Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   MyOSProtect Trojaner von Virenscanner entfernt - keinen Zugriff mehr (https://www.trojaner-board.de/162597-myosprotect-trojaner-virenscanner-entfernt-keinen-zugriff-mehr.html)

Simb 09.01.2015 08:43
MyOSProtect Trojaner von Virenscanner entfernt - keinen Zugriff mehr
 
Hallo,

ich hoffe das ihr mir helfen könnt, ihr seid meine letzte Hoffnung.
Am Mittwoch abend hat mein Virenscanner kurz vor Schluss die Meldung gebracht das er ein unerwünschtes Objekt gefunden hat, ich habe daraufhin auf Quarantäne getippt und den PC runter gefahren. Ich muss dazu erwähnen das ich das Virenprogramm (Antivir 2015) durch ein Update neu aufgespielt bzw. aktualisiert habe.
Als ich gestern morgen den PC wieder eingeschalten habe, konnte ich meine E-Mails nicht mehr abrufen, nach einigem hin und her hab ich mich für das Zurück setzen entschlossen.
Ich fürchte das war ein großer Fehler, den seitdem habe ich weder Zugriff auf E-Mails noch auf das Internet obwohl die Internetverbindung steht.

Kann man das irgendwie reparieren oder macht es mehr Sinn den PC gleich neu aufzusetzen????

schrauber 09.01.2015 09:11
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Simb 09.01.2015 09:39
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Petra Bickel (administrator) on BÜRO on 09-01-2015 09:29:12
Running from F:\
Loaded Profile: Petra Bickel (Available profiles: Petra Bickel)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\System32\PSIService.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9742952 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-26] ()
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [Ulead AutoDetector v2] => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [mbot_de_137] => [X]
HKLM\...\Run: [ConvertAd] => C:\Users\Petra Bickel\AppData\Local\ConvertAd\ConvertAd.exe
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [384800 2012-11-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Petra Bickel\AppData\Local\Smartbar\Application\Smartbar.exe startup
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\MountPoints2: {8c698c03-7658-11e1-a292-3085a9af056f} - F:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1282781746-330704567-2030712273-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1282781746-330704567-2030712273-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49883;https=127.0.0.1:49883
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRnYWDMrug9FxVG7cHFJOtojAK6U7QYmiFkgtpaVaUi6wZ-Kx3oc0O7I2EVCTOkMohLkLw6IRc85NN4-0B-nxgCiy-sluU-D06a2MK04Mpo-tlF4Rpd4ZljFUNBqSt8Tg,,&q={searchTerms}
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRnYWDMrug9FxVG7cHFJOtojAK6U7QYmiFkgtpaVaUi6wZ-Kx3oc0O7I2EVCTOkMohHnhKwfMt6qcQzzHS2eEvqlyi0j6qxjOV3ClkKhCaFpxbLnTbqktVrz1OQmLsaFA,,
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://tikotin.com
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRnYWDMrug9FxVG7cHFJOtojAK6U7QYmiFkgtpaVaUi6wZ-Kx3oc0O7I2EVCTOkMohLkLw6IRc85NN4-0B-nxgCiy-sluU-D06a2MK04Mpo-tlF4Rpd4ZljFUNBqSt8Tg,,&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRnYWDMrug9FxVG7cHFJOtojAK6U7QYmiFkgtpaVaUi6wZ-Kx3oc0O7I2EVCTOkMohLkLw6IRc85NN4-0B-nxgCiy-sluU-D06a2MK04Mpo-tlF4Rpd4ZljFUNBqSt8SQ,,&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRnYWDMrug9FxVG7cHFJOtojAK6U7QYmiFkgtpaVaUi6wZ-Kx3oc0O7I2EVCTOkMohLkLw6IRc85NN4-0B-nxgCiy-sluU-D06a2MK04Mpo-tlF4Rpd4ZljFUNBqSt8SQ,,&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1282781746-330704567-2030712273-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRnYWDMrug9FxVG7cHFJOtojAK6U7QYmiFkgtpaVaUi6wZ-Kx3oc0O7I2EVCTOkMohLkLw6IRc85NN4-0B-nxgCiy-sluU-D06a2MK04Mpo-tlF4Rpd4ZljFUNBqSt8Tg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1282781746-330704567-2030712273-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1282781746-330704567-2030712273-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRnYWDMrug9FxVG7cHFJOtojAK6U7QYmiFkgtpaVaUi6wZ-Kx3oc0O7I2EVCTOkMohLkLw6IRc85NN4-0B-nxgCiy-sluU-D06a2MK04Mpo-tlF4Rpd4ZljFUNBqSt8Tg,,&q={searchTerms}
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Avira SearchFree Toolbar plus Web Protection -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-1282781746-330704567-2030712273-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1282781746-330704567-2030712273-1000 -> Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKU\S-1-5-21-1282781746-330704567-2030712273-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 25 C:\Windows\system32\MyOSProtect.dll [304776] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{E28571C8-3888-4AFB-BC0B-8ABCD772C258}: [NameServer] 5.135.12.56,199.203.35.78

FireFox:
========
FF ProfilePath: C:\Users\Petra Bickel\AppData\Roaming\Mozilla\Firefox\Profiles\vfnvqbwu.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Web Search
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRnYWDMrug9FxVG7cHFJOtojAK6U7QYmiFkgtpaVaUi6wZ-Kx3oc0O7I2EVCTOkMohLkLw6IRc85NN4-0B-nxgCiy-sluU-D06a2MK04Mpo-tlF4Rpd4ZljFUNBqSt8Tg,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1282781746-330704567-2030712273-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Petra Bickel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Petra Bickel\AppData\Roaming\Mozilla\Firefox\Profiles\vfnvqbwu.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Petra Bickel\AppData\Roaming\Mozilla\Firefox\Profiles\vfnvqbwu.default\searchplugins\google-maps.xml
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: No Name - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-26]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-02-10]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-02-10]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Petra Bickel\AppData\Roaming\Mozilla\Firefox\Profiles\vfnvqbwu.default\extensions\faststartff@gmail.com

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Freemake Video Downloader) - C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-03-12]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2014-03-12]
CHR Extension: (HQuality-v3V05.10) - C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [2014-10-09]
CHR Extension: (Google Wallet) - C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-02-10]
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2014-02-10]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx [Not Found]
CHR HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx [Not Found]
CHR StartMenuInternet: Google Chrome - chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [85280 2012-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [109344 2012-11-19] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
S3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] () [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [66176 2010-11-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [31872 2010-11-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83432 2012-11-16] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133824 2012-11-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36552 2012-11-16] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [5810 2004-08-13] ()
S1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [20480 2014-09-01] () [File not signed] <==== ATTENTION
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 09:28 - 2015-01-09 09:29 - 00000000 ____D () C:\FRST
2015-01-08 13:19 - 2015-01-08 13:19 - 00002055 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-08 13:19 - 2015-01-08 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-08 13:19 - 2012-11-16 20:17 - 00133824 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-08 13:19 - 2012-11-16 20:17 - 00083432 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-08 13:19 - 2012-11-16 20:17 - 00036552 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-08 12:35 - 2015-01-08 12:36 - 00000000 ____D () C:\Program Files\HP
2015-01-08 12:35 - 2015-01-08 12:35 - 00002195 _____ () C:\Users\Public\Desktop\HP Officejet 6700.lnk
2015-01-08 12:35 - 2015-01-08 12:35 - 00001167 _____ () C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6700.lnk
2015-01-08 12:35 - 2015-01-08 12:35 - 00000938 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-01-08 12:35 - 2015-01-08 12:35 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\HpUpdate
2015-01-08 12:35 - 2015-01-08 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-08 12:35 - 2015-01-08 12:35 - 00000000 ____D () C:\ProgramData\HP
2015-01-08 12:35 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5C12.dll
2015-01-08 12:34 - 2015-01-08 12:34 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-01-08 12:33 - 2015-01-08 13:09 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Local\HP
2015-01-08 12:25 - 2015-01-08 12:31 - 00001992 _____ () C:\Users\Public\Desktop\Installation von Reimage Repair fortsetzen.lnk
2015-01-08 12:25 - 2015-01-08 12:31 - 00000099 _____ () C:\Windows\Reimage.ini
2015-01-08 11:45 - 2015-01-08 11:45 - 00003288 ____N () C:\bootsqm.dat
2015-01-08 10:50 - 2015-01-08 10:50 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\ParetoLogic
2015-01-08 10:50 - 2015-01-08 10:50 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\DriverCure
2015-01-08 10:50 - 2015-01-08 10:50 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-01-08 10:50 - 2015-01-08 10:50 - 00000000 ____D () C:\Program Files\ParetoLogic
2015-01-08 10:50 - 2015-01-08 10:50 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2015-01-07 08:45 - 2015-01-07 08:45 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\Avira
2015-01-07 08:43 - 2015-01-08 10:00 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-18 08:18 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-16 09:23 - 2014-12-16 09:23 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-15 16:48 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-15 16:48 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-15 16:48 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-15 16:48 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-15 16:48 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-15 10:46 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-15 10:46 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-15 10:46 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-15 10:46 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-15 10:46 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-15 10:46 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-15 10:46 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-15 10:46 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-15 10:46 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-15 10:46 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-15 10:46 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-15 10:46 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-15 10:46 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-15 10:46 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-15 10:46 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-15 10:46 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-15 10:46 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-15 10:46 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-15 10:46 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-15 10:46 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-15 10:46 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-15 10:46 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-15 10:46 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-15 10:46 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-15 10:46 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-15 10:46 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-15 10:46 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-15 10:46 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-15 10:46 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-15 10:46 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-15 10:46 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-15 10:45 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-15 10:45 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-15 10:45 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-15 10:45 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-15 10:45 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-15 10:45 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-15 09:40 - 2014-12-15 09:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-12 11:24 - 2014-12-15 10:38 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-12 11:24 - 2014-12-15 10:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-12 11:00 - 2014-12-12 11:06 - 00000000 ____D () C:\AdwCleaner
2014-12-11 08:14 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 08:14 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 08:14 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 10:16 - 2014-12-10 11:16 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 09:23 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 09:23 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 09:12 - 2012-11-17 12:35 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\Skype
2015-01-09 09:08 - 2012-11-16 07:10 - 00000000 ___RD () C:\Users\Petra Bickel\Desktop\Geschäftlich--Dokumente
2015-01-09 09:05 - 2014-10-08 15:47 - 00047104 ___SH () C:\Users\Petra Bickel\Documents\Thumbs.db
2015-01-09 08:16 - 2010-11-20 22:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 08:14 - 2012-03-25 10:03 - 01106206 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 08:12 - 2010-11-20 22:48 - 00675618 _____ () C:\Windows\PFRO.log
2015-01-09 08:12 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 08:12 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 08:12 - 2009-07-14 05:39 - 00081742 _____ () C:\Windows\setupact.log
2015-01-08 13:15 - 2013-05-06 09:42 - 00000000 ____D () C:\Offa
2015-01-08 12:35 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2015-01-08 11:39 - 2014-02-12 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-01-08 11:39 - 2014-02-12 14:22 - 00000000 ____D () C:\Program Files\Epson Software
2015-01-08 11:36 - 2014-02-12 14:21 - 00000000 ____D () C:\Program Files\epson
2015-01-08 11:35 - 2014-02-12 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-01-08 11:33 - 2014-02-12 14:19 - 00000000 ____D () C:\ProgramData\EPSON
2015-01-08 11:32 - 2012-11-15 13:06 - 00000000 ____D () C:\Users\Petra Bickel
2015-01-08 11:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-08 11:31 - 2014-10-08 15:09 - 00000000 ____D () C:\Program Files\PCTRunner
2015-01-08 11:31 - 2014-02-12 14:21 - 00000000 ____D () C:\Program Files\EpsonNet
2015-01-08 11:31 - 2012-12-06 10:14 - 00000000 ____D () C:\Wolf32
2015-01-08 11:31 - 2012-11-15 14:28 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2015-01-08 11:31 - 2012-03-23 09:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-08 11:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-08 11:30 - 2014-02-12 14:26 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-01-08 11:14 - 2013-01-23 15:45 - 00000000 ____D () C:\Users\Petra Bickel\Desktop\Schriftverkehr
2015-01-08 09:59 - 2013-06-10 11:24 - 00000000 ____D () C:\Users\Petra Bickel\Downloads\Angebote
2015-01-07 16:04 - 2013-01-07 16:00 - 00022528 _____ () C:\Users\Petra Bickel\Documents\Ordner.zdl
2015-01-07 12:12 - 2012-11-16 07:10 - 00268800 _____ () C:\Users\Petra Bickel\Desktop\Kundenliste.xls
2015-01-07 10:33 - 2014-01-17 11:10 - 00041984 _____ () C:\Users\Petra Bickel\Documents\Ordner 3.zdl
2015-01-07 10:33 - 2014-01-17 11:06 - 00026112 _____ () C:\Users\Petra Bickel\Documents\Ordner 2.zdl
2015-01-07 10:33 - 2014-01-17 11:02 - 00018432 _____ () C:\Users\Petra Bickel\Documents\Ordner 1.zdl
2015-01-07 09:53 - 2014-02-10 11:52 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-07 08:43 - 2012-12-04 09:48 - 00000000 ____D () C:\ProgramData\Avira
2015-01-07 08:43 - 2012-12-04 09:48 - 00000000 ____D () C:\Program Files\Avira
2015-01-05 11:42 - 2013-06-26 13:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 11:42 - 2013-06-10 06:46 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-01-05 11:42 - 2013-06-03 06:53 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-12-30 11:16 - 2012-11-17 12:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 11:56 - 2013-06-26 13:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-22 11:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-19 09:02 - 2012-11-17 12:59 - 00000000 ____D () C:\Users\Petra Bickel\Desktop\Rechnungen Teba
2014-12-16 09:23 - 2014-05-07 06:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-16 09:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-15 16:49 - 2012-11-15 13:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-15 10:38 - 2014-10-09 08:02 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Local\LPT
2014-12-15 10:38 - 2012-11-15 14:28 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-12-15 10:37 - 2014-11-07 09:11 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Local\SmartWeb
2014-12-15 10:37 - 2014-10-09 08:02 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Local\Smartbar
2014-12-15 10:37 - 2014-10-09 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-12-15 10:37 - 2014-10-08 15:20 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\Gameo
2014-12-15 10:37 - 2014-10-08 15:20 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Local\Gameo
2014-12-15 10:37 - 2014-10-08 15:10 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\omiga-plus
2014-12-15 10:37 - 2014-10-08 15:10 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-12-15 10:37 - 2014-08-27 08:44 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-12-15 10:37 - 2014-04-28 07:47 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-12-15 10:37 - 2013-06-26 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-15 10:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-15 10:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-15 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-12-11 10:05 - 2014-03-04 11:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 08:10 - 2013-08-14 08:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 08:04 - 2013-03-12 10:36 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 11:16 - 2012-11-17 12:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 11:16 - 2012-11-17 12:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 08:05 - 2012-11-17 12:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Petra Bickel\AppData\Local\Temp\AskSLib.dll
C:\Users\Petra Bickel\AppData\Local\Temp\avgnt.exe
C:\Users\Petra Bickel\AppData\Local\Temp\avguidx.dll
C:\Users\Petra Bickel\AppData\Local\Temp\BackupSetup.exe
C:\Users\Petra Bickel\AppData\Local\Temp\ckDN6.dll
C:\Users\Petra Bickel\AppData\Local\Temp\ckDN6.exe
C:\Users\Petra Bickel\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Petra Bickel\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Petra Bickel\AppData\Local\Temp\FreemakeYoutubeMp3Converter_3.6.2.7.exe
C:\Users\Petra Bickel\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Petra Bickel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Petra Bickel\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Petra Bickel\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Petra Bickel\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Petra Bickel\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Petra Bickel\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Petra Bickel\AppData\Local\Temp\MSN31CF.exe
C:\Users\Petra Bickel\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Petra Bickel\AppData\Local\Temp\ResetDevice.exe
C:\Users\Petra Bickel\AppData\Local\Temp\setup.exe
C:\Users\Petra Bickel\AppData\Local\Temp\setup_337.exe
C:\Users\Petra Bickel\AppData\Local\Temp\setup_384.exe
C:\Users\Petra Bickel\AppData\Local\Temp\SHelp2.exe
C:\Users\Petra Bickel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Petra Bickel\AppData\Local\Temp\SpOrder.dll
C:\Users\Petra Bickel\AppData\Local\Temp\sqlite3.exe
C:\Users\Petra Bickel\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Petra Bickel\AppData\Local\Temp\uninst1.exe
C:\Users\Petra Bickel\AppData\Local\Temp\Uninstaller.exe
C:\Users\Petra Bickel\AppData\Local\Temp\UninstallerGer.dll
C:\Users\Petra Bickel\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Petra Bickel\AppData\Local\Temp\VOPackage.exe
C:\Users\Petra Bickel\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Petra Bickel\AppData\Local\Temp\_is14E9.exe
C:\Users\Petra Bickel\AppData\Local\Temp\_is3C08.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 13:39

