Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird (https://www.trojaner-board.de/188300-windows7-bing-standardsuche-firefox-computer-immer-langsam-nonresponsive-scripts-firefox-thunderbird.html)

PoseidoPferd 28.01.2018 22:29
Windows7: Bing als Standardsuche in Firefox... & Computer immer wieder langsam, bei nonresponsive scripts in Firefox & Thunderbird
 
- Seit November/Dezember 2017 ist bei jedem Öffnen von Firefox (mittlerweile Quantum / Firefox 58.0) Bing die Standardsuchmaschine.
- Etwa zeitgleich begann es, daß Firefox im Windows Task Manager / Processes mehrere Zeilen einnimmt ("Image Name" ist jedes Mal "firefox.exe")
- Etwa zeitgleich oder noch jünger: Hin und wieder ist unten links im Bildschirm die blaue Titelleiste eines kleinen Fensters (etwa so breit wie eine Firefox-Registerkarte) zu sehen; der Rest des leeren Fensters ist aus dem Bildschirm geschoben. Ich kann das Fenster zwar verschieben, aber nicht schließen.

Ich habe in der Folge u.a. Malwarebytes genutzt, das Programm fand mehrere Probleme (s.u.; anschließend der aktuelle Report). Die o.g. Themen blieben unverändert.

- Leider schon länger wird mein Rechner in unregelmäßigen Abständen sehr langsam.
Oft (aber keineswegs immer) weist schließlich ein Fenster (meist, ohne sich in den Vordergrund zu drängen) in Firefox oder Thunderbird auf ein nicht reagierendes Script hin. Titelleiste: "Warning: Unresponsive Script". Links ein weißes Fragezeichen auf blauem Grund, daneben der Text: "A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.
Script: chrome://messenger/content/tabmail.xml:463 [das Ende variiert]
[checkbox] Don't ask me again
[buttons] continue stop script"
Wenn ich das Script stoppe, wird der Rechner erstmal wieder schneller, klar... Übrigens habe ich nie (Google-)Chrome installiert.


Als Virenscanner benutze ich Avira. Wie kann ich da ein Logfile, einen "Report" o.ä. abrufen?


Vielen Dank im voraus für Eure Hilfe!!!


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by ~.~ (administrator) on CUNEGONDE (26-01-2018 21:23:41)
Running from C:\Users\~.~\Desktop
Loaded Profiles: ~.~ (Available Profiles: ~.~ & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program_Files_(x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program_Files_(x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Intel(R) Corporation) C:\Program Files (x86)\WiFi\bin\EvtEng.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Thunderbird\thunderbird.exe
(Avira Operations GmbH & Co. KG) C:\Program_Files_(x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program_Files_(x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program_Files_(x86)\Microsoft-Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe
(Mozilla Corporation) C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2017-12-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: F - F:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: {639bc51d-6b30-11e3-83cb-00269eac1f3a} - G:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{43B9CFB8-8F73-46EA-9AD6-9C0B1223138D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5050B7FC-F0E4-4BB6-B5F4-06FAE4F1E617}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{831887B8-28F5-4B9E-AF0A-13C6C8652B11}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-765177893-555145608-490344441-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-765177893-555145608-490344441-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: x2ie0fsf.default-1468139344231-1515350849047
FF ProfilePath: C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 [2018-01-26]
FF Session Restore: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> is enabled.
FF Extension: (ADB Helper) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\adbhelper@mozilla.org [2018-01-09] [Legacy]
FF Extension: (Ghostery) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\firefox@ghostery.com.xpi [2018-01-10]
FF Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2018-01-07]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-01-25] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program_Files_(x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-01-15] (pdfforge GmbH)
StartMenuInternet: FIREFOX.EXE - C:\Program_Files_(x86)\Mozilla_Firefox\firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\~.~\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-10-30]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program_Files_(x86)\Opera\Opera.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AntiVirMailService; C:\Program_Files_(x86)\Avira\AntiVir Desktop\avmailc7.exe [1128944 2017-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program_Files_(x86)\Avira\AntiVir Desktop\sched.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program_Files_(x86)\Avira\AntiVir Desktop\avguard.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program_Files_(x86)\Avira\AntiVir Desktop\avwebg7.exe [1526832 2017-12-18] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [444600 2017-12-21] (Avira Operations GmbH & Co. KG)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1283336 2017-12-18] ()
R2 EvtEng; C:\Program Files (x86)\WiFi\bin\EvtEng.exe [631024 2014-01-08] (Intel(R) Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [774736 2017-09-05] (Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 PDF24; C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-09-02] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [196344 2017-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153072 2017-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-25] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-07] (Malwarebytes)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7680512 2010-03-18] (Intel Corporation) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-26 21:23 - 2018-01-26 21:27 - 000012414 _____ C:\Users\~.~\Desktop\FRST.txt
2018-01-26 21:21 - 2018-01-26 21:21 - 000000941 _____ C:\Users\~.~\Desktop\brrr,mal-wieder - Shortcut.lnk
2018-01-26 21:15 - 2018-01-26 21:15 - 002393088 _____ (Farbar) C:\Users\~.~\Desktop\FRST64.exe
2018-01-18 21:33 - 2018-01-18 21:33 - 000001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-01-18 21:33 - 2018-01-18 21:33 - 000001038 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-01-18 21:32 - 2018-01-18 21:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-01-12 20:45 - 2018-01-12 20:45 - 000033857 _____ C:\Users\~.~\.recently-used.xbel
2018-01-12 07:23 - 2018-01-12 07:23 - 000001230 _____ C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LRC2003_Lernprogramm.lnk
2018-01-08 00:06 - 2018-01-08 00:06 - 000001749 _____ C:\Users\~.~\Desktop\Bing, pls help.txt
2018-01-08 00:03 - 2018-01-08 00:26 - 000000000 ____D C:\AdwCleaner
2018-01-08 00:03 - 2018-01-08 00:03 - 008198432 _____ (Malwarebytes) C:\Users\~.~\Desktop\adwcleaner_7.0.6.0.exe
2018-01-07 23:21 - 2018-01-07 23:21 - 000001696 _____ C:\Users\Public\Desktop\PDF24.lnk
2018-01-07 23:21 - 2018-01-07 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2018-01-07 23:17 - 2016-09-23 12:16 - 000000109 _____ C:\Users\~.~\Desktop\Online PDF Tools.url
2018-01-07 22:05 - 2018-01-07 22:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-07 22:04 - 2018-01-07 22:04 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-07 22:04 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-12-28 23:48 - 2017-12-28 23:48 - 000000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-26 21:23 - 2016-07-03 21:09 - 000000000 ____D C:\FRST
2018-01-26 21:21 - 2010-08-17 00:05 - 000000000 ____D C:\abracadabra
2018-01-26 20:04 - 2017-09-28 07:50 - 000003316 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2018-01-26 20:02 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\tracing
2018-01-26 19:37 - 2017-09-05 23:04 - 000000000 ____D C:\Users\~.~\AppData\LocalLow\Mozilla
2018-01-26 18:49 - 2015-09-27 02:43 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2018-01-26 07:03 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-26 07:02 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-22 22:34 - 2010-08-16 14:54 - 000000000 ____D C:\Program_Files_(x86)
2018-01-22 22:28 - 2016-12-20 23:39 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-01-22 22:28 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-22 00:35 - 2017-03-06 21:33 - 000000000 ____D C:\ProgramData\ProductData
2018-01-22 00:33 - 2009-07-14 05:45 - 000333376 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-21 22:45 - 2010-08-16 21:14 - 000076888 _____ C:\Users\~.~\AppData\Local\GDIPFONTCACHEV1.DAT
2018-01-18 21:33 - 2017-03-06 19:15 - 000000000 ____D C:\Users\~.~\AppData\Roaming\TeamViewer
2018-01-18 16:59 - 2009-07-14 06:13 - 000006222 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-18 00:32 - 2017-10-21 22:24 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-18 00:32 - 2013-07-25 19:33 - 000000000 ____D C:\Windows\system32\MRT
2018-01-18 00:32 - 2010-08-18 19:56 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-12 20:53 - 2010-09-23 11:55 - 000000000 ____D C:\Users\~.~\.gimp-2.6
2018-01-12 20:45 - 2010-09-23 12:20 - 000000000 ____D C:\Users\~.~\AppData\Roaming\gtk-2.0
2018-01-12 20:45 - 2010-08-15 06:32 - 000000000 ____D C:\Users\~.~
2018-01-11 07:56 - 2010-08-17 00:16 - 000000000 ____D C:\Bilder
2018-01-11 07:37 - 2015-11-19 14:13 - 000000000 ____D C:\Users\~.~\AppData\Local\Opera Software
2018-01-11 07:37 - 2015-11-19 14:12 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Opera Software
2018-01-08 07:06 - 2015-10-14 12:51 - 000001048 _____ C:\Users\~.~\Desktop\Desktop-Dateien.lnk
2018-01-08 00:09 - 2017-01-04 19:36 - 000000000 ____D C:\Users\~.~\AppData\Local\Downloaded Installations
2018-01-08 00:09 - 2016-01-25 13:17 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Lavasoft
2018-01-08 00:08 - 2017-05-12 12:33 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\IObit
2018-01-08 00:08 - 2017-03-06 21:26 - 000000000 ____D C:\ProgramData\IObit
2018-01-08 00:08 - 2017-03-06 21:25 - 000000000 ____D C:\Users\~.~\AppData\Roaming\IObit
2018-01-08 00:08 - 2016-01-25 13:17 - 000000000 ____D C:\ProgramData\Lavasoft
2018-01-07 22:26 - 2017-11-19 03:31 - 000000000 ____D C:\00_USB-Stift_19.11.17
2018-01-07 22:04 - 2016-04-03 14:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-07 21:36 - 2010-09-24 16:54 - 000000000 ____D C:\ProgramData\Skype
2018-01-07 21:32 - 2010-09-24 16:54 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Skype
2018-01-07 21:27 - 2012-12-28 18:13 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-07 21:27 - 2010-08-16 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-05 01:00 - 2010-08-16 14:55 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Mozilla
2018-01-04 22:46 - 2015-02-10 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-01-04 22:46 - 2014-08-12 17:29 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-01 20:36 - 2014-03-14 21:50 - 000000000 ____D C:\Users\~.~\AppData\Local\.elfohilfe
2018-01-01 12:26 - 2012-10-01 21:30 - 000000000 ____D C:\Windows\SysWOW64\SupportAppCB
2018-01-01 12:25 - 2012-10-01 21:30 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-01 12:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-01-01 12:23 - 2017-03-06 21:27 - 000000000 ____D C:\Program Files (x86)\AVG
2018-01-01 12:23 - 2017-03-06 21:26 - 000000000 ____D C:\ProgramData\Avg
2018-01-01 12:22 - 2017-03-06 21:26 - 000000000 ____D C:\Users\~.~\AppData\Local\AvgSetupLog
2018-01-01 01:42 - 2017-03-06 21:25 - 000000000 ____D C:\Program Files (x86)\IObit

==================== Files in the root of some directories =======

2017-12-25 01:54 - 2017-12-25 01:56 - 000009849 _____ () C:\Users\~.~\AppData\Roaming\.ptbt0
2013-02-24 18:33 - 2013-02-24 21:13 - 000000568 _____ () C:\Users\~.~\AppData\Roaming\AutoGK.ini
2012-10-03 12:51 - 2013-10-21 23:44 - 000000028 _____ () C:\Users\~.~\AppData\Roaming\PhonerLitesettings.ini
2011-01-06 19:22 - 2011-01-06 19:22 - 000003584 _____ () C:\Users\~.~\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-07 00:57 - 2016-04-04 20:45 - 000007605 _____ () C:\Users\~.~\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2011-09-09 18:45 - 2012-12-24 16:02 - 000248008 _____ (Ask.com) C:\Users\Administrator.Cunegonde\AppData\Local\Temp\AskSLib.dll
2017-03-17 16:14 - 2017-03-17 16:14 - 014456872 _____ (Microsoft Corporation) C:\Users\~.~\AppData\Local\Temp\vc_redist.x86.exe
2017-10-21 21:36 - 2017-11-04 22:18 - 000910504 _____ () C:\Users\~.~\AppData\Local\Temp\WCN001.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-20 21:15

==================== End of FRST.txt ============================
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by ~.~ (26-01-2018 21:28:40)
Running from C:\Users\~.~\Desktop
Windows 7 Professional Service Pack 1 (X64) (2010-08-15 05:32:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-765177893-555145608-490344441-500 - Administrator - Enabled) => C:\Users\Administrator.Cunegonde
Guest (S-1-5-21-765177893-555145608-490344441-501 - Limited - Disabled)
~.~ (S-1-5-21-765177893-555145608-490344441-1000 - Administrator - Enabled) => C:\Users\~.~

