mozilla firefox-viele fenster (v.a. werbung für spiele) öffnen sich automatisch

nadine95 · 02.06.2014, 16:28

hallo

seit einiger zeit öffnen sich bei einem klick im internet manchmal viele neu fenster, darunter hauptsächlich werbungen für spiele.
regcleanpro und advanced system protector habe ich so deinstalliert, wie es hier ( http://www.trojaner-board.de/139837-...clean-pro.html ) angegeben war. jedoch habe ich nur den ersten akt, der in dem link beschrieben war, durchgeführt.(deinstallation und neustart + download adwcleaner; also alles, bis zu der ersten antwort von gegenschreiber)
gerade habe ich malwarebytes Anti-Malware von chip runtergeladen und es wurden einige gefährliche quellen gefunden. habe jetzt alles in quarantäne verschoben.
in der rechten unteren ecke scheint nun (wieder/immer noch) ein fenster auf: 5,2 GB Data Not Backed Up! 949 files are unprotected (documents 97, pictures 501, music 343, videos 4, ebooks 4)..jetzt könnte ich ein free backup durchführen..keine ahnung was alles auf meinem pc lebt

ich hoffe, dass mir jemand helfen kann

danke im voraus - nadine

schrauber · 02.06.2014, 18:18

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

nadine95 · 02.06.2014, 18:31

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by Nadine (administrator) on NADINE-PC on 02-06-2014 19:20:55
Running from C:\Users\Nadine\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\Chiavetta Internet TM201\UIMain.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1935824 2014-05-16] (APN)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {6a541d9c-227e-11e3-aa11-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {8a538d68-76f4-11e3-bd9e-4c0f6e785fc0} - F:\Autorun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {d09dc8b4-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6a541d9c-227e-11e3-aa11-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a538d68-76f4-11e3-bd9e-4c0f6e785fc0} - F:\Autorun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d09dc8b4-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {8a538d68-76f4-11e3-bd9e-4c0f6e785fc0} - F:\Autorun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {b0478c14-c98f-11e3-a32b-206a8a159833} - E:\Startme.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8a538d68-76f4-11e3-bd9e-4c0f6e785fc0} - F:\Autorun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b0478c14-c98f-11e3-a32b-206a8a159833} - E:\Startme.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27360913i106l0448z145t4781o97s
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27360913i106l0448z145t4781o97s
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Toolbar: HKLM - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
Toolbar: HKLM-x32 - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{05363EDC-6544-420D-AEBB-6B8CA2B15F0F}: [NameServer]10.207.43.46 10.206.56.132