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Petra Bickel at 2015-01-09 09:29:50
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 13.0.0.2832 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.37949 - Ask.com) <==== ATTENTION
Brother MFL-Pro Suite MFC-7360N (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Corel Painter Essentials 3 (HKLM\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version:  - Corel Corporation)
Corel Painter Essentials 3 (Version: 3.2 - Corel Corporation) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DealPly (HKU\.DEFAULT\...\DealPly) (Version:  - ) <==== ATTENTION
DealPly (HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\DealPly) (Version:  - ) <==== ATTENTION
DesignPro Ordner Software (HKLM\...\InstallShield_{0B224158-8E54-4D70-B298-E2C9C9DF7437}) (Version: 5.0.1056 - Avery Dennison)
DesignPro Ordner Software (Version: 5.0.1056 - Avery Dennison) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Epson Benutzerhandbuch WF-2540 Series (HKLM\...\WF-2540 Series Useg) (Version:  - )
Epson Connect Guide (HKLM\...\Epson Connect Guide) (Version:  - )
Epson Event Manager (HKLM\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-2540 Series (HKLM\...\WF-2540 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Freemake Youtube Mp3 Converter (HKLM\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.6.2 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{7D1EFB03-7D84-446E-8B90-6ECD7EDF4D55}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox Packages (HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\Mozilla Firefox Packages) (Version:  - ) <==== ATTENTION
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OpenAL (HKLM\...\OpenAL) (Version:  - )
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shopping Helper Smartbar (HKLM\...\{C64BEB42-B25D-4674-BB55-4099CB720110}) (Version: 11.113.63.19229 - ReSoft Ltd.) <==== ATTENTION
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Ulead PhotoImpact X3 (HKLM\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (Version: 1.00.0000 - Corel) Hidden
Unity Web Player (HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WOLF Hydraulikschemen 1.1.0.8 (HKLM\...\WOLF Hydraulikschemen_is1) (Version:  - WOLF GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1282781746-330704567-2030712273-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Petra Bickel\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1282781746-330704567-2030712273-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Petra Bickel\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1282781746-330704567-2030712273-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\PETRAB~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File

==================== Restore Points  =========================

15-12-2014 10:32:49 Wiederherstellungsvorgang
15-12-2014 16:46:00 Windows Update
18-12-2014 16:50:06 Windows Update
29-12-2014 09:48:49 Geplanter Prüfpunkt
30-12-2014 11:45:48 Windows Update
05-01-2015 11:47:39 Windows Update
07-01-2015 08:28:46 Wiederherstellungsvorgang
08-01-2015 11:03:57 Entfernt FAX Utility
08-01-2015 11:08:08 Removed Epson Event Manager
08-01-2015 11:28:37 Wiederherstellungsvorgang
08-01-2015 11:39:01 Removed Software Updater

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EFE6C82-E9DB-4074-A79D-50DE67174E74} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{88BC0756-0D07-40CD-BBA8-5BB39B868432}.exe
Task: {294403C6-7277-4B08-94B3-020EA1A55886} - System32\Tasks\{302C7B5C-408D-412D-AB0D-A93EE3B3D2DC} => pcalua.exe -a "C:\Users\Petra Bickel\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=tugs
Task: {352E6FA4-F6EB-4078-9AB0-8CC3BF9EF698} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{89C2E74F-BD9F-4AE8-8CD4-9A5AFC162371}.exe
Task: {620042A4-8FB1-415A-86AE-31BA3DDB363C} - System32\Tasks\DealPly => C:\Users\PETRAB~1\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {62171CAC-F6A8-453B-8357-20B07668A861} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {67C5E919-ECAE-4D34-AA91-F4F4A9E20608} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8FB45581-BA33-46FA-92AA-80D3F3E41CF7} - System32\Tasks\{40296C00-F6A5-4FB4-B306-3FD57D23F443} => pcalua.exe -a "C:\Program Files\Verbindungsassistent\Uninstaller.exe"
Task: {911EE6A9-578F-403B-9AED-D887FBD7511D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {A9FC41D2-F70C-4119-862C-65D034D6FB41} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B7F6AF6A-9CD7-4287-9F97-333C287F3033} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {FE8E4F67-CFEC-4CCD-B162-3490B9746CF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{89C2E74F-BD9F-4AE8-8CD4-9A5AFC162371}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{88BC0756-0D07-40CD-BBA8-5BB39B868432}.exe
Task: C:\Windows\Tasks\CRLLSIE.job => C:\Users\Petra Bickel\AppData\Roaming\CRLLSIE.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OXK.job => C:\Users\Petra Bickel\AppData\Roaming\OXK.exe <==== ATTENTION
Task: C:\Windows\Tasks\RSVLY.job => C:\Users\Petra Bickel\AppData\Roaming\RSVLY.exe <==== ATTENTION
Task: C:\Windows\Tasks\YA.job => C:\Users\Petra Bickel\AppData\Roaming\YA.exe <==== ATTENTION
Task: C:\Windows\Tasks\YOXJXRCC.job => C:\Users\Petra Bickel\AppData\Roaming\YOXJXRCC.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2015-01-08 13:19 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2007-06-05 12:20 - 2007-06-05 12:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2014-07-24 12:20 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-06-17 07:29 - 2007-08-02 20:07 - 00034064 _____ () C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1282781746-330704567-2030712273-500 - Administrator - Disabled)
Gast (S-1-5-21-1282781746-330704567-2030712273-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1282781746-330704567-2030712273-1003 - Limited - Enabled)
Petra Bickel (S-1-5-21-1282781746-330704567-2030712273-1000 - Administrator - Enabled) => C:\Users\Petra Bickel

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 08:13:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 08:12:45 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/01/09 08:12:45.420]: [00003256]: Initialize TwdsMain Class failed!

Error: (01/09/2015 08:12:45 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/01/09 08:12:45.420]: [00003256]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/09/2015 08:12:45 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/01/09 08:12:45.060]: [00003256]: Initialize TwdsMain Class failed!

Error: (01/09/2015 08:12:45 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/01/09 08:12:45.060]: [00003256]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/09/2015 08:12:23 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/01/09 08:12:23.306]: [00002020]: ---- Monitor Thread OpenBrNetUDP_Server Error ----

Error: (01/09/2015 08:12:23 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/01/09 08:12:23.306]: [00002020]: BrMfNet:: OpenUDPServer Error

Error: (01/09/2015 08:12:23 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/01/09 08:12:23.291]: [00002020]: BrNet:: OpenUDP_Server socket INVALID

Error: (01/09/2015 08:12:21 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (01/08/2015 00:38:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DeviceSetup.exe, Version: 28.0.1315.0, Zeitstempel: 0x507e9410
Name des fehlerhaften Moduls: DeviceSetup.exe, Version: 28.0.1315.0, Zeitstempel: 0x507e9410
Ausnahmecode: 0x40000015
Fehleroffset: 0x00223372
ID des fehlerhaften Prozesses: 0xad4
Startzeit der fehlerhaften Anwendung: 0xDeviceSetup.exe0
Pfad der fehlerhaften Anwendung: DeviceSetup.exe1
Pfad des fehlerhaften Moduls: DeviceSetup.exe2
Berichtskennung: DeviceSetup.exe3


System errors:
=============
Error: (01/09/2015 09:26:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%10106

Error: (01/09/2015 09:26:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%10106

Error: (01/09/2015 09:25:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%10106

Error: (01/09/2015 09:23:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%10106

Error: (01/09/2015 09:18:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%10106

Error: (01/09/2015 09:16:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%10106

Error: (01/09/2015 09:11:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%10106

Error: (01/09/2015 09:09:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%10106

Error: (01/09/2015 09:04:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%10106

Error: (01/09/2015 09:02:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%10106


Microsoft Office Sessions:
=========================
Error: (01/09/2015 08:13:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 08:12:45 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/09 08:12:45.420]: [00003256]: Initialize TwdsMain Class failed!

Error: (01/09/2015 08:12:45 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/09 08:12:45.420]: [00003256]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/09/2015 08:12:45 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/09 08:12:45.060]: [00003256]: Initialize TwdsMain Class failed!

Error: (01/09/2015 08:12:45 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/09 08:12:45.060]: [00003256]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/09/2015 08:12:23 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/01/09 08:12:23.306]: [00002020]: ---- Monitor Thread OpenBrNetUDP_Server Error ----

Error: (01/09/2015 08:12:23 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/01/09 08:12:23.306]: [00002020]: BrMfNet:: OpenUDPServer Error

Error: (01/09/2015 08:12:23 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/01/09 08:12:23.291]: [00002020]: BrNet:: OpenUDP_Server socket INVALID

Error: (01/09/2015 08:12:21 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (01/08/2015 00:38:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DeviceSetup.exe28.0.1315.0507e9410DeviceSetup.exe28.0.1315.0507e94104000001500223372ad401d02b374bdfb758C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exeC:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exed9b373b8-972a-11e4-a4f6-3085a9af056f


CodeIntegrity Errors:
===================================
  Date: 2015-01-09 09:29:27.258
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 08:12:00.062
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 08:12:00.062
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-08 12:11:31.345
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-08 12:11:31.345
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-08 11:46:30.866
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-08 11:46:30.866
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-08 11:36:40.813
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-08 11:36:40.813
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-08 11:32:00.248
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 30%
Total physical RAM: 3326.12 MB
Available physical RAM: 2318.11 MB
Total Pagefile: 6650.52 MB
Available Pagefile: 5439.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.91 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:921.75 GB) (Free:863.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8587F05B)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=921.7 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)

==================== End Of Log ============================
--- --- ---

schrauber 09.01.2015 13:57
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.37949 - Ask.com) <==== ATTENTION

    DealPly

    DealPly

    Mozilla Firefox Packages

    Shopping Helper Smartbar


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1282781746-330704567-2030712273-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49883;https=127.0.0.1:49883
S1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [20480 2014-09-01] () [File not signed] <==== ATTENTION
C:\Windows\system32\Drivers\pcwatch.sys
S3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] () [File not signed]
C:\Program Files\PCTRunner
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 25 C:\Windows\system32\MyOSProtect.dll [304776] ()
Tcpip\..\Interfaces\{E28571C8-3888-4AFB-BC0B-8ABCD772C258}: [NameServer] 5.135.12.56,199.203.35.78
cmd: netsh winsock reset
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




und ein frisches FRST log bitte.

Simb 10.01.2015 12:10
Erstmal vielen Dank, das Internet und der Zugriff auf meine E-Mails funktioniert wieder.
Hier die Logs:

mbam:
Malwarebytes Anti-Malware
www.malwarebytes.org

Adw:

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17979 octets] ##########AdwCleaner Logfile:
Code:
# AdwCleaner v4.107 - Bericht erstellt am 10/01/2015 um 11:31:30
# Aktualisiert 07/01/2015 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Petra
# Gestartet von : C:\Users\Petra Bickel\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : pcwatch
Dienst Gelöscht : vToolbarUpdater18.1.9

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\AVG Security Toolbar
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\Program Files\ParetoLogic
Ordner Gelöscht : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Common Files\ParetoLogic
Ordner Gelöscht : C:\Users\PETRAB~1\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Petra Bickel\AppData\Local\Gameo
Ordner Gelöscht : C:\Users\Petra Bickel\AppData\Local\LPT
Ordner Gelöscht : C:\Users\Petra Bickel\AppData\Local\SmartWeb
Ordner Gelöscht : C:\Users\Petra Bickel\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Petra Bickel\AppData\Roaming\Gameo
Ordner Gelöscht : C:\Users\Petra Bickel\AppData\Roaming\omiga-plus
Ordner Gelöscht : C:\Users\Petra Bickel\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Ordner Gelöscht : C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Windows\system32\drivers\pcwatch.sys
Datei Gelöscht : C:\Windows\system32\MyOSProtect.dll
Datei Gelöscht : C:\Users\PETRAB~1\AppData\Local\Temp\uninstaller.exe

***** [ Tasks ] *****

Task Gelöscht : Dealply
Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Petra Bickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKCU\Software\5853d88db06eef48
Schlüssel Gelöscht : HKLM\SOFTWARE\5853d88db06eef48
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\StormWatch
Schlüssel Gelöscht : HKCU\Software\gameo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\XTRM Group Ltd.
Schlüssel Gelöscht : HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v34.0.5 (x86 de)

[vfnvqbwu.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
[vfnvqbwu.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[vfnvqbwu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_cmi_14_41_ff&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azy0A0FtDyDyC0FyE0BtAzytN0D0Tzu0StCtDtCtBtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDy[...]
[vfnvqbwu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_cmi_14_41_ff&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azy0A0FtDyDyC0FyE0BtAzytN0D0Tzu0StCtDtCtBtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzyt[...]
[vfnvqbwu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[vfnvqbwu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[vfnvqbwu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_cmi_14_41_ff&cd=2XzuyEtN2Y1L1QzutAtDzzyD0Azy0A0FtDyDyC0FyE0BtAzytN0D0Tzu0StCtDtCtBtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBz[...]
[vfnvqbwu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[vfnvqbwu.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v37.0.2062.124


*************************

AdwCleaner[R0].txt - [30638 octets] - [12/12/2014 11:00:43]
AdwCleaner[S0].txt - [29683 octets] - [12/12/2014 11:05:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29744 octets] ##########
--- --- ---

JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by Petra Bickel on 10.01.2015 at 11:39:28,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Petra Bickel\AppData\Roaming\mozilla\firefox\profiles\vfnvqbwu.default\minidumps [226 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.01.2015 at 11:40:45,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by Petra Bickel at 2015-01-10 11:45:44 Run:1
Running from C:\Users\Petra Bickel\Desktop
Loaded Profile: Petra Bickel (Available profiles: Petra Bickel)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1282781746-330704567-2030712273-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49883;https=127.0.0.1:49883
S1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [20480 2014-09-01] () [File not signed] <==== ATTENTION
C:\Windows\system32\Drivers\pcwatch.sys
S3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] () [File not signed]
C:\Program Files\PCTRunner
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] ()
Winsock: Catalog9 25 C:\Windows\system32\MyOSProtect.dll [304776] ()
Tcpip\..\Interfaces\{E28571C8-3888-4AFB-BC0B-8ABCD772C258}: [NameServer] 5.135.12.56,199.203.35.78
cmd: netsh winsock reset
Emptytemp:

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1282781746-330704567-2030712273-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1282781746-330704567-2030712273-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
pcwatch => Service not found.
"C:\Windows\system32\Drivers\pcwatch.sys" => File/Directory not found.
MyOSProtect => Service not found.
"C:\Program Files\PCTRunner" => File/Directory not found.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => Key deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025 => Key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E28571C8-3888-4AFB-BC0B-8ABCD772C258}\\NameServer => value deleted successfully.

========= netsh winsock reset =========

Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107

Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= End of CMD: =========

EmptyTemp: => Removed 3 GB temporary data.


The system needed a reboot.