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.17 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0917-000001000000}) (Version: 9.17.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Audacity 1.3.12 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
Avira (HKLM-x32\...\{518c54f5-fd43-4aa6-936b-8d7fd8c85cbd}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{E3F659C3-7936-4321-B886-4DA527DA72FE}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.34.17 - Avira Operations GmbH & Co. KG)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
calibre 64bit (HKLM\...\{022ED169-3871-4D3E-963E-322226C5F455}) (Version: 2.13.0 - Kovid Goyal)
ClipGrab 3.6.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 18.3.0 - Thüringer Landesfinanzdirektion)
f.lux (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Flux) (Version:  - )
Finale NotePad 2008 (HKLM-x32\...\Finale NotePad 2008) (Version: 13.0.0.0 - MakeMusic)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version:  - )
FreeRIP v3.45 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.45 - MGShareware)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Hugin 2012.0.0 (HKLM-x32\...\Hugin) (Version: 2012.0.0 hg_a6e4184ad538 - The Hugin Development Team)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
JavaScript Tools (HKLM-x32\...\HSJS) (Version:  - )
Konz 2013 (HKLM-x32\...\{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden
LRC 2003, Version 0.4 (HKLM-x32\...\LRC 2003_is1) (Version: 0.4 - Jakob Lemler)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Motorola Driver Installation 3.9.0 (HKLM\...\{3E2DA560-EE3E-45C2-9CC7-B1B0A06C6BE6}) (Version: 3.9.0 - Motorola Inc.)
Mozilla Firefox (3.6.23) (HKLM-x32\...\Mozilla Firefox (3.6.23)) (Version: 3.6.23 (en-US) - Mozilla)
Mozilla Firefox 57.0.4 (x64 en-US) (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 en-US)) (Version: 24.2.0 - Mozilla)
Mozilla Thunderbird 52.5.2 (x86 en-US) (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Mozilla Thunderbird 52.5.2 (x86 en-US)) (Version: 52.5.2 - Mozilla)
OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 6.2.1 - CEWE Stiftung u Co. KGaA)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version:  - Oxelon)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF24 Creator 8.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program_Files_(x86)\7-Zip\7-zip.dll [2010-10-04] (Igor Pavlov)
ContextMenuHandlers1-x32: [OpenWithCtxMenuExt] -> {AC94BA2C-8211-45D4-AB5C-C2A9BCCC8FB6} => C:\Program_Files_(x86)\OxelonMedia_File-Converter\menuext.dll [2009-03-11] ()
ContextMenuHandlers1-x32: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH)
ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program_Files_(x86)\Avira\AntiVir Desktop\shlext64.dll [2017-12-18] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program_Files_(x86)\7-Zip\7-zip.dll [2010-10-04] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program_Files_(x86)\Avira\AntiVir Desktop\shlext64.dll [2017-12-18] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26A5A08A-7C32-4F2E-AD95-7C28491EC43C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {26CE1389-5D43-4568-98A2-AD6415912602} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {57F3203C-992C-4D7C-8B5E-57690269996C} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {60CBC99E-9B8B-4C73-8D62-5DCE59522290} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {6AAF6128-83BA-4BE3-B832-D04C58063F9B} - System32\Tasks\{8E0384D6-D1F2-407F-AAD8-65C63C261FC0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {6AD3FA40-972D-46D1-97F4-73F93B9228F2} - System32\Tasks\{8DC8F86E-7B5D-48BC-9CA6-3C225074A363} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187.259/en/abandoninstall?source=lightinstaller&page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {80E627F7-4174-481E-B32E-2FAFF5D3709A} - System32\Tasks\{A7629334-9837-41B2-9256-9AA357C731C5} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Flash_Disinfector.exe -d C:\Users\~.~\Desktop
Task: {8223F5D9-D0C6-4B65-A95E-5BD77567AB68} - System32\Tasks\{905CA972-BE80-49B1-AB0D-EB111501DFF9} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {A0CFECD4-DBE7-44F0-A1A8-715C167F78F8} - System32\Tasks\{18789D0E-3618-4737-B263-8CE0EC630E7D} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\Swf2Avi_Setup[1].exe" -d C:\Users\~.~\Desktop
Task: {A56B82D2-35C8-43F2-8EFD-21A7B5A616E4} - System32\Tasks\{523506CD-98C8-4C61-B478-64DD49AE03C0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {BEC7200B-93D8-4530-BDFE-D2436114707A} - System32\Tasks\{3EEADEBC-0E71-4265-906E-9C87C7213985} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {D6F79C35-7D3D-42CE-976E-7E8BE0C5B833} - System32\Tasks\{E387F2EE-50F0-4801-89D6-C6591AE5B325} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\oxelonplugins[1].exe" -d C:\Users\~.~\Desktop
Task: {DC9F395E-A399-4AE6-87E6-A668443FC0D3} - System32\Tasks\{D3C540CA-7EAC-4D61-ADD2-2453D051F568} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Swf2Avi_Setup.exe -d C:\Users\~.~\Desktop
Task: {E42EBC54-BAE9-408C-ABF7-8911E9E5ACCE} - System32\Tasks\Avira_Antivirus_Systray => C:\Program_Files_(x86)\Avira\AntiVir Desktop\avgnt.exe [2017-12-18] (Avira Operations GmbH & Co. KG)
Task: {FE43990C-1489-44A6-9F88-BA66D29825BF} - System32\Tasks\{D1566649-4421-4B84-A531-8A311AD3B1EC} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Align Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_align_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_auto_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2008-10-24 15:35 - 2008-10-24 15:35 - 000128296 _____ () C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
2018-01-07 22:04 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-765177893-555145608-490344441-1000\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2010-09-24 15:29 - 000620296 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  ads.active.com
127.0.0.1  am1.activemeter.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  ad2games.com
127.0.0.1  cms.ad2click.nl
127.0.0.1  ads.ad2games.com
127.0.0.1  content.ad20.net
127.0.0.1  core.ad20.net
127.0.0.1  as.ad611.com

There are 14742 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\startupfolder: C:^Users^~.~^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Skype^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: f.lux => "C:\Users\~.~\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{87C6CA73-8565-4CC8-A631-52DF2587208B}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [UDP Query User{C3DD9A55-B77C-44B9-9493-03CA95431174}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [{3AE68BFF-6C63-41C3-8C4C-74FAF25FE1A2}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [{FBD8C0CC-F333-4157-820D-6901A9C2430C}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [TCP Query User{90F4AF0A-BEBB-4442-A482-B036E46CEFEE}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [UDP Query User{9B99392F-C4D5-42A3-AEE0-9A8BBE715C85}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [{C7DECCB3-F652-4250-B6ED-D638AE67E15D}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{A2867E64-8572-4B4A-BF4A-6063E72D6673}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{58EA7E47-8BCD-44A3-A77A-E95F9BB356F5}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{91A9A53E-C2E8-4D75-826C-59FC1CD8331F}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{B9E3ED79-D949-4F1B-B962-D40904521A1B}] => (Allow) C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{807F3222-0A3B-4F97-9E3D-D08E9CD4CC2E}C:\program_files_(x86)\mozilla_firefox\firefox.exe] => (Block) C:\program_files_(x86)\mozilla_firefox\firefox.exe
FirewallRules: [UDP Query User{7CB7E04B-6D81-4FF7-8CB7-B5179B0EE3F5}C:\program_files_(x86)\mozilla_firefox\firefox.exe] => (Block) C:\program_files_(x86)\mozilla_firefox\firefox.exe
FirewallRules: [{1A6CA4B9-F34B-4C72-9B83-543A4ECD7BE8}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6FA1DC9A-43A6-4D07-A432-EB6F13ACF4F3}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0AFA25DC-EC09-4659-A923-6592797C04C9}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F508EFF9-743F-49D1-BCC9-02137D90EFFB}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{47FF30F7-4483-49A6-A6D0-D5CA1792D3C6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D7861C54-8C4B-45A0-8039-6B2886562FAF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DA0C5372-B11B-4CA6-B085-573AF6700701}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{17402D57-941A-4821-979E-A6A7A81F09A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

13-01-2018 11:53:46 Windows Update
17-01-2018 23:56:46 Windows Update
19-01-2018 18:48:07 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2018 06:31:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The first DWORD in the Data section contains the error code.

Error: (01/22/2018 06:31:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/22/2018 06:30:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The first DWORD in the Data section contains the error code.

Error: (01/22/2018 06:30:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/22/2018 06:30:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The first DWORD in the Data section contains the error code.

Error: (01/22/2018 06:30:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/22/2018 06:21:49 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (01/18/2018 04:59:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/18/2018 04:59:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/18/2018 12:22:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (01/26/2018 07:03:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (01/22/2018 07:54:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (01/22/2018 12:31:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (01/20/2018 07:56:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Avira.ServiceHost service.

Error: (01/20/2018 07:55:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

Error: (01/18/2018 07:14:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (01/18/2018 07:17:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/18/2018 07:08:32 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:07:17 AM on ‎1/‎18/‎2018 was unexpected.

Error: (01/16/2018 10:21:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (01/12/2018 06:51:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {46986115-84D6-459C-8F95-52DD653E532E} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2018-01-09 23:30:37.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:37.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:36.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:36.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:57.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:57.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 64%
Total physical RAM: 3932.86 MB
Available physical RAM: 1400.41 MB
Total Virtual: 7863.92 MB
Available Virtual: 4412.63 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:60.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3068127E)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
--- --- ---



Code:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/7/18
Scan Time: 10:05 PM
Log File: 8da7875e-f3ee-11e7-ba98-00269eac1f3a.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3645
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cunegonde\~.~

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347872
Threats Detected: 11
Threats Quarantined: 11
Time Elapsed: 37 min, 20 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 8
PUP.Optional.FaceMoods, HKLM\SOFTWARE\CLASSES\APPID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}, Quarantined, [3211], [392823],1.0.3645
PUP.Optional.FaceMoods, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}, Quarantined, [3211], [392823],1.0.3645
PUP.Optional.FaceMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}, Quarantined, [3211], [392823],1.0.3645
PUP.Optional.UltimateShoppingSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\eiibddcohpjhajbnfkpboacmohommppp, Quarantined, [7251], [405203],1.0.3645
PUP.Optional.GreatDealz, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\lobonlhedgiilkfmbbbfhkaoefacipgj, Quarantined, [1871], [466866],1.0.3645
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASC_RASAPI32, Quarantined, [686], [333222],1.0.3645
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASC_RASMANCS, Quarantined, [686], [333222],1.0.3645
PUP.Optional.ChipDe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\chip 1-click download service, Quarantined, [8741], [463412],1.0.3645

Registry Value: 1
PUP.Optional.UltimateShoppingSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|@ULTIMATESHOPPINGSEARCH, Quarantined, [7251], [379681],1.0.3645

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.UltimateShoppingSearch, C:\PROGRAM FILES (X86)\ULTIMATESHOPPINGSEARCH, Quarantined, [7251], [457861],1.0.3645

File: 1
PUP.Optional.UltimateShoppingSearch, C:\Program Files (x86)\UltimateShoppingSearch\eiibddcohpjhajbnfkpboacmohommppp.crx, Quarantined, [7251], [457861],1.0.3645

Physical Sector: 0
(No malicious items detected)


(end)

Code:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/27/18
Scan Time: 7:32 PM
Log File: 7a65e74c-0390-11e8-be35-00269eac1f3a.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3801
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cunegonde\~.~

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345161
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 hr, 58 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

cosinus 29.01.2018 11:42
Bitte Avira deinstallieren. Wir deinstallieren dann am besten auch gleich weiteren unnötigen oder veralteten Krempel.

Avira empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:


    7-Zip 9.17 (x64 edition)

    Adobe Acrobat Reader DC

    Adobe AIR

    Audacity 1.3.12 (Unicode)

    Avira

    Avira Antivirus

    Java 7 Update 25

    Java 7 Update 45 (64-bit)

    Microsoft Office Professional Edition 2003

    Mozilla Firefox (3.6.23)

    Mozilla Thunderbird 24.2.0 (x86 en-US)

    OpenOffice.org 3.3


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Gib Bescheid wenn Avira weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!

PoseidoPferd 30.01.2018 10:53
Cosinus, danke für die schnelle Reaktion!!

Ich habe mit den Deinstallationen angefangen... und jetzt weder Firefox noch Thunderbird?! Da ich laut Renovo zuvor jeweils zwei Versionen (alt + neu) auf dem Computer hatte und Renovo bei jeder Deinstallation etwas von Restore-Point (o.ä.) schrieb, hatte ich einfach blauäugig "die alten Versionen" deinstalliert. Aber jetzt sind beide Programme komplett weg, und ich finde in Renovo auch keine Restore-Option. Wie komme ich nun an meine Daten wieder ran (große und mir wichtige Lesezeichen-Sammlung in Firefox... womöglich auch zahllose wichtige Emails bzw. Entwürfe in Thunderbird??)?? Mein letzter Restore-Point (über Windows) liegt leider Monate zurück. Da würden mir noch immer viele Daten fehlen... außerdem wäre das vermutlich auch nicht in Deinem Sinne??... Gibt es eine Alternative??

Und schon im voraus: 'Muß' ich unbedingt Microsoft Office deinstallieren? Das ist meine einzige (legal erworbene) Kopie, die kann ich dann nicht reinstallieren. Und ich ziehe mein englisches Office2003 jedem deutschen und/oder Office2007+ deutlich vor (Ribbons finde ich eh furchtbar & auch die Shortcuts verändern sich ja andauernd). Laut IT'ler an meinem damaligen Fachbereich sollte sie automatisch Updates herunterladen. Habe ich dämlicherweise nicht überprüft, stimmt. Du bist hier der Chef: Wenn Du sagst, mit dem Officepaket wird mein Rechner nicht mehr sauber, ist das so. Wäre halt nur sehr, sehr bitter, daher meine Nachfrage.

Übrigens zur Info: Dein letzter Spiegelpunkt - Reste löschen - wurde mir auf meinem Rechner nur ohne die Buttons angezeigt. Jetzt sehe ich - über einen anderen Rechner - die Buttons. Ist das ein weiteres Problem meines Rechners?


