
====================
C:\Users\Kerstin\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Kerstin\AppData\Local\Temp\avgnt.exe
C:\Users\Kerstin\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Kerstin\AppData\Local\Temp\MSN2.exe
C:\Users\Kerstin\AppData\Local\Temp\Quarantine.exe
C:\Users\Kerstin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kerstin\AppData\Local\Temp\sqlite3.dll
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387370074849_77bb75_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1387729963429_3f9979_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388078529334_c44289_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1388143015269_e25c23_de.exe
C:\Users\Kerstin\AppData\Local\Temp\TitanPSetupUninstall1389741798020_e25c23_de.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-05 12:06

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Kerstin at 2015-05-12 18:54:37
Running from C:\Users\Kerstin\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3817438319-2950311145-3816183397-500 - Administrator - Disabled)
Gast (S-1-5-21-3817438319-2950311145-3816183397-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3817438319-2950311145-3816183397-1003 - Limited - Enabled)
Kerstin (S-1-5-21-3817438319-2950311145-3816183397-1001 - Administrator - Enabled) => C:\Users\Kerstin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{B82157D3-6D31-4650-93B4-FC39BB08D6CE}) (Version: 15.00.0000 - Akademische Arbeitsgemeinschaft)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1306 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1306 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3001 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
ccc-core-static (x32 Version: 2010.1118.1603.28745 - Ihr Firmenname) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.41.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Epson Stylus SX510W_TX550W Handbuch (HKLM-x32\...\Epson Stylus SX510W_TX550W Benutzerhandbuch) (Version:  - )
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
File Type Advisor 1.4 (HKLM-x32\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.5 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version:  - Oberon Media)
PyQt4 - PyQwt5 5.2.1-5 (HKLM-x32\...\PyQt4 - PyQwt5 5.2.1-5) (Version: 5.2.1-5 - pythonxy.com)
PyQt4 - QtHelp 4.8.3-1 (HKLM-x32\...\PyQt4 - QtHelp 4.8.3-1) (Version: 4.8.3-1 - pythonxy.com)
Python 2.7 - cx_Freeze 4.3.1-1 (HKLM-x32\...\Python 2.7 - cx_Freeze 4.3.1-1) (Version: 4.3.1-1 - pythonxy.com)
Python 2.7 - distribute 0.6.32-2 (HKLM-x32\...\Python 2.7 - distribute 0.6.32-2) (Version: 0.6.32-2 - pythonxy.com)
Python 2.7 - docutils 0.9.1 (HKLM-x32\...\Python 2.7 - docutils 0.9.1) (Version: 0.9.1 - pythonxy.com)
Python 2.7 - EnthoughtToolSuite 4.2.0-1 (HKLM-x32\...\Python 2.7 - EnthoughtToolSuite 4.2.0-1) (Version: 4.2.0-1 - pythonxy.com)
Python 2.7 - formlayout 1.0.9 (HKLM-x32\...\Python 2.7 - formlayout 1.0.9) (Version: 1.0.9 - pythonxy.com)
Python 2.7 - Gnuplot 1.8.0.3 (HKLM-x32\...\Python 2.7 - Gnuplot 1.8.0.3) (Version: 1.8.0.3 - pythonxy.com)
Python 2.7 - guidata 1.5.1-1 (HKLM-x32\...\Python 2.7 - guidata 1.5.1-1) (Version: 1.5.1-1 - pythonxy.com)
Python 2.7 - guiqwt 2.2.1-1 (HKLM-x32\...\Python 2.7 - guiqwt 2.2.1-1) (Version: 2.2.1-1 - pythonxy.com)
Python 2.7 - h5py 2.1.0 (HKLM-x32\...\Python 2.7 - h5py 2.1.0) (Version: 2.1.0 - pythonxy.com)
Python 2.7 - IPython 0.13.1-1 (HKLM-x32\...\Python 2.7 - IPython 0.13.1-1) (Version: 0.13.1-1 - pythonxy.com)
Python 2.7 - jinja2 2.6.0.1 (HKLM-x32\...\Python 2.7 - jinja2 2.6.0.1) (Version: 2.6.0.1 - pythonxy.com)
Python 2.7 - matplotlib 1.1.1 (HKLM-x32\...\Python 2.7 - matplotlib 1.1.1) (Version: 1.1.1 - pythonxy.com)
Python 2.7 - nose 1.2.1 (HKLM-x32\...\Python 2.7 - nose 1.2.1) (Version: 1.2.1 - pythonxy.com)
Python 2.7 - numexpr 2.0.1 (HKLM-x32\...\Python 2.7 - numexpr 2.0.1) (Version: 2.0.1 - pythonxy.com)