FireFox:
========
FF ProfilePath: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default
FF SearchEngineOrder.1: Ask Search
FF Homepage: chrome://fastdial/content/fastdial.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Fast Dial - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\Extensions\fastdial@telega.phpnet.us [2013-09-21]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-05-16] (APN LLC.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-09] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189104 2014-03-29] ()
R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48472 2014-04-24] (Systweak)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-17] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-01-06] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
U0 oncaiiio; C:\Windows\System32\drivers\icgjtcb.sys [79064 2014-06-02] (Malwarebytes Corporation)
R3 onda_cdc_acm; C:\Windows\System32\DRIVERS\onda_cdc_acm.sys [79872 2012-01-25] (ONDA)
R3 onda_cdc_ecm; C:\Windows\System32\DRIVERS\onda_cdc_ecm.sys [60416 2012-01-25] (ONDA)
R3 onda_ecm_enum; C:\Windows\System32\DRIVERS\onda_ecm_enum.sys [56832 2012-01-25] (ONDA)
R3 onda_ecm_enum_filter; C:\Windows\System32\DRIVERS\onda_ecm_enum_filter.sys [56832 2012-01-25] (ONDA)
S3 onda_wcpo; C:\Windows\System32\DRIVERS\onda_wcpo.sys [10752 2012-01-25] (ONDA)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 17:26 - 2014-06-02 17:26 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\icgjtcb.sys
2014-06-02 17:05 - 2014-06-02 17:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 17:04 - 2014-06-02 17:04 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 17:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-02 17:04 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-02 17:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-02 17:03 - 2014-06-02 17:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 16:53 - 2014-06-02 16:53 - 00027345 _____ () C:\Users\Nadine\Downloads\Addition.txt
2014-06-02 16:52 - 2014-06-02 19:20 - 00019758 _____ () C:\Users\Nadine\Downloads\FRST.txt
2014-06-02 16:52 - 2014-06-02 19:20 - 00000000 ____D () C:\FRST
2014-06-02 16:51 - 2014-06-02 16:52 - 02067456 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe
2014-06-02 16:51 - 2014-06-02 16:51 - 01058304 _____ (Farbar) C:\Users\Nadine\Downloads\FRST(2).exe
2014-06-02 16:49 - 2014-06-02 16:49 - 01058304 _____ (Farbar) C:\Users\Nadine\Downloads\FRST(1).exe
2014-06-02 16:48 - 2014-06-02 16:48 - 01058304 _____ (Farbar) C:\Users\Nadine\Downloads\FRST.exe
2014-06-02 16:43 - 2014-06-02 16:43 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Systweak
2014-06-02 16:43 - 2014-06-02 16:43 - 00000000 ____D () C:\ProgramData\Systweak
2014-06-02 16:37 - 2014-06-02 16:41 - 00000000 ____D () C:\AdwCleaner
2014-06-02 16:37 - 2014-06-02 16:37 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(1).exe
2014-06-02 16:35 - 2014-06-02 16:36 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211.exe
2014-06-02 16:34 - 2014-06-02 16:34 - 00001162 _____ () C:\Users\Nadine\Desktop\Live PC Help.lnk
2014-06-01 18:34 - 2014-06-01 19:04 - 00224300 _____ () C:\Users\Domo\Desktop\zeichnung dach.dwg
2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 18:47 - 2014-05-08 18:47 - 00008495 _____ () C:\Users\Domo\Documents\Mappe1.xlsx
2014-05-07 19:46 - 2014-05-07 19:46 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Roaming\Apple Computer
2014-05-03 20:14 - 2014-05-03 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-03 20:14 - 2014-05-03 20:14 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-03 20:12 - 2014-06-02 08:29 - 00001426 _____ () C:\Users\Domo\Desktop\Registry kostenlos entrümpeln!.lnk