[Entschuldige die verzögerte Antwort, weil ich ja jetzt keinen Browser mehr habe (& obendrein krank geworden bin): Opera habe ich vor ein paar Wochen bei meiner Fehlersuche de- und noch nicht wieder reinstalliert... und IE benutze ich seit Jahren nicht = dem müssen so viele Updates fehlen, daß ich ihn auch jetzt nicht verwenden mag. Oder ist das für die aktuellen Zwecke egal??]

cosinus 30.01.2018 11:11
Ja das ist blöd, eigentlich sollte damit nur das alte Programm aber nicht das noch benutzte Profil gelöscht werden :stirn:

Office 2003 ist jedenfalls uralt und muss weg.

PoseidoPferd 30.01.2018 15:17
Ach du Sch... Also restore, um wenigstens ein bißchen zu retten? Oder geht das doch über Revo? Es liegt ja jetzt ziemlich viel im Papierkorb. Ist davon noch etwas brauchbar? - Hinter den Profilen steckt einige Arbeit, aber auch Freizeitpläne usw. Die sind mir enorm wichtig.

(Und dann noch Office! "Darf" ich mir wenigstens schon mal ein aktuelles OpenOffice runterladen, wenn ich wieder einen Browser habe??)

cosinus 30.01.2018 15:34
Hau erstmal den alten Schund runter. Und ja, deine Profile könnten noch im Papierkorb schlummern.

Office-Ersatz wenn wir hier durch sind! :kloppen:

PoseidoPferd 31.01.2018 14:20
Ich habe da vermutlich etwas verbockt... oder?

Ich habe den Rechner auf einen Restore Point zurückgesetzt, habe die Daten von Firefox & Thunderbird gespeichert und wollte jetzt einfach alles erneut deinstallieren... aber:
- Firefox stand nur noch als aktuelle Version in Revo gelistet. Ich habe es vorsichtshalber trotzdem nochmal komplett deinstalliert... und reinstalliert, weil ich irgendeinen Browser brauche, um mit Dir zu kommunizieren. [Jetzt liegt das Programm in einem anderen Ordner, nämlich "Program Files", den konnte ich bei der Installation nicht ändern.] Ich landete auf der letzten besuchten Seite (dieser hier) & habe noch alle Lesezeichen, was ja dagegen spricht, daß wirklich alle Daten entfernt wurden. Immerhin: Bing ist jetzt weg! (Hurra!!!) Unter Task Manager > Processes wird Firefox immer noch über mehrere Zeilen gelistet.
- Thunderbird erschien überhaupt nicht mehr in Revo, auch nicht als Programm von Windows ("Programs and Features"), lief aber wieder einwandfrei. Ich habe es daraufhin über den programmeigenen uninstall-Ordner deinstalliert, den Thunderbird-Ordner unter "Program Files (86)" gelöscht... das Programm reinstalliert (das Profil & die Emails waren noch da)... jetzt erschien es in Revo, also re-deinstalliert... dann re-reinstalliert... Profil & Emails wiederum noch da. Ist das normal? Ich hätte erwartet, daß das Programm wirklich mit allen seinen Ordnern, Archiven und Rollkoffern deinstalliert wird??
- OpenOffice-Dateien waren bei der Restore-Aktion auch wiederauferstanden. Erst als ich wieder einen Teil des Programms ordnungsgemäß installiert hatte, erschien es auch in Revo. Aber als ich's dann über Revo deinstalliert habe, blieben immer noch 3678 Dateien mit insg. 561 MB im Ordner "OpenOffice". Einfach per Hand löschen?
- Blöderweise habe ich dabei noch versehentlich den TeamViewer deinstalliert & gleich reinstalliert. Ich hoffe, das zählt nicht unter "nix mehr ohne Absprache installieren".

Sprich: Firefox & Thunderbird sind jetzt ein paarmal de- und reinstalliert (entschuldige, falls das Probleme schafft, s.o.!!), OpenOffice ist "halb-entfernt". Ich hoffe, das hat nicht allzu viel Durcheinander geschaffen... Sollte ich für die genannten Programme jetzt noch weitere Dateien deinstallieren, löschen o.ä.? (Nur laß mir bitte möglichst [m]einen Browser, um hier zu schreiben, danke.) Oder was ist der nächste Schritt?

cosinus 31.01.2018 14:26
Du solltest doch nur die alten Versionen von Firefox und Thunderbird entfernen! :wtf:
Die aktuellen Versionen hab ich ja auch garnicht in meiner Liste aufgeführt!

Konntest du die Profile mitsamt den Mails jetzt wiederherstellen?

PoseidoPferd 31.01.2018 14:38
Habe ja schon geschrieben: "vermutlich verbockt"...

Danke, die Daten habe ich... und habe sie vor allem jetzt extern gespeichert, so daß ich sie hoffentlich auch zukünftig noch nutzen kann, falls Du jetzt doch sämtliche Programme mit allen Profildaten erstmal vom Rechner löschen möchtest.

cosinus 31.01.2018 15:10
Mach einfach nur das was in meinen Anweisungen steht! Nix hineindichten oder ergänzen! :kloppen:


Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

http://www.trojaner-board.de/picture...&pictureid=611

cosinus 31.01.2018 15:10
Mach einfach nur das was in meinen Anweisungen steht! Nix hineindichten oder ergänzen! :kloppen:


Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

http://www.trojaner-board.de/picture...&pictureid=611

PoseidoPferd 03.02.2018 11:38
Zitat:
Zitat von cosinus (Beitrag 1682882)
Mach einfach nur das was in meinen Anweisungen steht! Nix hineindichten oder ergänzen! :kloppen:
Bereits mein Mathelehrer empfahl mir (schriftlich), ich solle doch einen Spickzettel etwa diesen Inhalts in die Abiturprüfung mitnehmen...

Jedenfalls stehe ich wieder fester auf den Beinen, und daraufhin gibt's jetzt Logs. "Addition" war übrigens schon angehakt.


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by ~.~ (administrator) on CUNEGONDE (02-02-2018 22:14:14)
Running from C:\Users\~.~\Desktop
Loaded Profiles: ~.~ & Administrator (Available Profiles: ~.~ & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Intel(R) Corporation) C:\Program Files (x86)\WiFi\bin\EvtEng.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\architect.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\ws.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Users\~.~\AppData\Local\Temp\ose00000.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [PDFPrint] => C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: F - F:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: {639bc51d-6b30-11e3-83cb-00269eac1f3a} - G:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-765177893-555145608-490344441-500\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{43B9CFB8-8F73-46EA-9AD6-9C0B1223138D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5050B7FC-F0E4-4BB6-B5F4-06FAE4F1E617}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{831887B8-28F5-4B9E-AF0A-13C6C8652B11}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-765177893-555145608-490344441-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-765177893-555145608-490344441-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: x2ie0fsf.default-1468139344231-1515350849047
FF ProfilePath: C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 [2018-02-02]
FF Homepage: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> is enabled.
FF Extension: (ADB Helper) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\adbhelper@mozilla.org [2018-01-09] [Legacy]
FF Extension: (Ghostery) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\firefox@ghostery.com.xpi [2018-01-31]
FF Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2018-01-07]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2018-01-31] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program_Files_(x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\~.~\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-10-30]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program_Files_(x86)\Opera\Opera.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1283336 2017-12-18] ()
R2 EvtEng; C:\Program Files (x86)\WiFi\bin\EvtEng.exe [631024 2014-01-08] (Intel(R) Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [774736 2017-09-05] (Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 PDF24; C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
R2 TeamViewer; C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-07] (Malwarebytes)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7680512 2010-03-18] (Intel Corporation) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-02 22:14 - 2018-02-02 22:14 - 000000000 ____D C:\Users\~.~\Desktop\FRST-OlderVersion
2018-02-01 22:09 - 2018-02-01 22:09 - 000000118 _____ C:\Users\~.~\Desktop\Breun.txt
2018-01-31 14:10 - 2018-01-31 14:10 - 000000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000861 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000849 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\TeamViewer
2018-01-31 13:49 - 2018-01-31 13:49 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-31 13:49 - 2018-01-31 13:49 - 000000935 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-01-31 13:49 - 2018-01-31 13:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-31 13:32 - 2018-01-31 13:32 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\PDF Architect 4
2018-01-31 13:29 - 2018-01-31 13:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-31 13:09 - 2018-01-31 13:12 - 000000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2018-01-31 12:52 - 2018-01-31 12:52 - 000006853 _____ C:\Users\~.~\.recently-used.xbel
2018-01-31 11:36 - 2018-01-31 11:36 - 000000000 ____D C:\Users\~.~\Documents\PDF Architect
2018-01-30 13:41 - 2018-01-30 13:41 - 000000000 ____D C:\Users\~.~\AppData\Local\CEWE FOTOSERVICE
2018-01-30 13:41 - 2018-01-30 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEWE FOTOSERVICE
2018-01-30 13:33 - 2018-01-30 13:33 - 000000000 ____D C:\Users\~.~\AppData\Roaming\hps-install
2018-01-30 01:25 - 2018-01-30 01:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-01-27 22:40 - 2018-01-27 22:40 - 000001238 _____ C:\Users\~.~\Desktop\Malwarebytes_18-01-27_report.txt
2018-01-27 22:39 - 2018-01-27 22:39 - 000001238 _____ C:\Users\~.~\Desktop\Malwarebytes_18-01-27_summary.txt
2018-01-26 21:28 - 2018-01-26 21:29 - 000035000 _____ C:\Users\~.~\Desktop\Addition.txt
2018-01-26 21:23 - 2018-02-02 22:15 - 000010351 _____ C:\Users\~.~\Desktop\FRST.txt
2018-01-26 21:21 - 2018-01-26 21:21 - 000000941 _____ C:\Users\~.~\Desktop\brrr,mal-wieder - Shortcut.lnk
2018-01-26 21:15 - 2018-02-02 22:14 - 002393088 _____ (Farbar) C:\Users\~.~\Desktop\FRST64.exe
2018-01-12 07:23 - 2018-01-12 07:23 - 000001230 _____ C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LRC2003_Lernprogramm.lnk
2018-01-08 00:06 - 2018-01-08 00:06 - 000001749 _____ C:\Users\~.~\Desktop\Bing, pls help.txt
2018-01-08 00:03 - 2018-01-08 00:26 - 000000000 ____D C:\AdwCleaner
2018-01-08 00:03 - 2018-01-08 00:03 - 008198432 _____ (Malwarebytes) C:\Users\~.~\Desktop\adwcleaner_7.0.6.0.exe
2018-01-07 23:21 - 2018-01-07 23:21 - 000001696 _____ C:\Users\Public\Desktop\PDF24.lnk
2018-01-07 23:21 - 2018-01-07 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2018-01-07 23:17 - 2016-09-23 12:16 - 000000109 _____ C:\Users\~.~\Desktop\Online PDF Tools.url
2018-01-07 22:05 - 2018-01-07 22:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-07 22:04 - 2018-01-07 22:04 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-07 22:04 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-02 22:14 - 2016-07-03 21:09 - 000000000 ____D C:\FRST
2018-02-02 22:08 - 2010-08-16 14:54 - 000000000 ____D C:\Program_Files_(x86)
2018-02-02 22:08 - 2009-07-14 08:46 - 000000000 ____D C:\Windows\ShellNew
2018-02-02 22:08 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-02 22:02 - 2017-09-05 23:04 - 000000000 ____D C:\Users\~.~\AppData\LocalLow\Mozilla
2018-02-02 21:59 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\tracing
2018-02-02 09:35 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-02 09:35 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-31 13:34 - 2015-09-27 02:43 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2018-01-31 13:32 - 2016-12-20 23:39 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-01-31 13:32 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-31 13:22 - 2009-07-14 05:45 - 000333056 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-31 12:52 - 2010-09-23 12:20 - 000000000 ____D C:\Users\~.~\AppData\Roaming\gtk-2.0
2018-01-31 12:52 - 2010-09-23 11:55 - 000000000 ____D C:\Users\~.~\.gimp-2.6
2018-01-31 12:52 - 2010-08-15 06:32 - 000000000 ____D C:\Users\~.~
2018-01-31 11:40 - 2011-04-16 20:22 - 000000000 ____D C:\Users\~.~\AppData\Roaming\vlc
2018-01-31 11:38 - 2016-01-25 13:22 - 000000000 ____D C:\Program Files\PDF Architect 4
2018-01-31 11:37 - 2016-01-25 13:22 - 000000000 ____D C:\Program Files (x86)\PDF Architect 4
2018-01-31 08:58 - 2015-11-12 20:35 - 000000000 ____D C:\eBücher
2018-01-30 18:05 - 2009-07-14 06:13 - 000006222 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-30 14:51 - 2014-01-19 21:51 - 000000000 ____D C:\ProgramData\tmp
2018-01-30 14:51 - 2014-01-19 21:51 - 000000000 ____D C:\ProgramData\hps
2018-01-30 10:19 - 2010-08-17 00:05 - 000000000 ____D C:\abracadabra
2018-01-30 01:54 - 2014-08-12 17:29 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-29 07:20 - 2017-03-06 21:33 - 000000000 ____D C:\ProgramData\ProductData
2018-01-21 22:45 - 2010-08-16 21:14 - 000076888 _____ C:\Users\~.~\AppData\Local\GDIPFONTCACHEV1.DAT
2018-01-18 00:32 - 2017-10-21 22:24 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-18 00:32 - 2013-07-25 19:33 - 000000000 ____D C:\Windows\system32\MRT
2018-01-18 00:32 - 2010-08-18 19:56 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-11 07:56 - 2010-08-17 00:16 - 000000000 ____D C:\Bilder
2018-01-11 07:37 - 2015-11-19 14:13 - 000000000 ____D C:\Users\~.~\AppData\Local\Opera Software
2018-01-11 07:37 - 2015-11-19 14:12 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Opera Software
2018-01-08 07:06 - 2015-10-14 12:51 - 000001048 _____ C:\Users\~.~\Desktop\Desktop-Dateien.lnk
2018-01-08 00:09 - 2017-01-04 19:36 - 000000000 ____D C:\Users\~.~\AppData\Local\Downloaded Installations
2018-01-08 00:09 - 2016-01-25 13:17 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Lavasoft
2018-01-08 00:08 - 2017-05-12 12:33 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\IObit
2018-01-08 00:08 - 2017-03-06 21:26 - 000000000 ____D C:\ProgramData\IObit
2018-01-08 00:08 - 2017-03-06 21:25 - 000000000 ____D C:\Users\~.~\AppData\Roaming\IObit
2018-01-08 00:08 - 2016-01-25 13:17 - 000000000 ____D C:\ProgramData\Lavasoft
2018-01-07 22:26 - 2017-11-19 03:31 - 000000000 ____D C:\00_USB-Stift_19.11.17
2018-01-07 22:04 - 2016-04-03 14:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-07 21:36 - 2010-09-24 16:54 - 000000000 ____D C:\ProgramData\Skype
2018-01-07 21:32 - 2010-09-24 16:54 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Skype
2018-01-07 21:27 - 2012-12-28 18:13 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-07 21:27 - 2010-08-16 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-05 01:00 - 2010-08-16 14:55 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Mozilla

