search.snapdo lässt sich nicht entfernen

CompuLaie · 13.04.2014, 21:33

Hallo Trojaner-Board,

wir haben seit einger Zeit das Problem, dass sich search.snapdo automatisch als Startseite öffnet. Ich hab schon mehrfach versucht die Starseite zu ändern, aber das bringt nix. Ich habe auch schon diverse Programme deinstalliert, z.B. Quickshare, Smartbar, Nitro.pdf (hatte ich vor ein paar Wochen runtergeladen), aber ich komme irgendwie nicht weiter. Bin halt nur ein Laie. Mein Freund hat es mit Avira Free Antivirus versucht, aber das hat auch nicht geholfen. Hab Avira wieder entfernt. Ich hoffe hier kann mir jemand weiterhelfen.

Gruß
CompuLaie

cosinus · 13.04.2014, 23:35

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

CompuLaie · 15.04.2014, 17:12

Hallo Cosinus,
ich hab zwar gestern schon geantwortet, aber irgendwie hab ich es wohl nicht abgeschickt

!
Also dann nochmal. Von dem Virusscan mit Avira habe ich keine Logfiles, da ich das Programm gelöscht habe, sind die wahrscheinlich auch weg. Zumindest finde ich sie nicht, ich weiß aber auch nicht wo ich sie suchen sollte. Daher hier nur die Logs vom Scan mit FRST.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014 01
Ran by mavesi (administrator) on MAVESI-PC on 14-04-2014 19:43:06
Running from C:\Users\mavesi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
() C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3584059252-3088558919-258353354-1001\...\MountPoints2: {60364f2a-f180-11df-9995-c446196063dc} - E:\AutoRun.exe
HKU\S-1-5-21-3584059252-3088558919-258353354-1001\...\MountPoints2: {60364f52-f180-11df-9995-c446196063dc} - E:\AutoRun.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\mavesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a4jv-jMHkrqOUBFoyM5tWKlNA5jYnfaFtkIUdqSLKVgBSyUZOTKxPJQQqwfzLKbs,
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme730g&r=27360810d765l0464z185r4672607s
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=103&itype=n&ver=11471&tm=309&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=103&itype=n&ver=11471&tm=309&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE394
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=103&itype=a&ver=12331&tm=309&src=ds&p={searchTerms}
BHO: Plus-HD-8.1 - {11111111-1111-1111-1111-110511111108} - C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-bho64.dll No File
BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll No File
BHO-x32: Plus-HD-8.1 - {11111111-1111-1111-1111-110511111108} - C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-bho.dll No File
BHO-x32: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default
FF NewTab: about:blank
FF SearchEngineOrder.1: default-search.net
FF Homepage: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a4jv-jMHkrqOUBFoyM5tWKlNA5jYnfaFtkIUdqSLKVgBSyUZOTKxPJQQqwfzLKbs,
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Linkey for Firefox - C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\Extensions\extension@linkeyproject.com [2014-04-06]
FF Extension: O2CPlayer Plugin - C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\Extensions\o2cplayer@eleco.com [2014-03-18]
FF Extension: WOT - C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]

Chrome: 
=======
CHR Extension: (McAfee Security Scan+) - C:\Users\mavesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-04-06]
CHR Extension: (Google Wallet) - C:\Users\mavesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-06]

==================== Services (Whitelisted) =================

R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [867360 2010-04-23] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [238328 2009-10-10] (WildTangent, Inc.)
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121280 2009-12-08] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [121280 2009-12-08] (SlySoft, Inc.)
S2 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-14 19:43 - 2014-04-14 19:43 - 00017313 _____ () C:\Users\mavesi\Desktop\FRST.txt
2014-04-14 19:42 - 2014-04-14 19:43 - 00000000 ____D () C:\FRST
2014-04-14 19:40 - 2014-04-14 19:40 - 02157568 _____ (Farbar) C:\Users\mavesi\Desktop\FRST64.exe
2014-04-13 08:53 - 2014-02-17 19:22 - 00000426 _____ () C:\AVScanner.ini
2014-04-09 19:57 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 19:57 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 19:57 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 19:57 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 19:57 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 19:57 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 19:57 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 19:57 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 19:57 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 19:57 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-06 12:48 - 2014-04-06 12:48 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-04-06 12:48 - 2014-04-06 12:48 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-04-06 12:48 - 2014-04-06 12:48 - 00000000 ____D () C:\ProgramData\BitGuard
2014-04-06 12:05 - 2014-04-06 12:05 - 00000832 _____ () C:\Users\mavesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Linkey.lnk
2014-04-06 12:05 - 2014-04-06 12:05 - 00000000 ____D () C:\ProgramData\Wincert
2014-04-05 14:34 - 2014-04-06 12:08 - 00002102 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-04-05 14:34 - 2014-04-06 12:08 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-03-30 22:03 - 2014-04-01 22:00 - 00040795 _____ () C:\Users\mavesi\Desktop\Abschied Maxi-Kinder_2.odt
2014-03-21 12:42 - 2014-03-21 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 19:32 - 2014-03-24 06:44 - 00042790 _____ () C:\Users\mavesi\Desktop\Abschied Maxi-Kinder.odt
2014-03-18 20:15 - 2014-03-18 20:15 - 00001274 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-03-18 20:15 - 2014-03-18 20:15 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-03-18 20:14 - 2014-03-18 20:14 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\mavesi\Desktop\ElsterFormular-15.0.20140212p.exe
2014-03-18 20:12 - 2014-03-18 20:13 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\mavesi\Downloads\ElsterFormular-15.0.20140212p.exe