==== End of Fixlog 11:47:11 ====

und das neue FRST
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Petra (administrator) on 10-01-2015 11:51:13
Running from C:\Users\Petra Bickel\Desktop
Loaded Profile: Petra Bickel (Available profiles: Petra Bickel)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\System32\PSIService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9742952 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [Ulead AutoDetector v2] => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [384800 2012-11-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\MountPoints2: {8c698c03-7658-11e1-a292-3085a9af056f} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Petra Bickel\AppData\Roaming\Mozilla\Firefox\Profiles\vfnvqbwu.default
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1282781746-330704567-2030712273-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Petra Bickel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Petra Bickel\AppData\Roaming\Mozilla\Firefox\Profiles\vfnvqbwu.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Petra Bickel\AppData\Roaming\Mozilla\Firefox\Profiles\vfnvqbwu.default\searchplugins\google-maps.xml
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-02-10]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-02-10]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR StartMenuInternet: Google Chrome - chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [85280 2012-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [109344 2012-11-19] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [66176 2010-11-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [31872 2010-11-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83432 2012-11-16] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133824 2012-11-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36552 2012-11-16] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [5810 2004-08-13] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 11:51 - 2015-01-10 11:51 - 00014417 _____ () C:\Users\Petra Bickel\Desktop\FRST.txt
2015-01-10 11:44 - 2015-01-09 09:25 - 01115648 _____ (Farbar) C:\Users\Petra Bickel\Desktop\FRST.exe
2015-01-10 11:40 - 2015-01-10 11:40 - 00000896 _____ () C:\Users\Petra Bickel\Desktop\JRT.txt
2015-01-10 11:39 - 2015-01-10 11:39 - 00000000 ____D () C:\Windows\ERUNT
2015-01-10 11:28 - 2015-01-10 11:00 - 02191360 _____ () C:\Users\Petra Bickel\Desktop\AdwCleaner_4.107.exe
2015-01-10 11:12 - 2015-01-10 11:26 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 11:12 - 2015-01-10 11:12 - 00001103 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 11:12 - 2015-01-10 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-10 11:12 - 2015-01-10 11:12 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-10 11:12 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-10 11:12 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-10 11:12 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-10 11:03 - 2015-01-10 11:03 - 00001265 _____ () C:\Users\Petra Bickel\Desktop\Revo Uninstaller.lnk
2015-01-10 11:03 - 2015-01-10 11:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-09 09:28 - 2015-01-10 11:51 - 00000000 ____D () C:\FRST
2015-01-08 13:19 - 2015-01-08 13:19 - 00002055 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-08 13:19 - 2015-01-08 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-08 13:19 - 2012-11-16 20:17 - 00133824 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-08 13:19 - 2012-11-16 20:17 - 00083432 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-08 13:19 - 2012-11-16 20:17 - 00036552 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-08 12:35 - 2015-01-08 12:36 - 00000000 ____D () C:\Program Files\HP
2015-01-08 12:35 - 2015-01-08 12:35 - 00002195 _____ () C:\Users\Public\Desktop\HP Officejet 6700.lnk
2015-01-08 12:35 - 2015-01-08 12:35 - 00001167 _____ () C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6700.lnk
2015-01-08 12:35 - 2015-01-08 12:35 - 00000938 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-01-08 12:35 - 2015-01-08 12:35 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\HpUpdate
2015-01-08 12:35 - 2015-01-08 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-08 12:35 - 2015-01-08 12:35 - 00000000 ____D () C:\ProgramData\HP
2015-01-08 12:35 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5C12.dll
2015-01-08 12:34 - 2015-01-08 12:34 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-01-08 12:33 - 2015-01-08 13:09 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Local\HP
2015-01-08 12:25 - 2015-01-08 12:31 - 00001992 _____ () C:\Users\Public\Desktop\Installation von Reimage Repair fortsetzen.lnk
2015-01-08 11:45 - 2015-01-08 11:45 - 00003288 ____N () C:\bootsqm.dat
2015-01-07 08:45 - 2015-01-07 08:45 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\Avira
2015-01-07 08:43 - 2015-01-08 10:00 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-18 08:18 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-16 09:23 - 2014-12-16 09:23 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-15 16:48 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-15 16:48 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-15 16:48 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-15 16:48 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-15 16:48 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-15 10:46 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-15 10:46 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-15 10:46 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-15 10:46 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-15 10:46 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-15 10:46 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-15 10:46 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-15 10:46 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-15 10:46 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-15 10:46 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-15 10:46 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-15 10:46 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-15 10:46 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-15 10:46 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-15 10:46 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-15 10:46 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-15 10:46 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-15 10:46 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-15 10:46 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-15 10:46 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-15 10:46 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-15 10:46 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-15 10:46 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-15 10:46 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-15 10:46 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-15 10:46 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-15 10:46 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-15 10:46 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-15 10:46 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-15 10:46 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-15 10:46 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-15 10:45 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-15 10:45 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-15 10:45 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-15 10:45 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-15 10:45 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-15 10:45 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-15 09:40 - 2014-12-15 09:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-12 11:24 - 2014-12-15 10:38 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-12 11:24 - 2014-12-15 10:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-12 11:00 - 2015-01-10 11:31 - 00000000 ____D () C:\AdwCleaner
2014-12-11 08:14 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 08:14 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 08:14 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 11:49 - 2012-11-17 12:35 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\Skype
2015-01-10 11:48 - 2014-10-08 15:21 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-10 11:48 - 2013-06-26 13:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 11:48 - 2013-06-10 06:46 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-01-10 11:48 - 2013-06-03 06:53 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-01-10 11:48 - 2010-11-20 22:48 - 00792272 _____ () C:\Windows\PFRO.log
2015-01-10 11:48 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 11:48 - 2009-07-14 05:39 - 00081966 _____ () C:\Windows\setupact.log
2015-01-10 11:47 - 2012-03-25 10:03 - 01130237 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 11:45 - 2010-11-20 22:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-10 11:45 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-10 11:40 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 11:40 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 11:31 - 2014-10-09 08:03 - 00001080 _____ () C:\Users\Petra Bickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-10 11:31 - 2014-10-09 08:02 - 00001161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-10 11:31 - 2013-06-26 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 11:24 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-10 11:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-10 11:08 - 2012-11-17 12:26 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\MozillaFirefoxPackages
2015-01-09 11:01 - 2013-05-06 09:42 - 00000000 ____D () C:\Offa
2015-01-09 10:44 - 2012-11-16 07:10 - 00000000 ___RD () C:\Users\Petra Bickel\Desktop\Geschäftlich--Dokumente
2015-01-09 09:05 - 2014-10-08 15:47 - 00047104 ___SH () C:\Users\Petra Bickel\Documents\Thumbs.db
2015-01-08 12:35 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2015-01-08 11:39 - 2014-02-12 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-01-08 11:39 - 2014-02-12 14:22 - 00000000 ____D () C:\Program Files\Epson Software
2015-01-08 11:36 - 2014-02-12 14:21 - 00000000 ____D () C:\Program Files\epson
2015-01-08 11:35 - 2014-02-12 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-01-08 11:33 - 2014-02-12 14:19 - 00000000 ____D () C:\ProgramData\EPSON
2015-01-08 11:32 - 2012-11-15 13:06 - 00000000 ____D () C:\Users\Petra Bickel
2015-01-08 11:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-08 11:31 - 2014-02-12 14:21 - 00000000 ____D () C:\Program Files\EpsonNet
2015-01-08 11:31 - 2012-12-06 10:14 - 00000000 ____D () C:\Wolf32
2015-01-08 11:31 - 2012-03-23 09:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-08 11:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-08 11:30 - 2014-02-12 14:26 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-01-08 11:14 - 2013-01-23 15:45 - 00000000 ____D () C:\Users\Petra Bickel\Desktop\Schriftverkehr
2015-01-08 09:59 - 2013-06-10 11:24 - 00000000 ____D () C:\Users\Petra Bickel\Downloads\Angebote
2015-01-07 16:04 - 2013-01-07 16:00 - 00022528 _____ () C:\Users\Petra Bickel\Documents\Ordner.zdl
2015-01-07 12:12 - 2012-11-16 07:10 - 00268800 _____ () C:\Users\Petra Bickel\Desktop\Kundenliste.xls
2015-01-07 10:33 - 2014-01-17 11:10 - 00041984 _____ () C:\Users\Petra Bickel\Documents\Ordner 3.zdl
2015-01-07 10:33 - 2014-01-17 11:06 - 00026112 _____ () C:\Users\Petra Bickel\Documents\Ordner 2.zdl
2015-01-07 10:33 - 2014-01-17 11:02 - 00018432 _____ () C:\Users\Petra Bickel\Documents\Ordner 1.zdl
2015-01-07 09:53 - 2014-02-10 11:52 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-07 08:43 - 2012-12-04 09:48 - 00000000 ____D () C:\ProgramData\Avira
2015-01-07 08:43 - 2012-12-04 09:48 - 00000000 ____D () C:\Program Files\Avira
2014-12-30 11:16 - 2012-11-17 12:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 11:56 - 2013-06-26 13:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-22 11:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-19 09:02 - 2012-11-17 12:59 - 00000000 ____D () C:\Users\Petra Bickel\Desktop\Rechnungen Teba
2014-12-16 09:23 - 2014-05-07 06:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-16 09:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-15 16:49 - 2012-11-15 13:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-15 10:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-15 10:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-15 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-12-11 10:05 - 2014-03-04 11:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 08:10 - 2013-08-14 08:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 08:04 - 2013-03-12 10:36 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 13:39

==================== End Of Log ============================
--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Petra Bickel at 2015-01-10 11:52:29
Running from C:\Users\Petra Bickel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 13.0.0.2832 - Avira)
Brother MFL-Pro Suite MFC-7360N (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Corel Painter Essentials 3 (HKLM\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version:  - Corel Corporation)
Corel Painter Essentials 3 (Version: 3.2 - Corel Corporation) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DealPly (HKU\.DEFAULT\...\DealPly) (Version:  - ) <==== ATTENTION
DesignPro Ordner Software (HKLM\...\InstallShield_{0B224158-8E54-4D70-B298-E2C9C9DF7437}) (Version: 5.0.1056 - Avery Dennison)
DesignPro Ordner Software (Version: 5.0.1056 - Avery Dennison) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Epson Benutzerhandbuch WF-2540 Series (HKLM\...\WF-2540 Series Useg) (Version:  - )
Epson Connect Guide (HKLM\...\Epson Connect Guide) (Version:  - )
Epson Event Manager (HKLM\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-2540 Series (HKLM\...\WF-2540 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Freemake Youtube Mp3 Converter (HKLM\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.6.2 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{7D1EFB03-7D84-446E-8B90-6ECD7EDF4D55}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OpenAL (HKLM\...\OpenAL) (Version:  - )
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scansoft PDF Professional (Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Ulead PhotoImpact X3 (HKLM\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (Version: 1.00.0000 - Corel) Hidden
Unity Web Player (HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1282781746-330704567-2030712273-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Petra Bickel\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1282781746-330704567-2030712273-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\PETRAB~1\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1282781746-330704567-2030712273-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\PETRAB~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File

==================== Restore Points  =========================

18-12-2014 16:50:06 Windows Update
29-12-2014 09:48:49 Geplanter Prüfpunkt
30-12-2014 11:45:48 Windows Update
05-01-2015 11:47:39 Windows Update
07-01-2015 08:28:46 Wiederherstellungsvorgang
08-01-2015 11:03:57 Entfernt FAX Utility
08-01-2015 11:08:08 Removed Epson Event Manager
08-01-2015 11:28:37 Wiederherstellungsvorgang
08-01-2015 11:39:01 Removed Software Updater
10-01-2015 11:05:30 Revo Uninstaller's restore point - Avira SearchFree Toolbar plus Web Protection Updater
10-01-2015 11:06:51 Revo Uninstaller's restore point - DealPly
10-01-2015 11:07:48 Revo Uninstaller's restore point - Mozilla Firefox Packages
10-01-2015 11:09:07 Revo Uninstaller's restore point - Shopping Helper Smartbar
10-01-2015 11:10:10 Revo Uninstaller's restore point - WOLF Hydraulikschemen 1.1.0.8

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EFE6C82-E9DB-4074-A79D-50DE67174E74} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{88BC0756-0D07-40CD-BBA8-5BB39B868432}.exe
Task: {294403C6-7277-4B08-94B3-020EA1A55886} - System32\Tasks\{302C7B5C-408D-412D-AB0D-A93EE3B3D2DC} => pcalua.exe -a "C:\Users\Petra Bickel\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=tugs
Task: {352E6FA4-F6EB-4078-9AB0-8CC3BF9EF698} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{89C2E74F-BD9F-4AE8-8CD4-9A5AFC162371}.exe
Task: {67C5E919-ECAE-4D34-AA91-F4F4A9E20608} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8FB45581-BA33-46FA-92AA-80D3F3E41CF7} - System32\Tasks\{40296C00-F6A5-4FB4-B306-3FD57D23F443} => pcalua.exe -a "C:\Program Files\Verbindungsassistent\Uninstaller.exe"
Task: {911EE6A9-578F-403B-9AED-D887FBD7511D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {A9FC41D2-F70C-4119-862C-65D034D6FB41} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B7F6AF6A-9CD7-4287-9F97-333C287F3033} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {FE8E4F67-CFEC-4CCD-B162-3490B9746CF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{89C2E74F-BD9F-4AE8-8CD4-9A5AFC162371}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{88BC0756-0D07-40CD-BBA8-5BB39B868432}.exe
Task: C:\Windows\Tasks\CRLLSIE.job => C:\Users\Petra Bickel\AppData\Roaming\CRLLSIE.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OXK.job => C:\Users\Petra Bickel\AppData\Roaming\OXK.exe <==== ATTENTION
Task: C:\Windows\Tasks\RSVLY.job => C:\Users\Petra Bickel\AppData\Roaming\RSVLY.exe <==== ATTENTION
Task: C:\Windows\Tasks\YA.job => C:\Users\Petra Bickel\AppData\Roaming\YA.exe <==== ATTENTION
Task: C:\Windows\Tasks\YOXJXRCC.job => C:\Users\Petra Bickel\AppData\Roaming\YOXJXRCC.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2015-01-08 13:19 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2007-06-05 12:20 - 2007-06-05 12:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2014-07-24 12:20 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-06-17 07:29 - 2007-08-02 20:07 - 00034064 _____ () C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1282781746-330704567-2030712273-500 - Administrator - Disabled)
Gast (S-1-5-21-1282781746-330704567-2030712273-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1282781746-330704567-2030712273-1003 - Limited - Enabled)
Petra Bickel (S-1-5-21-1282781746-330704567-2030712273-1000 - Administrator - Enabled) => C:\Users\Petra Bickel

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2015 11:50:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/01/10 11:48:39.820]: [00002696]: Initialize TwdsMain Class failed!

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/01/10 11:48:39.820]: [00002696]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/01/10 11:48:39.680]: [00002696]: Initialize TwdsMain Class failed!

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2015/01/10 11:48:39.670]: [00002696]: ##### Fatal ERROR!! Create STI-device failed! #####


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/10/2015 11:50:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.820]: [00002696]: Initialize TwdsMain Class failed!

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.820]: [00002696]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.680]: [00002696]: Initialize TwdsMain Class failed!