==================== Files in the root of some directories =======

2017-12-25 01:54 - 2017-12-25 01:56 - 000009849 _____ () C:\Users\~.~\AppData\Roaming\.ptbt0
2013-02-24 18:33 - 2013-02-24 21:13 - 000000568 _____ () C:\Users\~.~\AppData\Roaming\AutoGK.ini
2012-10-03 12:51 - 2013-10-21 23:44 - 000000028 _____ () C:\Users\~.~\AppData\Roaming\PhonerLitesettings.ini
2011-01-06 19:22 - 2011-01-06 19:22 - 000003584 _____ () C:\Users\~.~\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-07 00:57 - 2016-04-04 20:45 - 000007605 _____ () C:\Users\~.~\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2011-09-09 18:45 - 2012-12-24 16:02 - 000248008 _____ (Ask.com) C:\Users\Administrator.Cunegonde\AppData\Local\Temp\AskSLib.dll
2018-02-02 22:08 - 2003-07-28 17:28 - 000089136 _____ (Microsoft Corporation) C:\Users\~.~\AppData\Local\Temp\ose00000.exe
2017-03-17 16:14 - 2017-03-17 16:14 - 014456872 _____ (Microsoft Corporation) C:\Users\~.~\AppData\Local\Temp\vc_redist.x86.exe
2017-10-21 21:36 - 2017-11-04 22:18 - 000910504 _____ () C:\Users\~.~\AppData\Local\Temp\WCN001.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-30 09:38

==================== End of FRST.txt ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---


[CODE]Additional
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by ~.~ (02-02-2018 22:15:54)
Running from C:\Users\~.~\Desktop
Windows 7 Professional Service Pack 1 (X64) (2010-08-15 05:32:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-765177893-555145608-490344441-500 - Administrator - Enabled) => C:\Users\Administrator.Cunegonde
Guest (S-1-5-21-765177893-555145608-490344441-501 - Limited - Disabled)
~.~ (S-1-5-21-765177893-555145608-490344441-1000 - Administrator - Enabled) => C:\Users\~.~

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
calibre 64bit (HKLM\...\{022ED169-3871-4D3E-963E-322226C5F455}) (Version: 2.13.0 - Kovid Goyal)
CEWE FOTOSERVICE (HKLM-x32\...\CEWE FOTOSERVICE) (Version: 6.3.1 - CEWE Stiftung u Co. KGaA)
ClipGrab 3.6.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 18.3.0 - Thüringer Landesfinanzdirektion)
f.lux (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Flux) (Version:  - )
Finale NotePad 2008 (HKLM-x32\...\Finale NotePad 2008) (Version: 13.0.0.0 - MakeMusic)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version:  - )
FreeRIP v3.45 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.45 - MGShareware)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Hugin 2012.0.0 (HKLM-x32\...\Hugin) (Version: 2012.0.0 hg_a6e4184ad538 - The Hugin Development Team)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
JavaScript Tools (HKLM-x32\...\HSJS) (Version:  - )
Konz 2013 (HKLM-x32\...\{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden
LRC 2003, Version 0.4 (HKLM-x32\...\LRC 2003_is1) (Version: 0.4 - Jakob Lemler)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Motorola Driver Installation 3.9.0 (HKLM\...\{3E2DA560-EE3E-45C2-9CC7-B1B0A06C6BE6}) (Version: 3.9.0 - Motorola Inc.)
Mozilla Firefox 58.0.1 (x64 de) (HKLM\...\Mozilla Firefox 58.0.1 (x64 de)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.6.0 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 de)) (Version: 52.6.0 - Mozilla)
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version:  - Oxelon)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF24 Creator 8.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ContextMenuHandlers1-x32: [OpenWithCtxMenuExt] -> {AC94BA2C-8211-45D4-AB5C-C2A9BCCC8FB6} => C:\Program_Files_(x86)\OxelonMedia_File-Converter\menuext.dll [2009-03-11] ()
ContextMenuHandlers1-x32: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26A5A08A-7C32-4F2E-AD95-7C28491EC43C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {26CE1389-5D43-4568-98A2-AD6415912602} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {57F3203C-992C-4D7C-8B5E-57690269996C} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {60CBC99E-9B8B-4C73-8D62-5DCE59522290} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {6AAF6128-83BA-4BE3-B832-D04C58063F9B} - System32\Tasks\{8E0384D6-D1F2-407F-AAD8-65C63C261FC0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {6AD3FA40-972D-46D1-97F4-73F93B9228F2} - System32\Tasks\{8DC8F86E-7B5D-48BC-9CA6-3C225074A363} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187.259/en/abandoninstall?source=lightinstaller&page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {80E627F7-4174-481E-B32E-2FAFF5D3709A} - System32\Tasks\{A7629334-9837-41B2-9256-9AA357C731C5} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Flash_Disinfector.exe -d C:\Users\~.~\Desktop
Task: {8223F5D9-D0C6-4B65-A95E-5BD77567AB68} - System32\Tasks\{905CA972-BE80-49B1-AB0D-EB111501DFF9} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {A0CFECD4-DBE7-44F0-A1A8-715C167F78F8} - System32\Tasks\{18789D0E-3618-4737-B263-8CE0EC630E7D} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\Swf2Avi_Setup[1].exe" -d C:\Users\~.~\Desktop
Task: {A56B82D2-35C8-43F2-8EFD-21A7B5A616E4} - System32\Tasks\{523506CD-98C8-4C61-B478-64DD49AE03C0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {BEC7200B-93D8-4530-BDFE-D2436114707A} - System32\Tasks\{3EEADEBC-0E71-4265-906E-9C87C7213985} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {D6F79C35-7D3D-42CE-976E-7E8BE0C5B833} - System32\Tasks\{E387F2EE-50F0-4801-89D6-C6591AE5B325} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\oxelonplugins[1].exe" -d C:\Users\~.~\Desktop
Task: {DC9F395E-A399-4AE6-87E6-A668443FC0D3} - System32\Tasks\{D3C540CA-7EAC-4D61-ADD2-2453D051F568} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Swf2Avi_Setup.exe -d C:\Users\~.~\Desktop
Task: {FE43990C-1489-44A6-9F88-BA66D29825BF} - System32\Tasks\{D1566649-4421-4B84-A531-8A311AD3B1EC} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Align Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_align_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_auto_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2008-10-24 15:35 - 2008-10-24 15:35 - 000128296 _____ () C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
2018-01-07 22:04 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-08-05 15:58 - 2016-08-05 15:58 - 000199680 _____ () C:\Program Files\PDF Architect 4\libidn.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-765177893-555145608-490344441-1000\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2010-09-24 15:29 - 000620296 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  ads.active.com
127.0.0.1  am1.activemeter.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  ad2games.com
127.0.0.1  cms.ad2click.nl
127.0.0.1  ads.ad2games.com
127.0.0.1  content.ad20.net
127.0.0.1  core.ad20.net
127.0.0.1  as.ad611.com

There are 14742 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-765177893-555145608-490344441-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator.Cunegonde\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\startupfolder: C:^Users^~.~^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Skype^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: f.lux => "C:\Users\~.~\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{87C6CA73-8565-4CC8-A631-52DF2587208B}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [UDP Query User{C3DD9A55-B77C-44B9-9493-03CA95431174}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [{3AE68BFF-6C63-41C3-8C4C-74FAF25FE1A2}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [{FBD8C0CC-F333-4157-820D-6901A9C2430C}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [TCP Query User{90F4AF0A-BEBB-4442-A482-B036E46CEFEE}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [UDP Query User{9B99392F-C4D5-42A3-AEE0-9A8BBE715C85}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [{C7DECCB3-F652-4250-B6ED-D638AE67E15D}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{A2867E64-8572-4B4A-BF4A-6063E72D6673}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{58EA7E47-8BCD-44A3-A77A-E95F9BB356F5}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{91A9A53E-C2E8-4D75-826C-59FC1CD8331F}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{B9E3ED79-D949-4F1B-B962-D40904521A1B}] => (Allow) C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1A6CA4B9-F34B-4C72-9B83-543A4ECD7BE8}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6FA1DC9A-43A6-4D07-A432-EB6F13ACF4F3}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0AFA25DC-EC09-4659-A923-6592797C04C9}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F508EFF9-743F-49D1-BCC9-02137D90EFFB}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DB187DA7-A638-44FC-BF20-68F9045F2F7C}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8169384E-87BD-4453-8D98-6F73E738A87B}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11CB155E-AD17-454A-9CC8-0ECCDE4CFA32}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AFA0DDAE-C4C8-45E7-A5CD-EB3B97441A00}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

30-01-2018 19:19:22 Revo Uninstaller's restore point - OpenOffice.org 3.3
31-01-2018 11:34:41 Installed PDF Architect 4 View Module
31-01-2018 11:36:47 Installed PDF Architect 4 Create Module
31-01-2018 11:38:03 Installed PDF Architect 4 Edit Module
31-01-2018 13:08:28 Installed OpenOffice.org 3.2
31-01-2018 13:11:24 Revo Uninstaller's restore point - OpenOffice.org 3.2
31-01-2018 13:17:48 Revo Uninstaller's restore point - Mozilla Firefox 58.0.1 (x64 en-US)
31-01-2018 13:42:07 Revo Uninstaller's restore point - Mozilla Firefox 58.0.1 (x64 de)
31-01-2018 13:43:37 Revo Uninstaller's restore point - TeamViewer 13
31-01-2018 14:01:45 Revo Uninstaller's restore point - Mozilla Thunderbird 52.6.0 (x86 de)
02-02-2018 22:05:10 Revo Uninstaller's restore point - Microsoft Office Professional Edition 2003

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2018 01:48:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:42:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
  Gathering Writer Data

Context:
  Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
  Writer Name: System Writer
  Writer Instance ID: {ef75e46e-c92c-48bd-b694-a5ced25cf008}

Error: (01/31/2018 01:37:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:37:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:33:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:33:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:29:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:28:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:28:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/31/2018 01:27:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (02/02/2018 09:30:28 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/02/2018 12:08:18 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/01/2018 07:33:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/01/2018 04:07:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/01/2018 12:44:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/01/2018 08:41:58 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/01/2018 03:54:59 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/31/2018 10:26:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/31/2018 02:54:46 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/31/2018 02:39:50 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


CodeIntegrity:
===================================
  Date: 2018-01-09 23:30:37.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:37.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:36.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:36.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:57.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:57.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 22%
Total physical RAM: 3932.86 MB
Available physical RAM: 3048.59 MB
Total Virtual: 7863.92 MB
Available Virtual: 6563.99 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:64.3 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3068127E)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
--- --- ---

--- --- ---

--- --- ---

Nachtrag vom 3.2., falls relevant:

Als ich eben den Rechner aus seinem Winterschlaf-Modus weckte, stand als erstes wieder eine gestopptes-Script-Fehlermeldung auf dem Bildschirm (jetzt auf deutsch; Firefox & Thunderbird habe ich auf deutsch reinstalliert). Neu war, daß es direkt nach dem "Einschalten" kam... und diesmal ging's um:
Skript: chrome://messenger/content/toolbarIconColor.js:53

Thunderbird war übrigens eingefroren.

cosinus 03.02.2018 14:57
Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

PoseidoPferd 03.02.2018 18:39
Malwarebytes Anti-Rootkit habe ich laufen lassen, es hat nur lapidar ausgegeben:

"Cleanup:
Congratulations, no cleanup is required!

[Häkchen] Scan Finished: No malware found!"

Dementsprechend gab's keinen Cleanup-Button, keinen Neustart, keinen erneuten Scan.