==================== One Month Modified Files and Folders =======

2014-04-14 19:43 - 2014-04-14 19:43 - 00017313 _____ () C:\Users\mavesi\Desktop\FRST.txt
2014-04-14 19:43 - 2014-04-14 19:42 - 00000000 ____D () C:\FRST
2014-04-14 19:40 - 2014-04-14 19:40 - 02157568 _____ (Farbar) C:\Users\mavesi\Desktop\FRST64.exe
2014-04-14 19:34 - 2010-08-28 03:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-14 19:25 - 2010-06-27 07:14 - 01359681 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 19:23 - 2013-03-16 17:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-14 19:00 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 19:00 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 18:57 - 2010-06-27 17:05 - 00652192 _____ () C:\Windows\system32\perfh007.dat
2014-04-14 18:57 - 2010-06-27 17:05 - 00129784 _____ () C:\Windows\system32\perfc007.dat
2014-04-14 18:57 - 2009-07-14 07:13 - 01496052 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 18:53 - 2010-08-28 03:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 18:52 - 2010-05-06 09:21 - 00388882 _____ () C:\Windows\PFRO.log
2014-04-14 18:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 18:52 - 2009-07-14 06:51 - 00198470 _____ () C:\Windows\setupact.log
2014-04-13 21:14 - 2010-05-06 09:11 - 00000000 ____D () C:\Program Files (x86)\eMachines
2014-04-13 20:40 - 2011-02-27 13:25 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-04-13 20:37 - 2010-05-06 08:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-13 09:04 - 2010-05-06 09:13 - 00000000 ____D () C:\Program Files\Google
2014-04-13 09:04 - 2010-05-06 09:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-13 08:49 - 2010-11-05 22:24 - 00000000 ____D () C:\Users\mavesi\AppData\Local\CrashDumps
2014-04-13 08:49 - 2010-08-28 03:37 - 00000000 ____D () C:\Users\mavesi\AppData\Local\Google
2014-04-13 08:49 - 2010-05-06 09:13 - 00000000 ____D () C:\ProgramData\Google
2014-04-09 21:51 - 2013-08-14 22:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 21:49 - 2010-10-14 15:53 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-06 15:19 - 2013-03-29 18:42 - 00000000 ____D () C:\Users\mavesi\AppData\Roaming\MyPhoneExplorer
2014-04-06 12:48 - 2014-04-06 12:48 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-04-06 12:48 - 2014-04-06 12:48 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-04-06 12:48 - 2014-04-06 12:48 - 00000000 ____D () C:\ProgramData\BitGuard
2014-04-06 12:08 - 2014-04-05 14:34 - 00002102 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-04-06 12:08 - 2014-04-05 14:34 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-04-06 12:05 - 2014-04-06 12:05 - 00000832 _____ () C:\Users\mavesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Linkey.lnk
2014-04-06 12:05 - 2014-04-06 12:05 - 00000000 ____D () C:\ProgramData\Wincert
2014-04-06 11:58 - 2013-09-15 10:54 - 07080248 _____ () C:\Users\mavesi\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-04-01 22:00 - 2014-03-30 22:03 - 00040795 _____ () C:\Users\mavesi\Desktop\Abschied Maxi-Kinder_2.odt
2014-03-31 03:16 - 2014-04-09 19:57 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 19:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 19:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 19:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 21:29 - 2010-08-28 03:48 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 21:29 - 2010-08-28 03:48 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-24 06:44 - 2014-03-20 19:32 - 00042790 _____ () C:\Users\mavesi\Desktop\Abschied Maxi-Kinder.odt
2014-03-24 06:30 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-21 18:54 - 2012-04-26 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-21 12:42 - 2014-03-21 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-21 10:49 - 2011-02-06 00:44 - 00000000 ____D () C:\Users\mavesi\AppData\Local\.elfohilfe
2014-03-18 22:14 - 2010-09-22 20:52 - 00000000 ____D () C:\Markus
2014-03-18 20:16 - 2011-02-06 01:34 - 00000000 ____D () C:\ProgramData\elsterformular
2014-03-18 20:15 - 2014-03-18 20:15 - 00001274 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-03-18 20:15 - 2014-03-18 20:15 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-03-18 20:14 - 2014-03-18 20:14 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\mavesi\Desktop\ElsterFormular-15.0.20140212p.exe
2014-03-18 20:13 - 2014-03-18 20:12 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\mavesi\Downloads\ElsterFormular-15.0.20140212p.exe
2014-03-16 21:07 - 2009-07-14 06:45 - 00290040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-16 21:06 - 2013-03-13 23:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 21:06 - 2013-03-13 23:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\mavesi\AppData\Local\Temp\ApnStub.exe
C:\Users\mavesi\AppData\Local\Temp\avgnt.exe
C:\Users\mavesi\AppData\Local\Temp\bitool.dll
C:\Users\mavesi\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\mavesi\AppData\Local\Temp\contentDATs.exe
C:\Users\mavesi\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\mavesi\AppData\Local\Temp\Delta.exe
C:\Users\mavesi\AppData\Local\Temp\DeltaTB.exe
C:\Users\mavesi\AppData\Local\Temp\dp.exe
C:\Users\mavesi\AppData\Local\Temp\FileSystemView.dll
C:\Users\mavesi\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\mavesi\AppData\Local\Temp\FreemakeVideoConverter_4.0.4.3.exe
C:\Users\mavesi\AppData\Local\Temp\GLFC759.tmp.ConduitEngineSetup.exe
C:\Users\mavesi\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_nitro_pdf_reader_64_dlm.exe
C:\Users\mavesi\AppData\Local\Temp\Installer.exe
C:\Users\mavesi\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\mavesi\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\mavesi\AppData\Local\Temp\MixiDJToolbar_yh.exe
C:\Users\mavesi\AppData\Local\Temp\Myashampoo.exe
C:\Users\mavesi\AppData\Local\Temp\MybabylonTB.exe
C:\Users\mavesi\AppData\Local\Temp\NEventMessages.dll
C:\Users\mavesi\AppData\Local\Temp\nitro_reader3.exe
C:\Users\mavesi\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\mavesi\AppData\Local\Temp\Nokia_PC_Suite_ger.exe
C:\Users\mavesi\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\mavesi\AppData\Local\Temp\nsc1678.exe
C:\Users\mavesi\AppData\Local\Temp\nscF0AA.exe
C:\Users\mavesi\AppData\Local\Temp\nsiF94.exe
C:\Users\mavesi\AppData\Local\Temp\nsnED40.exe
C:\Users\mavesi\AppData\Local\Temp\nsx12FE.exe
C:\Users\mavesi\AppData\Local\Temp\nsxE9D5.exe
C:\Users\mavesi\AppData\Local\Temp\pid16.dll
C:\Users\mavesi\AppData\Local\Temp\pid32.dll
C:\Users\mavesi\AppData\Local\Temp\pidCD.dll
C:\Users\mavesi\AppData\Local\Temp\plus-hd-8-1.exe
C:\Users\mavesi\AppData\Local\Temp\ResetDevice.exe
C:\Users\mavesi\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\mavesi\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\mavesi\AppData\Local\Temp\setup.exe
C:\Users\mavesi\AppData\Local\Temp\tbMyA0.dll
C:\Users\mavesi\AppData\Local\Temp\uninst1.exe
C:\Users\mavesi\AppData\Local\Temp\VIS-2013-German.exe
C:\Users\mavesi\AppData\Local\Temp\VisusClient.dll
C:\Users\mavesi\AppData\Local\Temp\w4wuintg.dll
C:\Users\mavesi\AppData\Local\Temp\WSSetup.exe
C:\Users\mavesi\AppData\Local\Temp\{7CAAAB10-0A61-4D60-8B7C-B7E9581005EF}-21.0.1180.75_20.0.1132.57_chrome_updater.exe
C:\Users\verelo\AppData\Local\Temp\NEventMessages.dll
C:\Users\verelo\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-11 23:57

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2014 01
Ran by mavesi at 2014-04-14 19:44:06
Running from C:\Users\mavesi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version:  - SlySoft)
ATI Catalyst Install Manager (HKLM\...\{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82 - WildTangent) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.04 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help English (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help French (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help German (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0122.858.16002 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0122.858.16002 - ATI) Hidden
Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.82 - WildTangent) Hidden
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version:  - Elaborate Bytes)
DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
eMachines Game Console (x32 Version:  - WildTangent) Hidden
eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.0.80 - WildTangent)
eMachines Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0127.2010 - Acer Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Jewel Quest (x32 Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.8 - eMachines)
Mahjongg Artifacts (x32 Version: 2.2.0.82 - WildTangent) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Nero 9 Essentials (HKLM-x32\...\{f58cbb92-9400-43ee-aa73-59d5b31f6120}) (Version:  - Nero AG)
Nero BurnRights (x32 Version: 3.4.10.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.9.203 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero Disc Copy Gadget (x32 Version: 2.4.22.0 - Nero AG) Hidden
Nero Disc Copy Gadget Help (x32 Version: 2.4.22.0 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.12.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.10.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.14.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.10.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero PhotoSnap (x32 Version: 1.53.2.0 - Nero AG) Hidden
Nero PhotoSnap Help (x32 Version: 1.53.2.0 - Nero AG) Hidden
Nero Recode (x32 Version: 4.4.22.54 - Nero AG) Hidden
Nero Recode Help (x32 Version: 4.4.22.0 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.13.202 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.210 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.10.205 - Nero AG) Hidden
Nero Vision Help (x32 Version: 6.4.8.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.506 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
OpenOffice.org 3.2 (HKLM-x32\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)
PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plus-HD-8.1 (HKLM-x32\...\Plus-HD-8.1) (Version: 1.34.1.29 - Plus HD) <==== ATTENTION
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Pool (x32 Version: 2.2.0.82 - WildTangent) Hidden
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6015 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30118 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Verbindungsassistent (HKLM-x32\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent)
Video Web Camera (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.1.3.2 - Suyin Optronics Corp)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - A New Home (x32 Version: 2.2.0.82 - WildTangent) Hidden
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
XMedia Recode Version 3.1.3.4 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.3.4 - XMedia Recode)
Yahtzee (x32 Version: 2.2.0.82 - WildTangent) Hidden
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Restore Points  =========================

05-03-2014 17:41:38 Windows Update
11-03-2014 16:24:31 Windows Update
16-03-2014 18:24:16 Windows Update
18-03-2014 21:19:39 Windows Update
27-03-2014 22:03:14 Windows Update
01-04-2014 17:43:05 Windows Update
05-04-2014 05:43:21 Windows Update
06-04-2014 09:48:32 Removed Nitro Reader 3
08-04-2014 09:38:02 Windows Update
09-04-2014 19:49:16 Windows Update
13-04-2014 06:52:06 Removed LPT System Updater Service
13-04-2014 18:37:27 Entfernt WISO Steuer-Sparbuch 2011
13-04-2014 18:39:36 Entfernt WISO Steuer-Sparbuch 2012
13-04-2014 20:28:14 Removed Avira Savings Advisor
13-04-2014 20:40:25 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {758CD680-E530-4BB1-BE8E-D8B1FE23F4D4} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\SlySoft\AnyDVD\ExecuteWithUAC.exe [2008-06-27] ()
Task: {7E4E8868-3D2E-4AC8-AD2E-E2E7BC27B64F} - System32\Tasks\Plus-HD-8.1-enabler => C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-enabler.exe <==== ATTENTION
Task: {813EC6AE-C621-46FF-9E2C-CAAE227DE863} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28] (Google Inc.)
Task: {83769248-0228-4972-BC59-02B976B2B2B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28] (Google Inc.)
Task: {84457AC0-1B7C-4333-8DE1-9C483CDB4D76} - System32\Tasks\Plus-HD-8.1-codedownloader => C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-codedownloader.exe <==== ATTENTION
Task: {9909DAD8-671B-4397-A836-2562A6969A36} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {9FB05E96-6D37-4C14-985D-6C779056E2CA} - System32\Tasks\Plus-HD-8.1-firefoxinstaller => C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-firefoxinstaller.exe <==== ATTENTION
Task: {ACC20C6F-7A87-4AB8-AB6A-1830A1F034E4} - System32\Tasks\Plus-HD-8.1-validator => C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-validator.exe <==== ATTENTION
Task: {BB0DB396-4A15-4C31-9775-C5AE74F88798} - System32\Tasks\Dealply => C:\Users\mavesi\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-09-15] () <==== ATTENTION
Task: {D5B22555-6EAA-46A3-9AC5-7063FE5A25BB} - System32\Tasks\{D153BB42-53EC-44B4-A813-346C30DC2317} => Firefox.exe hxxp://ui.skype.com/ui/0/4.1.0.179.369/de/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {EEFAA7FC-EB03-4900-84A9-176705C6ECC7} - System32\Tasks\Plus-HD-8.1-updater => C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\mavesi\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-8.1-codedownloader.job => C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-8.1-enabler.job => C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-8.1-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-8.1-updater.job => C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-8.1-validator.job => C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-validator.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2010-11-16 14:55 - 2009-03-03 13:45 - 00296400 ____N () C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
2010-06-27 07:30 - 2010-01-13 10:47 - 00206208 _____ () C:\Windows\PLFSetI.exe
2010-01-07 14:42 - 2010-01-07 14:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-27 07:16 - 2010-06-27 07:16 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-05-06 09:33 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-02-16 20:54 - 2014-02-16 20:54 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2010-05-06 08:52 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-03-21 12:42 - 2014-03-21 12:42 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2014 08:49:52 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16521, Zeitstempel: 0x53114399
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce753
ID des fehlerhaften Prozesses: 0x1290
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (04/13/2014 00:29:02 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/13/2014 00:28:05 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/13/2014 00:26:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (04/12/2014 10:12:33 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (04/12/2014 10:12:33 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{685fdad2-81aa-11df-b443-806e6f6e6963} - 0000000000000064,0x0053c010,000000000036DEC0,0,000000000036EED0,4096,[0]).


Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (04/11/2014 11:58:38 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/11/2014 11:58:18 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/11/2014 11:57:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (04/08/2014 08:17:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (04/13/2014 07:37:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde nicht richtig gestartet.

Error: (04/11/2014 11:27:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Systemk Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/11/2014 11:26:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "LPT System Updater Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/11/2014 11:26:44 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LPT System Updater Service erreicht.

Error: (04/06/2014 00:05:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Systemk Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/05/2014 11:14:05 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎05.‎04.‎2014 um 11:08:18 unerwartet heruntergefahren.

Error: (02/15/2014 09:51:33 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (01/10/2014 09:27:48 PM) (Source: DCOM) (User: )
Description: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error: (01/10/2014 03:37:10 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎09.‎01.‎2014 um 17:01:52 unerwartet heruntergefahren.

Error: (12/27/2013 00:30:32 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎27.‎12.‎2013 um 10:40:28 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (04/13/2014 08:49:52 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1652153114399ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753129001cf56e48d904eafC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dlld0408dc3-c2d7-11e3-8c3b-88ae1d5f441b

Error: (04/13/2014 00:29:02 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest

Error: (04/13/2014 00:28:05 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (04/13/2014 00:26:26 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/12/2014 10:12:33 PM) (Source: VSS)(User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (04/12/2014 10:12:33 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{685fdad2-81aa-11df-b443-806e6f6e6963} - 0000000000000064,0x0053c010,000000000036DEC0,0,000000000036EED0,4096,[0])

Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (04/11/2014 11:58:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest

Error: (04/11/2014 11:58:18 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (04/11/2014 11:57:48 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/08/2014 08:17:15 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\mavesi\downloads\softonicdownloader_fuer_nitro-pdf-reader.exe


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3958.71 MB
Available physical RAM: 2282.46 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 6219.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:283.99 GB) (Free:132.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0CB0F290)

Partition: GPT Partition Type.

==================== End Of Log ============================

So ich hoffe das hilft weiter!

cosinus · 15.04.2014, 20:20

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

CompuLaie · 16.04.2014, 20:47

Ergebnis Adware:

Code:

ATTFilter

# AdwCleaner v3.023 - Bericht erstellt am 16/04/2014 um 21:24:08
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : mavesi - MAVESI-PC
# Gestartet von : C:\Users\mavesi\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\DealPlyLive
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\wincert
Ordner Gelöscht : C:\Program Files (x86)\DealPlyLive
Ordner Gelöscht : C:\Users\mavesi\AppData\Local\DealPlyLive
Ordner Gelöscht : C:\Users\mavesi\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\mavesi\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\mavesi\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\mavesi\AppData\LocalLow\mixidj
Ordner Gelöscht : C:\Users\mavesi\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\mavesi\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\mavesi\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\mavesi\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\Conduit
Ordner Gelöscht : C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\ConduitEngine
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\mavesi\Desktop\Uninstall.exe
Datei Gelöscht : C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\invalidprefs.js
Datei Gelöscht : C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\mavesi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
Datei Gelöscht : C:\Windows\Tasks\Dealply.job
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051108.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051108.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051108.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051108.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\5c68cdbb06fea13
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511111108}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522112208}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555115508}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566116608}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544114408}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511111108}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511111108}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511111108}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511111108}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522112208}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555115508}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566116608}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511111108}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DealPlyLive
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKLM\Software\DealPlyLive
Schlüssel Gelöscht : HKLM\Software\SearchProtect

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\prefs.js ]

Zeile gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "CT2475029");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "myashampoo");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Jun 08 2011 21:31:26 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertEnabled", true);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 23:38:23 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 26 2011 19:08:49 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "ebb14948-f50e-47da-b055-30d049916768");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "MyAshampoo Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a4jv-[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "14454ad2ea09293b259c5e3e17cc4e86");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "70b24c6b000000000000c446196063dc");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15963");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.621:12:54");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121565&tsp=5006");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.helperbar.BackPageActive", true);
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.LastHiddenTime", 22997912);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 1);
Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 20);
Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1395346562702");
Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15);
Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "769");
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\"],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/i.linkuryjs.info\\\\\\/kury\\\\\\[...]
Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "true");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "4792d491-b220-564c-f351-5d8cb1f1e2dc");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "15/09/2013");
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1395338242");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1395388962060");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "quickobrw");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9[...]

[ Datei : C:\Users\verelo\AppData\Roaming\Mozilla\Firefox\Profiles\tclwjjhr.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=de_DE&apn_uid=76C51B50-B6D0-497F-B4FB-F037D6298953&apn_ptnrs=U3&apn_sauid=B81EC3C2-C964-4ABA-A0AC[...]

-\\ Google Chrome v34.0.1847.116

[ Datei : C:\Users\mavesi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\verelo\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [19069 octets] - [16/04/2014 21:20:33]
AdwCleaner[S0].txt - [16752 octets] - [16/04/2014 21:24:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16813 octets] ##########

--- --- ---

JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by mavesi on 16.04.2014 at 21:33:03,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3584059252-3088558919-258353354-1001\Software\sweetim



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-8.1-codedownloader.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-8.1-enabler.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-8.1-firefoxinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-8.1-updater.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-8.1-validator.job



~~~ Folders

Successfully deleted: [Folder] "C:\Users\mavesi\appdata\locallow\datamngr"



~~~ FireFox

Emptied folder: C:\Users\mavesi\AppData\Roaming\mozilla\firefox\profiles\c6arh6z3.default\minidumps [221 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.04.2014 at 21:39:48,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02
Ran by mavesi (administrator) on MAVESI-PC on 16-04-2014 21:41:57
Running from C:\Users\mavesi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Thisisu) C:\Users\mavesi\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-3584059252-3088558919-258353354-1001\...\MountPoints2: {60364f2a-f180-11df-9995-c446196063dc} - E:\AutoRun.exe
HKU\S-1-5-21-3584059252-3088558919-258353354-1001\...\MountPoints2: {60364f52-f180-11df-9995-c446196063dc} - E:\AutoRun.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\mavesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme730g&r=27360810d765l0464z185r4672607s
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=103&itype=n&ver=11471&tm=309&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=103&itype=n&ver=11471&tm=309&src=ds&p={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE394
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=103&itype=a&ver=12331&tm=309&src=ds&p={searchTerms}
BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll No File
BHO-x32: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default
FF NewTab: about:blank
FF SearchEngineOrder.1: default-search.net
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Linkey for Firefox - C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\Extensions\extension@linkeyproject.com [2014-04-06]
FF Extension: O2CPlayer Plugin - C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\Extensions\o2cplayer@eleco.com [2014-03-18]
FF Extension: WOT - C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]

Chrome: 
=======
CHR Extension: (McAfee Security Scan+) - C:\Users\mavesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-04-06]
CHR Extension: (Google Wallet) - C:\Users\mavesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-06]

==================== Services (Whitelisted) =================

R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [867360 2010-04-23] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [238328 2009-10-10] (WildTangent, Inc.)
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121280 2009-12-08] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [121280 2009-12-08] (SlySoft, Inc.)
S2 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-16 21:41 - 2014-04-16 21:41 - 00012907 _____ () C:\Users\mavesi\Desktop\FRST.txt
2014-04-16 21:41 - 2014-04-16 21:41 - 00000000 ____D () C:\Users\mavesi\Desktop\FRST-OlderVersion
2014-04-16 21:39 - 2014-04-16 21:39 - 00001402 _____ () C:\Users\mavesi\Desktop\JRT.txt
2014-04-16 21:33 - 2014-04-16 21:33 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 21:31 - 2014-04-16 21:31 - 01016261 _____ (Thisisu) C:\Users\mavesi\Desktop\JRT.exe
2014-04-16 21:20 - 2014-04-16 21:24 - 00000000 ____D () C:\AdwCleaner
2014-04-16 21:16 - 2014-04-16 21:16 - 01426178 _____ () C:\Users\mavesi\Desktop\adwcleaner.exe
2014-04-14 19:44 - 2014-04-14 19:45 - 00035054 _____ () C:\Users\mavesi\Desktop\Addition.txt
2014-04-14 19:43 - 2014-04-14 19:45 - 00029959 _____ () C:\Users\mavesi\Desktop\FRST_1.txt
2014-04-14 19:42 - 2014-04-16 21:41 - 00000000 ____D () C:\FRST
2014-04-14 19:40 - 2014-04-16 21:41 - 02158592 _____ (Farbar) C:\Users\mavesi\Desktop\FRST64.exe
2014-04-13 08:53 - 2014-02-17 19:22 - 00000426 _____ () C:\AVScanner.ini
2014-04-09 19:57 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 19:57 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 19:57 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 19:57 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 19:57 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 19:57 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 19:57 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 19:57 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 19:57 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 19:57 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-06 12:05 - 2014-04-06 12:05 - 00000832 _____ () C:\Users\mavesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Linkey.lnk
2014-04-05 14:34 - 2014-04-06 12:08 - 00002102 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-04-05 14:34 - 2014-04-06 12:08 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-03-30 22:03 - 2014-04-01 22:00 - 00040795 _____ () C:\Users\mavesi\Desktop\Abschied Maxi-Kinder_2.odt
2014-03-21 12:42 - 2014-03-21 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 19:32 - 2014-03-24 06:44 - 00042790 _____ () C:\Users\mavesi\Desktop\Abschied Maxi-Kinder.odt
2014-03-18 20:15 - 2014-03-18 20:15 - 00001274 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-03-18 20:15 - 2014-03-18 20:15 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-03-18 20:14 - 2014-03-18 20:14 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\mavesi\Desktop\ElsterFormular-15.0.20140212p.exe
2014-03-18 20:12 - 2014-03-18 20:13 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\mavesi\Downloads\ElsterFormular-15.0.20140212p.exe