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.670]: [00002696]: ##### Fatal ERROR!! Create STI-device failed! #####


CodeIntegrity Errors:
===================================
  Date: 2015-01-10 11:24:09.407
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-10 11:24:09.407
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-10 11:14:33.566
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-10 11:14:33.566
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-10 10:53:27.594
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-10 10:53:27.594
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 09:29:27.258
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 08:12:00.062
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 08:12:00.062
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-08 12:11:31.345
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 42%
Total physical RAM: 3326.12 MB
Available physical RAM: 1924.57 MB
Total Pagefile: 6650.52 MB
Available Pagefile: 5151.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.92 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:921.75 GB) (Free:867.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: () (Removable) (Total:3.74 GB) (Free:3.71 GB) FAT32
Drive h: () (Removable) (Total:0.94 GB) (Free:0.91 GB) FAT
Drive i: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.54 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8587F05B)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=921.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)

========================================================
Disk: 4 (Size: 3.7 GB) (Disk ID: 97827A7A)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

========================================================
Disk: 5 (Size: 960 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

schrauber 10.01.2015 13:25

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Simb 12.01.2015 09:24
Guten Morgen,

hier erstmal das Log von ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4dc1f95dc1d2e74b9e9f68fb6ce4bc51
# engine=21914
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-12 08:08:49
# local_time=2015-01-12 09:08:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 2936 286473419 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 47528120 172681320 0 0
# scanned=124577
# found=138
# cleaned=0
# scan_time=2087
sh=7A1343A0E2064C8774D0BE643158F131A0386CD2 ft=1 fh=48c076c3cdcd2953 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProSmartScan.exe.vir"
sh=4C24605BA8BA92489B563ACD5D836E1B4E8F3972 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb\1.26.53_0\extensionData\plugins\91.js.vir"
sh=30415FAA4383C88CAA8C965D4000A0BF21513CD9 ft=1 fh=2a9319f6e1583dd6 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\LPT\lrrot.dll.vir"
sh=EDA99A7F04473DE4275B74ED180CAA75B5B0B401 ft=1 fh=a406249d77e150fd vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=DE6834CB97913254FD4866C6B5D422A887A35642 ft=1 fh=c488c27fcc8aca97 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\LPT\sppsm.dll.vir"
sh=F8185B6453A18CD716AAF3003609F80AB20849B9 ft=1 fh=e41631ced4525243 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\LPT\spusm.dll.vir"
sh=49887FC0794B6F1412A1740B777BA2A00CD728D3 ft=1 fh=68cbb9a65d5505fa vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\LPT\srbs.dll.vir"
sh=596FB63EABCD57772ABA73D8DD60103FBD64B7E4 ft=1 fh=95cb732eb72281bc vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\LPT\srbu.dll.vir"
sh=FDF53261D30C1C9C06069C11AF0A8CC3D3E62EC5 ft=1 fh=29d8e0934b9db6f1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\LPT\srpt.dll.vir"
sh=A75AFA5AB8D4634FFF3295844BBF6EC1459C6F55 ft=1 fh=7b0226072ccef41f vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\LPT\srptc.dll.vir"
sh=FCF76BC638DB870349DA983C7D5FC2A309787FDD ft=1 fh=60026373e4a70065 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\Lrcnta.exe.vir"
sh=30415FAA4383C88CAA8C965D4000A0BF21513CD9 ft=1 fh=2a9319f6e1583dd6 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\lrrot.dll.vir"
sh=A75B7B767F29EAAD2DE8B7C1D479592EFC98B54C ft=1 fh=ce59cfd656e61d1a vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\Smartbar.exe.unused.vir"
sh=5FBC6B1DBA71CC17803431610039A5A1124C0BF3 ft=1 fh=aa3d391cc7c2ae8a vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir"
sh=4F075CB90CDFB713E902BF0240E647E3C4389831 ft=1 fh=58522e31113523b7 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=062C85C1B99B189104FBB7D057E3B6E9F9B7DE9C ft=1 fh=e496296e4aa656aa vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=87CC10A423D47A951D9E133158E174D30BF965AB ft=1 fh=2b5cfeb8be87aecc vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=1F5C0D00402D89818C6B3C335899B5848B713FCF ft=1 fh=3646c108b1cf78a0 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=EDA99A7F04473DE4275B74ED180CAA75B5B0B401 ft=1 fh=a406249d77e150fd vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=C7C7B806C4475ACFF7BBFF11409AAECF846771B8 ft=1 fh=ad9f2f65022175d9 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=C7C7B806C4475ACFF7BBFF11409AAECF846771B8 ft=1 fh=ad9f2f65022175d9 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=B43CFA9918C4D895BCEF825626FC7FE91499B447 ft=1 fh=0e801146cb094f0a vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=B43CFA9918C4D895BCEF825626FC7FE91499B447 ft=1 fh=0e801146cb094f0a vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=9292F65D0DF6AD2A086F42C5A474AECA0A214F71 ft=1 fh=3112937cbb51b250 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=0B8405CB988A2B922FB6059CFE842A6CEFBF7E64 ft=1 fh=ab0212a971a92890 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=188206A2D78B249161CDEE244C8EBA6E7F88D593 ft=1 fh=832520811942a55d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=4D7330351672D02F6D9678D9FC7495E542C6D204 ft=1 fh=78030f1356fd1170 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=DE6834CB97913254FD4866C6B5D422A887A35642 ft=1 fh=c488c27fcc8aca97 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=F8185B6453A18CD716AAF3003609F80AB20849B9 ft=1 fh=e41631ced4525243 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=8E1BB27D2857D3897390AC20E2F2FCD84D8A67B6 ft=1 fh=7a6a5e224a14bf0a vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\srau.dll.vir"
sh=49887FC0794B6F1412A1740B777BA2A00CD728D3 ft=1 fh=68cbb9a65d5505fa vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=596FB63EABCD57772ABA73D8DD60103FBD64B7E4 ft=1 fh=95cb732eb72281bc vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=88DE936E9C8E3948D42C00832C72E82DD89D049F ft=1 fh=f46760b0c7875b8c vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=52029ED04E99C5A9283DCBF823A91F7536994AE0 ft=1 fh=f7b553cb527f2109 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=635129AA920D7127B9F077E8CC7C9701DC87285F ft=1 fh=b2b387c4e2a7e744 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=7C58E0A7972D33C09A117B06EE5193B91A4DC799 ft=1 fh=fc49b1c70eb544e9 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=6D903BDA4566B45F549850E3DDA523B448D81BA1 ft=1 fh=2ae00181873c6412 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=3DEFE97A557B5E282B7C075AC150AB74CDA9E5F7 ft=1 fh=177f9667ade719c6 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=8E566D673E2E81BB338638DA84F4EF3948644B00 ft=1 fh=43f1f4bf4e18ab75 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=37BBE9B0B4DC5BD81344132BC68EA2B0B79C8834 ft=1 fh=b774b1a108d5d917 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dll.vir"
sh=E3A4D3DBE7F4045D8DF5CBB7659BAC2DC58C98FF ft=1 fh=a5b9b2288e58bcc2 vn="Win32/PriceGong.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Bickel\AppData\Local\SmartWeb\swhk.dll.vir"
sh=6DDC9D745EF9F8818E50BB7DCEA17FE4CC994766 ft=1 fh=7540c6a8024cb8dc vn="Win32/VOPackage.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PETRAB~1\AppData\Local\Temp\VOPackage.exe.vir"
sh=3C73B00F47569D76F2DF0F89BF7376A62512B7B8 ft=1 fh=336c42365045d80e vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Petra Bickel\AppData\Local\nsm26C4.tmp"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Petra Bickel\AppData\Roaming\CRLLSIE"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Petra Bickel\AppData\Roaming\OXK"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Petra Bickel\AppData\Roaming\RSVLY"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Petra Bickel\AppData\Roaming\YA"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Petra Bickel\AppData\Roaming\YOXJXRCC"
sh=FB6671A49A884070C6EF715D2F1FAD2BDBBBC136 ft=1 fh=2af0db3e042baa77 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI1C98.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=6DCC13A366785A704F46E8E25942B34855909256 ft=1 fh=d5332291222fca7d vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI1C98.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=0350DF22B6626CFD0AD4EB6007A2461F11CEEE10 ft=1 fh=209276bd891a8712 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI1C98.tmp-\spbe.dll"
sh=45A9E5328644E080C54C5F698851F45538944E18 ft=1 fh=e8d62f7bd8f8b91a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI1C98.tmp-\spbl.dll"
sh=B65091119509CD666CCCA7B15B877C4B022A7833 ft=1 fh=4367817249f0c42e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI1C98.tmp-\sppsm.dll"
sh=74170C095222A2C20A4890317F06F305E8F3AD4D ft=1 fh=c7c1dc6906c45ff4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI1C98.tmp-\spusm.dll"
sh=A9CBD104B9E7095FA2149353191B54C6BE529B89 ft=1 fh=175322f6e29cd6c3 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI1C98.tmp-\srbs.dll"
sh=04DB138EADC252C1A2A992522B885B1EC49FC51B ft=1 fh=2b5a7693da531107 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI1C98.tmp-\srbu.dll"
sh=FA84A01F54889BF65D7FF7FEE70C0ABB2022EB34 ft=1 fh=55bc1129650c5700 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI1C98.tmp-\srptc.dll"
sh=0245CD046791D326380C1B884024FD7C2F3FF831 ft=1 fh=ec54f2db7e2fe2a1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI1C98.tmp-\srpu.dll"
sh=FB6671A49A884070C6EF715D2F1FAD2BDBBBC136 ft=1 fh=2af0db3e042baa77 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6D9.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=6DCC13A366785A704F46E8E25942B34855909256 ft=1 fh=d5332291222fca7d vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6D9.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=0350DF22B6626CFD0AD4EB6007A2461F11CEEE10 ft=1 fh=209276bd891a8712 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6D9.tmp-\spbe.dll"
sh=45A9E5328644E080C54C5F698851F45538944E18 ft=1 fh=e8d62f7bd8f8b91a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6D9.tmp-\spbl.dll"
sh=B65091119509CD666CCCA7B15B877C4B022A7833 ft=1 fh=4367817249f0c42e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6D9.tmp-\sppsm.dll"
sh=74170C095222A2C20A4890317F06F305E8F3AD4D ft=1 fh=c7c1dc6906c45ff4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6D9.tmp-\spusm.dll"
sh=A9CBD104B9E7095FA2149353191B54C6BE529B89 ft=1 fh=175322f6e29cd6c3 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6D9.tmp-\srbs.dll"
sh=04DB138EADC252C1A2A992522B885B1EC49FC51B ft=1 fh=2b5a7693da531107 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6D9.tmp-\srbu.dll"
sh=FA84A01F54889BF65D7FF7FEE70C0ABB2022EB34 ft=1 fh=55bc1129650c5700 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6D9.tmp-\srptc.dll"
sh=0245CD046791D326380C1B884024FD7C2F3FF831 ft=1 fh=ec54f2db7e2fe2a1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6D9.tmp-\srpu.dll"
sh=FB6671A49A884070C6EF715D2F1FAD2BDBBBC136 ft=1 fh=2af0db3e042baa77 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI7486.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=6DCC13A366785A704F46E8E25942B34855909256 ft=1 fh=d5332291222fca7d vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI7486.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=0350DF22B6626CFD0AD4EB6007A2461F11CEEE10 ft=1 fh=209276bd891a8712 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI7486.tmp-\spbe.dll"
sh=45A9E5328644E080C54C5F698851F45538944E18 ft=1 fh=e8d62f7bd8f8b91a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI7486.tmp-\spbl.dll"
sh=B65091119509CD666CCCA7B15B877C4B022A7833 ft=1 fh=4367817249f0c42e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI7486.tmp-\sppsm.dll"
sh=74170C095222A2C20A4890317F06F305E8F3AD4D ft=1 fh=c7c1dc6906c45ff4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI7486.tmp-\spusm.dll"
sh=A9CBD104B9E7095FA2149353191B54C6BE529B89 ft=1 fh=175322f6e29cd6c3 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI7486.tmp-\srbs.dll"
sh=04DB138EADC252C1A2A992522B885B1EC49FC51B ft=1 fh=2b5a7693da531107 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI7486.tmp-\srbu.dll"
sh=FA84A01F54889BF65D7FF7FEE70C0ABB2022EB34 ft=1 fh=55bc1129650c5700 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI7486.tmp-\srptc.dll"
sh=0245CD046791D326380C1B884024FD7C2F3FF831 ft=1 fh=ec54f2db7e2fe2a1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI7486.tmp-\srpu.dll"
sh=FB6671A49A884070C6EF715D2F1FAD2BDBBBC136 ft=1 fh=2af0db3e042baa77 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIAD40.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=6DCC13A366785A704F46E8E25942B34855909256 ft=1 fh=d5332291222fca7d vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIAD40.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=0350DF22B6626CFD0AD4EB6007A2461F11CEEE10 ft=1 fh=209276bd891a8712 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIAD40.tmp-\spbe.dll"
sh=45A9E5328644E080C54C5F698851F45538944E18 ft=1 fh=e8d62f7bd8f8b91a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIAD40.tmp-\spbl.dll"
sh=B65091119509CD666CCCA7B15B877C4B022A7833 ft=1 fh=4367817249f0c42e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIAD40.tmp-\sppsm.dll"
sh=74170C095222A2C20A4890317F06F305E8F3AD4D ft=1 fh=c7c1dc6906c45ff4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIAD40.tmp-\spusm.dll"
sh=A9CBD104B9E7095FA2149353191B54C6BE529B89 ft=1 fh=175322f6e29cd6c3 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIAD40.tmp-\srbs.dll"
sh=04DB138EADC252C1A2A992522B885B1EC49FC51B ft=1 fh=2b5a7693da531107 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIAD40.tmp-\srbu.dll"
sh=FA84A01F54889BF65D7FF7FEE70C0ABB2022EB34 ft=1 fh=55bc1129650c5700 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIAD40.tmp-\srptc.dll"
sh=0245CD046791D326380C1B884024FD7C2F3FF831 ft=1 fh=ec54f2db7e2fe2a1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIAD40.tmp-\srpu.dll"
sh=FB6671A49A884070C6EF715D2F1FAD2BDBBBC136 ft=1 fh=2af0db3e042baa77 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBDAB.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=6DCC13A366785A704F46E8E25942B34855909256 ft=1 fh=d5332291222fca7d vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBDAB.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=0350DF22B6626CFD0AD4EB6007A2461F11CEEE10 ft=1 fh=209276bd891a8712 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBDAB.tmp-\spbe.dll"
sh=45A9E5328644E080C54C5F698851F45538944E18 ft=1 fh=e8d62f7bd8f8b91a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBDAB.tmp-\spbl.dll"
sh=B65091119509CD666CCCA7B15B877C4B022A7833 ft=1 fh=4367817249f0c42e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBDAB.tmp-\sppsm.dll"
sh=74170C095222A2C20A4890317F06F305E8F3AD4D ft=1 fh=c7c1dc6906c45ff4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBDAB.tmp-\spusm.dll"
sh=A9CBD104B9E7095FA2149353191B54C6BE529B89 ft=1 fh=175322f6e29cd6c3 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBDAB.tmp-\srbs.dll"
sh=04DB138EADC252C1A2A992522B885B1EC49FC51B ft=1 fh=2b5a7693da531107 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBDAB.tmp-\srbu.dll"
sh=FA84A01F54889BF65D7FF7FEE70C0ABB2022EB34 ft=1 fh=55bc1129650c5700 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBDAB.tmp-\srptc.dll"
sh=0245CD046791D326380C1B884024FD7C2F3FF831 ft=1 fh=ec54f2db7e2fe2a1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBDAB.tmp-\srpu.dll"
sh=FB6671A49A884070C6EF715D2F1FAD2BDBBBC136 ft=1 fh=2af0db3e042baa77 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBE79.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=6DCC13A366785A704F46E8E25942B34855909256 ft=1 fh=d5332291222fca7d vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBE79.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=0350DF22B6626CFD0AD4EB6007A2461F11CEEE10 ft=1 fh=209276bd891a8712 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBE79.tmp-\spbe.dll"
sh=45A9E5328644E080C54C5F698851F45538944E18 ft=1 fh=e8d62f7bd8f8b91a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBE79.tmp-\spbl.dll"
sh=B65091119509CD666CCCA7B15B877C4B022A7833 ft=1 fh=4367817249f0c42e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBE79.tmp-\sppsm.dll"
sh=74170C095222A2C20A4890317F06F305E8F3AD4D ft=1 fh=c7c1dc6906c45ff4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBE79.tmp-\spusm.dll"
sh=A9CBD104B9E7095FA2149353191B54C6BE529B89 ft=1 fh=175322f6e29cd6c3 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBE79.tmp-\srbs.dll"
sh=04DB138EADC252C1A2A992522B885B1EC49FC51B ft=1 fh=2b5a7693da531107 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBE79.tmp-\srbu.dll"
sh=FA84A01F54889BF65D7FF7FEE70C0ABB2022EB34 ft=1 fh=55bc1129650c5700 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBE79.tmp-\srptc.dll"
sh=0245CD046791D326380C1B884024FD7C2F3FF831 ft=1 fh=ec54f2db7e2fe2a1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIBE79.tmp-\srpu.dll"
sh=FB6671A49A884070C6EF715D2F1FAD2BDBBBC136 ft=1 fh=2af0db3e042baa77 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIEC8A.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=6DCC13A366785A704F46E8E25942B34855909256 ft=1 fh=d5332291222fca7d vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIEC8A.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=0350DF22B6626CFD0AD4EB6007A2461F11CEEE10 ft=1 fh=209276bd891a8712 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIEC8A.tmp-\spbe.dll"
sh=45A9E5328644E080C54C5F698851F45538944E18 ft=1 fh=e8d62f7bd8f8b91a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIEC8A.tmp-\spbl.dll"
sh=B65091119509CD666CCCA7B15B877C4B022A7833 ft=1 fh=4367817249f0c42e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIEC8A.tmp-\sppsm.dll"
sh=74170C095222A2C20A4890317F06F305E8F3AD4D ft=1 fh=c7c1dc6906c45ff4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIEC8A.tmp-\spusm.dll"
sh=A9CBD104B9E7095FA2149353191B54C6BE529B89 ft=1 fh=175322f6e29cd6c3 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIEC8A.tmp-\srbs.dll"
sh=04DB138EADC252C1A2A992522B885B1EC49FC51B ft=1 fh=2b5a7693da531107 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIEC8A.tmp-\srbu.dll"
sh=FA84A01F54889BF65D7FF7FEE70C0ABB2022EB34 ft=1 fh=55bc1129650c5700 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIEC8A.tmp-\srptc.dll"
sh=0245CD046791D326380C1B884024FD7C2F3FF831 ft=1 fh=ec54f2db7e2fe2a1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIEC8A.tmp-\srpu.dll"
sh=FB6671A49A884070C6EF715D2F1FAD2BDBBBC136 ft=1 fh=2af0db3e042baa77 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF624.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=6DCC13A366785A704F46E8E25942B34855909256 ft=1 fh=d5332291222fca7d vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF624.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=0350DF22B6626CFD0AD4EB6007A2461F11CEEE10 ft=1 fh=209276bd891a8712 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF624.tmp-\spbe.dll"
sh=45A9E5328644E080C54C5F698851F45538944E18 ft=1 fh=e8d62f7bd8f8b91a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF624.tmp-\spbl.dll"
sh=B65091119509CD666CCCA7B15B877C4B022A7833 ft=1 fh=4367817249f0c42e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF624.tmp-\sppsm.dll"
sh=74170C095222A2C20A4890317F06F305E8F3AD4D ft=1 fh=c7c1dc6906c45ff4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF624.tmp-\spusm.dll"
sh=A9CBD104B9E7095FA2149353191B54C6BE529B89 ft=1 fh=175322f6e29cd6c3 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF624.tmp-\srbs.dll"
sh=04DB138EADC252C1A2A992522B885B1EC49FC51B ft=1 fh=2b5a7693da531107 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF624.tmp-\srbu.dll"
sh=FA84A01F54889BF65D7FF7FEE70C0ABB2022EB34 ft=1 fh=55bc1129650c5700 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF624.tmp-\srptc.dll"
sh=0245CD046791D326380C1B884024FD7C2F3FF831 ft=1 fh=ec54f2db7e2fe2a1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF624.tmp-\srpu.dll"
sh=FB6671A49A884070C6EF715D2F1FAD2BDBBBC136 ft=1 fh=2af0db3e042baa77 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF7D2.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=6DCC13A366785A704F46E8E25942B34855909256 ft=1 fh=d5332291222fca7d vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF7D2.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=0350DF22B6626CFD0AD4EB6007A2461F11CEEE10 ft=1 fh=209276bd891a8712 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF7D2.tmp-\spbe.dll"
sh=45A9E5328644E080C54C5F698851F45538944E18 ft=1 fh=e8d62f7bd8f8b91a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF7D2.tmp-\spbl.dll"
sh=B65091119509CD666CCCA7B15B877C4B022A7833 ft=1 fh=4367817249f0c42e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF7D2.tmp-\sppsm.dll"
sh=74170C095222A2C20A4890317F06F305E8F3AD4D ft=1 fh=c7c1dc6906c45ff4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF7D2.tmp-\spusm.dll"
sh=A9CBD104B9E7095FA2149353191B54C6BE529B89 ft=1 fh=175322f6e29cd6c3 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF7D2.tmp-\srbs.dll"
sh=04DB138EADC252C1A2A992522B885B1EC49FC51B ft=1 fh=2b5a7693da531107 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF7D2.tmp-\srbu.dll"
sh=FA84A01F54889BF65D7FF7FEE70C0ABB2022EB34 ft=1 fh=55bc1129650c5700 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF7D2.tmp-\srptc.dll"
sh=0245CD046791D326380C1B884024FD7C2F3FF831 ft=1 fh=ec54f2db7e2fe2a1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIF7D2.tmp-\srpu.dll"
Das Log des Security-Checks:

Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 67
Java version 32-bit out of Date!
Adobe Flash Player 15.0.0.246 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (34.0.5)
Google Chrome 37.0.2062.124 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

und zu guter Letze das neue FRST
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Petra on 12-01-2015 09:21:05
Running from C:\Users\Petra Bickel\Desktop
Loaded Profile: Petra Bickel (Available profiles: Petra Bickel)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\System32\PSIService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9742952 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [Ulead AutoDetector v2] => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\MountPoints2: {8c698c03-7658-11e1-a292-3085a9af056f} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49883;https=127.0.0.1:49883
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Petra Bickel\AppData\Roaming\Mozilla\Firefox\Profiles\vfnvqbwu.default
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1282781746-330704567-2030712273-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Petra Bickel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Petra Bickel\AppData\Roaming\Mozilla\Firefox\Profiles\vfnvqbwu.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Petra Bickel\AppData\Roaming\Mozilla\Firefox\Profiles\vfnvqbwu.default\searchplugins\google-maps.xml
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-02-10]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-02-10]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2015-01-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-12] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [66176 2010-11-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [31872 2010-11-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2015-01-12] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-01-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-01-12] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [5810 2004-08-13] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 09:21 - 2015-01-12 09:21 - 00013623 _____ () C:\Users\Petra Bickel\Desktop\FRST.txt
2015-01-12 09:17 - 2015-01-12 09:17 - 00852505 _____ () C:\Users\Petra Bickel\Downloads\SecurityCheck.exe
2015-01-12 08:32 - 2015-01-12 08:32 - 02347384 _____ (ESET) C:\Users\Petra Bickel\Downloads\esetsmartinstaller_deu.exe
2015-01-12 08:21 - 2015-01-12 08:21 - 00001138 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-12 08:19 - 2015-01-12 08:17 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-10 11:44 - 2015-01-09 09:25 - 01115648 _____ (Farbar) C:\Users\Petra Bickel\Desktop\FRST.exe
2015-01-10 11:39 - 2015-01-10 11:39 - 00000000 ____D () C:\Windows\ERUNT
2015-01-10 11:28 - 2015-01-10 11:00 - 02191360 _____ () C:\Users\Petra Bickel\Desktop\AdwCleaner_4.107.exe
2015-01-10 11:12 - 2015-01-10 12:04 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 11:12 - 2015-01-10 11:12 - 00001103 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 11:12 - 2015-01-10 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-10 11:12 - 2015-01-10 11:12 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-10 11:12 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-10 11:12 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-10 11:12 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-10 11:03 - 2015-01-10 11:03 - 00001265 _____ () C:\Users\Petra Bickel\Desktop\Revo Uninstaller.lnk
2015-01-10 11:03 - 2015-01-10 11:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-09 09:28 - 2015-01-12 09:21 - 00000000 ____D () C:\FRST
2015-01-08 13:19 - 2015-01-12 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-08 13:19 - 2015-01-12 08:17 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-08 13:19 - 2015-01-12 08:17 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-08 13:19 - 2015-01-12 08:17 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-08 13:19 - 2015-01-08 13:19 - 00002055 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-08 12:35 - 2015-01-08 12:36 - 00000000 ____D () C:\Program Files\HP
2015-01-08 12:35 - 2015-01-08 12:35 - 00002195 _____ () C:\Users\Public\Desktop\HP Officejet 6700.lnk
2015-01-08 12:35 - 2015-01-08 12:35 - 00001167 _____ () C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6700.lnk
2015-01-08 12:35 - 2015-01-08 12:35 - 00000938 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-01-08 12:35 - 2015-01-08 12:35 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\HpUpdate
2015-01-08 12:35 - 2015-01-08 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-08 12:35 - 2015-01-08 12:35 - 00000000 ____D () C:\ProgramData\HP
2015-01-08 12:35 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5C12.dll
2015-01-08 12:34 - 2015-01-08 12:34 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-01-08 12:33 - 2015-01-08 13:09 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Local\HP
2015-01-08 11:45 - 2015-01-08 11:45 - 00003288 ____N () C:\bootsqm.dat
2015-01-07 08:45 - 2015-01-07 08:45 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\Avira
2015-01-07 08:43 - 2015-01-12 08:21 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-18 08:18 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-16 09:23 - 2014-12-16 09:23 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-15 16:48 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-15 16:48 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-15 16:48 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-15 16:48 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-15 16:48 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-15 10:46 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-15 10:46 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-15 10:46 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-15 10:46 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-15 10:46 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-15 10:46 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-15 10:46 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-15 10:46 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-15 10:46 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-15 10:46 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-15 10:46 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-15 10:46 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-15 10:46 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-15 10:46 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-15 10:46 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-15 10:46 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-15 10:46 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-15 10:46 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-15 10:46 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-15 10:46 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-15 10:46 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-15 10:46 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-15 10:46 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-15 10:46 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-15 10:46 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-15 10:46 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-15 10:46 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-15 10:46 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-15 10:46 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-15 10:46 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-15 10:46 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-15 10:45 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-15 10:45 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-15 10:45 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-15 10:45 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-15 10:45 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-15 10:45 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-15 09:40 - 2014-12-15 09:40 - 00000000 ____D () C:\ProgramData\Malwarebytes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 09:21 - 2012-11-17 12:35 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\Skype
2015-01-12 09:16 - 2012-11-17 12:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-12 09:03 - 2013-05-06 09:42 - 00000000 ____D () C:\Offa
2015-01-12 08:56 - 2013-06-26 13:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 08:28 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 08:28 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 08:25 - 2010-11-20 22:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-12 08:22 - 2012-03-25 10:03 - 01167942 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 08:21 - 2013-06-26 13:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 08:21 - 2013-06-10 06:46 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-01-12 08:21 - 2013-06-03 06:53 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-01-12 08:21 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 08:21 - 2009-07-14 05:39 - 00082078 _____ () C:\Windows\setupact.log
2015-01-12 08:09 - 2010-11-20 22:48 - 00793746 _____ () C:\Windows\PFRO.log
2015-01-10 12:25 - 2014-02-12 14:21 - 00000000 ____D () C:\Program Files\EpsonNet
2015-01-10 12:24 - 2014-02-12 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-01-10 12:24 - 2014-02-12 14:19 - 00000000 ____D () C:\ProgramData\EPSON
2015-01-10 12:19 - 2014-02-12 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-01-10 12:19 - 2014-02-12 14:22 - 00000000 ____D () C:\Program Files\Epson Software
2015-01-10 12:19 - 2012-03-23 09:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-10 12:12 - 2012-11-16 08:46 - 00000000 ____D () C:\Program Files\Brother
2015-01-10 12:11 - 2014-07-24 12:20 - 00000000 ____D () C:\Program Files\ControlCenter4
2015-01-10 11:57 - 2014-10-09 08:02 - 00002164 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-10 11:48 - 2014-10-08 15:21 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-10 11:45 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-10 11:31 - 2014-12-12 11:00 - 00000000 ____D () C:\AdwCleaner
2015-01-10 11:31 - 2014-10-09 08:03 - 00001080 _____ () C:\Users\Petra Bickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-10 11:31 - 2013-06-26 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 11:24 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-10 11:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-10 11:08 - 2012-11-17 12:26 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\MozillaFirefoxPackages
2015-01-09 10:44 - 2012-11-16 07:10 - 00000000 ___RD () C:\Users\Petra Bickel\Desktop\Geschäftlich--Dokumente
2015-01-09 09:05 - 2014-10-08 15:47 - 00047104 ___SH () C:\Users\Petra Bickel\Documents\Thumbs.db
2015-01-08 12:35 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2015-01-08 11:36 - 2014-02-12 14:21 - 00000000 ____D () C:\Program Files\epson
2015-01-08 11:32 - 2012-11-15 13:06 - 00000000 ____D () C:\Users\Petra Bickel
2015-01-08 11:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-08 11:31 - 2012-12-06 10:14 - 00000000 ____D () C:\Wolf32
2015-01-08 11:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-08 11:30 - 2014-02-12 14:26 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-01-08 11:14 - 2013-01-23 15:45 - 00000000 ____D () C:\Users\Petra Bickel\Desktop\Schriftverkehr
2015-01-08 09:59 - 2013-06-10 11:24 - 00000000 ____D () C:\Users\Petra Bickel\Downloads\Angebote
2015-01-07 16:04 - 2013-01-07 16:00 - 00022528 _____ () C:\Users\Petra Bickel\Documents\Ordner.zdl
2015-01-07 12:12 - 2012-11-16 07:10 - 00268800 _____ () C:\Users\Petra Bickel\Desktop\Kundenliste.xls
2015-01-07 10:33 - 2014-01-17 11:10 - 00041984 _____ () C:\Users\Petra Bickel\Documents\Ordner 3.zdl
2015-01-07 10:33 - 2014-01-17 11:06 - 00026112 _____ () C:\Users\Petra Bickel\Documents\Ordner 2.zdl
2015-01-07 10:33 - 2014-01-17 11:02 - 00018432 _____ () C:\Users\Petra Bickel\Documents\Ordner 1.zdl
2015-01-07 09:53 - 2014-02-10 11:52 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-07 08:43 - 2012-12-04 09:48 - 00000000 ____D () C:\ProgramData\Avira
2015-01-07 08:43 - 2012-12-04 09:48 - 00000000 ____D () C:\Program Files\Avira
2014-12-22 11:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-19 09:02 - 2012-11-17 12:59 - 00000000 ____D () C:\Users\Petra Bickel\Desktop\Rechnungen Teba
2014-12-16 09:23 - 2014-05-07 06:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-16 09:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-15 16:49 - 2012-11-15 13:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-15 10:38 - 2014-12-12 11:24 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-15 10:37 - 2014-12-12 11:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-15 10:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-15 10:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-15 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports

Some content of TEMP:
====================
C:\Users\Petra Bickel\AppData\Local\Temp\avgnt.exe
C:\Users\Petra Bickel\AppData\Local\Temp\_is65C4.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 13:39