Code:
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.02.03.03
  rootkit: v2018.01.23.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
~.~ :: CUNEGONDE [administrator]

03.Feb.2018 16:17:12
mbar-log-2018-02-03 (16-17-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 291098
Time elapsed: 1 hour(s), 10 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Hm, schon das letzte Code-Einfügen hatte ich genau so gemacht wie im Lesetip beschrieben... und jetzt wieder. Bei mir wird's in der Vorschau auch wieder "richtig" angezeigt. Falls bei Dir nicht, gib Bescheid, ja?

cosinus 05.02.2018 09:29
Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!



adwCleaner v7.x

Downloade Dir bitte http://deeprybka.trojaner-board.de/adwcleaner/adwc.pngAdwCleaner auf Deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Tracing Schlüssel
    • Prefetch Dateien
    • Proxy
    • Winsock
    • IE Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

PoseidoPferd 05.02.2018 19:59
Einen Virenscanner, den ich deaktivieren könnte, habe ich meines Wissens seit Löschung von Avira nicht mehr. Sonst bitte Info, was noch da ist.

adwCleaner ergab keine Ergebnisse, siehe unten.

[Nachdem ich den Rechner mal wieder nur in den Ruhezustand versetzt hatte, hing hinterher wieder Thunderbird fest. Irgendwann kam die "gewohnte" Fehlermeldung, diesmal mit dem Skript: chrome://messenger/content/msgMail3PaneWindow.js:1866 ... Aber auch Firefox belegte enorme Ressourcen, die Memory-Werte fielen erst nach dessen Abbruch von nahezu Höchstlast auf etwas Brauchbares. ... Aber brauchst Du solche Infos überhaupt??]

Code:
# AdwCleaner 7.0.7.0 - Logfile created on Mon Feb 05 18:15:34 2018
# Updated on 2018/18/01 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [6726 B] - [2018/1/7 23:9:43]
C:/AdwCleaner/AdwCleaner[C1].txt - [1422 B] - [2018/1/7 23:26:50]
C:/AdwCleaner/AdwCleaner[S0].txt - [7767 B] - [2018/1/7 23:8:16]
C:/AdwCleaner/AdwCleaner[S1].txt - [1161 B] - [2018/1/7 23:25:1]
C:/AdwCleaner/AdwCleaner[S2].txt - [1217 B] - [2018/2/5 18:13:9]


########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########

cosinus 05.02.2018 21:39
Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

http://www.trojaner-board.de/picture...&pictureid=611

PoseidoPferd 06.02.2018 18:35

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by ~.~ (administrator) on CUNEGONDE (06-02-2018 18:26:41)
Running from C:\Users\~.~\Desktop
Loaded Profiles: ~.~ (Available Profiles: ~.~ & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Intel(R) Corporation) C:\Program Files (x86)\WiFi\bin\EvtEng.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Geek Software GmbH) C:\Program_Files_(x86)\PDF24\pdf24.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\ws.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [PDFPrint] => C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: F - F:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\...\MountPoints2: {639bc51d-6b30-11e3-83cb-00269eac1f3a} - G:\PMCsetup.exe
HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{43B9CFB8-8F73-46EA-9AD6-9C0B1223138D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5050B7FC-F0E4-4BB6-B5F4-06FAE4F1E617}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{831887B8-28F5-4B9E-AF0A-13C6C8652B11}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-765177893-555145608-490344441-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-765177893-555145608-490344441-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: x2ie0fsf.default-1468139344231-1515350849047
FF ProfilePath: C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 [2018-02-06]
FF Homepage: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047 -> is enabled.
FF Extension: (ADB Helper) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\adbhelper@mozilla.org [2018-01-09] [Legacy]
FF Extension: (Ghostery) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\firefox@ghostery.com.xpi [2018-02-03]
FF Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\~.~\AppData\Roaming\Mozilla\Firefox\Profiles\x2ie0fsf.default-1468139344231-1515350849047\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2018-01-07]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2018-01-31] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program_Files_(x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\~.~\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-10-30]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program_Files_(x86)\Opera\Opera.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1283336 2017-12-18] ()
R2 EvtEng; C:\Program Files (x86)\WiFi\bin\EvtEng.exe [631024 2014-01-08] (Intel(R) Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [774736 2017-09-05] (Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 PDF24; C:\Program_Files_(x86)\PDF24\pdf24.exe [433288 2017-12-18] (Geek Software GmbH)
R2 TeamViewer; C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files (x86)\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-07] (Malwarebytes)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7680512 2010-03-18] (Intel Corporation) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-06 18:26 - 2018-02-06 18:31 - 000010056 _____ C:\Users\~.~\Desktop\FRST.txt
2018-02-05 18:49 - 2018-02-05 18:53 - 008206624 _____ (Malwarebytes) C:\Users\~.~\Desktop\adwcleaner_7.0.7.0.exe
2018-02-03 16:16 - 2018-02-05 19:56 - 000001258 _____ C:\Users\~.~\Desktop\Anweisung.Cosinus.txt
2018-02-03 16:16 - 2018-02-03 16:16 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\6375E5BF.sys
2018-02-03 15:45 - 2018-02-03 18:36 - 000000000 ____D C:\Users\~.~\Desktop\mbar
2018-02-03 15:45 - 2018-02-03 18:36 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-03 15:45 - 2018-02-03 15:45 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-02-03 15:40 - 2018-02-03 15:40 - 014178840 _____ (Malwarebytes Corp.) C:\Users\~.~\Desktop\mbar-1.10.3.1001.exe
2018-02-03 15:14 - 2018-02-03 15:14 - 000029612 _____ C:\Users\~.~\.recently-used.xbel
2018-02-02 22:16 - 2018-02-02 22:16 - 000033574 _____ C:\Users\~.~\Desktop\Addition_18-02-02.txt
2018-02-02 22:16 - 2018-02-02 22:16 - 000020866 _____ C:\Users\~.~\Desktop\FRST_18-02-02.txt
2018-02-02 22:14 - 2018-02-02 22:14 - 000000000 ____D C:\Users\~.~\Desktop\FRST-OlderVersion
2018-02-01 22:09 - 2018-02-01 22:09 - 000000118 _____ C:\Users\~.~\Desktop\Breun.txt
2018-01-31 14:10 - 2018-01-31 14:10 - 000000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000861 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000849 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-01-31 13:52 - 2018-01-31 13:52 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\TeamViewer
2018-01-31 13:49 - 2018-01-31 13:49 - 000000947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-31 13:49 - 2018-01-31 13:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-31 13:32 - 2018-01-31 13:32 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\PDF Architect 4
2018-01-31 13:29 - 2018-02-05 19:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-31 13:09 - 2018-01-31 13:12 - 000000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2018-01-31 11:36 - 2018-01-31 11:36 - 000000000 ____D C:\Users\~.~\Documents\PDF Architect
2018-01-30 13:41 - 2018-01-30 13:41 - 000000000 ____D C:\Users\~.~\AppData\Local\CEWE FOTOSERVICE
2018-01-30 13:41 - 2018-01-30 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEWE FOTOSERVICE
2018-01-30 13:33 - 2018-01-30 13:33 - 000000000 ____D C:\Users\~.~\AppData\Roaming\hps-install
2018-01-30 01:25 - 2018-01-30 01:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-01-27 22:40 - 2018-01-27 22:40 - 000001238 _____ C:\Users\~.~\Desktop\Malwarebytes_18-01-27_report.txt
2018-01-27 22:39 - 2018-01-27 22:39 - 000001238 _____ C:\Users\~.~\Desktop\Malwarebytes_18-01-27_summary.txt
2018-01-26 21:28 - 2018-02-02 22:16 - 000033571 _____ C:\Users\~.~\Desktop\Addition_18-02-02_doubleSS.txt
2018-01-26 21:23 - 2018-02-02 22:16 - 000020863 _____ C:\Users\~.~\Desktop\FRST_18-02-02_doubleSS.txt
2018-01-26 21:21 - 2018-02-03 15:07 - 000001013 _____ C:\Users\~.~\Desktop\brrr,mal-wieder - Shortcut.lnk
2018-01-26 21:15 - 2018-02-02 22:14 - 002393088 _____ (Farbar) C:\Users\~.~\Desktop\FRST64.exe
2018-01-12 07:23 - 2018-01-12 07:23 - 000001230 _____ C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LRC2003_Lernprogramm.lnk
2018-01-08 00:06 - 2018-01-08 00:06 - 000001749 _____ C:\Users\~.~\Desktop\Bing, pls help.txt
2018-01-08 00:03 - 2018-02-05 19:26 - 000000000 ____D C:\AdwCleaner
2018-01-07 23:21 - 2018-01-07 23:21 - 000001696 _____ C:\Users\Public\Desktop\PDF24.lnk
2018-01-07 23:21 - 2018-01-07 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2018-01-07 23:17 - 2016-09-23 12:16 - 000000109 _____ C:\Users\~.~\Desktop\Online PDF Tools.url
2018-01-07 22:05 - 2018-01-07 22:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-07 22:04 - 2018-01-07 22:04 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\ProgramData\MB2Migration
2018-01-07 22:04 - 2018-01-07 22:04 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-07 22:04 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-06 18:26 - 2016-07-03 21:09 - 000000000 ____D C:\FRST
2018-02-06 18:24 - 2017-09-05 23:04 - 000000000 ____D C:\Users\~.~\AppData\LocalLow\Mozilla
2018-02-06 18:23 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\tracing
2018-02-06 18:22 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-06 18:22 - 2009-07-14 05:45 - 000013456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-06 17:50 - 2015-09-27 02:43 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2018-02-06 17:36 - 2009-07-14 06:13 - 000006222 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-05 19:27 - 2016-12-20 23:39 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-02-05 19:27 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-05 19:18 - 2011-10-06 07:15 - 000000000 ____D C:\Users\Administrator.Cunegonde
2018-02-05 19:08 - 2017-03-06 21:33 - 000000000 ____D C:\ProgramData\ProductData
2018-02-05 19:07 - 2009-07-14 05:45 - 000331008 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-03 16:17 - 2016-04-03 14:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-03 15:40 - 2010-09-23 11:55 - 000000000 ____D C:\Users\~.~\.gimp-2.6
2018-02-03 15:14 - 2010-08-15 06:32 - 000000000 ____D C:\Users\~.~
2018-02-03 15:02 - 2010-09-23 12:20 - 000000000 ____D C:\Users\~.~\AppData\Roaming\gtk-2.0
2018-02-02 22:31 - 2010-08-16 21:14 - 000075728 _____ C:\Users\~.~\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-02 22:08 - 2010-08-16 14:54 - 000000000 ____D C:\Program_Files_(x86)
2018-02-02 22:08 - 2009-07-14 08:46 - 000000000 ____D C:\Windows\ShellNew
2018-02-02 22:08 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-01-31 11:40 - 2011-04-16 20:22 - 000000000 ____D C:\Users\~.~\AppData\Roaming\vlc
2018-01-31 11:38 - 2016-01-25 13:22 - 000000000 ____D C:\Program Files\PDF Architect 4
2018-01-31 11:37 - 2016-01-25 13:22 - 000000000 ____D C:\Program Files (x86)\PDF Architect 4
2018-01-31 08:58 - 2015-11-12 20:35 - 000000000 ____D C:\eBücher
2018-01-30 14:51 - 2014-01-19 21:51 - 000000000 ____D C:\ProgramData\tmp
2018-01-30 14:51 - 2014-01-19 21:51 - 000000000 ____D C:\ProgramData\hps
2018-01-30 10:19 - 2010-08-17 00:05 - 000000000 ____D C:\abracadabra
2018-01-30 01:54 - 2014-08-12 17:29 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-18 00:32 - 2017-10-21 22:24 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-18 00:32 - 2013-07-25 19:33 - 000000000 ____D C:\Windows\system32\MRT
2018-01-18 00:32 - 2010-08-18 19:56 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-11 07:56 - 2010-08-17 00:16 - 000000000 ____D C:\Bilder
2018-01-11 07:37 - 2015-11-19 14:13 - 000000000 ____D C:\Users\~.~\AppData\Local\Opera Software
2018-01-11 07:37 - 2015-11-19 14:12 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Opera Software
2018-01-08 07:06 - 2015-10-14 12:51 - 000001048 _____ C:\Users\~.~\Desktop\Desktop-Dateien.lnk
2018-01-08 00:09 - 2017-01-04 19:36 - 000000000 ____D C:\Users\~.~\AppData\Local\Downloaded Installations
2018-01-08 00:09 - 2016-01-25 13:17 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Lavasoft
2018-01-08 00:08 - 2017-05-12 12:33 - 000000000 ____D C:\Users\Administrator.Cunegonde\AppData\Roaming\IObit
2018-01-08 00:08 - 2017-03-06 21:26 - 000000000 ____D C:\ProgramData\IObit
2018-01-08 00:08 - 2017-03-06 21:25 - 000000000 ____D C:\Users\~.~\AppData\Roaming\IObit
2018-01-08 00:08 - 2016-01-25 13:17 - 000000000 ____D C:\ProgramData\Lavasoft
2018-01-07 22:26 - 2017-11-19 03:31 - 000000000 ____D C:\00_USB-Stift_19.11.17
2018-01-07 21:36 - 2010-09-24 16:54 - 000000000 ____D C:\ProgramData\Skype
2018-01-07 21:32 - 2010-09-24 16:54 - 000000000 ____D C:\Users\~.~\AppData\Roaming\Skype
2018-01-07 21:27 - 2012-12-28 18:13 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-07 21:27 - 2010-08-16 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2017-12-25 01:54 - 2017-12-25 01:56 - 000009849 _____ () C:\Users\~.~\AppData\Roaming\.ptbt0
2013-02-24 18:33 - 2013-02-24 21:13 - 000000568 _____ () C:\Users\~.~\AppData\Roaming\AutoGK.ini
2012-10-03 12:51 - 2013-10-21 23:44 - 000000028 _____ () C:\Users\~.~\AppData\Roaming\PhonerLitesettings.ini
2011-01-06 19:22 - 2011-01-06 19:22 - 000003584 _____ () C:\Users\~.~\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-07 00:57 - 2016-04-04 20:45 - 000007605 _____ () C:\Users\~.~\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2011-09-09 18:45 - 2012-12-24 16:02 - 000248008 _____ (Ask.com) C:\Users\Administrator.Cunegonde\AppData\Local\Temp\AskSLib.dll
2017-03-17 16:14 - 2017-03-17 16:14 - 014456872 _____ (Microsoft Corporation) C:\Users\~.~\AppData\Local\Temp\vc_redist.x86.exe
2017-10-21 21:36 - 2017-11-04 22:18 - 000910504 _____ () C:\Users\~.~\AppData\Local\Temp\WCN001.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-30 09:38