Python 2.7 - numpy 1.6.2 (HKLM-x32\...\Python 2.7 - numpy 1.6.2) (Version: 1.6.2 - pythonxy.com)
Python 2.7 - pandas 0.9.1-2 (HKLM-x32\...\Python 2.7 - pandas 0.9.1-2) (Version: 0.9.1-2 - pythonxy.com)
Python 2.7 - PIL 1.1.7.2 (HKLM-x32\...\Python 2.7 - PIL 1.1.7.2) (Version: 1.1.7.2 - pythonxy.com)
Python 2.7 - ply 3.4 (HKLM-x32\...\Python 2.7 - ply 3.4) (Version: 3.4 - pythonxy.com)
Python 2.7 - psutils 0.6.1 (HKLM-x32\...\Python 2.7 - psutils 0.6.1) (Version: 0.6.1 - pythonxy.com)
Python 2.7 - py2exe 0.6.9 (HKLM-x32\...\Python 2.7 - py2exe 0.6.9) (Version: 0.6.9 - pythonxy.com)
Python 2.7 - pyfits 3.1 (HKLM-x32\...\Python 2.7 - pyfits 3.1) (Version: 3.1 - pythonxy.com)
Python 2.7 - pygments 1.5.0 (HKLM-x32\...\Python 2.7 - pygments 1.5.0) (Version: 1.5.0 - pythonxy.com)
Python 2.7 - pylint 0.26-1 (HKLM-x32\...\Python 2.7 - pylint 0.26-1) (Version: 0.26-1 - pythonxy.com)
Python 2.7 - PyOpenGL 3.0.2-1 (HKLM-x32\...\Python 2.7 - PyOpenGL 3.0.2-1) (Version: 3.0.2-1 - pythonxy.com)
Python 2.7 - PyQt4 4.9.5-2 (HKLM-x32\...\Python 2.7 - PyQt4 4.9.5-2) (Version: 4.9.5-2 - pythonxy.com)
Python 2.7 - pyreadline 1.7.1 (HKLM-x32\...\Python 2.7 - pyreadline 1.7.1) (Version: 1.7.1 - pythonxy.com)
Python 2.7 - pytables 2.4.0 (HKLM-x32\...\Python 2.7 - pytables 2.4.0) (Version: 2.4.0 - pythonxy.com)
Python 2.7 - pywin32 218-1 (HKLM-x32\...\Python 2.7 - pywin32 218-1) (Version: 218-1 - pythonxy.com)
Python 2.7 - pyzmq 2.2.0.1-1 (HKLM-x32\...\Python 2.7 - pyzmq 2.2.0.1-1) (Version: 2.2.0.1-1 - pythonxy.com)
Python 2.7 - reportlab 2.6 (HKLM-x32\...\Python 2.7 - reportlab 2.6) (Version: 2.6 - pythonxy.com)
Python 2.7 - scipy 0.11.0 (HKLM-x32\...\Python 2.7 - scipy 0.11.0) (Version: 0.11.0 - pythonxy.com)
Python 2.7 - sphinx 1.1.3.1 (HKLM-x32\...\Python 2.7 - sphinx 1.1.3.1) (Version: 1.1.3.1 - pythonxy.com)
Python 2.7 - spyder 2.1.11 (HKLM-x32\...\Python 2.7 - spyder 2.1.11) (Version: 2.1.11 - pythonxy.com)
Python 2.7 - sqlalchemy 0.7.9-2 (HKLM-x32\...\Python 2.7 - sqlalchemy 0.7.9-2) (Version: 0.7.9-2 - pythonxy.com)
Python 2.7 - tornado 2.4.1-1 (HKLM-x32\...\Python 2.7 - tornado 2.4.1-1) (Version: 2.4.1-1 - pythonxy.com)
Python 2.7 - veusz 1.16 (HKLM-x32\...\Python 2.7 - veusz 1.16) (Version: 1.16 - pythonxy.com)
Python 2.7 - virtualenv 1.8.4-2 (HKLM-x32\...\Python 2.7 - virtualenv 1.8.4-2) (Version: 1.8.4-2 - pythonxy.com)
Python 2.7 - vitables 2.1.0.3 (HKLM-x32\...\Python 2.7 - vitables 2.1.0.3) (Version: 2.1.0.3 - pythonxy.com)
Python 2.7 - vtk 5.10.0 (HKLM-x32\...\Python 2.7 - vtk 5.10.0) (Version: 5.10.0 - pythonxy.com)
Python 2.7 - wxPython 2.8.12.1 (HKLM-x32\...\Python 2.7 - wxPython 2.8.12.1) (Version: 2.8.12.1 - pythonxy.com)
Python 2.7 - xy 1.2.16-1 (HKLM-x32\...\Python 2.7 - xy 1.2.16-1) (Version: 1.2.16-1 - pythonxy.com)
Python 2.7.3 (x32 Version: 2.7.3150 - Python Software Foundation) Hidden
Python(x,y) - console 2.0.148-8 (HKLM-x32\...\Python(x,y) - console 2.0.148-8) (Version: 2.0.148-8 - pythonxy.com)
Python(x,y) - mingw 4.5.2.3 (HKLM-x32\...\Python(x,y) - mingw 4.5.2.3) (Version: 4.5.2.3 - pythonxy.com)
Python(x,y) - SciTE 3.2.2-1 (HKLM-x32\...\Python(x,y) - SciTE 3.2.2-1) (Version: 3.2.2-1 - pythonxy.com)
Python(x,y) - xydoc 1.0.5.1 (HKLM-x32\...\Python(x,y) - xydoc 1.0.5.1) (Version: 1.0.5.1 - pythonxy.com)
Python(x,y) (HKLM-x32\...\Python(x,y)) (Version: 2.7.3.1 - www.pythonxy.com)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.4.17 - Sony Ericsson Mobile Communications AB)
Sony PC Companion 2.10.094 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.094 - Sony)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
Steuer-Sparer 2011 (HKLM-x32\...\{3499BB0F-E68A-4353-B6F0-701D0AD1CE2F}) (Version: 16.12 - Akademische Arbeitsgemeinschaft Verlag)
TeXnicCenter Version 2.0 Beta 1 (HKLM-x32\...\TeXnicCenter_is1) (Version: 2.0 Beta 1 - The TeXnicCenter Team)
VideoLAN VLC media player 0.8.5 (HKLM-x32\...\VLC media player) (Version: 0.8.5 - VideoLAN Team)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