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Petra Bickel at 2015-01-12 09:21:53
Running from C:\Users\Petra Bickel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira (HKLM\...\{4241d738-563d-4685-803c-e58b90a2e5e8}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Corel Painter Essentials 3 (HKLM\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version:  - Corel Corporation)
Corel Painter Essentials 3 (Version: 3.2 - Corel Corporation) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DealPly (HKU\.DEFAULT\...\DealPly) (Version:  - ) <==== ATTENTION
DesignPro Ordner Software (HKLM\...\InstallShield_{0B224158-8E54-4D70-B298-E2C9C9DF7437}) (Version: 5.0.1056 - Avery Dennison)
DesignPro Ordner Software (Version: 5.0.1056 - Avery Dennison) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Freemake Youtube Mp3 Converter (HKLM\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.6.2 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{7D1EFB03-7D84-446E-8B90-6ECD7EDF4D55}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OpenAL (HKLM\...\OpenAL) (Version:  - )
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scansoft PDF Professional (Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Ulead PhotoImpact X3 (HKLM\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (Version: 1.00.0000 - Corel) Hidden
Unity Web Player (HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1282781746-330704567-2030712273-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Petra Bickel\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1282781746-330704567-2030712273-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\PETRAB~1\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1282781746-330704567-2030712273-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\PETRAB~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File

==================== Restore Points  =========================

29-12-2014 09:48:49 Geplanter Prüfpunkt
30-12-2014 11:45:48 Windows Update
05-01-2015 11:47:39 Windows Update
07-01-2015 08:28:46 Wiederherstellungsvorgang
08-01-2015 11:03:57 Entfernt FAX Utility
08-01-2015 11:08:08 Removed Epson Event Manager
08-01-2015 11:28:37 Wiederherstellungsvorgang
08-01-2015 11:39:01 Removed Software Updater
10-01-2015 11:05:30 Revo Uninstaller's restore point - Avira SearchFree Toolbar plus Web Protection Updater
10-01-2015 11:06:51 Revo Uninstaller's restore point - DealPly
10-01-2015 11:07:48 Revo Uninstaller's restore point - Mozilla Firefox Packages
10-01-2015 11:09:07 Revo Uninstaller's restore point - Shopping Helper Smartbar
10-01-2015 11:10:10 Revo Uninstaller's restore point - WOLF Hydraulikschemen 1.1.0.8
10-01-2015 12:12:06 Entfernt Brother Software Suite
10-01-2015 12:16:33 Revo Uninstaller's restore point - Epson Benutzerhandbuch WF-2540 Series
10-01-2015 12:17:33 Revo Uninstaller's restore point - Epson Connect Guide
10-01-2015 12:18:24 Revo Uninstaller's restore point - Epson Event Manager
10-01-2015 12:18:34 Removed Epson Event Manager
10-01-2015 12:19:55 Revo Uninstaller's restore point - Epson FAX Utility
10-01-2015 12:20:56 Revo Uninstaller's restore point - Epson Netzwerkhandbuch WF-2540 Series
10-01-2015 12:21:55 Revo Uninstaller's restore point - Epson PC-FAX Driver
10-01-2015 12:22:24 Revo Uninstaller's restore point - EPSON WF-2540 Series Printer Uninstall
10-01-2015 12:24:26 Revo Uninstaller's restore point - EpsonNet Print

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EFE6C82-E9DB-4074-A79D-50DE67174E74} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{88BC0756-0D07-40CD-BBA8-5BB39B868432}.exe
Task: {294403C6-7277-4B08-94B3-020EA1A55886} - System32\Tasks\{302C7B5C-408D-412D-AB0D-A93EE3B3D2DC} => pcalua.exe -a "C:\Users\Petra Bickel\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=tugs
Task: {352E6FA4-F6EB-4078-9AB0-8CC3BF9EF698} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{89C2E74F-BD9F-4AE8-8CD4-9A5AFC162371}.exe
Task: {67C5E919-ECAE-4D34-AA91-F4F4A9E20608} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8FB45581-BA33-46FA-92AA-80D3F3E41CF7} - System32\Tasks\{40296C00-F6A5-4FB4-B306-3FD57D23F443} => pcalua.exe -a "C:\Program Files\Verbindungsassistent\Uninstaller.exe"
Task: {911EE6A9-578F-403B-9AED-D887FBD7511D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {A9FC41D2-F70C-4119-862C-65D034D6FB41} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B7F6AF6A-9CD7-4287-9F97-333C287F3033} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {FE8E4F67-CFEC-4CCD-B162-3490B9746CF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{89C2E74F-BD9F-4AE8-8CD4-9A5AFC162371}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{88BC0756-0D07-40CD-BBA8-5BB39B868432}.exe
Task: C:\Windows\Tasks\CRLLSIE.job => C:\Users\Petra Bickel\AppData\Roaming\CRLLSIE.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OXK.job => C:\Users\Petra Bickel\AppData\Roaming\OXK.exe <==== ATTENTION
Task: C:\Windows\Tasks\RSVLY.job => C:\Users\Petra Bickel\AppData\Roaming\RSVLY.exe <==== ATTENTION
Task: C:\Windows\Tasks\YA.job => C:\Users\Petra Bickel\AppData\Roaming\YA.exe <==== ATTENTION
Task: C:\Windows\Tasks\YOXJXRCC.job => C:\Users\Petra Bickel\AppData\Roaming\YOXJXRCC.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2007-06-05 12:20 - 2007-06-05 12:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2013-06-17 07:29 - 2007-08-02 20:07 - 00034064 _____ () C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2014-12-09 09:24 - 2014-12-09 09:24 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1282781746-330704567-2030712273-500 - Administrator - Disabled)
Gast (S-1-5-21-1282781746-330704567-2030712273-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1282781746-330704567-2030712273-1003 - Limited - Enabled)
Petra Bickel (S-1-5-21-1282781746-330704567-2030712273-1000 - Administrator - Enabled) => C:\Users\Petra Bickel

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2015 08:22:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 08:11:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 00:22:58 PM) (Source: RpcNs) (EventID: 2) (User: )
Description: "C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE"1708

Error: (01/10/2015 00:12:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {68f9ae54-a755-4dbd-af42-c0cd93e7e9ce}

Error: (01/10/2015 11:50:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.820]: [00002696]: Initialize TwdsMain Class failed!

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.820]: [00002696]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.680]: [00002696]: Initialize TwdsMain Class failed!

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.670]: [00002696]: ##### Fatal ERROR!! Create STI-device failed! #####


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/12/2015 08:22:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 08:11:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 00:22:58 PM) (Source: RpcNs) (EventID: 2) (User: )
Description: "C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE"1708

Error: (01/10/2015 00:12:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {68f9ae54-a755-4dbd-af42-c0cd93e7e9ce}

Error: (01/10/2015 11:50:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.820]: [00002696]: Initialize TwdsMain Class failed!

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.820]: [00002696]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.680]: [00002696]: Initialize TwdsMain Class failed!

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.670]: [00002696]: ##### Fatal ERROR!! Create STI-device failed! #####


CodeIntegrity Errors:
===================================
  Date: 2015-01-10 11:24:09.407
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-10 11:24:09.407
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-10 11:14:33.566
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-10 11:14:33.566
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-10 10:53:27.594
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-10 10:53:27.594
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 09:29:27.258
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 08:12:00.062
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 08:12:00.062
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-08 12:11:31.345
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 43%
Total physical RAM: 3326.12 MB
Available physical RAM: 1893.38 MB
Total Pagefile: 6650.52 MB
Available Pagefile: 4971.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.1 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:921.75 GB) (Free:866.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8587F05B)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=921.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 12.01.2015 09:45
Java, Flash und Chrome updaten.

Dealply deinstallieren.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Petra Bickel\AppData\Local\nsm26C4.tmp

C:\Users\Petra Bickel\AppData\Roaming\CRLLSIE

C:\Users\Petra Bickel\AppData\Roaming\OXK

C:\Users\Petra Bickel\AppData\Roaming\RSVLY

C:\Users\Petra Bickel\AppData\Roaming\YA

C:\Users\Petra Bickel\AppData\Roaming\YOXJXRCC

C:\Windows\Installer\MSI1C98.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSI1C98.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSI1C98.tmp-\spbe.dll

C:\Windows\Installer\MSI1C98.tmp-\spbl.dll

C:\Windows\Installer\MSI1C98.tmp-\sppsm.dll

C:\Windows\Installer\MSI1C98.tmp-\spusm.dll

C:\Windows\Installer\MSI1C98.tmp-\srbs.dll

C:\Windows\Installer\MSI1C98.tmp-\srbu.dll

C:\Windows\Installer\MSI1C98.tmp-\srptc.dll

C:\Windows\Installer\MSI1C98.tmp-\srpu.dll

C:\Windows\Installer\MSI6D9.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSI6D9.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSI6D9.tmp-\spbe.dll

C:\Windows\Installer\MSI6D9.tmp-\spbl.dll

C:\Windows\Installer\MSI6D9.tmp-\sppsm.dll

C:\Windows\Installer\MSI6D9.tmp-\spusm.dll

C:\Windows\Installer\MSI6D9.tmp-\srbs.dll

C:\Windows\Installer\MSI6D9.tmp-\srbu.dll

C:\Windows\Installer\MSI6D9.tmp-\srptc.dll

C:\Windows\Installer\MSI6D9.tmp-\srpu.dll

C:\Windows\Installer\MSI7486.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSI7486.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSI7486.tmp-\spbe.dll

C:\Windows\Installer\MSI7486.tmp-\spbl.dll

C:\Windows\Installer\MSI7486.tmp-\sppsm.dll

C:\Windows\Installer\MSI7486.tmp-\spusm.dll

C:\Windows\Installer\MSI7486.tmp-\srbs.dll

C:\Windows\Installer\MSI7486.tmp-\srbu.dll

C:\Windows\Installer\MSI7486.tmp-\srptc.dll

C:\Windows\Installer\MSI7486.tmp-\srpu.dll

C:\Windows\Installer\MSIAD40.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSIAD40.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSIAD40.tmp-\spbe.dll

C:\Windows\Installer\MSIAD40.tmp-\spbl.dll

C:\Windows\Installer\MSIAD40.tmp-\sppsm.dll

C:\Windows\Installer\MSIAD40.tmp-\spusm.dll

C:\Windows\Installer\MSIAD40.tmp-\srbs.dll

C:\Windows\Installer\MSIAD40.tmp-\srbu.dll

C:\Windows\Installer\MSIAD40.tmp-\srptc.dll

C:\Windows\Installer\MSIAD40.tmp-\srpu.dll

C:\Windows\Installer\MSIBDAB.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSIBDAB.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSIBDAB.tmp-\spbe.dll

C:\Windows\Installer\MSIBDAB.tmp-\spbl.dll

C:\Windows\Installer\MSIBDAB.tmp-\sppsm.dll

C:\Windows\Installer\MSIBDAB.tmp-\spusm.dll

C:\Windows\Installer\MSIBDAB.tmp-\srbs.dll

C:\Windows\Installer\MSIBDAB.tmp-\srbu.dll

C:\Windows\Installer\MSIBDAB.tmp-\srptc.dll

C:\Windows\Installer\MSIBDAB.tmp-\srpu.dll

C:\Windows\Installer\MSIBE79.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSIBE79.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSIBE79.tmp-\spbe.dll

C:\Windows\Installer\MSIBE79.tmp-\spbl.dll

C:\Windows\Installer\MSIBE79.tmp-\sppsm.dll

C:\Windows\Installer\MSIBE79.tmp-\spusm.dll

C:\Windows\Installer\MSIBE79.tmp-\srbs.dll

C:\Windows\Installer\MSIBE79.tmp-\srbu.dll

C:\Windows\Installer\MSIBE79.tmp-\srptc.dll

C:\Windows\Installer\MSIBE79.tmp-\srpu.dll

C:\Windows\Installer\MSIEC8A.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSIEC8A.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSIEC8A.tmp-\spbe.dll

C:\Windows\Installer\MSIEC8A.tmp-\spbl.dll

C:\Windows\Installer\MSIEC8A.tmp-\sppsm.dll

C:\Windows\Installer\MSIEC8A.tmp-\spusm.dll

C:\Windows\Installer\MSIEC8A.tmp-\srbs.dll

C:\Windows\Installer\MSIEC8A.tmp-\srbu.dll

C:\Windows\Installer\MSIEC8A.tmp-\srptc.dll

C:\Windows\Installer\MSIEC8A.tmp-\srpu.dll

C:\Windows\Installer\MSIF624.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSIF624.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSIF624.tmp-\spbe.dll

C:\Windows\Installer\MSIF624.tmp-\spbl.dll

C:\Windows\Installer\MSIF624.tmp-\sppsm.dll

C:\Windows\Installer\MSIF624.tmp-\spusm.dll

C:\Windows\Installer\MSIF624.tmp-\srbs.dll

C:\Windows\Installer\MSIF624.tmp-\srbu.dll

C:\Windows\Installer\MSIF624.tmp-\srptc.dll

C:\Windows\Installer\MSIF624.tmp-\srpu.dll

C:\Windows\Installer\MSIF7D2.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSIF7D2.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSIF7D2.tmp-\spbe.dll

C:\Windows\Installer\MSIF7D2.tmp-\spbl.dll

C:\Windows\Installer\MSIF7D2.tmp-\sppsm.dll

C:\Windows\Installer\MSIF7D2.tmp-\spusm.dll

C:\Windows\Installer\MSIF7D2.tmp-\srbs.dll

C:\Windows\Installer\MSIF7D2.tmp-\srbu.dll

C:\Windows\Installer\MSIF7D2.tmp-\srptc.dll

C:\Windows\Installer\MSIF7D2.tmp-\srpu.dll

Task: C:\Windows\Tasks\CRLLSIE.job => C:\Users\Petra Bickel\AppData\Roaming\CRLLSIE.exe <==== ATTENTION

Task: C:\Windows\Tasks\OXK.job => C:\Users\Petra Bickel\AppData\Roaming\OXK.exe <==== ATTENTION

Task: C:\Windows\Tasks\RSVLY.job => C:\Users\Petra Bickel\AppData\Roaming\RSVLY.exe <==== ATTENTION

Task: C:\Windows\Tasks\YA.job => C:\Users\Petra Bickel\AppData\Roaming\YA.exe <==== ATTENTION

Task: C:\Windows\Tasks\YOXJXRCC.job => C:\Users\Petra Bickel\AppData\Roaming\YOXJXRCC.exe <==== ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49883;https=127.0.0.1:49883
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte. Noch Probleme?

Simb 12.01.2015 11:36
Hallöchen nochmal,

also Probleme habe ich keine mehr, läuft alles wie am Schnürchen.
Der Flash Player will kein Update und Chrome möchte ich wieder löschen, da ich den eh nie verwende.