==================== One Month Modified Files and Folders =======

2014-06-02 19:21 - 2014-06-02 16:52 - 00019758 _____ () C:\Users\Nadine\Downloads\FRST.txt
2014-06-02 19:21 - 2013-09-21 07:37 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Temp
2014-06-02 19:20 - 2014-06-02 16:52 - 00000000 ____D () C:\FRST
2014-06-02 19:11 - 2013-09-21 20:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 18:46 - 2013-10-18 16:43 - 00000000 ____D () C:\Users\Nadine\Documents\Facharbeit
2014-06-02 18:39 - 2014-04-24 15:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 18:39 - 2014-04-24 15:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 18:00 - 2013-09-24 14:10 - 00000000 ____D () C:\Program Files (x86)\Chiavetta Internet TM201
2014-06-02 17:26 - 2014-06-02 17:26 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\icgjtcb.sys
2014-06-02 17:26 - 2013-09-21 20:56 - 00000000 ____D () C:\Users\Domo\AppData\Local\Temp
2014-06-02 17:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-06-02 17:06 - 2014-06-02 17:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 17:04 - 2014-06-02 17:04 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 17:04 - 2014-06-02 17:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 16:53 - 2014-06-02 16:53 - 00027345 _____ () C:\Users\Nadine\Downloads\Addition.txt
2014-06-02 16:52 - 2014-06-02 16:51 - 02067456 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe
2014-06-02 16:51 - 2014-06-02 16:51 - 01058304 _____ (Farbar) C:\Users\Nadine\Downloads\FRST(2).exe
2014-06-02 16:51 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 16:51 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 16:49 - 2014-06-02 16:49 - 01058304 _____ (Farbar) C:\Users\Nadine\Downloads\FRST(1).exe
2014-06-02 16:48 - 2014-06-02 16:48 - 01058304 _____ (Farbar) C:\Users\Nadine\Downloads\FRST.exe
2014-06-02 16:47 - 2013-09-21 07:39 - 01280324 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 16:44 - 2014-04-24 14:36 - 00003068 _____ () C:\Windows\System32\Tasks\Right Backup_startup
2014-06-02 16:43 - 2014-06-02 16:43 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Systweak
2014-06-02 16:43 - 2014-06-02 16:43 - 00000000 ____D () C:\ProgramData\Systweak
2014-06-02 16:43 - 2013-10-06 20:28 - 00000000 ____D () C:\Users\Nadine\AppData\Local\LogMeIn Hamachi
2014-06-02 16:42 - 2010-05-07 01:36 - 00166464 _____ () C:\Windows\PFRO.log
2014-06-02 16:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 16:42 - 2009-07-14 06:51 - 00089569 _____ () C:\Windows\setupact.log
2014-06-02 16:41 - 2014-06-02 16:37 - 00000000 ____D () C:\AdwCleaner
2014-06-02 16:41 - 2013-09-21 20:56 - 00000000 ___RD () C:\Users\Domo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-02 16:41 - 2013-09-21 20:25 - 00000815 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-02 16:37 - 2014-06-02 16:37 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(1).exe
2014-06-02 16:36 - 2014-06-02 16:35 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211.exe
2014-06-02 16:34 - 2014-06-02 16:34 - 00001162 _____ () C:\Users\Nadine\Desktop\Live PC Help.lnk
2014-06-02 08:34 - 2013-09-21 21:02 - 00000000 ____D () C:\Users\Domo\AppData\Local\Autodesk
2014-06-02 08:29 - 2014-05-03 20:12 - 00001426 _____ () C:\Users\Domo\Desktop\Registry kostenlos entrümpeln!.lnk
2014-06-02 08:28 - 2013-10-05 16:36 - 00000000 ____D () C:\Users\Domo\AppData\Local\LogMeIn Hamachi
2014-06-01 19:04 - 2014-06-01 18:34 - 00224300 _____ () C:\Users\Domo\Desktop\zeichnung dach.dwg
2014-05-27 15:38 - 2013-10-01 22:32 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Local\Temp
2014-05-27 15:36 - 2013-10-12 17:44 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Local\LogMeIn Hamachi
2014-05-25 18:55 - 2013-09-21 10:13 - 00647376 _____ () C:\Windows\system32\perfh007.dat
2014-05-25 18:55 - 2013-09-21 10:13 - 00127404 _____ () C:\Windows\system32\perfc007.dat
2014-05-25 18:55 - 2009-07-14 07:13 - 01480666 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-22 18:45 - 2013-09-21 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-19 20:11 - 2013-10-02 18:40 - 00011668 _____ () C:\Users\Verena&Ali\Documents\bankdaten.xlsx
2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-18 19:11 - 2013-09-21 20:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-18 19:11 - 2013-09-21 20:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-18 19:11 - 2013-09-21 20:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-02 17:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-02 17:04 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-02 17:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 18:34 - 2014-04-24 15:23 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-11 18:34 - 2014-04-24 15:23 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 18:47 - 2014-05-08 18:47 - 00008495 _____ () C:\Users\Domo\Documents\Mappe1.xlsx
2014-05-07 19:46 - 2014-05-07 19:46 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Roaming\Apple Computer
2014-05-03 20:56 - 2014-04-24 14:46 - 00000000 ____D () C:\Users\Domo\AppData\Roaming\.minecraft
2014-05-03 20:14 - 2014-05-03 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-03 20:14 - 2014-05-03 20:14 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.3972.dll


Some content of TEMP:
====================
C:\Users\Domo\AppData\Local\Temp\AcDeltree.exe
C:\Users\Domo\AppData\Local\Temp\APNSetup.exe
C:\Users\Domo\AppData\Local\Temp\AutoRun.exe
C:\Users\Domo\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Domo\AppData\Local\Temp\avgnt.exe
C:\Users\Domo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Domo\AppData\Local\Temp\eauninstall.exe
C:\Users\Domo\AppData\Local\Temp\octE035.tmp.exe
C:\Users\Domo\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\Domo\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Nadine\AppData\Local\Temp\avgnt.exe
C:\Users\Nadine\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Nadine\AppData\Local\Temp\Quarantine.exe
C:\Users\Nadine\AppData\Local\Temp\vlc-2.0.8-win64.exe
C:\Users\Nadine\AppData\Local\Temp\_isE717.exe
C:\Users\Nadine\AppData\Local\Temp\_isFC6B.exe
C:\Users\Verena&Ali\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 16:10