==================== End of FRST.txt ============================
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by ~.~ (06-02-2018 18:32:16)
Running from C:\Users\~.~\Desktop
Windows 7 Professional Service Pack 1 (X64) (2010-08-15 05:32:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-765177893-555145608-490344441-500 - Administrator - Enabled) => C:\Users\Administrator.Cunegonde
Guest (S-1-5-21-765177893-555145608-490344441-501 - Limited - Disabled)
~.~ (S-1-5-21-765177893-555145608-490344441-1000 - Administrator - Enabled) => C:\Users\~.~

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
calibre 64bit (HKLM\...\{022ED169-3871-4D3E-963E-322226C5F455}) (Version: 2.13.0 - Kovid Goyal)
CEWE FOTOSERVICE (HKLM-x32\...\CEWE FOTOSERVICE) (Version: 6.3.1 - CEWE Stiftung u Co. KGaA)
ClipGrab 3.6.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 18.3.0 - Thüringer Landesfinanzdirektion)
f.lux (HKU\S-1-5-21-765177893-555145608-490344441-1000\...\Flux) (Version:  - )
Finale NotePad 2008 (HKLM-x32\...\Finale NotePad 2008) (Version: 13.0.0.0 - MakeMusic)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version:  - )
FreeRIP v3.45 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.45 - MGShareware)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Hugin 2012.0.0 (HKLM-x32\...\Hugin) (Version: 2012.0.0 hg_a6e4184ad538 - The Hugin Development Team)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
JavaScript Tools (HKLM-x32\...\HSJS) (Version:  - )
Konz 2013 (HKLM-x32\...\{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden
LRC 2003, Version 0.4 (HKLM-x32\...\LRC 2003_is1) (Version: 0.4 - Jakob Lemler)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Motorola Driver Installation 3.9.0 (HKLM\...\{3E2DA560-EE3E-45C2-9CC7-B1B0A06C6BE6}) (Version: 3.9.0 - Motorola Inc.)
Mozilla Firefox 58.0.1 (x64 de) (HKLM\...\Mozilla Firefox 58.0.1 (x64 de)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.6.0 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 de)) (Version: 52.6.0 - Mozilla)
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version:  - Oxelon)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF24 Creator 8.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-765177893-555145608-490344441-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ContextMenuHandlers1-x32: [OpenWithCtxMenuExt] -> {AC94BA2C-8211-45D4-AB5C-C2A9BCCC8FB6} => C:\Program_Files_(x86)\OxelonMedia_File-Converter\menuext.dll [2009-03-11] ()
ContextMenuHandlers1-x32: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-765177893-555145608-490344441-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\~.~\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26A5A08A-7C32-4F2E-AD95-7C28491EC43C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {26CE1389-5D43-4568-98A2-AD6415912602} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {57F3203C-992C-4D7C-8B5E-57690269996C} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {60CBC99E-9B8B-4C73-8D62-5DCE59522290} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {6AAF6128-83BA-4BE3-B832-D04C58063F9B} - System32\Tasks\{8E0384D6-D1F2-407F-AAD8-65C63C261FC0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {6AD3FA40-972D-46D1-97F4-73F93B9228F2} - System32\Tasks\{8DC8F86E-7B5D-48BC-9CA6-3C225074A363} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187.259/en/abandoninstall?source=lightinstaller&page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {80E627F7-4174-481E-B32E-2FAFF5D3709A} - System32\Tasks\{A7629334-9837-41B2-9256-9AA357C731C5} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Flash_Disinfector.exe -d C:\Users\~.~\Desktop
Task: {8223F5D9-D0C6-4B65-A95E-5BD77567AB68} - System32\Tasks\{905CA972-BE80-49B1-AB0D-EB111501DFF9} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {A0CFECD4-DBE7-44F0-A1A8-715C167F78F8} - System32\Tasks\{18789D0E-3618-4737-B263-8CE0EC630E7D} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\Swf2Avi_Setup[1].exe" -d C:\Users\~.~\Desktop
Task: {A56B82D2-35C8-43F2-8EFD-21A7B5A616E4} - System32\Tasks\{523506CD-98C8-4C61-B478-64DD49AE03C0} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {BEC7200B-93D8-4530-BDFE-D2436114707A} - System32\Tasks\{3EEADEBC-0E71-4265-906E-9C87C7213985} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.156/en/abandoninstall?page=tsProgressBar
Task: {D6F79C35-7D3D-42CE-976E-7E8BE0C5B833} - System32\Tasks\{E387F2EE-50F0-4801-89D6-C6591AE5B325} => C:\Windows\system32\pcalua.exe -a "C:\Users\~.~\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QVNPABN\oxelonplugins[1].exe" -d C:\Users\~.~\Desktop
Task: {DC9F395E-A399-4AE6-87E6-A668443FC0D3} - System32\Tasks\{D3C540CA-7EAC-4D61-ADD2-2453D051F568} => C:\Windows\system32\pcalua.exe -a C:\Users\~.~\Desktop\Swf2Avi_Setup.exe -d C:\Users\~.~\Desktop
Task: {FE43990C-1489-44A6-9F88-BA66D29825BF} - System32\Tasks\{D1566649-4421-4B84-A531-8A311AD3B1EC} => "c:\program_files_(x86)\mozilla_firefox\firefox.exe" hxxp://ui.skype.com/ui/0/4.2.0.187/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enblend_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Align Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_align_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_auto_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet 360.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet_360.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet.lnk -> C:\Program_Files_(x86)\Hugin\bin\enfuse_droplet.bat ()
Shortcut: C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2008-10-24 15:35 - 2008-10-24 15:35 - 000128296 _____ () C:\Program_Files_(x86)\AAVUpdateManager\aavus.exe
2018-01-07 22:04 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-765177893-555145608-490344441-1000\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2010-09-24 15:29 - 000620296 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  ads.active.com
127.0.0.1  am1.activemeter.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  ad2games.com
127.0.0.1  cms.ad2click.nl
127.0.0.1  ads.ad2games.com
127.0.0.1  content.ad20.net
127.0.0.1  core.ad20.net
127.0.0.1  as.ad611.com

There are 14742 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-765177893-555145608-490344441-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\~.~\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\startupfolder: C:^Users^~.~^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Skype^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: f.lux => "C:\Users\~.~\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{87C6CA73-8565-4CC8-A631-52DF2587208B}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [UDP Query User{C3DD9A55-B77C-44B9-9493-03CA95431174}C:\program_files_(x86)\phonerlite\phonerlite.exe] => (Block) C:\program_files_(x86)\phonerlite\phonerlite.exe
FirewallRules: [{3AE68BFF-6C63-41C3-8C4C-74FAF25FE1A2}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [{FBD8C0CC-F333-4157-820D-6901A9C2430C}] => (Allow) C:\Program_Files_(x86)\Opera\opera.exe
FirewallRules: [TCP Query User{90F4AF0A-BEBB-4442-A482-B036E46CEFEE}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [UDP Query User{9B99392F-C4D5-42A3-AEE0-9A8BBE715C85}C:\program_files_(x86)\vlc\vlc.exe] => (Allow) C:\program_files_(x86)\vlc\vlc.exe
FirewallRules: [{C7DECCB3-F652-4250-B6ED-D638AE67E15D}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{A2867E64-8572-4B4A-BF4A-6063E72D6673}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{58EA7E47-8BCD-44A3-A77A-E95F9BB356F5}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{91A9A53E-C2E8-4D75-826C-59FC1CD8331F}] => (Allow) C:\Program_Files_(x86)\Winamp\winamp.exe
FirewallRules: [{B9E3ED79-D949-4F1B-B962-D40904521A1B}] => (Allow) C:\Program Files (x86)\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1A6CA4B9-F34B-4C72-9B83-543A4ECD7BE8}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6FA1DC9A-43A6-4D07-A432-EB6F13ACF4F3}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0AFA25DC-EC09-4659-A923-6592797C04C9}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F508EFF9-743F-49D1-BCC9-02137D90EFFB}] => (Allow) C:\Program Files(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DB187DA7-A638-44FC-BF20-68F9045F2F7C}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8169384E-87BD-4453-8D98-6F73E738A87B}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11CB155E-AD17-454A-9CC8-0ECCDE4CFA32}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AFA0DDAE-C4C8-45E7-A5CD-EB3B97441A00}] => (Allow) C:\Program_Files_(x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

05-02-2018 18:57:15 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2018 05:36:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/06/2018 05:36:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/05/2018 07:32:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/05/2018 07:32:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/05/2018 07:19:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/05/2018 07:19:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/05/2018 07:10:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/05/2018 07:10:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/02/2018 10:33:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/02/2018 10:33:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (02/05/2018 07:27:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (02/05/2018 07:27:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (02/05/2018 07:27:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (02/05/2018 07:27:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (02/05/2018 07:26:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/05/2018 07:26:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PDF24 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/05/2018 07:26:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDF Architect 4 Creator service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2018-01-09 23:30:37.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:37.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:36.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:30:36.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:58.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:57.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-09 23:11:57.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\System32\WinBioPlugIns\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 20%
Total physical RAM: 3932.86 MB
Available physical RAM: 3140.36 MB
Total Virtual: 7863.92 MB
Available Virtual: 6715.29 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:45.98 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3068127E)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
--- --- ---

cosinus 07.02.2018 00:32
Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: Malwarebytes Version 3

Downloade Dir bitte Malwarebytes Anti-Malware 3
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



2. Schritt: ESET

Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)
  • Starte die Installationsdatei.
  • Akzeptiere die Nutzungsbedingungen.
  • Wähle Erkennung evtl. unerwünschter Anwendungen aktivieren aus und klicke auf Scannen.
  • Zuerst werden die notwendigen Signaturen heruntergeladen, anschließend startet ESET automatisch den Suchlauf.
  • Am Ende des Suchlaufs werden gegebenenfalls die gefundenen Elemente aufgelistet.
  • Schließe den ESET Online Scanner rechts oben [ X ] und klicke anschließend auf Schließen.
  • Drücke bitte die Tastenkombination WIN+R zum Ausführen und kopiere folgenden Text in die Zeile und drücke im Anschluss auf OK:
    Code:
    notepad "%tmp%\log.txt"
  • Kopiere den gesamten Text mittels STRG+A und STRG+C hier in deine Antwort in CODE-Tags



3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

PoseidoPferd 08.02.2018 06:50
Das DOS-Fenster ist noch offen - einfach über "X" oben rechts schließen?