29-03-2015 16:36:56 Geplanter Prüfpunkt
29-04-2015 15:16:09 Geplanter Prüfpunkt
09-05-2015 15:49:25 Geplanter Prüfpunkt
12-05-2015 11:39:07 Revo Uninstaller's restore point - Free M4a to MP3 Converter 8.1

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-06-03 08:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03CCB95E-50E3-424C-882E-1CDF9C451175} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {059CB88E-3DB2-4949-8FB9-77D3485A6BD5} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated)
Task: {32D0AA94-94F2-4260-B87E-0B676C3C99D8} - System32\Tasks\{365B1BB6-0DBB-4A2E-BF02-61988F376446} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)
Task: {34F51131-442B-49E7-AACB-B74042D3B613} - System32\Tasks\{3CDF03BA-C92E-46CA-8900-61A3C00E2A78} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)
Task: {45F961C0-77A4-4E5A-B387-B405B5A3F58F} - System32\Tasks\{075A127A-1303-4C3B-8201-3E5C0447364D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)
Task: {6534A55B-A4A0-454D-9C91-1D7A907E1489} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-19] (Adobe Systems Incorporated)
Task: {6A8EDEC6-F055-41FC-8655-11A5E837A011} - System32\Tasks\{DC5B2564-B5CB-4967-B07B-9FB23D130316} => pcalua.exe -a C:\Users\Kerstin\Desktop\Downloads\JabRef-2.8.1-setup.exe -d C:\Users\Kerstin\Desktop\Downloads
Task: {884424F8-F8D9-4A3B-B400-E369F6430795} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink)
Task: {ABE42175-8175-4B87-98F8-D03771ACDFAF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {C5074024-3B27-441F-9CEB-E898CD0DB864} - System32\Tasks\{5A7B0BE9-1FA8-4AA8-AD61-8AD850E53D4E} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.106&amp;LastError=2
Task: {CF4F2F69-2E57-4131-A063-4F8DC334E5BC} - System32\Tasks\{F163F189-5888-4976-9F05-E032A555EA94} => Firefox.exe hxxp://ui.skype.com/ui/0/5.2.60.113/de/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
Task: {DCD52E09-71A7-4501-9125-43D951150F9C} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-09-04] (filetypeadvisor.com                                        )
Task: {F0EB3259-108C-419C-BDA3-C445975EC1B9} - System32\Tasks\{A307B3C9-5AAF-42D1-A256-CEEC2E201A4D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.2.60.113/de/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
Task: {F89AABCC-F8A2-4013-B15C-F2F3D3FD3097} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-09-04] (File Type Advisor)
Task: {FFAFB065-20A0-4B1C-A2CE-F7989394D72E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-01-19 14:25 - 2012-11-13 11:08 - 09680896 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\qtiplot.exe
2013-10-10 23:48 - 2013-10-10 23:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-05-04 23:52 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-05-04 23:52 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-05-04 23:52 - 2015-04-28 04:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
2011-03-27 20:16 - 2012-02-24 07:08 - 09387520 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
2012-01-03 15:10 - 2012-01-03 15:10 - 00249232 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2011-03-27 20:17 - 2012-02-24 07:09 - 00014336 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
2011-03-28 19:49 - 2012-04-04 12:50 - 00045568 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
2011-03-27 20:17 - 2012-03-13 23:17 - 00100352 _____ () C:\Users\Kerstin\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
2011-01-19 14:25 - 2012-11-13 11:08 - 00171008 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\quazip.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 05280768 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtCore4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00536576 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\qwtplot3d.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 22156288 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtGui4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00840704 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtOpenGL4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 02882560 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\Qt3Support4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00913408 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtNetwork4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00299008 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtSql4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00413696 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtXml4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00087552 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtAssistantClient4.dll
2011-01-19 14:25 - 2012-11-13 11:08 - 00371200 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\QtSvg4.dll
2011-01-19 14:28 - 2012-11-13 11:08 - 00094720 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\imageformats\qgif4.dll
2011-01-19 14:28 - 2012-11-13 11:08 - 00096768 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\imageformats\qico4.dll
2011-01-19 14:28 - 2012-11-13 11:08 - 00206336 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\imageformats\qjpeg4.dll
2011-01-19 14:28 - 2012-11-13 11:08 - 00378880 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\imageformats\qmng4.dll