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01
Ran by Nadine at 2014-06-02 19:29:18
Running from C:\Users\Nadine\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.3.5 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0423.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1107 - Alps Electric)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C0C02}) (Version: 12.12.2.82 - APN, LLC) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
AutoCAD 2011 - Deutsch (HKLM\...\AutoCAD 2011 - Deutsch) (Version: 18.1.49.0 - Autodesk)
AutoCAD 2011 - Deutsch (Version: 18.1.49.0 - Autodesk) Hidden
AutoCAD 2011 Language Pack - Deutsch (Version: 18.1.49.0 - Autodesk) Hidden
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
awesomehp uninstaller (HKLM-x32\...\awesomehp uninstaller) (Version:  - awesomehp) <==== ATTENTION
Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.03 - Broadcom Corporation)
Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help English (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help French (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help German (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0122.858.16002 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0122.858.16002 - ATI) Hidden
Chiavetta Internet TM201 (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - Onda Communication S.p.a.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2529.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2529.50 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
Default (x32 Version: 1.0.0.1 - Onda Communication S.p.a.) Hidden
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Free YouTube Download version 3.2.16.1030 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.16.1030 - DVDVideoSoft Ltd.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.8 - Acer Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.188 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6000 - Realtek Semiconductor Corp.)
Re-markit (HKLM-x32\...\dd1903ed-c792-40ac-bf09-4daa274cacb4) (Version:  - Re-markit Software) <==== ATTENTION
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.3797 - Systweak Software)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Systweak Toolbar (HKLM-x32\...\Systweak Toolbar) (Version: 1.0.1.8 - Systweak Software)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Restore Points  =========================