==================== One Month Modified Files and Folders =======

2014-04-16 21:42 - 2014-04-16 21:41 - 00012907 _____ () C:\Users\mavesi\Desktop\FRST.txt
2014-04-16 21:41 - 2014-04-16 21:41 - 00000000 ____D () C:\Users\mavesi\Desktop\FRST-OlderVersion
2014-04-16 21:41 - 2014-04-14 19:42 - 00000000 ____D () C:\FRST
2014-04-16 21:41 - 2014-04-14 19:40 - 02158592 _____ (Farbar) C:\Users\mavesi\Desktop\FRST64.exe
2014-04-16 21:39 - 2014-04-16 21:39 - 00001402 _____ () C:\Users\mavesi\Desktop\JRT.txt
2014-04-16 21:34 - 2010-08-28 03:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 21:34 - 2010-08-28 03:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 21:33 - 2014-04-16 21:33 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 21:33 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 21:33 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 21:31 - 2014-04-16 21:31 - 01016261 _____ (Thisisu) C:\Users\mavesi\Desktop\JRT.exe
2014-04-16 21:30 - 2010-06-27 17:05 - 00652192 _____ () C:\Windows\system32\perfh007.dat
2014-04-16 21:30 - 2010-06-27 17:05 - 00129784 _____ () C:\Windows\system32\perfc007.dat
2014-04-16 21:30 - 2009-07-14 07:13 - 01496052 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 21:25 - 2010-06-27 07:14 - 01440963 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 21:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 21:25 - 2009-07-14 06:51 - 00198638 _____ () C:\Windows\setupact.log
2014-04-16 21:24 - 2014-04-16 21:20 - 00000000 ____D () C:\AdwCleaner
2014-04-16 21:23 - 2013-03-16 17:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-16 21:16 - 2014-04-16 21:16 - 01426178 _____ () C:\Users\mavesi\Desktop\adwcleaner.exe
2014-04-14 19:45 - 2014-04-14 19:44 - 00035054 _____ () C:\Users\mavesi\Desktop\Addition.txt
2014-04-14 19:45 - 2014-04-14 19:43 - 00029959 _____ () C:\Users\mavesi\Desktop\FRST_1.txt
2014-04-14 18:52 - 2010-05-06 09:21 - 00388882 _____ () C:\Windows\PFRO.log
2014-04-13 21:14 - 2010-05-06 09:11 - 00000000 ____D () C:\Program Files (x86)\eMachines
2014-04-13 20:40 - 2011-02-27 13:25 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-04-13 20:37 - 2010-05-06 08:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-13 09:04 - 2010-05-06 09:13 - 00000000 ____D () C:\Program Files\Google
2014-04-13 09:04 - 2010-05-06 09:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-13 08:49 - 2010-11-05 22:24 - 00000000 ____D () C:\Users\mavesi\AppData\Local\CrashDumps
2014-04-13 08:49 - 2010-08-28 03:37 - 00000000 ____D () C:\Users\mavesi\AppData\Local\Google
2014-04-13 08:49 - 2010-05-06 09:13 - 00000000 ____D () C:\ProgramData\Google
2014-04-09 21:51 - 2013-08-14 22:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 21:49 - 2010-10-14 15:53 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-06 15:19 - 2013-03-29 18:42 - 00000000 ____D () C:\Users\mavesi\AppData\Roaming\MyPhoneExplorer
2014-04-06 12:08 - 2014-04-05 14:34 - 00002102 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-04-06 12:08 - 2014-04-05 14:34 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-04-06 12:05 - 2014-04-06 12:05 - 00000832 _____ () C:\Users\mavesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Linkey.lnk
2014-04-06 11:58 - 2013-09-15 10:54 - 07080248 _____ () C:\Users\mavesi\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-04-01 22:00 - 2014-03-30 22:03 - 00040795 _____ () C:\Users\mavesi\Desktop\Abschied Maxi-Kinder_2.odt
2014-03-31 03:16 - 2014-04-09 19:57 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 19:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 19:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 19:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 21:29 - 2010-08-28 03:48 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 21:29 - 2010-08-28 03:48 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-24 06:44 - 2014-03-20 19:32 - 00042790 _____ () C:\Users\mavesi\Desktop\Abschied Maxi-Kinder.odt
2014-03-24 06:30 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-21 18:54 - 2012-04-26 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-21 12:42 - 2014-03-21 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-21 10:49 - 2011-02-06 00:44 - 00000000 ____D () C:\Users\mavesi\AppData\Local\.elfohilfe
2014-03-18 22:14 - 2010-09-22 20:52 - 00000000 ____D () C:\Markus
2014-03-18 20:16 - 2011-02-06 01:34 - 00000000 ____D () C:\ProgramData\elsterformular
2014-03-18 20:15 - 2014-03-18 20:15 - 00001274 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-03-18 20:15 - 2014-03-18 20:15 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-03-18 20:14 - 2014-03-18 20:14 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\mavesi\Desktop\ElsterFormular-15.0.20140212p.exe
2014-03-18 20:13 - 2014-03-18 20:12 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\mavesi\Downloads\ElsterFormular-15.0.20140212p.exe

Some content of TEMP:
====================
C:\Users\mavesi\AppData\Local\Temp\ApnStub.exe
C:\Users\mavesi\AppData\Local\Temp\avgnt.exe
C:\Users\mavesi\AppData\Local\Temp\bitool.dll
C:\Users\mavesi\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\mavesi\AppData\Local\Temp\contentDATs.exe
C:\Users\mavesi\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\mavesi\AppData\Local\Temp\Delta.exe
C:\Users\mavesi\AppData\Local\Temp\DeltaTB.exe
C:\Users\mavesi\AppData\Local\Temp\dp.exe
C:\Users\mavesi\AppData\Local\Temp\FileSystemView.dll
C:\Users\mavesi\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\mavesi\AppData\Local\Temp\FreemakeVideoConverter_4.0.4.3.exe
C:\Users\mavesi\AppData\Local\Temp\GLFC759.tmp.ConduitEngineSetup.exe
C:\Users\mavesi\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_nitro_pdf_reader_64_dlm.exe
C:\Users\mavesi\AppData\Local\Temp\Installer.exe
C:\Users\mavesi\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\mavesi\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\mavesi\AppData\Local\Temp\MixiDJToolbar_yh.exe
C:\Users\mavesi\AppData\Local\Temp\Myashampoo.exe
C:\Users\mavesi\AppData\Local\Temp\MybabylonTB.exe
C:\Users\mavesi\AppData\Local\Temp\NEventMessages.dll
C:\Users\mavesi\AppData\Local\Temp\nitro_reader3.exe
C:\Users\mavesi\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\mavesi\AppData\Local\Temp\Nokia_PC_Suite_ger.exe
C:\Users\mavesi\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\mavesi\AppData\Local\Temp\nsc1678.exe
C:\Users\mavesi\AppData\Local\Temp\nscF0AA.exe
C:\Users\mavesi\AppData\Local\Temp\nsiF94.exe
C:\Users\mavesi\AppData\Local\Temp\nsnED40.exe
C:\Users\mavesi\AppData\Local\Temp\nsx12FE.exe
C:\Users\mavesi\AppData\Local\Temp\nsxE9D5.exe
C:\Users\mavesi\AppData\Local\Temp\pid16.dll
C:\Users\mavesi\AppData\Local\Temp\pid32.dll
C:\Users\mavesi\AppData\Local\Temp\pidCD.dll
C:\Users\mavesi\AppData\Local\Temp\plus-hd-8-1.exe
C:\Users\mavesi\AppData\Local\Temp\Quarantine.exe
C:\Users\mavesi\AppData\Local\Temp\ResetDevice.exe
C:\Users\mavesi\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\mavesi\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\mavesi\AppData\Local\Temp\setup.exe
C:\Users\mavesi\AppData\Local\Temp\tbMyA0.dll
C:\Users\mavesi\AppData\Local\Temp\uninst1.exe
C:\Users\mavesi\AppData\Local\Temp\VIS-2013-German.exe
C:\Users\mavesi\AppData\Local\Temp\VisusClient.dll
C:\Users\mavesi\AppData\Local\Temp\w4wuintg.dll
C:\Users\mavesi\AppData\Local\Temp\WSSetup.exe
C:\Users\mavesi\AppData\Local\Temp\{7CAAAB10-0A61-4D60-8B7C-B7E9581005EF}-21.0.1180.75_20.0.1132.57_chrome_updater.exe
C:\Users\verelo\AppData\Local\Temp\NEventMessages.dll
C:\Users\verelo\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-11 23:57

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Viele Grüße!