Hier das Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by Petra Bickel at 2015-01-12 10:56:05 Run:2
Running from C:\Users\Petra Bickel\Desktop
Loaded Profile: Petra Bickel (Available profiles: Petra Bickel)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Petra Bickel\AppData\Local\nsm26C4.tmp

C:\Users\Petra Bickel\AppData\Roaming\CRLLSIE

C:\Users\Petra Bickel\AppData\Roaming\OXK

C:\Users\Petra Bickel\AppData\Roaming\RSVLY

C:\Users\Petra Bickel\AppData\Roaming\YA

C:\Users\Petra Bickel\AppData\Roaming\YOXJXRCC

C:\Windows\Installer\MSI1C98.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSI1C98.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSI1C98.tmp-\spbe.dll

C:\Windows\Installer\MSI1C98.tmp-\spbl.dll

C:\Windows\Installer\MSI1C98.tmp-\sppsm.dll

C:\Windows\Installer\MSI1C98.tmp-\spusm.dll

C:\Windows\Installer\MSI1C98.tmp-\srbs.dll

C:\Windows\Installer\MSI1C98.tmp-\srbu.dll

C:\Windows\Installer\MSI1C98.tmp-\srptc.dll

C:\Windows\Installer\MSI1C98.tmp-\srpu.dll

C:\Windows\Installer\MSI6D9.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSI6D9.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSI6D9.tmp-\spbe.dll

C:\Windows\Installer\MSI6D9.tmp-\spbl.dll

C:\Windows\Installer\MSI6D9.tmp-\sppsm.dll

C:\Windows\Installer\MSI6D9.tmp-\spusm.dll

C:\Windows\Installer\MSI6D9.tmp-\srbs.dll

C:\Windows\Installer\MSI6D9.tmp-\srbu.dll

C:\Windows\Installer\MSI6D9.tmp-\srptc.dll

C:\Windows\Installer\MSI6D9.tmp-\srpu.dll

C:\Windows\Installer\MSI7486.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSI7486.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSI7486.tmp-\spbe.dll

C:\Windows\Installer\MSI7486.tmp-\spbl.dll

C:\Windows\Installer\MSI7486.tmp-\sppsm.dll

C:\Windows\Installer\MSI7486.tmp-\spusm.dll

C:\Windows\Installer\MSI7486.tmp-\srbs.dll

C:\Windows\Installer\MSI7486.tmp-\srbu.dll

C:\Windows\Installer\MSI7486.tmp-\srptc.dll

C:\Windows\Installer\MSI7486.tmp-\srpu.dll

C:\Windows\Installer\MSIAD40.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSIAD40.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSIAD40.tmp-\spbe.dll

C:\Windows\Installer\MSIAD40.tmp-\spbl.dll

C:\Windows\Installer\MSIAD40.tmp-\sppsm.dll

C:\Windows\Installer\MSIAD40.tmp-\spusm.dll

C:\Windows\Installer\MSIAD40.tmp-\srbs.dll

C:\Windows\Installer\MSIAD40.tmp-\srbu.dll

C:\Windows\Installer\MSIAD40.tmp-\srptc.dll

C:\Windows\Installer\MSIAD40.tmp-\srpu.dll

C:\Windows\Installer\MSIBDAB.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSIBDAB.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSIBDAB.tmp-\spbe.dll

C:\Windows\Installer\MSIBDAB.tmp-\spbl.dll

C:\Windows\Installer\MSIBDAB.tmp-\sppsm.dll

C:\Windows\Installer\MSIBDAB.tmp-\spusm.dll

C:\Windows\Installer\MSIBDAB.tmp-\srbs.dll

C:\Windows\Installer\MSIBDAB.tmp-\srbu.dll

C:\Windows\Installer\MSIBDAB.tmp-\srptc.dll

C:\Windows\Installer\MSIBDAB.tmp-\srpu.dll

C:\Windows\Installer\MSIBE79.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSIBE79.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSIBE79.tmp-\spbe.dll

C:\Windows\Installer\MSIBE79.tmp-\spbl.dll

C:\Windows\Installer\MSIBE79.tmp-\sppsm.dll

C:\Windows\Installer\MSIBE79.tmp-\spusm.dll

C:\Windows\Installer\MSIBE79.tmp-\srbs.dll

C:\Windows\Installer\MSIBE79.tmp-\srbu.dll

C:\Windows\Installer\MSIBE79.tmp-\srptc.dll

C:\Windows\Installer\MSIBE79.tmp-\srpu.dll

C:\Windows\Installer\MSIEC8A.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSIEC8A.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSIEC8A.tmp-\spbe.dll

C:\Windows\Installer\MSIEC8A.tmp-\spbl.dll

C:\Windows\Installer\MSIEC8A.tmp-\sppsm.dll

C:\Windows\Installer\MSIEC8A.tmp-\spusm.dll

C:\Windows\Installer\MSIEC8A.tmp-\srbs.dll

C:\Windows\Installer\MSIEC8A.tmp-\srbu.dll

C:\Windows\Installer\MSIEC8A.tmp-\srptc.dll

C:\Windows\Installer\MSIEC8A.tmp-\srpu.dll

C:\Windows\Installer\MSIF624.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSIF624.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSIF624.tmp-\spbe.dll

C:\Windows\Installer\MSIF624.tmp-\spbl.dll

C:\Windows\Installer\MSIF624.tmp-\sppsm.dll

C:\Windows\Installer\MSIF624.tmp-\spusm.dll

C:\Windows\Installer\MSIF624.tmp-\srbs.dll

C:\Windows\Installer\MSIF624.tmp-\srbu.dll

C:\Windows\Installer\MSIF624.tmp-\srptc.dll

C:\Windows\Installer\MSIF624.tmp-\srpu.dll

C:\Windows\Installer\MSIF7D2.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSIF7D2.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSIF7D2.tmp-\spbe.dll

C:\Windows\Installer\MSIF7D2.tmp-\spbl.dll

C:\Windows\Installer\MSIF7D2.tmp-\sppsm.dll

C:\Windows\Installer\MSIF7D2.tmp-\spusm.dll

C:\Windows\Installer\MSIF7D2.tmp-\srbs.dll

C:\Windows\Installer\MSIF7D2.tmp-\srbu.dll

C:\Windows\Installer\MSIF7D2.tmp-\srptc.dll

C:\Windows\Installer\MSIF7D2.tmp-\srpu.dll

Task: C:\Windows\Tasks\CRLLSIE.job => C:\Users\Petra Bickel\AppData\Roaming\CRLLSIE.exe <==== ATTENTION

Task: C:\Windows\Tasks\OXK.job => C:\Users\Petra Bickel\AppData\Roaming\OXK.exe <==== ATTENTION

Task: C:\Windows\Tasks\RSVLY.job => C:\Users\Petra Bickel\AppData\Roaming\RSVLY.exe <==== ATTENTION

Task: C:\Windows\Tasks\YA.job => C:\Users\Petra Bickel\AppData\Roaming\YA.exe <==== ATTENTION

Task: C:\Windows\Tasks\YOXJXRCC.job => C:\Users\Petra Bickel\AppData\Roaming\YOXJXRCC.exe <==== ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49883;https=127.0.0.1:49883
Emptytemp:

*****************

C:\Users\Petra Bickel\AppData\Local\nsm26C4.tmp => Moved successfully.
C:\Users\Petra Bickel\AppData\Roaming\CRLLSIE => Moved successfully.
C:\Users\Petra Bickel\AppData\Roaming\OXK => Moved successfully.
C:\Users\Petra Bickel\AppData\Roaming\RSVLY => Moved successfully.
C:\Users\Petra Bickel\AppData\Roaming\YA => Moved successfully.
C:\Users\Petra Bickel\AppData\Roaming\YOXJXRCC => Moved successfully.
C:\Windows\Installer\MSI1C98.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll => Moved successfully.
C:\Windows\Installer\MSI1C98.tmp-\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Windows\Installer\MSI1C98.tmp-\spbe.dll => Moved successfully.
C:\Windows\Installer\MSI1C98.tmp-\spbl.dll => Moved successfully.
C:\Windows\Installer\MSI1C98.tmp-\sppsm.dll => Moved successfully.
C:\Windows\Installer\MSI1C98.tmp-\spusm.dll => Moved successfully.
C:\Windows\Installer\MSI1C98.tmp-\srbs.dll => Moved successfully.
C:\Windows\Installer\MSI1C98.tmp-\srbu.dll => Moved successfully.
C:\Windows\Installer\MSI1C98.tmp-\srptc.dll => Moved successfully.
C:\Windows\Installer\MSI1C98.tmp-\srpu.dll => Moved successfully.
C:\Windows\Installer\MSI6D9.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll => Moved successfully.
C:\Windows\Installer\MSI6D9.tmp-\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Windows\Installer\MSI6D9.tmp-\spbe.dll => Moved successfully.
C:\Windows\Installer\MSI6D9.tmp-\spbl.dll => Moved successfully.
C:\Windows\Installer\MSI6D9.tmp-\sppsm.dll => Moved successfully.
C:\Windows\Installer\MSI6D9.tmp-\spusm.dll => Moved successfully.
C:\Windows\Installer\MSI6D9.tmp-\srbs.dll => Moved successfully.
C:\Windows\Installer\MSI6D9.tmp-\srbu.dll => Moved successfully.
C:\Windows\Installer\MSI6D9.tmp-\srptc.dll => Moved successfully.
C:\Windows\Installer\MSI6D9.tmp-\srpu.dll => Moved successfully.
C:\Windows\Installer\MSI7486.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll => Moved successfully.
C:\Windows\Installer\MSI7486.tmp-\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Windows\Installer\MSI7486.tmp-\spbe.dll => Moved successfully.
C:\Windows\Installer\MSI7486.tmp-\spbl.dll => Moved successfully.
C:\Windows\Installer\MSI7486.tmp-\sppsm.dll => Moved successfully.
C:\Windows\Installer\MSI7486.tmp-\spusm.dll => Moved successfully.
C:\Windows\Installer\MSI7486.tmp-\srbs.dll => Moved successfully.
C:\Windows\Installer\MSI7486.tmp-\srbu.dll => Moved successfully.
C:\Windows\Installer\MSI7486.tmp-\srptc.dll => Moved successfully.
C:\Windows\Installer\MSI7486.tmp-\srpu.dll => Moved successfully.
C:\Windows\Installer\MSIAD40.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll => Moved successfully.
C:\Windows\Installer\MSIAD40.tmp-\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Windows\Installer\MSIAD40.tmp-\spbe.dll => Moved successfully.
C:\Windows\Installer\MSIAD40.tmp-\spbl.dll => Moved successfully.
C:\Windows\Installer\MSIAD40.tmp-\sppsm.dll => Moved successfully.
C:\Windows\Installer\MSIAD40.tmp-\spusm.dll => Moved successfully.
C:\Windows\Installer\MSIAD40.tmp-\srbs.dll => Moved successfully.
C:\Windows\Installer\MSIAD40.tmp-\srbu.dll => Moved successfully.
C:\Windows\Installer\MSIAD40.tmp-\srptc.dll => Moved successfully.
C:\Windows\Installer\MSIAD40.tmp-\srpu.dll => Moved successfully.
C:\Windows\Installer\MSIBDAB.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll => Moved successfully.
C:\Windows\Installer\MSIBDAB.tmp-\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Windows\Installer\MSIBDAB.tmp-\spbe.dll => Moved successfully.
C:\Windows\Installer\MSIBDAB.tmp-\spbl.dll => Moved successfully.
C:\Windows\Installer\MSIBDAB.tmp-\sppsm.dll => Moved successfully.
C:\Windows\Installer\MSIBDAB.tmp-\spusm.dll => Moved successfully.
C:\Windows\Installer\MSIBDAB.tmp-\srbs.dll => Moved successfully.
C:\Windows\Installer\MSIBDAB.tmp-\srbu.dll => Moved successfully.
C:\Windows\Installer\MSIBDAB.tmp-\srptc.dll => Moved successfully.
C:\Windows\Installer\MSIBDAB.tmp-\srpu.dll => Moved successfully.
C:\Windows\Installer\MSIBE79.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll => Moved successfully.
C:\Windows\Installer\MSIBE79.tmp-\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Windows\Installer\MSIBE79.tmp-\spbe.dll => Moved successfully.
C:\Windows\Installer\MSIBE79.tmp-\spbl.dll => Moved successfully.
C:\Windows\Installer\MSIBE79.tmp-\sppsm.dll => Moved successfully.
C:\Windows\Installer\MSIBE79.tmp-\spusm.dll => Moved successfully.
C:\Windows\Installer\MSIBE79.tmp-\srbs.dll => Moved successfully.
C:\Windows\Installer\MSIBE79.tmp-\srbu.dll => Moved successfully.
C:\Windows\Installer\MSIBE79.tmp-\srptc.dll => Moved successfully.
C:\Windows\Installer\MSIBE79.tmp-\srpu.dll => Moved successfully.
C:\Windows\Installer\MSIEC8A.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll => Moved successfully.
C:\Windows\Installer\MSIEC8A.tmp-\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Windows\Installer\MSIEC8A.tmp-\spbe.dll => Moved successfully.
C:\Windows\Installer\MSIEC8A.tmp-\spbl.dll => Moved successfully.
C:\Windows\Installer\MSIEC8A.tmp-\sppsm.dll => Moved successfully.
C:\Windows\Installer\MSIEC8A.tmp-\spusm.dll => Moved successfully.
C:\Windows\Installer\MSIEC8A.tmp-\srbs.dll => Moved successfully.
C:\Windows\Installer\MSIEC8A.tmp-\srbu.dll => Moved successfully.
C:\Windows\Installer\MSIEC8A.tmp-\srptc.dll => Moved successfully.
C:\Windows\Installer\MSIEC8A.tmp-\srpu.dll => Moved successfully.
C:\Windows\Installer\MSIF624.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll => Moved successfully.
C:\Windows\Installer\MSIF624.tmp-\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Windows\Installer\MSIF624.tmp-\spbe.dll => Moved successfully.
C:\Windows\Installer\MSIF624.tmp-\spbl.dll => Moved successfully.
C:\Windows\Installer\MSIF624.tmp-\sppsm.dll => Moved successfully.
C:\Windows\Installer\MSIF624.tmp-\spusm.dll => Moved successfully.
C:\Windows\Installer\MSIF624.tmp-\srbs.dll => Moved successfully.
C:\Windows\Installer\MSIF624.tmp-\srbu.dll => Moved successfully.
C:\Windows\Installer\MSIF624.tmp-\srptc.dll => Moved successfully.
C:\Windows\Installer\MSIF624.tmp-\srpu.dll => Moved successfully.
C:\Windows\Installer\MSIF7D2.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll => Moved successfully.
C:\Windows\Installer\MSIF7D2.tmp-\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Windows\Installer\MSIF7D2.tmp-\spbe.dll => Moved successfully.
C:\Windows\Installer\MSIF7D2.tmp-\spbl.dll => Moved successfully.
C:\Windows\Installer\MSIF7D2.tmp-\sppsm.dll => Moved successfully.
C:\Windows\Installer\MSIF7D2.tmp-\spusm.dll => Moved successfully.
C:\Windows\Installer\MSIF7D2.tmp-\srbs.dll => Moved successfully.
C:\Windows\Installer\MSIF7D2.tmp-\srbu.dll => Moved successfully.
C:\Windows\Installer\MSIF7D2.tmp-\srptc.dll => Moved successfully.
C:\Windows\Installer\MSIF7D2.tmp-\srpu.dll => Moved successfully.
C:\Windows\Tasks\CRLLSIE.job => Moved successfully.
C:\Windows\Tasks\OXK.job => Moved successfully.
C:\Windows\Tasks\RSVLY.job => Moved successfully.
C:\Windows\Tasks\YA.job => Moved successfully.
C:\Windows\Tasks\YOXJXRCC.job => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 93 MB temporary data.


The system needed a reboot.