24-04-2014 12:36:51 RegClean Pro Do, Apr 24, 14  14:36
24-04-2014 13:06:27 Removed LogMeIn Hamachi
24-04-2014 13:22:07 Installed LogMeIn Hamachi
27-04-2014 19:40:34 Installed iTunes
06-05-2014 15:45:50 Geplanter Prüfpunkt
25-05-2014 17:28:34 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00F2930F-BB38-44F5-8BD7-029574A84CCD} - \media enhance-updater No Task File <==== ATTENTION
Task: {0CA9FE11-7829-4ABB-99C6-90658272C1B7} - System32\Tasks\{5C9FFB23-7AF1-470A-9904-91F5E99E1805} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.367&amp;LastError=12007
Task: {11E8A008-2F00-4B00-8168-622D0EE47598} - \Re-markit_wd No Task File <==== ATTENTION
Task: {1B55AB10-854E-4AF4-9977-5F92F00AEA91} - \HDTotalS-enabler No Task File <==== ATTENTION
Task: {24C62AEA-65D1-46A3-B570-2DB559F540B8} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {3871CD21-4112-4FBF-A0C8-6647E45BF763} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {399FB1D9-2F6E-4186-B387-065B0CF466DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-24] (Google Inc.)
Task: {4A68628D-C347-47E3-8DA3-7A731C3E0BF2} - \media enhance-enabler No Task File <==== ATTENTION
Task: {61E34A48-971C-4681-BE0D-1DCC24EE79E8} - \media enhance-codedownloader No Task File <==== ATTENTION
Task: {727C79E2-AD9F-47DA-BFE3-6DA4329FD4BA} - \Re-markit Update No Task File <==== ATTENTION
Task: {75F9876B-D3B1-4BE0-9015-72AE7603046E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {765195AD-BF3C-452D-9118-AB8C40A7C724} - \HDTotalS-codedownloader No Task File <==== ATTENTION
Task: {7B7A094A-08F1-4469-BBB7-EDCD42A131AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-24] (Google Inc.)
Task: {7B7DE1E7-1D5B-4F32-BECD-84C02C783C7F} - System32\Tasks\Right Backup_startup => C:\Program Files (x86)\Right Backup\RightBackup.exe [2014-04-24] (Systweak)
Task: {85A549A6-6A5E-435E-B9FC-1BC8E5315F68} - \media enhance-chromeinstaller No Task File <==== ATTENTION
Task: {8A1EFCCE-E000-40EA-8B48-4C604B886B9E} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {9953CE62-093E-4370-AAC1-410FB2F13A19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18] (Adobe Systems Incorporated)
Task: {A3E0D757-4018-43CF-A37D-D9982A4BF113} - \HDTotalS-chromeinstaller No Task File <==== ATTENTION
Task: {B20F884E-A239-4EC0-BB7D-E0C86EC65B8F} - \HDTotalS-firefoxinstaller No Task File <==== ATTENTION
Task: {B4F63FBA-64EE-4CD4-9B55-14F411A715F7} - \media enhance-firefoxinstaller No Task File <==== ATTENTION
Task: {F31D4C4B-8551-4531-8C5C-23CDF4E2B195} - \HDTotalS-updater No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-04 22:29 - 2014-03-09 12:24 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-04 22:29 - 2014-03-29 13:08 - 00189104 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2010-01-07 14:42 - 2010-01-07 14:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-09-21 07:42 - 2013-09-21 07:42 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-24 14:11 - 2012-04-27 09:50 - 07878056 _____ () C:\Program Files (x86)\Chiavetta Internet TM201\UIMain.exe
2013-09-21 19:20 - 2013-07-18 08:02 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-04-25 18:11 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll
2013-09-21 10:03 - 2009-05-21 00:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2013-12-02 18:14 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-09-24 14:11 - 2012-04-27 09:50 - 01188280 _____ () C:\Program Files (x86)\Chiavetta Internet TM201\WAITINGFORM.DLL
2013-09-24 14:11 - 2012-04-27 09:50 - 01042360 _____ () C:\Program Files (x86)\Chiavetta Internet TM201\DLL_NETCARD_R.DLL
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-09-24 14:11 - 2012-04-27 09:50 - 00013224 _____ () C:\Program Files (x86)\Chiavetta Internet TM201\rasdll.dll
2014-05-18 19:25 - 2014-05-18 19:25 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2014 06:24:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WSCommCntr2.exe, Version: 3.0.267.0, Zeitstempel: 0x4b71796a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be02b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004d174
ID des fehlerhaften Prozesses: 0x1ed0
Startzeit der fehlerhaften Anwendung: 0xWSCommCntr2.exe0
Pfad der fehlerhaften Anwendung: WSCommCntr2.exe1
Pfad des fehlerhaften Moduls: WSCommCntr2.exe2
Berichtskennung: WSCommCntr2.exe3

Error: (06/01/2014 06:23:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm acad.exe, Version 24.1.49.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f24

Startzeit: 01cf7db57a91a4d1

Endzeit: 0

Anwendungspfad: C:\Program Files\Autodesk\AutoCAD 2011\acad.exe

Berichts-ID: faa73ea3-e9a8-11e3-9ce9-206a8a159833

Error: (05/27/2014 03:31:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385, Zeitstempel: 0x4a5bc69e
Name des fehlerhaften Moduls: urlmon.dll, Version: 8.0.7600.16535, Zeitstempel: 0x4b838917
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002127c
ID des fehlerhaften Prozesses: 0xdf0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (05/25/2014 07:24:02 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (05/25/2014 07:23:18 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/24/2014 07:29:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11622

Error: (05/24/2014 07:29:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11622

Error: (05/24/2014 07:29:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2014 07:29:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10593

Error: (05/24/2014 07:29:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10593


System errors:
=============
Error: (06/02/2014 06:09:51 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "OLIVOTTO",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B0EB1E8F-5975-4695-A744-09C6203A9C4F}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/02/2014 04:43:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst RBClientService erreicht.

Error: (06/02/2014 04:10:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/02/2014 04:10:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (06/02/2014 08:28:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst RBClientService erreicht.