CompuLaie
[/CODE]
[/CODE]

cosinus · 16.04.2014, 21:46

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
FF SearchEngineOrder.1: default-search.net
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?sid=498&aid=103&itype=n&ver=11471&tm=309&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?sid=498&aid=103&itype=n&ver=11471&tm=309&src=ds&p={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE394
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?sid=498&aid=103&itype=a&ver=12331&tm=309&src=ds&p={searchTerms}
BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll No File
BHO-x32: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

CompuLaie · 17.04.2014, 14:37

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-04-2014 02
Ran by mavesi at 2014-04-17 15:35:24 Run:1
Running from C:\Users\mavesi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
FF SearchEngineOrder.1: default-search.net
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=103&itype=n&ver=11471&tm=309&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=103&itype=n&ver=11471&tm=309&src=ds&p={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE394
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=103&itype=a&ver=12331&tm=309&src=ds&p={searchTerms}
BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll No File
BHO-x32: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
*****************

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe => Key deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully.
HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.

==== End of Fixlog ====

cosinus · 17.04.2014, 14:40

Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

CompuLaie · 17.04.2014, 14:47

Et voilà:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02
Ran by mavesi (administrator) on MAVESI-PC on 17-04-2014 15:43:06
Running from C:\Users\mavesi\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
() C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-3584059252-3088558919-258353354-1001\...\MountPoints2: {60364f2a-f180-11df-9995-c446196063dc} - E:\AutoRun.exe
HKU\S-1-5-21-3584059252-3088558919-258353354-1001\...\MountPoints2: {60364f52-f180-11df-9995-c446196063dc} - E:\AutoRun.exe
Startup: C:\Users\mavesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=eme730g&r=27360810d765l0464z185r4672607s
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Linkey for Firefox - C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\Extensions\extension@linkeyproject.com [2014-04-06]
FF Extension: O2CPlayer Plugin - C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\Extensions\o2cplayer@eleco.com [2014-03-18]
FF Extension: WOT - C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]

Chrome: 
=======
CHR Extension: (McAfee Security Scan+) - C:\Users\mavesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-04-06]
CHR Extension: (Google Wallet) - C:\Users\mavesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-06]

==================== Services (Whitelisted) =================

R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [867360 2010-04-23] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [238328 2009-10-10] (WildTangent, Inc.)
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121280 2009-12-08] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [121280 2009-12-08] (SlySoft, Inc.)
S2 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 15:42 - 2014-04-17 15:43 - 00010691 _____ () C:\Users\mavesi\Desktop\FRST.txt
2014-04-16 21:41 - 2014-04-16 21:43 - 00026066 _____ () C:\Users\mavesi\Desktop\FRST_2.txt
2014-04-16 21:41 - 2014-04-16 21:41 - 00000000 ____D () C:\Users\mavesi\Desktop\FRST-OlderVersion
2014-04-16 21:39 - 2014-04-16 21:39 - 00001402 _____ () C:\Users\mavesi\Desktop\JRT.txt
2014-04-16 21:33 - 2014-04-16 21:33 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 21:31 - 2014-04-16 21:31 - 01016261 _____ (Thisisu) C:\Users\mavesi\Desktop\JRT.exe
2014-04-16 21:20 - 2014-04-16 21:24 - 00000000 ____D () C:\AdwCleaner
2014-04-16 21:16 - 2014-04-16 21:16 - 01426178 _____ () C:\Users\mavesi\Desktop\adwcleaner.exe
2014-04-14 19:44 - 2014-04-14 19:45 - 00035054 _____ () C:\Users\mavesi\Desktop\Addition.txt
2014-04-14 19:43 - 2014-04-14 19:45 - 00029959 _____ () C:\Users\mavesi\Desktop\FRST_1.txt
2014-04-14 19:42 - 2014-04-17 15:42 - 00000000 ____D () C:\FRST
2014-04-14 19:40 - 2014-04-16 21:41 - 02158592 _____ (Farbar) C:\Users\mavesi\Desktop\FRST64.exe
2014-04-13 08:53 - 2014-02-17 19:22 - 00000426 _____ () C:\AVScanner.ini
2014-04-09 19:57 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 19:57 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 19:57 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 19:57 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 19:57 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 19:57 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 19:57 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 19:57 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 19:57 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 19:57 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 19:57 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-06 12:05 - 2014-04-06 12:05 - 00000832 _____ () C:\Users\mavesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Linkey.lnk
2014-04-05 14:34 - 2014-04-06 12:08 - 00002102 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-04-05 14:34 - 2014-04-06 12:08 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-03-30 22:03 - 2014-04-01 22:00 - 00040795 _____ () C:\Users\mavesi\Desktop\Abschied Maxi-Kinder_2.odt
2014-03-21 12:42 - 2014-03-21 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 19:32 - 2014-03-24 06:44 - 00042790 _____ () C:\Users\mavesi\Desktop\Abschied Maxi-Kinder.odt
2014-03-18 20:15 - 2014-03-18 20:15 - 00001274 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-03-18 20:15 - 2014-03-18 20:15 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-03-18 20:14 - 2014-03-18 20:14 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\mavesi\Desktop\ElsterFormular-15.0.20140212p.exe
2014-03-18 20:12 - 2014-03-18 20:13 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\mavesi\Downloads\ElsterFormular-15.0.20140212p.exe

==================== One Month Modified Files and Folders =======

2014-04-17 15:43 - 2014-04-17 15:42 - 00010691 _____ () C:\Users\mavesi\Desktop\FRST.txt
2014-04-17 15:42 - 2014-04-14 19:42 - 00000000 ____D () C:\FRST
2014-04-17 15:34 - 2010-08-28 03:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 15:31 - 2010-06-27 07:14 - 01462863 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 15:23 - 2013-03-16 17:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 15:22 - 2010-08-28 03:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 15:22 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 15:22 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 15:19 - 2010-06-27 17:05 - 00652192 _____ () C:\Windows\system32\perfh007.dat
2014-04-17 15:19 - 2010-06-27 17:05 - 00129784 _____ () C:\Windows\system32\perfc007.dat
2014-04-17 15:19 - 2009-07-14 07:13 - 01496052 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 15:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 15:15 - 2009-07-14 06:51 - 00198694 _____ () C:\Windows\setupact.log
2014-04-16 21:43 - 2014-04-16 21:41 - 00026066 _____ () C:\Users\mavesi\Desktop\FRST_2.txt
2014-04-16 21:41 - 2014-04-16 21:41 - 00000000 ____D () C:\Users\mavesi\Desktop\FRST-OlderVersion
2014-04-16 21:41 - 2014-04-14 19:40 - 02158592 _____ (Farbar) C:\Users\mavesi\Desktop\FRST64.exe
2014-04-16 21:39 - 2014-04-16 21:39 - 00001402 _____ () C:\Users\mavesi\Desktop\JRT.txt
2014-04-16 21:33 - 2014-04-16 21:33 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 21:31 - 2014-04-16 21:31 - 01016261 _____ (Thisisu) C:\Users\mavesi\Desktop\JRT.exe
2014-04-16 21:24 - 2014-04-16 21:20 - 00000000 ____D () C:\AdwCleaner
2014-04-16 21:16 - 2014-04-16 21:16 - 01426178 _____ () C:\Users\mavesi\Desktop\adwcleaner.exe
2014-04-14 19:45 - 2014-04-14 19:44 - 00035054 _____ () C:\Users\mavesi\Desktop\Addition.txt
2014-04-14 19:45 - 2014-04-14 19:43 - 00029959 _____ () C:\Users\mavesi\Desktop\FRST_1.txt
2014-04-14 18:52 - 2010-05-06 09:21 - 00388882 _____ () C:\Windows\PFRO.log
2014-04-13 21:14 - 2010-05-06 09:11 - 00000000 ____D () C:\Program Files (x86)\eMachines
2014-04-13 20:40 - 2011-02-27 13:25 - 00000000 ____D () C:\Program Files (x86)\WISO
2014-04-13 20:37 - 2010-05-06 08:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-13 09:04 - 2010-05-06 09:13 - 00000000 ____D () C:\Program Files\Google
2014-04-13 09:04 - 2010-05-06 09:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-13 08:49 - 2010-11-05 22:24 - 00000000 ____D () C:\Users\mavesi\AppData\Local\CrashDumps
2014-04-13 08:49 - 2010-08-28 03:37 - 00000000 ____D () C:\Users\mavesi\AppData\Local\Google
2014-04-13 08:49 - 2010-05-06 09:13 - 00000000 ____D () C:\ProgramData\Google
2014-04-09 21:51 - 2013-08-14 22:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 21:49 - 2010-10-14 15:53 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-06 15:19 - 2013-03-29 18:42 - 00000000 ____D () C:\Users\mavesi\AppData\Roaming\MyPhoneExplorer
2014-04-06 12:08 - 2014-04-05 14:34 - 00002102 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-04-06 12:08 - 2014-04-05 14:34 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-04-06 12:05 - 2014-04-06 12:05 - 00000832 _____ () C:\Users\mavesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Linkey.lnk
2014-04-06 11:58 - 2013-09-15 10:54 - 07080248 _____ () C:\Users\mavesi\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-04-01 22:00 - 2014-03-30 22:03 - 00040795 _____ () C:\Users\mavesi\Desktop\Abschied Maxi-Kinder_2.odt
2014-03-31 03:16 - 2014-04-09 19:57 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 19:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 19:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 19:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 21:29 - 2010-08-28 03:48 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 21:29 - 2010-08-28 03:48 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-24 06:44 - 2014-03-20 19:32 - 00042790 _____ () C:\Users\mavesi\Desktop\Abschied Maxi-Kinder.odt
2014-03-24 06:30 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-21 18:54 - 2012-04-26 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-21 12:42 - 2014-03-21 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-21 10:49 - 2011-02-06 00:44 - 00000000 ____D () C:\Users\mavesi\AppData\Local\.elfohilfe
2014-03-18 22:14 - 2010-09-22 20:52 - 00000000 ____D () C:\Markus
2014-03-18 20:16 - 2011-02-06 01:34 - 00000000 ____D () C:\ProgramData\elsterformular
2014-03-18 20:15 - 2014-03-18 20:15 - 00001274 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2014-03-18 20:15 - 2014-03-18 20:15 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-03-18 20:14 - 2014-03-18 20:14 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\mavesi\Desktop\ElsterFormular-15.0.20140212p.exe
2014-03-18 20:13 - 2014-03-18 20:12 - 77047096 _____ (Landesfinanzdirektion Thüringen) C:\Users\mavesi\Downloads\ElsterFormular-15.0.20140212p.exe