2011-01-19 14:28 - 2012-11-13 11:08 - 00085504 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\imageformats\qsvg4.dll
2011-01-19 14:28 - 2012-11-13 11:08 - 00388096 _____ () C:\qtiplot\qtiplot_0.9.8.3-3-Unofficial\imageformats\qtiff4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kerstin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{6C1B9923-3E25-4969-9197-B8C4B0E2AFFA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7D586DDD-38C7-4C10-884C-75BD326CFC1C}] => (Allow) LPort=2869
FirewallRules: [{D0C95B00-5989-44AC-BCC5-B9DF5C819582}] => (Allow) LPort=1900
FirewallRules: [{F6ECF5E7-2582-4C99-8683-BDC357FAE558}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1FD80A6B-691F-446B-AF9E-51C7E0C8F1A1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{4A6BDBFE-97AB-492B-9701-F81DA00F7F26}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{B651E15A-B450-49B3-A318-7EBB6D36D81F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{5C797FF2-A715-4399-A2F6-023B663E52EF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{4B9BAE94-BFB7-48E8-8CC7-00DF04292632}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [{0668B53D-874E-4B24-A3CD-85CD30E5C29D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [{204653B6-C71E-435D-8DEC-A47588EED56E}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [TCP Query User{FFC40B2E-F5AB-4835-B8C2-9C2EA0851DD0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{38DED55A-1D81-4CFC-BA9E-997E9DBB369B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{114397FA-A7BD-4F48-8940-B5E7A60C3410}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{31DD95D4-B47F-4B18-B3D3-8B7B4AE49890}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{9D0D4E87-B127-406E-BF48-EC83280E14DF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C63ADA34-684B-434A-A164-D40FBF8CE7E5}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{2D92BA77-EA82-40A8-BAAF-97CF8D292C44}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{BB82BC7A-9D88-4A70-926E-B3CB184581BE}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{4A19FCA1-B6E1-4159-94A0-79028C5B4FD2}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{41966BD4-005D-4844-B5D1-4B6F1347AA78}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{FE9D9389-FB37-4650-9A6E-3B915775ADF7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D9F0B515-31BD-4A9F-9CE6-1BC6A47C1753}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2015 02:26:41 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/12/2015 00:45:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 00:44:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 00:43:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 11:32:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 11:32:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 11:31:59 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/11/2015 10:36:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/11/2015 10:35:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/11/2015 10:35:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (05/12/2015 00:50:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/12/2015 00:50:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/12/2015 00:50:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 00:50:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 00:50:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NTI IScheduleSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 00:50:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GREGService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 00:50:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Acer ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 00:50:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dritek WMI Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 00:50:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Conexant Audio Message Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2015 00:50:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (05/12/2015 02:26:41 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/12/2015 00:45:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 00:44:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 00:43:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 11:32:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 11:32:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/12/2015 11:31:59 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/11/2015 10:36:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/11/2015 10:35:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (05/11/2015 10:35:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
  bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
  bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
  bei System.Xml.XmlTextReaderImpl.Read()
  bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
  bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
  bei System.Xml.XmlDocument.Load(System.String)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.TryLoadXmlDocumentFromFile(Int32, System.TimeSpan)
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.LoadXmlDocumentFromFile()
  bei Avira.OE.WinCore.OeSharedSettingsAccessor.Get(System.String)
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