Error: (06/02/2014 08:27:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/02/2014 08:27:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (05/29/2014 03:40:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/29/2014 03:40:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (05/27/2014 03:36:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 3956.5 MB
Available physical RAM: 2057.34 MB
Total Pagefile: 7911.14 MB
Available Pagefile: 5409.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:452.48 GB) (Free:382.09 GB) NTFS
Drive e: (ONDA TM201) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: D68CD68C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

==================== End Of Log ============================

was ich nicht deinstalliert habe, war das java..auf meinem computer ist java 7 update 40 installiert

schrauber · 03.06.2014, 18:35

Adware & Co. deinstallieren

Lade Dir bitte von hier Revo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:

diesen Zusatz haben:
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

nadine95 · 03.06.2014, 19:42

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.06.2014
Suchlauf-Zeit: 20:00:30
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.03.06
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Nadine

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 350494
Verstrichene Zeit: 12 Min, 51 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

# AdwCleaner v3.211 - Bericht erstellt am 03/06/2014 um 20:21:17
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Nadine - NADINE-PC
# Gestartet von : C:\Users\Nadine\Downloads\adwcleaner_3.211(2).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\Systweak
[!] Ordner Gelöscht : C:\Users\Nadine\AppData\Roaming\Systweak

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\systweak

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Domo\AppData\Roaming\Mozilla\Firefox\Profiles\tcw8pe6j.default\prefs.js ]


[ Datei : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\prefs.js ]


*************************

AdwCleaner[R1].txt - [1205 octets] - [03/06/2014 20:20:27]
AdwCleaner[S1].txt - [1083 octets] - [03/06/2014 20:21:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1143 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Nadine on 03.06.2014 at 20:30:30,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylontc.gingerapplication