Some content of TEMP:
====================
C:\Users\mavesi\AppData\Local\Temp\ApnStub.exe
C:\Users\mavesi\AppData\Local\Temp\avgnt.exe
C:\Users\mavesi\AppData\Local\Temp\bitool.dll
C:\Users\mavesi\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\mavesi\AppData\Local\Temp\contentDATs.exe
C:\Users\mavesi\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\mavesi\AppData\Local\Temp\Delta.exe
C:\Users\mavesi\AppData\Local\Temp\DeltaTB.exe
C:\Users\mavesi\AppData\Local\Temp\dp.exe
C:\Users\mavesi\AppData\Local\Temp\FileSystemView.dll
C:\Users\mavesi\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\mavesi\AppData\Local\Temp\FreemakeVideoConverter_4.0.4.3.exe
C:\Users\mavesi\AppData\Local\Temp\GLFC759.tmp.ConduitEngineSetup.exe
C:\Users\mavesi\AppData\Local\Temp\ICReinstall_COMPUTER_BILD-Download-Manager_fuer_nitro_pdf_reader_64_dlm.exe
C:\Users\mavesi\AppData\Local\Temp\Installer.exe
C:\Users\mavesi\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\mavesi\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\mavesi\AppData\Local\Temp\MixiDJToolbar_yh.exe
C:\Users\mavesi\AppData\Local\Temp\Myashampoo.exe
C:\Users\mavesi\AppData\Local\Temp\MybabylonTB.exe
C:\Users\mavesi\AppData\Local\Temp\NEventMessages.dll
C:\Users\mavesi\AppData\Local\Temp\nitro_reader3.exe
C:\Users\mavesi\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\mavesi\AppData\Local\Temp\Nokia_PC_Suite_ger.exe
C:\Users\mavesi\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\mavesi\AppData\Local\Temp\nsc1678.exe
C:\Users\mavesi\AppData\Local\Temp\nscF0AA.exe
C:\Users\mavesi\AppData\Local\Temp\nsiF94.exe
C:\Users\mavesi\AppData\Local\Temp\nsnED40.exe
C:\Users\mavesi\AppData\Local\Temp\nsx12FE.exe
C:\Users\mavesi\AppData\Local\Temp\nsxE9D5.exe
C:\Users\mavesi\AppData\Local\Temp\pid16.dll
C:\Users\mavesi\AppData\Local\Temp\pid32.dll
C:\Users\mavesi\AppData\Local\Temp\pidCD.dll
C:\Users\mavesi\AppData\Local\Temp\plus-hd-8-1.exe
C:\Users\mavesi\AppData\Local\Temp\Quarantine.exe
C:\Users\mavesi\AppData\Local\Temp\ResetDevice.exe
C:\Users\mavesi\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\mavesi\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\mavesi\AppData\Local\Temp\setup.exe
C:\Users\mavesi\AppData\Local\Temp\tbMyA0.dll
C:\Users\mavesi\AppData\Local\Temp\uninst1.exe
C:\Users\mavesi\AppData\Local\Temp\VIS-2013-German.exe
C:\Users\mavesi\AppData\Local\Temp\VisusClient.dll
C:\Users\mavesi\AppData\Local\Temp\w4wuintg.dll
C:\Users\mavesi\AppData\Local\Temp\WSSetup.exe
C:\Users\mavesi\AppData\Local\Temp\{7CAAAB10-0A61-4D60-8B7C-B7E9581005EF}-21.0.1180.75_20.0.1132.57_chrome_updater.exe
C:\Users\verelo\AppData\Local\Temp\NEventMessages.dll
C:\Users\verelo\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-11 23:57

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-04-2014 02
Ran by mavesi at 2014-04-17 15:43:27
Running from C:\Users\mavesi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version:  - SlySoft)
ATI Catalyst Install Manager (HKLM\...\{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82 - WildTangent) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.04 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help English (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help French (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help German (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0122.858.16002 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0122.858.16002 - ATI) Hidden
Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.82 - WildTangent) Hidden
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version:  - Elaborate Bytes)
DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140212 - Landesfinanzdirektion Thüringen)
eMachines Game Console (x32 Version:  - WildTangent) Hidden
eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.0.80 - WildTangent)
eMachines Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0127.2010 - Acer Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Jewel Quest (x32 Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.8 - eMachines)
Mahjongg Artifacts (x32 Version: 2.2.0.82 - WildTangent) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Nero 9 Essentials (HKLM-x32\...\{f58cbb92-9400-43ee-aa73-59d5b31f6120}) (Version:  - Nero AG)
Nero BurnRights (x32 Version: 3.4.10.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.9.203 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero Disc Copy Gadget (x32 Version: 2.4.22.0 - Nero AG) Hidden
Nero Disc Copy Gadget Help (x32 Version: 2.4.22.0 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.12.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.10.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.14.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.10.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero PhotoSnap (x32 Version: 1.53.2.0 - Nero AG) Hidden
Nero PhotoSnap Help (x32 Version: 1.53.2.0 - Nero AG) Hidden
Nero Recode (x32 Version: 4.4.22.54 - Nero AG) Hidden
Nero Recode Help (x32 Version: 4.4.22.0 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.13.202 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.210 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.10.205 - Nero AG) Hidden
Nero Vision Help (x32 Version: 6.4.8.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.506 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
OpenOffice.org 3.2 (HKLM-x32\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)
PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plus-HD-8.1 (HKLM-x32\...\Plus-HD-8.1) (Version: 1.34.1.29 - Plus HD) <==== ATTENTION
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Pool (x32 Version: 2.2.0.82 - WildTangent) Hidden
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6015 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30118 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Verbindungsassistent (HKLM-x32\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent)
Video Web Camera (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.1.3.2 - Suyin Optronics Corp)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - A New Home (x32 Version: 2.2.0.82 - WildTangent) Hidden
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
XMedia Recode Version 3.1.3.4 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.3.4 - XMedia Recode)
Yahtzee (x32 Version: 2.2.0.82 - WildTangent) Hidden
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Restore Points  =========================

05-03-2014 17:41:38 Windows Update
11-03-2014 16:24:31 Windows Update
16-03-2014 18:24:16 Windows Update
18-03-2014 21:19:39 Windows Update
27-03-2014 22:03:14 Windows Update
01-04-2014 17:43:05 Windows Update
05-04-2014 05:43:21 Windows Update
06-04-2014 09:48:32 Removed Nitro Reader 3
08-04-2014 09:38:02 Windows Update
09-04-2014 19:49:16 Windows Update
13-04-2014 06:52:06 Removed LPT System Updater Service
13-04-2014 18:37:27 Entfernt WISO Steuer-Sparbuch 2011
13-04-2014 18:39:36 Entfernt WISO Steuer-Sparbuch 2012
13-04-2014 20:28:14 Removed Avira Savings Advisor
13-04-2014 20:40:25 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {758CD680-E530-4BB1-BE8E-D8B1FE23F4D4} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\SlySoft\AnyDVD\ExecuteWithUAC.exe [2008-06-27] ()
Task: {813EC6AE-C621-46FF-9E2C-CAAE227DE863} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28] (Google Inc.)
Task: {83769248-0228-4972-BC59-02B976B2B2B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28] (Google Inc.)
Task: {9909DAD8-671B-4397-A836-2562A6969A36} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {BB0DB396-4A15-4C31-9775-C5AE74F88798} - \Dealply ATTENTION ====> No Task File
Task: {D5B22555-6EAA-46A3-9AC5-7063FE5A25BB} - System32\Tasks\{D153BB42-53EC-44B4-A813-346C30DC2317} => Firefox.exe hxxp://ui.skype.com/ui/0/4.1.0.179.369/de/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-16 14:55 - 2009-03-03 13:45 - 00296400 ____N () C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
2010-06-27 07:30 - 2010-01-13 10:47 - 00206208 _____ () C:\Windows\PLFSetI.exe
2010-01-07 14:42 - 2010-01-07 14:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-27 07:16 - 2010-06-27 07:16 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-16 20:54 - 2014-02-16 20:54 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\29335dc88d799664dcd97362bcb687e9\IsdiInterop.ni.dll
2010-05-06 08:52 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-05-06 09:33 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2014 03:42:49 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.10.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 344