CodeIntegrity Errors:
===================================
  Date: 2015-05-11 18:16:58.324
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-11 18:16:58.320
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-11 18:16:58.309
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\System Volume Information\SystemRestore\FRStaging\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-11-30 23:53:38.203
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-11-30 23:53:38.000
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD E-350 Processor
Percentage of memory in use: 60%
Total physical RAM: 2794.9 MB
Available physical RAM: 1109.3 MB
Total Pagefile: 5587.98 MB
Available Pagefile: 3220.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:282.99 GB) (Free:194.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 73F766B1)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 12.05.2015 18:23
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Users\Kerstin\CTX.DAT
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


karl-heinz00 12.05.2015 19:46
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by Kerstin at 2015-05-12 20:35:01 Run:1
Running from C:\Users\Kerstin\Desktop
Loaded Profiles: Kerstin (Available profiles: Kerstin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Users\Kerstin\CTX.DAT
EmptyTemp:
       
*****************

"HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3817438319-2950311145-3816183397-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Users\Kerstin\CTX.DAT => Moved successfully.
EmptyTemp: => Removed 3.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog 20:37:22 ====

cosinus 12.05.2015 20:51
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


karl-heinz00 12.05.2015 22:12
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 12.05.2015
Suchlauf-Zeit: 21:56:14
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.05.12.06
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Kerstin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 356691
Verstrichene Zeit: 37 Min, 45 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

cosinus 13.05.2015 12:37
Gut. Was ist mit ESET?

karl-heinz00 16.05.2015 21:59
sorry, dass es gedauert hat, aber hatte erst jetzt die zeit für den scan.

eset

Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=03892e16f7223142b01ccf8f80d8516d
# engine=23879
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-16 03:55:29
# local_time=2015-05-16 05:55:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 58044004 183421579 0 0
# scanned=28
# found=0
# cleaned=0
# scan_time=14
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=03892e16f7223142b01ccf8f80d8516d
# engine=23879
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-16 08:18:18
# local_time=2015-05-16 10:18:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 58059773 183437348 0 0
# scanned=266121
# found=3
# cleaned=0
# scan_time=15286
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe"
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\Users\Kerstin\Desktop\Downloads\FreeYouTubeToMP3Converter.exe"
sh=43373685D4139E7F56EDAC283C1332F3043379AB ft=1 fh=4e0ad01fe1bb26e0 vn="Variante von Win32/OutBrowse.CB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin\Downloads\setup.exe"
diese "setup" datei im download ordner hab ich jetzt bereits gelöscht, weiß ich auch wo die herkam.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:53 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19