Code:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/7/18
Scan Time: 7:25 AM
Log File: b9ef38e1-0bcf-11e8-9045-00269eac1f3a.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3881
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cunegonde\~.~

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332568
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 27 min, 26 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
Code:
C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.SearchProtect.WinService.exe        Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung       
C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.Utils.dll        Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung       
C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.WCAssistant.WinService.exe        Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung       
C:\AdwCleaner\Quarantine\exuieaoEiI\Application\WebCompanion.exe        Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung       
C:\AdwCleaner\Quarantine\exuieaoEiI\Application\WebCompanionInstaller.exe        Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung       
C:\Program_Files_(x86)\Downloads\FreeYouTubeToMp3Converter3820.exe        Variante von Win32/Toolbar.Conduit.AU eventuell unerwünschte Anwendung       
C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe        Variante von Win32/DownloadGuide.D eventuell unerwünschte Anwendung       
C:\Users\~.~\AppData\Local\Temp\WCN001.exe        Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung,Variante von Win32/WebCompanion.B eventuell unerwünschte Anwendung       
C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\DevLib.dll        Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung       
C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\GenericSetup.exe        Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung       
C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\installer.exe        Variante von Win32/WebCompanion.B eventuell unerwünschte Anwendung       
C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\WizardPages.dll        Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung       
C:\Users\~.~\AppData\Local\Temp\DMR\dmr_72.exe        Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung       
C:\Users\~.~\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\2673212d-6b0437fc        Mehrere Bedrohungen,Variante von Java/Exploit.Agent.OMZ Trojaner,Java/Exploit.CVE-2012-1723.HM Trojaner,Java/Exploit.CVE-2012-1723.GW Trojaner       
C:\Windows\Temp\WebCompanion.zip        Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung,Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung       
C:\Windows\Temp\wctmp_1178855646\WcInstaller.exe        Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung       
C:\Windows\Temp\wctmp_27822647\WcInstaller.exe        Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung       
C:\Windows\Temp\wctmp_304566458\WcInstaller.exe        Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung       
C:\Windows\Temp\wctmp_887237532\WcInstaller.exe        Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung       
C:\Windows\Temp\wctmp_962985567\WcInstaller.exe        Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung       
C:\Windows.old\Documents and Settings\~.~\Desktop\burnsetup.exe        Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung       
C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\burnsetup_v4.37.exe        Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung       
C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe        Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung       
C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe        Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung       
C:\Windows.old\Users\~.~\Desktop\burnsetup.exe        Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung
Code:
17:36:17 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=
# end=init
# utc_time=2018-02-07 16:36:17
# local_time=2018-02-07 17:36:17 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
17:36:23 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 16:36:23
# local_time=2018-02-07 17:36:23 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
17:36:51 Updating
17:36:51 Update Init
17:36:56 Update Download
17:36:56 esets_scanner_update returned -1 esets_gle=12
17:36:56 Update Finalize
17:36:56 Call m_esets_charon_send
17:36:56 Call m_esets_charon_destroy
17:36:56 Retrying Update
17:36:56 Updating
17:36:56 Update Init
17:37:04 Update Download
17:37:04 esets_scanner_update returned -1 esets_gle=12
17:37:04 Update Finalize
17:37:04 Call m_esets_charon_send
17:37:04 Call m_esets_charon_destroy
17:37:04 Retrying Update
17:37:04 Updating
17:37:04 Update Init
17:37:12 Update Download
17:37:13 esets_scanner_update returned -1 esets_gle=12
17:37:13 Update Finalize
17:37:13 Call m_esets_charon_send
17:37:13 Call m_esets_charon_destroy
18:45:55 RecursiveRemoveDirectoryAndAllFiles: C:\Users\~.~\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
18:51:44 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 17:51:44
# local_time=2018-02-07 18:51:44 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
18:51:49 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 17:51:49
# local_time=2018-02-07 18:51:49 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
18:51:52 Updating
18:51:52 Update Init
18:52:01 Update Download
18:57:41 esets_scanner_reload returned 0
18:57:41 g_uiModuleBuild: 36325
18:57:42 Update Finalize
18:57:42 Call m_esets_charon_send
18:57:42 Call m_esets_charon_destroy
18:57:42 Updated modules version: 36325
18:57:59 Call m_esets_charon_setup_create
18:57:59 Call m_esets_charon_create
18:57:59 m_esets_charon_create OK
18:57:59 Call m_esets_charon_start_send_thread
18:57:59 Call m_esets_charon_setup_set
18:57:59 m_esets_charon_setup_set OK
18:57:59 Scanner engine: 36325
22:10:36 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# engine=36325
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2018-02-07 21:10:35
# local_time=2018-02-07 22:10:35 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 59759 269667685 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=11572
22:10:39 Call m_esets_charon_send
22:10:39 Call m_esets_charon_destroy
22:10:41 RecursiveRemoveDirectoryAndAllFiles: C:\Users\~.~\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
22:10:48 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 21:10:48
# local_time=2018-02-07 22:10:48 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
22:10:54 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 21:10:54
# local_time=2018-02-07 22:10:54 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
22:11:15 Call m_esets_charon_setup_create
22:11:15 Call m_esets_charon_create
22:11:15 m_esets_charon_create OK
22:11:15 Call m_esets_charon_start_send_thread
22:11:15 Call m_esets_charon_setup_set
22:11:15 m_esets_charon_setup_set OK
22:11:33 Updating
22:11:37 Update Init
22:12:22 Call m_esets_charon_send
22:12:23 Call m_esets_charon_destroy
23:55:44 Call m_esets_charon_setup_create
23:55:44 Call m_esets_charon_create
23:55:44 m_esets_charon_setup_set ERROR
23:55:49 Call m_esets_charon_send
23:55:50 Call m_esets_charon_destroy
23:55:57 RecursiveRemoveDirectoryAndAllFiles: C:\Users\~.~\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
00:00:04 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 23:00:04
# local_time=2018-02-08 00:00:04 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
00:00:09 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# end=init
# utc_time=2018-02-07 23:00:08
# local_time=2018-02-08 00:00:08 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
00:00:26 Call m_esets_charon_setup_create
00:00:26 Call m_esets_charon_create
00:00:26 m_esets_charon_create OK
00:00:26 Call m_esets_charon_start_send_thread
00:00:26 Call m_esets_charon_setup_set
00:00:26 m_esets_charon_setup_set OK
00:00:32 Updating
00:00:32 Update Init
00:00:47 Call m_esets_charon_setup_create
00:00:47 Call m_esets_charon_create
00:00:47 m_esets_charon_setup_set ERROR
00:00:47 Update Download
00:01:30 esets_scanner_reload returned 0
00:01:30 g_uiModuleBuild: 36327
00:01:30 Update Finalize
00:01:30 Call m_esets_charon_send
00:01:30 Call m_esets_charon_destroy
00:01:31 Updated modules version: 36327
00:01:46 Call m_esets_charon_setup_create
00:01:46 Call m_esets_charon_create
00:01:46 m_esets_charon_setup_set ERROR
00:01:46 Scanner engine: 36327
04:16:29 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=9ae7ee322bbe0f47b80c583d443d3fc7
# engine=36327
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2018-02-08 03:16:29
# local_time=2018-02-08 04:16:29 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 81713 269689639 0 0
# scanned=2
# found=25
# cleaned=0
# scan_time=15297
sh=410796D6E6845A5286450F36F801BF63353A07BD ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.SearchProtect.WinService.exe"
sh=DB9E4F1755F8AB17528719F1320EC627FF7FE1D3 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.Utils.dll"
sh=4280A9DD624BE6591A899B5A3683413A6FCBC027 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\Lavasoft.WCAssistant.WinService.exe"
sh=C646DC4AE1E5F6AD484677B8522456A7EB69213F ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\WebCompanion.exe"
sh=9A16190BAB145A19BD5AC9697692E3DADB0D639D ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\exuieaoEiI\Application\WebCompanionInstaller.exe"
sh=20BA51F96F4EA5423FC90E17F635791D97DA4D44 ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AU eventuell unerwünschte Anwendung" ac=I fn="C:\Program_Files_(x86)\Downloads\FreeYouTubeToMp3Converter3820.exe"
sh=0246DAC8B5C093EFB5F1E0E2B69177731CA50ED7 ft=1 fh=0000000000000000 vn="Variante von Win32/DownloadGuide.D eventuell unerwünschte Anwendung" ac=I fn="C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe"
sh=CA761761744B5AB8DCB969316CE632925434D28C ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung,Variante von Win32/WebCompanion.B eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\WCN001.exe"
sh=688FF62EEDCB9F17C22E032D0120BA77B4BD7DC7 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\DevLib.dll"
sh=A5EC1B91463A83646F7ACE5A94834EE61B732923 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\GenericSetup.exe"
sh=37D006174A0AA4A5C62867A0CDE4CDDB826622B9 ft=1 fh=0000000000000000 vn="Variante von Win32/WebCompanion.B eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\installer.exe"
sh=5609EDDAD40A2E38425F3C8FA3C3212E0FCEE2F2 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\7zS87A831C1\WizardPages.dll"
sh=E372AF7F5CBB53D354E3BE2AC726ED730F17FF4A ft=1 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\~.~\AppData\Local\Temp\DMR\dmr_72.exe"
sh=3193068E2BA855836809E2DC4B53634BEF004ACD ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen,Variante von Java/Exploit.Agent.OMZ Trojaner,Java/Exploit.CVE-2012-1723.HM Trojaner,Java/Exploit.CVE-2012-1723.GW Trojaner" ac=I fn="C:\Users\~.~\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\2673212d-6b0437fc"
sh=7F268045E08BC65CFF7DC97EEDD5149C8FFEB19E ft=0 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.D eventuell unerwünschte Anwendung,Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\WebCompanion.zip"
sh=58A0C2588043C136835E8219175E59EEEF4520E0 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_1178855646\WcInstaller.exe"
sh=5B4B0DD147CE9A188473E289B5F4016F34BD0B67 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_27822647\WcInstaller.exe"
sh=94549509601D21D2DF433B30E26516885952ADB4 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_304566458\WcInstaller.exe"
sh=4DDFCAFC25A6ED65A042DAA74A02F5F4FD0CF92B ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_887237532\WcInstaller.exe"
sh=7971078748BB5F1A053558385FFCA817A1025053 ft=1 fh=0000000000000000 vn="Variante von MSIL/WebCompanion.C eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\wctmp_962985567\WcInstaller.exe"
sh=21B8C9D2144EA602AF01B1565CC80B21D95D76AD ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\~.~\Desktop\burnsetup.exe"
sh=21B8C9D2144EA602AF01B1565CC80B21D95D76AD ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\burnsetup_v4.37.exe"
sh=27070EE60FA6B04CAD9275B8F2D755859AE26FC2 ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe"
sh=454A225249E4B9E7170687BB75F52BD22F66E7E2 ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe"
sh=21B8C9D2144EA602AF01B1565CC80B21D95D76AD ft=1 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.K eventuell unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\~.~\Desktop\burnsetup.exe"
06:21:25 Call m_esets_charon_send
06:21:25 Call m_esets_charon_destroy
06:21:26 RecursiveRemoveDirectoryAndAllFiles: C:\Users\~.~\AppData\Local\ESET\ESETOnlineScanner\Quarantine\

cosinus 08.02.2018 09:21
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program_Files_(x86)\Downloads
C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe
hosts:
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


PoseidoPferd 09.02.2018 19:24
"Starte nun FRST erneut und klicke den Entfernen Button. "

Tut mir leid, den Teil verstehe ich nicht - die Programmoberfläche ist ja englisch, aber es gibt auch kein "delete" oder ähnliches. Wenn ich die Taste "Entfernen" drücke, passiert auch nichts. Was genau ist gemeint - ?

cosinus 09.02.2018 19:39
Lies doch mal die Anleitung richtig. Und die auch richtig d.h. 1:1 umsetzen. Einfacher gehts nun wirklich nich zu beschreiben.

PoseidoPferd 09.02.2018 22:29
Ich habe die Anleitung schon ein paarmal (mittlerweile im zweistelligen Bereich) gelesen. Ich hatte sie schon vor meinem letzten Eintrag Zeile für Zeile abgearbeitet. Bis halt zu dem einen Schritt, den ich nicht verstehe. Den habe ich genannt. Und nun?

cosinus 09.02.2018 23:05
Das liegt daran, dass du die Schritte zuvor nicht richtig machst. Und es gibt keine einfachere Erklärung, wie man eine Textdatei erstellt, mit Inhalt füllt und diese mit dem geforderten Dateinamen versieht und anschließend FRST startet für den Fix.

Wie ich schon sagte, ANleitung KOMPLETT LESEN und umsetzen. Unsere Anleitungsbausteine wurden schon viele Tausend Male verwendet.

PoseidoPferd 10.02.2018 15:24
Nachdem wir also festgestellt haben, daß es 1000e Nutzer gibt, die erfolgreich einen "Entfernen Button" identifiziert und geklickt haben, sehe ich vier Möglichkeiten:
- Du erklärst es mir.
- Du nennst mir einen der 1000en, damit ich den unauffällig fragen kann.
- Ich frage hier im Forum in einem neuen Faden, was gemeint ist.
- Wir diskutieren jetzt längere Zeit darüber, daß es gut erklärt und total einfach ist und ich es trotzdem nicht verstehe. :sword2: ;-)

... Wenn Du weitere Möglichkeiten kennst, gern.

cosinus 10.02.2018 16:08
Ich schreib für dich die Anleitung jedenfalls nicht neu. Sag KONKRET an welchen Punkt du nicht weiterkommst, nicht einfach sowas sinngemäß wie "boar ich schnall das alles nicht" - wenn du den button ENTFERNEN nicht siehst ja dann weiß ich auch nicht, Brille mal aufsetzen? :dummguck:

Fragerin 10.02.2018 16:09
Sorry für die Störung:
In der englischen Oberfläche heißt der Button FIX.

cosinus 10.02.2018 16:21
Der Button ist aber der selben Position wie der Entfernen-Button oder nicht?

BTW: du brauchst dich nicht zu entschuldigen Frau root :D ich hab dir ja gesagt wenn was ist darfst du in "meinen" Threads posten :)

PoseidoPferd 10.02.2018 22:33
Danke, Fragerin! (Irreführend, daß die Sprachversionen so unterschiedliche Wörter benutzen. Zumal ich nicht einmal um die deutsche Version wußte...)


Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 10.02.2018 02
Ran by ~.~ (10-02-2018 20:52:38) Run:1
Running from C:\Users\~.~\Desktop
Loaded Profiles: ~.~ (Available Profiles: ~.~ & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program_Files_(x86)\Downloads
C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe
hosts:
emptytemp:
*****************

C:\Program_Files_(x86)\Downloads => moved successfully
C:\Program_Files_(x86)\TeamViewer\TeamViewer_Setup_de_CB-DL-Manager.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 149613144 B
Java, Flash, Steam htmlcache => 5729 B
Windows/system/drivers => 278730392 B
Edge => 0 B
Chrome => 0 B
Firefox => 382197169 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 36106986 B
systemprofile32 => 648981 B
LocalService => 132244 B
NetworkService => 715482 B
~.~ => 1442702542 B
Administrator.Cunegonde => 2883757 B

RecycleBin => 685817936 B
EmptyTemp: => 2.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:55:11 ====
PS: Was ist das denn?! Nach dem Speichern meines Beitrags bekomme ich in Beitrag #17 eine Graphik angezeigt (quasi ein Screenshot von FRST)!! Da wäre ja ziemlich klargewesen, was mit "Entfernen" gemeint ist! (Du mußt davon ausgegangen sein, daß ich die Graphik gesehen hatte, Cosinus - jetzt verstehe ich auch Dein Unverständnis!)
Nun habe ich neugierig die erste Seite des Fadens aufgerufen... und bekomme auch Graphiken angezeigt in den Beiträgen #10 und #11 (ebenfalls mit dem ominösen "Entfernen"-Button in FRST!) und in #13 (Screenshot hier aus dem Forum). Wieso bekomme ich die erst jetzt angezeigt??? Umgekehrt bekam ich zwischenzeitlich ja schon mal Graphiken (von Schaltflächen, glaube ich) in #2 angezeigt - die werden auch jetzt wieder nicht angezeigt.
[Ich habe seit dem Neu-Aufspielen von Firefox auch mehrfach Probleme gehabt, wie Bilder (verdeckten zT den Text) oder Sonderzeichen (übereinander) angezeigt werden - allerdings nie einheitlich, mal treten sie auf, mal (nach Neuladen derselben Seite) nicht. Veränderungen der Textkodierung konnten die Sonderzeichen-Anzeige übrigens nicht verbessern. Ist das alles dasselbe Problem?]

Ich habe jetzt erstmal meinen kompletten Firefox-Cache geleert. Und die Seiten neugeladen. Nun gibt's wieder überhaupt keine eingebundenen Graphiken!
(Andere Graphiken sehe ich schon: die jpg-Graphik am Seitenkopf (mit dem Logo des Trojaner-Boards usw.), die Smilies, die Schaltflächen "Alles auswählen" bzw. "Aufklappen" vor Code-Feldern, auch die Schaltflächen über dem Textfeld, in das ich hier jetzt schreibe...)


Zitat:
Zitat von cosinus (Beitrag 1683596)
"boar ich schnall das alles nicht"
... so in etwa.


PPS: Erneutes Speichern zaubert die Graphiken übrigens nicht wieder hervor...

cosinus 12.02.2018 10:06
Dafür, dass du kein Englisch kannst, musst du aber ein angelisches Windows 7 verwenden...macht ja auch total Sinn!


Dann wären wir durch! :daumenhoc

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

Abschließend müssen wir noch ein paar Schritte unternehmen, um dein System aufzuräumen (cleanup mit DelFix) und abzusichern; ich poste dir dazu mal meine Lesestoffe. Wichtiger als irgendein AV ist ein vernünftiger Umgang, also gewisse Verhaltensregeln am Gerät mit Internetzugang, und ein paar grundsätzliche Absicherungen. Deswegen kommen die zuerst. Gliederung:

  1. Cleanup mit DelFix

  2. Grundsätzliches

  3. Absicherung

  4. Virenscanner + Firewall

  5. Backup- und Imaging-Tools



Lesestoff:
Cleanup
Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.




Lesestoff:
Grundsätzliches

Lesestoff:
Google Chrome

Von der Verwendung dieses Browsers muss man aus Datenschutzgründen dringend abraten.

Falls installiert: deinstalliere Google Chrome und verwende stattdessen Mozilla Firefox.


Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups deiner wichtigen Dateien oder des Systems (genaueres dazu im Lesestoff zu Backups)

Finger weg von Registry-Cleanern, Optimizern usw!!! - die Performancesteigerung ist umstritten bis ganz klar nicht belegbar, dafür hast du ein großes Risiko dein System zu zerstören v.a. bei Registry-Operationen. Das Beste ist, die windowseigene Datenträgerbereinigung zu verwenden - und die Registry in Ruhe zu lassen!


Softwareinstallationen und Aktualisierungen

Für Windows gibt es seit einiger Zeit einen brauchbaren Paketmanager, der mit einfachen Befehlen es erlaubt, automatisiert Software herunterzuladen und zu installieren. Das erspart eine Menge Arbeit, denn ohne einen Paketmanager muss man jedes Programm selbst prüfen und separat manuell updaten, vorher manuell noch runterladen etc. pp. - siehe auch --> http://www.trojaner-board.de/186035-...r-windows.html


Ich empfehle daher, alle Programme, sofern verfügbar, über chocolatey zu installieren. Falls du schon mit Linux zu tun hattest, wird dir die Syntax sehr vertraut sein. Die FAQs zu choco findest du da --> Chocolatey: Häufig gestellte Fragen (englisch)


Für den seltenen Fall, dass du das benötigte Programm NICHT im repository von chocolatey findest: Lade diese Software immer von einem sauberen Portal wie http://filepony.de/images/microbanner.gif. Finger weg von chip.de oder softonic!
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner.




Lesestoff:
Absicherung

Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch sicherheitsrelevante Software sollte immer in aktueller Version vorliegen - sofern benötigt, wenn nicht benötigt natürlich sinnigerweise deinstallieren oder Alternativen verwenden (und diese aktuell halten).

Das zeitnahe Einspielen von Updates ist erforderlich, damit Sicherheitslücken geschlossen werden; Sicherheitslücken werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Besonders aufpassen bzgl. der Aktualität musst du bei folgender Software:
  • Browser (Internet Explorer, Edge, Firefox, Chrome, ...)

  • Flash Player: Was Adobe mit seinem Flash Player veranstaltet, ist irgendwo zwischen Frechheit und Inkompetenz einzustufen; in dem Teil werden ständig neue dicke Sicherheitslücken gefunden - für YT reicht meistens HTML5 aus, das ist der Standardplayer wenn der Flash Player inaktiv oder nicht installiert ist; für spezielle Browsergames kann es aber sein, dass du den Flash Player brauchst. Nutze Flash so sparsam wie möglich und wenn dann immer aktuell halten!!

  • Java: Spielt kaum noch eine Rolle. Fast nirgendwo werden mehr Java-Applets eingesetzt. Wird noch für spezielles Zeugs in OpenOffice genutzt, IIRC brauchen auch manche Games Java. Aber wirklich sehr selten.

  • PDF-Reader: NICHT den AdobeReader benutzen, sondern besser sowas wie PDF-XChange; der interne PDF-Betrachter vom Firefox reicht meist auch aus. Vermeide Adobe unbedingt, das ist eine Firma mit miserabler Sicherheitspolitik!


Empfohlene Firefox-Addons (Erweiterungen):

https://addons.cdn.mozilla.net/user-...ied=1510319591uBlock Origin ist ein einfacher und zuverlässiger Ad- und Trackerblocker.

https://addons.cdn.mozilla.net/user-...ied=1511295622 HTTPS Everywhere Sorgt dafür, dass der Firefox immer, wenn möglich, verschlüsselte Verbindungen (HTTPS) verwendet statt HTTP. Wahlweise kann man darüber durch Setzen eines Häkchens auch alle unverschlüsselten Verbindungen blockieren, Firefox nutzt dann nur noch HTTPS und lädt nichts mehr über üverschlüsselte Verbindungen.




Lesestoff:
Virenscanner + Firewall

Vorab sei erwähnt, dass man niemals die Schutzwirkung eines Virenscanners überbewerten darf!

Die Dinger sind mittlerweile auch unter Windows stark umstritten und können Probleme bereiten, die man so ohne AV einfach nicht haben wird. Zudem werden sie auch niemals jeden Schädling finden können. Aussagen der Anbieter dieser Software entpuppen sich regelmäßig als Marketinggeblubber. Lies dazu => Aus aktuellem Anlass: Antivirus-Schlangenöl | Elias Schwerdtfeger und => http://www.golem.de/news/antivirenso...12-125148.html

Verwende also MAXIMAL ein einziges der folgenden AVs mit Echtzeitscanner und stets aktueller Signaturendatenbank; verwende immer nur reine Virenscanner (keine Produkte mit Suite oder Internet Security in Namen, denn diese bringen kontraproduktive Firewalls mit - die Windows-Firewall ist alles was benötigt wird!)



Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und/oder mit dem ESET Online Scanner scannen.






Lesestoff:
Backup-/Image-Tools

IMHO sind Wiederherstellungspunkte nix weiter als eine Notlösung, wer sich auf was Funktionierendes verlassen will und muss, kommt um echte Backup/Imaging Software nicht herum. Ich nehme unter Windows immer Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64

Damit man sinnvolle Backups hat muss man regelmäßig zB wöchentlich ein Image auf eine separate externe Festplatte erstellen. Diese externe Festplatte wird nur dann angeschlossen, wenn man das Backup erstellen will (oder etwas wiederherstellen muss), sonsten bleibt sie aus Sicherheitsgründen sicher im Schrank verwahrt - allein schon aus dem Grund, die Backups vor Krypto-Trojaner zu schützen.



Option 1: Drivesnapshot

Offizielle TB-Anleitung --> http://www.trojaner-board.de/186299-...esnapshot.html


http://cosinus.trojaner-board.de/ima...napshot002.png


Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64
Download (32-Bit) => http://www.drivesnapshot.de/download/snapshot.exe
Download (64-Bit) => http://www.drivesnapshot.de/download/snapshot64.exe


Es gibt da auch leicht abgespeckte Versionen von Acronis TrueImage gratis wenn man Platten von Seagate und/oder Western Digital hat. Vllt sagen diese Programme dir mehr zu. Mein Favorit aber ist das kleine o.g. Drivesnapshot.



Option 2: Seagate DiscWizard
Download => Seagate DiscWizard - Download - Filepony


Screenshots:
http://filepony.de/screenshot/seagate_discwizard5.jpg
http://filepony.de/screenshot/seagate_discwizard4.png
http://filepony.de/screenshot/seagate_discwizard3.jpg



Option 3: Acronis TrueImage WD Edition
Download => Acronis True Image WD Edition - Download - Filepony


Screenshots:
http://filepony.de/screenshot/acroni...d_edition1.jpg
http://filepony.de/screenshot/acroni...d_edition2.jpg

PoseidoPferd 13.02.2018 22:42
Hallo Cosinus! Erstmal danke für Deine Arbeit! :dankeschoen:

Zugleich bin ich natürlich gerade ziemlich... "verwirrt".

In meinem letzten Beitrag schreibe ich von (erst als Folge dieses Fadens aufgetretenen) Problemen, überhaupt auch nur Deine Beiträge korrekt lesen zu können, von anderen Internetseiten ganz zu schweigen. (Auch in Deiner jüngsten Nachricht bekomme ich z.B. angezeigt: "Lade diese Software immer von einem sauberen Portal wie ." - aha?) Das Firefox-Thema mit den diversen Zeilen im Task Manager besteht ja sowieso fort. Während ich hier schreibe, ist zwar Firefox etwas schneller (!! ... und nur kurz mal "Not Responding")... andererseits funktioniert das Programm CeWeFotoservice zwischenzeitlich gar nicht mehr, weil offenbar eine essentielle Datei nicht mehr greifbar ist (ich werd's wohl neu installieren... aber spricht doch nicht dafür, daß gerade alles glattläuft?).

Und nun schreibst Du kommentarlos, wir seien "durch". äh... ? :crazy:

Ich lese noch voller Interesse an all Deinem Lesestoff (und hoffe, erstmal keine wichtigen Graphiken zu verpassen)... aber könntest Du bitte noch einmal Bezug auf meine aktuell noch bestehenden Probleme nehmen - Graphiken & eben Firefox? Danke!!! :Boogie:

cosinus 14.02.2018 09:39
Das sind alles keine Probleme mit Schädlingen mehr. Ist das denn so schwer zu verstehen? Oder glaubst du jedes Computerproblem lässt sich durch nen Virenscanner lösen?

PoseidoPferd 16.02.2018 21:47
Schade. Ein simpler Hinweis von Dir hätte es getan. Denn wenn ich gewußt hätte, daß Probleme wie die Skript-Hänger nichts mit Schadprogrammen zu tun haben, hätte ich das ja nicht in den Betreff geschrieben.

Naja, auch wenn die Probleme (bis auf Bing, was ja schlicht an der Neuinstallation lag) fortbestehen: Vielen Dank für Deine Hilfe!!

cosinus 17.02.2018 12:52
Zitat:
Zitat von PoseidoPferd (Beitrag 1684555)
Schade. Ein simpler Hinweis von Dir hätte es getan. Denn wenn ich gewußt hätte, daß Probleme wie die Skript-Hänger nichts mit Schadprogrammen zu tun haben, hätte ich das ja nicht in den Betreff geschrieben.

Naja, auch wenn die Probleme (bis auf Bing, was ja schlicht an der Neuinstallation lag) fortbestehen: Vielen Dank für Deine Hilfe!!

Ahja ist klar, ob die Probleme garantiert auch was anderes als Ursache weiß ich natürlich durch pure Hellseherei, noch bevor ich deine Logs gesehen habe.

Also wirklich, ist das so schwer zu verstehen, DASS NACH DER REINIGUNG alle Logs sauber und unauffällig sind, dann nun die Aussage zutrifft, dass es eine andere Ursache haben muss?

Und hast du eigentlich schon vergessen wie vermüllt dein Rechner war und was wir noch alles getan haben? :balla: :stirn:


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131