Startzeit: 01cf5a41dd9cfa94

Endzeit: 15

Anwendungspfad: C:\Users\mavesi\Desktop\FRST64.exe

Berichts-ID: 1e603e18-c636-11e3-8c20-88ae1d5f441b


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (04/17/2014 03:42:49 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.234401cf5a41dd9cfa9415C:\Users\mavesi\Desktop\FRST64.exe1e603e18-c636-11e3-8c20-88ae1d5f441b


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 3958.71 MB
Available physical RAM: 2757.33 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 6546.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:283.99 GB) (Free:132.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0CB0F290)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 19.04.2014, 13:48

Okay, dann bitte Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

CompuLaie · 20.04.2014, 23:37

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 20.04.2014 21:23:57, SYSTEM, MAVESI-PC, Protection, Malware Protection, Starting, 
Protection, 20.04.2014 21:23:57, SYSTEM, MAVESI-PC, Protection, Malware Protection, Started, 
Protection, 20.04.2014 21:23:57, SYSTEM, MAVESI-PC, Protection, Malicious Website Protection, Starting, 
Update, 20.04.2014 21:23:57, SYSTEM, MAVESI-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, 
Update, 20.04.2014 21:24:01, SYSTEM, MAVESI-PC, Manual, Malware Database, 2014.3.4.9, 2014.4.20.6, 
Protection, 20.04.2014 21:24:03, SYSTEM, MAVESI-PC, Protection, Refresh, Starting, 
Protection, 20.04.2014 21:24:36, SYSTEM, MAVESI-PC, Protection, Malicious Website Protection, Started, 
Protection, 20.04.2014 21:24:36, SYSTEM, MAVESI-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 20.04.2014 21:24:36, SYSTEM, MAVESI-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 20.04.2014 21:24:40, SYSTEM, MAVESI-PC, Protection, Refresh, Success, 
Protection, 20.04.2014 21:24:40, SYSTEM, MAVESI-PC, Protection, Malicious Website Protection, Starting, 
Protection, 20.04.2014 21:24:40, SYSTEM, MAVESI-PC, Protection, Malicious Website Protection, Started, 
Detection, 20.04.2014 21:52:26, SYSTEM, MAVESI-PC, Protection, Malware Protection, File, PUP.Optional.InstallMonetizer.A, C:\Users\mavesi\AppData\Local\Temp\nsrF049.tmp\InstallManager.exe, Quarantine, [cacce04c80fb3ff73a01da4850b16997]
Detection, 20.04.2014 21:55:37, SYSTEM, MAVESI-PC, Protection, Malware Protection, File, PUP.Optional.InstallMonetizer.A, c:\users\mavesi\appdata\local\temp\nsrf049.tmp\installmanager.exe, Quarantine, [cacce04c80fb3ff73a01da4850b16997]
Protection, 20.04.2014 21:55:37, SYSTEM, MAVESI-PC, Protection, SDKQuarantine, 2, Failed, c:\users\mavesi\appdata\local\temp\nsrf049.tmp\installmanager.exe, 
Error, 20.04.2014 21:55:37, SYSTEM, MAVESI-PC, Protection, SDKQuarantine, 2, Failed, c:\users\mavesi\appdata\local\temp\nsrf049.tmp\installmanager.exe, 
Protection, 20.04.2014 22:02:29, SYSTEM, MAVESI-PC, Protection, Malware Protection, Starting, 
Protection, 20.04.2014 22:02:29, SYSTEM, MAVESI-PC, Protection, Malware Protection, Started, 
Protection, 20.04.2014 22:02:29, SYSTEM, MAVESI-PC, Protection, Malicious Website Protection, Starting, 
Protection, 20.04.2014 22:04:07, SYSTEM, MAVESI-PC, Protection, Malicious Website Protection, Started, 

(end)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a60c1769133788428b9f63da4f3c0275
# engine=17964
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-20 10:26:55
# local_time=2014-04-21 12:26:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 147562 149662665 0 0
# scanned=190932
# found=0
# cleaned=0
# scan_time=5767

cosinus · 21.04.2014, 20:46

Falsches Log von MBAM, bitte das richtige Log vom Suchlauf posten, kein Protection Log.

CompuLaie · 21.04.2014, 21:09

Sorry, ich hoffe das ist jetzt das Richtige:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.04.2014
Suchlauf-Zeit: 22:00:52
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.20.06
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: mavesi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 285446
Verstrichene Zeit: 32 Min, 47 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 13
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, In Quarantäne, [0df352ae8779f20ea4bafd1928dab24e], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, In Quarantäne, [0df352ae8779f20ea4bafd1928dab24e], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-3584059252-3088558919-258353354-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [20e017e9e8183dc3acba9d7904fe2cd4], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\Linkey.Linkey, In Quarantäne, [20e017e9e8183dc3acba9d7904fe2cd4], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Linkey.Linkey, In Quarantäne, [20e017e9e8183dc3acba9d7904fe2cd4], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-3584059252-3088558919-258353354-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [20e017e9e8183dc3acba9d7904fe2cd4], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY, In Quarantäne, [ad53ae52dd23c43c223be290f0126c94], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\Plus-HD-8.1, In Quarantäne, [8080a7598a76dc241b59196932d07888], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY, In Quarantäne, [fe0299670000c13f124b77fbe31f7b85], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, In Quarantäne, [d92779877e8213ed24b8d49d9f63b749], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-8.1, In Quarantäne, [b34daf5140c0857b2d38165c41c145bb], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-3584059252-3088558919-258353354-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-8.1, In Quarantäne, [0cf47e82f907bb45c5a02b4762a0db25], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3584059252-3088558919-258353354-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [758bcc341be515eb21ca0277f30f34cc], 

Registrierungswerte: 2
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY|ie_jsurl, hxxp://app.linkeyproject.com/popup/IE/background.js, In Quarantäne, [ad53ae52dd23c43c223be290f0126c94]
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY|ie_jsurl, hxxp://app.linkeyproject.com/popup/IE/background.js, In Quarantäne, [fe0299670000c13f124b77fbe31f7b85]

Registrierungsdaten: 11
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a4jv-jMHkrqOUBFoyM5tWKlNA5jYnfaFtkIUdqSLKVgBSyUZOTKxPJQQqwfzLKbs,, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a4jv-jMHkrqOUBFoyM5tWKlNA5jYnfaFtkIUdqSLKVgBSyUZOTKxPJQQqwfzLKbs,),Ersetzt,[11ef4eb2ae52e719d0f74bd4867ef60a]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a4jv-jMHkrqOUBFoyM5tWKlNA5jYnfaFtkIUdqSLKVgBSyUZOTKxPJQQqwfzLKbs,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a4jv-jMHkrqOUBFoyM5tWKlNA5jYnfaFtkIUdqSLKVgBSyUZOTKxPJQQqwfzLKbs,),Ersetzt,[ff01b34dfd0327d9258d81a806fe857b]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}),Ersetzt,[45bb8080f50bd12fa1246cb3e02452ae]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}),Ersetzt,[9c64a75936ca57a93d73d356db29af51]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}),Ersetzt,[db25fd03b54bae52cafcc55a32d205fb]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}),Ersetzt,[c63aa957f60afd03199829007c88eb15]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}),Ersetzt,[1ae62dd35da30cf45375d44bda2aca36]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}),Ersetzt,[619f36ca5da3ae523f74d455689c08f8]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}),Ersetzt,[05fb15eb57a9c53b6e5bc95606feb749]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}),Ersetzt,[42be718f34ccd0306351ce5b030117e9]
PUP.Optional.HelperBar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66EsTI2rS4RRCAEaCCGjE7tZvKzumbiKzkAcoXILjCsLWy6aBD1hNV4ymULFPkvWQ-a7vtk9BHD1qC3z1oK9CI6Vya-cZDJLIFY1A8MXndvbbEQ6nF8gk60ZKTeC9uSki0,&q={searchTerms}),Ersetzt,[cb358a76ab55fe02e3e15ac50afad729]

Ordner: 4
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\content, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\content\js, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\skin, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 