==== End of Fixlog 10:56:20 ====

und hier das frische FRST:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Petra on 12-01-2015 11:13:56
Running from C:\Users\Petra Bickel\Desktop
Loaded Profile: Petra Bickel (Available profiles: Petra Bickel)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\System32\PSIService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9742952 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [Ulead AutoDetector v2] => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\MountPoints2: {8c698c03-7658-11e1-a292-3085a9af056f} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49883;https=127.0.0.1:49883
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Petra Bickel\AppData\Roaming\Mozilla\Firefox\Profiles\vfnvqbwu.default
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1282781746-330704567-2030712273-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Petra Bickel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Petra Bickel\AppData\Roaming\Mozilla\Firefox\Profiles\vfnvqbwu.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Petra Bickel\AppData\Roaming\Mozilla\Firefox\Profiles\vfnvqbwu.default\searchplugins\google-maps.xml
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-02-10]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-02-10]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Petra Bickel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2015-01-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-12] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [66176 2010-11-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [31872 2010-11-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2015-01-12] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-01-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2015-01-12] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [5810 2004-08-13] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 11:13 - 2015-01-12 11:14 - 00013737 _____ () C:\Users\Petra Bickel\Desktop\FRST.txt
2015-01-12 10:49 - 2015-01-12 10:49 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\Oracle
2015-01-12 10:48 - 2015-01-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-12 10:48 - 2015-01-12 10:48 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-12 10:48 - 2015-01-12 10:47 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-12 10:48 - 2015-01-12 10:47 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-12 10:48 - 2015-01-12 10:47 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-12 10:48 - 2015-01-12 10:47 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-12 09:17 - 2015-01-12 09:17 - 00852505 _____ () C:\Users\Petra Bickel\Downloads\SecurityCheck.exe
2015-01-12 08:32 - 2015-01-12 08:32 - 02347384 _____ (ESET) C:\Users\Petra Bickel\Downloads\esetsmartinstaller_deu.exe
2015-01-12 08:21 - 2015-01-12 08:21 - 00001138 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-12 08:19 - 2015-01-12 08:17 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-10 11:44 - 2015-01-09 09:25 - 01115648 _____ (Farbar) C:\Users\Petra Bickel\Desktop\FRST.exe
2015-01-10 11:39 - 2015-01-10 11:39 - 00000000 ____D () C:\Windows\ERUNT
2015-01-10 11:28 - 2015-01-10 11:00 - 02191360 _____ () C:\Users\Petra Bickel\Desktop\AdwCleaner_4.107.exe
2015-01-10 11:12 - 2015-01-10 12:04 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 11:12 - 2015-01-10 11:12 - 00001103 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 11:12 - 2015-01-10 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-10 11:12 - 2015-01-10 11:12 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-10 11:12 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-10 11:12 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-10 11:12 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-10 11:03 - 2015-01-10 11:03 - 00001265 _____ () C:\Users\Petra Bickel\Desktop\Revo Uninstaller.lnk
2015-01-10 11:03 - 2015-01-10 11:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-09 09:28 - 2015-01-12 11:13 - 00000000 ____D () C:\FRST
2015-01-08 13:19 - 2015-01-12 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-08 13:19 - 2015-01-12 08:17 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-08 13:19 - 2015-01-12 08:17 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-08 13:19 - 2015-01-12 08:17 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-08 13:19 - 2015-01-08 13:19 - 00002055 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-08 12:35 - 2015-01-08 12:36 - 00000000 ____D () C:\Program Files\HP
2015-01-08 12:35 - 2015-01-08 12:35 - 00002195 _____ () C:\Users\Public\Desktop\HP Officejet 6700.lnk
2015-01-08 12:35 - 2015-01-08 12:35 - 00001167 _____ () C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet 6700.lnk
2015-01-08 12:35 - 2015-01-08 12:35 - 00000938 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-01-08 12:35 - 2015-01-08 12:35 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\HpUpdate
2015-01-08 12:35 - 2015-01-08 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-08 12:35 - 2015-01-08 12:35 - 00000000 ____D () C:\ProgramData\HP
2015-01-08 12:35 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5C12.dll
2015-01-08 12:34 - 2015-01-08 12:34 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-01-08 12:33 - 2015-01-08 13:09 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Local\HP
2015-01-08 11:45 - 2015-01-08 11:45 - 00003288 ____N () C:\bootsqm.dat
2015-01-07 08:45 - 2015-01-07 08:45 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\Avira
2015-01-07 08:43 - 2015-01-12 08:21 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-18 08:18 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-16 09:23 - 2014-12-16 09:23 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-15 16:48 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-15 16:48 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-15 16:48 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-15 16:48 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-15 16:48 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-15 10:46 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-15 10:46 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-15 10:46 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-15 10:46 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-15 10:46 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-15 10:46 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-15 10:46 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-15 10:46 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-15 10:46 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-15 10:46 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-15 10:46 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-15 10:46 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-15 10:46 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-15 10:46 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-15 10:46 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-15 10:46 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-15 10:46 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-15 10:46 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-15 10:46 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-15 10:46 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-15 10:46 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-15 10:46 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-15 10:46 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-15 10:46 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-15 10:46 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-15 10:46 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-15 10:46 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-15 10:46 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-15 10:46 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-15 10:46 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-15 10:46 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-15 10:46 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-15 10:45 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-15 10:45 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-15 10:45 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-15 10:45 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-15 10:45 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-15 10:45 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-15 09:40 - 2014-12-15 09:40 - 00000000 ____D () C:\ProgramData\Malwarebytes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 11:05 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 11:05 - 2009-07-14 05:34 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 11:01 - 2012-03-25 10:03 - 01175252 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 11:01 - 2010-11-20 22:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-12 10:59 - 2012-11-17 12:35 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\Skype
2015-01-12 10:57 - 2013-06-26 13:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 10:57 - 2013-06-10 06:46 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-01-12 10:57 - 2013-06-03 06:53 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-01-12 10:57 - 2010-11-20 22:48 - 00794742 _____ () C:\Windows\PFRO.log
2015-01-12 10:57 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 10:57 - 2009-07-14 05:39 - 00082134 _____ () C:\Windows\setupact.log
2015-01-12 10:56 - 2013-06-26 13:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 10:55 - 2012-11-16 07:10 - 00000000 ___RD () C:\Users\Petra Bickel\Desktop\Geschäftlich--Dokumente
2015-01-12 10:53 - 2013-05-06 09:42 - 00000000 ____D () C:\Offa
2015-01-12 10:48 - 2013-10-24 15:24 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-12 10:47 - 2013-06-24 11:11 - 00000000 ____D () C:\Program Files\Java
2015-01-12 10:16 - 2012-11-17 12:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 12:24 - 2014-02-12 14:19 - 00000000 ____D () C:\ProgramData\EPSON
2015-01-10 12:19 - 2012-03-23 09:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-10 11:57 - 2014-10-09 08:02 - 00002164 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-10 11:48 - 2014-10-08 15:21 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-10 11:45 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-10 11:31 - 2014-12-12 11:00 - 00000000 ____D () C:\AdwCleaner
2015-01-10 11:31 - 2014-10-09 08:03 - 00001080 _____ () C:\Users\Petra Bickel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-10 11:31 - 2013-06-26 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 11:24 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-10 11:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-10 11:08 - 2012-11-17 12:26 - 00000000 ____D () C:\Users\Petra Bickel\AppData\Roaming\MozillaFirefoxPackages
2015-01-09 09:05 - 2014-10-08 15:47 - 00047104 ___SH () C:\Users\Petra Bickel\Documents\Thumbs.db
2015-01-08 12:35 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2015-01-08 11:32 - 2012-11-15 13:06 - 00000000 ____D () C:\Users\Petra Bickel
2015-01-08 11:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-01-08 11:31 - 2012-12-06 10:14 - 00000000 ____D () C:\Wolf32
2015-01-08 11:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-01-08 11:30 - 2014-02-12 14:26 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-01-08 11:14 - 2013-01-23 15:45 - 00000000 ____D () C:\Users\Petra Bickel\Desktop\Schriftverkehr
2015-01-08 09:59 - 2013-06-10 11:24 - 00000000 ____D () C:\Users\Petra Bickel\Downloads\Angebote
2015-01-07 16:04 - 2013-01-07 16:00 - 00022528 _____ () C:\Users\Petra Bickel\Documents\Ordner.zdl
2015-01-07 12:12 - 2012-11-16 07:10 - 00268800 _____ () C:\Users\Petra Bickel\Desktop\Kundenliste.xls
2015-01-07 10:33 - 2014-01-17 11:10 - 00041984 _____ () C:\Users\Petra Bickel\Documents\Ordner 3.zdl
2015-01-07 10:33 - 2014-01-17 11:06 - 00026112 _____ () C:\Users\Petra Bickel\Documents\Ordner 2.zdl
2015-01-07 10:33 - 2014-01-17 11:02 - 00018432 _____ () C:\Users\Petra Bickel\Documents\Ordner 1.zdl
2015-01-07 09:53 - 2014-02-10 11:52 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-07 08:43 - 2012-12-04 09:48 - 00000000 ____D () C:\ProgramData\Avira
2015-01-07 08:43 - 2012-12-04 09:48 - 00000000 ____D () C:\Program Files\Avira
2014-12-22 11:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-19 09:02 - 2012-11-17 12:59 - 00000000 ____D () C:\Users\Petra Bickel\Desktop\Rechnungen Teba
2014-12-16 09:23 - 2014-05-07 06:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-16 09:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-15 16:49 - 2012-11-15 13:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-15 10:38 - 2014-12-12 11:24 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-12-15 10:37 - 2014-12-12 11:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-15 10:37 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-15 10:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-15 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports

Some content of TEMP:
====================
C:\Users\Petra Bickel\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 13:39

==================== End Of Log ============================
--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Petra Bickel at 2015-01-12 11:14:44
Running from C:\Users\Petra Bickel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira (HKLM\...\{4241d738-563d-4685-803c-e58b90a2e5e8}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Corel Painter Essentials 3 (HKLM\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version:  - Corel Corporation)
Corel Painter Essentials 3 (Version: 3.2 - Corel Corporation) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DealPly (HKU\.DEFAULT\...\DealPly) (Version:  - ) <==== ATTENTION
DesignPro Ordner Software (HKLM\...\InstallShield_{0B224158-8E54-4D70-B298-E2C9C9DF7437}) (Version: 5.0.1056 - Avery Dennison)
DesignPro Ordner Software (Version: 5.0.1056 - Avery Dennison) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Freemake Youtube Mp3 Converter (HKLM\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.6.2 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{7D1EFB03-7D84-446E-8B90-6ECD7EDF4D55}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OpenAL (HKLM\...\OpenAL) (Version:  - )
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scansoft PDF Professional (Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Ulead PhotoImpact X3 (HKLM\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (Version: 1.00.0000 - Corel) Hidden
Unity Web Player (HKU\S-1-5-21-1282781746-330704567-2030712273-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1282781746-330704567-2030712273-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Petra Bickel\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1282781746-330704567-2030712273-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\PETRAB~1\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1282781746-330704567-2030712273-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\PETRAB~1\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~1.DLL No File

==================== Restore Points  =========================

07-01-2015 08:28:46 Wiederherstellungsvorgang
08-01-2015 11:03:57 Entfernt FAX Utility
08-01-2015 11:08:08 Removed Epson Event Manager
08-01-2015 11:28:37 Wiederherstellungsvorgang
08-01-2015 11:39:01 Removed Software Updater
10-01-2015 11:05:30 Revo Uninstaller's restore point - Avira SearchFree Toolbar plus Web Protection Updater
10-01-2015 11:06:51 Revo Uninstaller's restore point - DealPly
10-01-2015 11:07:48 Revo Uninstaller's restore point - Mozilla Firefox Packages
10-01-2015 11:09:07 Revo Uninstaller's restore point - Shopping Helper Smartbar
10-01-2015 11:10:10 Revo Uninstaller's restore point - WOLF Hydraulikschemen 1.1.0.8
10-01-2015 12:12:06 Entfernt Brother Software Suite
10-01-2015 12:16:33 Revo Uninstaller's restore point - Epson Benutzerhandbuch WF-2540 Series
10-01-2015 12:17:33 Revo Uninstaller's restore point - Epson Connect Guide
10-01-2015 12:18:24 Revo Uninstaller's restore point - Epson Event Manager
10-01-2015 12:18:34 Removed Epson Event Manager
10-01-2015 12:19:55 Revo Uninstaller's restore point - Epson FAX Utility
10-01-2015 12:20:56 Revo Uninstaller's restore point - Epson Netzwerkhandbuch WF-2540 Series
10-01-2015 12:21:55 Revo Uninstaller's restore point - Epson PC-FAX Driver
10-01-2015 12:22:24 Revo Uninstaller's restore point - EPSON WF-2540 Series Printer Uninstall
10-01-2015 12:24:26 Revo Uninstaller's restore point - EpsonNet Print
12-01-2015 10:47:08 Installed Java 7 Update 71

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EFE6C82-E9DB-4074-A79D-50DE67174E74} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{88BC0756-0D07-40CD-BBA8-5BB39B868432}.exe
Task: {294403C6-7277-4B08-94B3-020EA1A55886} - System32\Tasks\{302C7B5C-408D-412D-AB0D-A93EE3B3D2DC} => pcalua.exe -a "C:\Users\Petra Bickel\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=tugs
Task: {352E6FA4-F6EB-4078-9AB0-8CC3BF9EF698} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{89C2E74F-BD9F-4AE8-8CD4-9A5AFC162371}.exe
Task: {67C5E919-ECAE-4D34-AA91-F4F4A9E20608} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8FB45581-BA33-46FA-92AA-80D3F3E41CF7} - System32\Tasks\{40296C00-F6A5-4FB4-B306-3FD57D23F443} => pcalua.exe -a "C:\Program Files\Verbindungsassistent\Uninstaller.exe"
Task: {911EE6A9-578F-403B-9AED-D887FBD7511D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {A9FC41D2-F70C-4119-862C-65D034D6FB41} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B7F6AF6A-9CD7-4287-9F97-333C287F3033} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {FE8E4F67-CFEC-4CCD-B162-3490B9746CF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{89C2E74F-BD9F-4AE8-8CD4-9A5AFC162371}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{88BC0756-0D07-40CD-BBA8-5BB39B868432}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-06-05 12:20 - 2007-06-05 12:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2013-06-17 07:29 - 2007-08-02 20:07 - 00034064 _____ () C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2014-12-09 09:24 - 2014-12-09 09:24 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1282781746-330704567-2030712273-500 - Administrator - Disabled)
Gast (S-1-5-21-1282781746-330704567-2030712273-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1282781746-330704567-2030712273-1003 - Limited - Enabled)
Petra Bickel (S-1-5-21-1282781746-330704567-2030712273-1000 - Administrator - Enabled) => C:\Users\Petra Bickel

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2015 10:59:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 10:56:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x7e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/12/2015 08:22:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 08:11:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 00:22:58 PM) (Source: RpcNs) (EventID: 2) (User: )
Description: "C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE"1708

Error: (01/10/2015 00:12:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {68f9ae54-a755-4dbd-af42-c0cd93e7e9ce}

Error: (01/10/2015 11:50:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.820]: [00002696]: Initialize TwdsMain Class failed!

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.820]: [00002696]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.680]: [00002696]: Initialize TwdsMain Class failed!


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/12/2015 10:59:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 10:56:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d66480000003000014257e801d02e420ba7cf17C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll397e1602-9a41-11e4-8cf0-3085a9af056f

Error: (01/12/2015 08:22:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 08:11:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 00:22:58 PM) (Source: RpcNs) (EventID: 2) (User: )
Description: "C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE"1708

Error: (01/10/2015 00:12:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {68f9ae54-a755-4dbd-af42-c0cd93e7e9ce}

Error: (01/10/2015 11:50:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.820]: [00002696]: Initialize TwdsMain Class failed!

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.820]: [00002696]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (01/10/2015 11:48:39 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2015/01/10 11:48:39.680]: [00002696]: Initialize TwdsMain Class failed!


CodeIntegrity Errors:
===================================
  Date: 2015-01-10 11:24:09.407
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-10 11:24:09.407
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-10 11:14:33.566
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-10 11:14:33.566
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-10 10:53:27.594
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-10 10:53:27.594
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 09:29:27.258
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-09 08:12:00.062
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 08:12:00.062
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-08 12:11:31.345
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\pcwatch.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 35%
Total physical RAM: 3326.12 MB
Available physical RAM: 2141.15 MB
Total Pagefile: 6650.52 MB
Available Pagefile: 5078.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.1 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:921.75 GB) (Free:868.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8587F05B)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=921.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 12.01.2015 12:17
Flash Player deinstallieren, dann neu installieren, gibt es schon in Version 16.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49883;https=127.0.0.1:49883

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Simb 12.01.2015 15:46
Hallo Schrauber,

erstmal vielen vielen Dank, mein PC schnurrt wie ein Kätzchen, alles läuft.
Ein Lob für Deine Super Arbeit und Geduld, ein Lob werde ich gerne hinterlassen, ebenso wird eine Spende folgen.

Ich habe einige Deiner Tips schon umgesetzt, die anderen werd ich auch noch laden.
Eine Frage habe ich noch zu den empfohlenen Add Ons für FireFox, lasse ich die Einstellungen so wie sie generell sind oder muss ich da was verändern????

Hier kommt noch das Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-01-2015 01
Ran by Petra Bickel at 2015-01-12 14:44:00 Run:1
Running from C:\Users\Petra Bickel\Desktop
Loaded Profile: Petra Bickel (Available profiles: Petra Bickel)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49883;https=127.0.0.1:49883
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

==== End of Fixlog 14:44:00 ====

schrauber 12.01.2015 16:50
Nö die kannste so lassen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19