Dateien: 50
PUP.Optional.OpenCandy, C:\Users\mavesi\Desktop\MyPhoneExplorer_Setup_1.8.4.exe, In Quarantäne, [f20e53ada957a0606aa095b8ee1607f9], 
PUP.Optional.OpenCandy, C:\Users\mavesi\AppData\Local\Temp\FreemakeVideoConverter_4.0.4.3.exe, In Quarantäne, [99674ab6d8284db39b1b7593de2308f8], 
PUP.Optional.SearchProtect.A, C:\Users\mavesi\AppData\Local\Temp\nsc1678.exe, In Quarantäne, [7a86da26b44c09f732360a1aff02bd43], 
PUP.Optional.SearchProtect.A, C:\Users\mavesi\AppData\Local\Temp\nscF0AA.exe, In Quarantäne, [e61a3ec2ec1423dd80e85aca1be6f60a], 
PUP.Optional.Somoto, C:\Users\mavesi\AppData\Local\Temp\bitool.dll, In Quarantäne, [629e9f6135cbf10f0b1bae4f7a870af6], 
PUP.Optional.MixiToolBar.A, C:\Users\mavesi\AppData\Local\Temp\MixiDJToolbar_yh.exe, In Quarantäne, [0ef289771ee28080bafefc270df340c0], 
PUP.Optional.OpenCandy, C:\Users\mavesi\AppData\Local\Temp\MJun6Rog.exe.part, In Quarantäne, [f7093bc59070a45cbafcb5532ad7f10f], 
PUP.Optional.Somoto, C:\Users\mavesi\AppData\Local\Temp\nse96C6.tmp, In Quarantäne, [8f715ca45aa6d32d139de1dd818236ca], 
PUP.Optional.SearchProtect.A, C:\Users\mavesi\AppData\Local\Temp\nsiF94.exe, In Quarantäne, [b34d8f71cb35c739383069bbf50c52ae], 
PUP.Optional.SearchProtect.A, C:\Users\mavesi\AppData\Local\Temp\nsnED40.exe, In Quarantäne, [58a8be42a45cd32d66029292b34ec838], 
PUP.Optional.SearchProtect.A, C:\Users\mavesi\AppData\Local\Temp\nsx12FE.exe, In Quarantäne, [a8587b8528d89d633038ce563cc5d729], 
PUP.Optional.SearchProtect.A, C:\Users\mavesi\AppData\Local\Temp\nsxE9D5.exe, In Quarantäne, [6c9457a988786f918fd9f430946d5ca4], 
PUP.Optional.SmartBar.A, C:\Users\mavesi\AppData\Local\Temp\Installer.exe, In Quarantäne, [4db3dc247f81778962cad54960a0ed13], 
PUP.Optional.DealPly.A, C:\Users\mavesi\AppData\Local\Temp\dp.exe, In Quarantäne, [847cd52be41c0df317a9c58aeb197a86], 
PUP.Optional.Babylon.A, C:\Users\mavesi\AppData\Local\Temp\28A13A1C-BAB0-7891-892B-008F2E051166\Latest\BExternal.dll, In Quarantäne, [6e9234ccb05052aea538889a7f81eb15], 
PUP.Optional.Conduit.A, C:\Users\mavesi\AppData\Local\Temp\28A13A1C-BAB0-7891-892B-008F2E051166\Latest\ccp.exe, In Quarantäne, [04fc17e9738d7b85d3238e8dd22fac54], 
PUP.Optional.Babylon.A, C:\Users\mavesi\AppData\Local\Temp\28A13A1C-BAB0-7891-892B-008F2E051166\Latest\CrxInstaller.dll, In Quarantäne, [46ba43bdf30d43bd829c0113e71a51af], 
PUP.Optional.Delta.A, C:\Users\mavesi\AppData\Local\Temp\28A13A1C-BAB0-7891-892B-008F2E051166\Latest\DSearchLink.exe, In Quarantäne, [1ce4d12f8779a45cbb6d5f96847fba46], 
PUP.Optional.Babylon.A, C:\Users\mavesi\AppData\Local\Temp\28A13A1C-BAB0-7891-892B-008F2E051166\Latest\MntrDLLInstall.dll, In Quarantäne, [55abb84811ef718fde41bf5505fc43bd], 
PUP.Optional.Delta.A, C:\Users\mavesi\AppData\Local\Temp\28A13A1C-BAB0-7891-892B-008F2E051166\Latest\MyDeltaTB.exe, In Quarantäne, [857b05fbde2240c005b4b9b1cd34966a], 
PUP.Optional.Babylon.A, C:\Users\mavesi\AppData\Local\Temp\28A13A1C-BAB0-7891-892B-008F2E051166\Latest\Setup.exe, In Quarantäne, [c63a837da957629eb3cc0a17ef118b75], 
PUP.Optional.InstallMonetizer.A, C:\Users\mavesi\AppData\Local\Temp\nsrF049.tmp\InstallManager.exe, In Quarantäne, [f40cd0306f916898ed4e8c96de23aa56], 
PUP.Optional.Conduit.A, C:\Users\mavesi\AppData\Local\Temp\nssC7E3\SpSetup.exe, In Quarantäne, [56aaec14e02023dd8fc8c55443bef40c], 
PUP.Optional.SystemK.A, C:\Users\mavesi\AppData\Local\Temp\nsy65B6.tmp\nsj68B7.tmp\ffExtension.exe, In Quarantäne, [827eac542ed22cd47fbb97cfee131ee2], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Local\Temp\nsy65B6.tmp\nsj68B7.tmp\mediabar.exe, In Quarantäne, [b14fba461ee22bd5ebb091d48c75a45c], 
PUP.Optional.SystemK.A, C:\Users\mavesi\AppData\Local\Temp\nsy65B6.tmp\nsj68B7.tmp\pack.exe, In Quarantäne, [d62a9967e31d36caa892214529d8b34d], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Local\Temp\nsy65B6.tmp\nsj68B7.tmp\SettingsManagerMediaBar.exe, In Quarantäne, [df218977d62a08f8b0eb3f2634cde719], 
PUP.Optional.Conduit.A, C:\Users\mavesi\AppData\Local\Temp\AD2CCE73-BAB0-7891-9EC7-C085EA31B1D4\Latest\ccp.exe, In Quarantäne, [bc44e11f20e0b44c956117043dc417e9], 
PUP.Optional.Babylon.A, C:\Users\mavesi\AppData\Local\Temp\AD2CCE73-BAB0-7891-9EC7-C085EA31B1D4\Latest\CrxInstaller.dll, In Quarantäne, [14ece11f897727d9ab7325eff50c3bc5], 
PUP.Optional.Babylon.A, C:\Users\mavesi\AppData\Local\Temp\AD2CCE73-BAB0-7891-9EC7-C085EA31B1D4\Latest\MntrDLLInstall.dll, In Quarantäne, [48b80af660a038c866b9d4404eb3d62a], 
PUP.Optional.MixiDJ.A, C:\Users\mavesi\AppData\Local\Temp\AD2CCE73-BAB0-7891-9EC7-C085EA31B1D4\Latest\MyMixiTB.exe, In Quarantäne, [b7496a96fb0532ce5b43fb12946d8f71], 
PUP.Optional.Babylon.A, C:\Users\mavesi\AppData\Local\Temp\AD2CCE73-BAB0-7891-9EC7-C085EA31B1D4\Latest\Setup.exe, In Quarantäne, [8a766b95649c8c74423d64bd19e7a35d], 
PUP.Optional.Softonic.A, C:\Users\mavesi\Downloads\SoftonicDownloader_fuer_nitro-pdf-reader.exe, In Quarantäne, [60a0ec14df2144bc9b7fdf3c8e73ef11], 
PUP.Optional.OpenCandy, C:\Users\mavesi\Downloads\FreemakeVideoConverterSetup_4.0.4.3.exe, In Quarantäne, [4cb42bd538c89a66655166a2a061768a], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Linkey.lnk, In Quarantäne, [ba46c23e45bb1ae6c2b9343ca55db44c], 
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, In Quarantäne, [a45c03fda55b35cbeaead39e13ef24dc], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\chrome.manifest, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\install.rdf, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\content\button.css, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\content\overlay.xul, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\content\js\common.js, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\content\js\LinkeyManager.js, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\skin\bright_green_19_19.png, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\skin\default_19_19.png, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\skin\hard_green_19_19.png, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\skin\icon.png, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\skin\icon64.png, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\skin\orange_19_19.png, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\skin\red_19_19.png, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 
PUP.Optional.Linkey.A, C:\Users\mavesi\AppData\Roaming\Mozilla\Firefox\Profiles\c6arh6z3.default\extensions\extension@linkeyproject.com\skin\yellow_19_19.png, In Quarantäne, [ca3616ea8080788873fd85e140c2ae52], 

Physische Sektoren: 0
(No malicious items detected)


(end)

cosinus · 21.04.2014, 21:23

Nur ein paar Adware-Reste.

TFC - Temp File Cleaner

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

CompuLaie · 25.04.2014, 14:32

Hallo Cosinus,

vielen Dank für deine Hilfe.

Ich habe mir jetzt Ghostery und CookieCuller runtergeladen.
Was mache ich mit den Programmen, die ich im Zuge der Bereinigung runtergeladen habe, kann ich die löschen?

Viele Grüße

CompuLaie

17.04.2014, 14:40	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	search.snapdo lässt sich nicht entfernen Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken __________________ Logfiles bitte immer in CODE-Tags posten

21.04.2014, 20:46	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	search.snapdo lässt sich nicht entfernen Falsches Log von MBAM, bitte das richtige Log vom Suchlauf posten, kein Protection Log. __________________ Logfiles bitte immer in CODE-Tags posten

search.snapdo lässt sich nicht entfernen

Plagegeister aller Art und deren Bekämpfung: search.snapdo lässt sich nicht entfernen