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\Users\Nadine\AppData\Roaming\systweak"



~~~ FireFox

Emptied folder: C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\8kfzxwdu.default\minidumps [53 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.06.2014 at 20:41:51,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Nadine (administrator) on NADINE-PC on 03-06-2014 20:39:27
Running from C:\Users\Nadine\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Chiavetta Internet TM201\UIMain.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Thisisu) C:\Users\Nadine\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {6a541d9c-227e-11e3-aa11-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {8a538d68-76f4-11e3-bd9e-4c0f6e785fc0} - F:\Autorun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {d09dc8b4-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27360913i106l0448z145t4781o97s
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27360913i106l0448z145t4781o97s
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Toolbar: HKLM - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
Toolbar: HKLM-x32 - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{F1724213-A2EF-4690-B760-C00A768CC68B}: [NameServer]10.207.43.46 10.206.56.132

FireFox:
========
FF ProfilePath: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default
FF SearchEngineOrder.1: Ask Search
FF Homepage: chrome://fastdial/content/fastdial.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Fast Dial - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\Extensions\fastdial@telega.phpnet.us [2013-09-21]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-05-16] (APN LLC.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-09] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189104 2014-03-29] ()
R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48472 2014-04-24] (Systweak)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-17] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-01-06] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 onda_cdc_acm; C:\Windows\System32\DRIVERS\onda_cdc_acm.sys [79872 2012-01-25] (ONDA)
R3 onda_cdc_ecm; C:\Windows\System32\DRIVERS\onda_cdc_ecm.sys [60416 2012-01-25] (ONDA)
R3 onda_ecm_enum; C:\Windows\System32\DRIVERS\onda_ecm_enum.sys [56832 2012-01-25] (ONDA)
R3 onda_ecm_enum_filter; C:\Windows\System32\DRIVERS\onda_ecm_enum_filter.sys [56832 2012-01-25] (ONDA)
S3 onda_wcpo; C:\Windows\System32\DRIVERS\onda_wcpo.sys [10752 2012-01-25] (ONDA)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 20:34 - 2014-06-03 20:34 - 00000000 ____D () C:\ProgramData\Systweak
2014-06-03 20:30 - 2014-06-03 20:30 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 20:29 - 2014-06-03 20:30 - 01016261 _____ (Thisisu) C:\Users\Nadine\Downloads\JRT.exe
2014-06-03 20:20 - 2014-06-03 20:21 - 00000000 ____D () C:\AdwCleaner
2014-06-03 20:16 - 2014-06-03 20:16 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(2).exe
2014-06-03 20:15 - 2014-06-03 20:15 - 00001143 _____ () C:\Users\Nadine\Desktop\mbam.txt
2014-06-03 19:56 - 2014-06-03 19:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-03 19:49 - 2014-06-03 19:49 - 00001380 _____ () C:\Users\Nadine\Desktop\FRST64 - Verknüpfung.lnk
2014-06-03 19:49 - 2014-06-03 19:49 - 00000000 ____D () C:\Users\Nadine\Downloads\FRST-OlderVersion
2014-06-03 19:44 - 2014-06-03 19:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nadine\Downloads\revosetup95.exe
2014-06-03 19:44 - 2014-06-03 19:44 - 00001268 _____ () C:\Users\Nadine\Desktop\Revo Uninstaller.lnk
2014-06-03 19:44 - 2014-06-03 19:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-02 17:05 - 2014-06-03 20:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 17:04 - 2014-06-03 19:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 17:04 - 2014-06-03 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 17:04 - 2014-06-03 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 17:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-02 17:04 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-02 17:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-02 17:03 - 2014-06-02 17:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 16:53 - 2014-06-02 19:29 - 00027647 _____ () C:\Users\Nadine\Downloads\Addition.txt
2014-06-02 16:52 - 2014-06-03 20:39 - 00016197 _____ () C:\Users\Nadine\Downloads\FRST.txt
2014-06-02 16:52 - 2014-06-03 20:39 - 00000000 ____D () C:\FRST
2014-06-02 16:51 - 2014-06-03 19:49 - 02068992 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe
2014-06-02 16:37 - 2014-06-02 16:41 - 00000000 ____D () C:\Users\Nadine\Desktop\AdwCleaner
2014-06-02 16:37 - 2014-06-02 16:37 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(1).exe
2014-06-02 16:35 - 2014-06-02 16:36 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211.exe
2014-06-02 16:34 - 2014-06-02 16:34 - 00001162 _____ () C:\Users\Nadine\Desktop\Live PC Help.lnk
2014-06-01 18:34 - 2014-06-01 19:04 - 00224300 _____ () C:\Users\Domo\Desktop\zeichnung dach.dwg
2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 18:47 - 2014-05-08 18:47 - 00008495 _____ () C:\Users\Domo\Documents\Mappe1.xlsx
2014-05-07 19:46 - 2014-05-07 19:46 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Roaming\Apple Computer

==================== One Month Modified Files and Folders =======

2014-06-03 20:39 - 2014-06-02 16:52 - 00016197 _____ () C:\Users\Nadine\Downloads\FRST.txt
2014-06-03 20:39 - 2014-06-02 16:52 - 00000000 ____D () C:\FRST
2014-06-03 20:39 - 2014-04-24 15:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 20:39 - 2013-09-21 07:37 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Temp
2014-06-03 20:34 - 2014-06-03 20:34 - 00000000 ____D () C:\ProgramData\Systweak
2014-06-03 20:33 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 20:33 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 20:30 - 2014-06-03 20:30 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 20:30 - 2014-06-03 20:29 - 01016261 _____ (Thisisu) C:\Users\Nadine\Downloads\JRT.exe
2014-06-03 20:26 - 2014-06-02 17:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 20:26 - 2014-04-24 14:36 - 00003066 _____ () C:\Windows\System32\Tasks\Right Backup_startup
2014-06-03 20:26 - 2013-09-24 14:10 - 00000000 ____D () C:\Program Files (x86)\Chiavetta Internet TM201
2014-06-03 20:25 - 2013-10-06 20:28 - 00000000 ____D () C:\Users\Nadine\AppData\Local\LogMeIn Hamachi
2014-06-03 20:22 - 2014-04-24 15:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 20:22 - 2010-05-07 01:36 - 00173256 _____ () C:\Windows\PFRO.log
2014-06-03 20:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 20:22 - 2009-07-14 06:51 - 00089793 _____ () C:\Windows\setupact.log
2014-06-03 20:21 - 2014-06-03 20:20 - 00000000 ____D () C:\AdwCleaner
2014-06-03 20:21 - 2013-09-21 07:39 - 01294654 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 20:16 - 2014-06-03 20:16 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(2).exe
2014-06-03 20:15 - 2014-06-03 20:15 - 00001143 _____ () C:\Users\Nadine\Desktop\mbam.txt
2014-06-03 20:11 - 2013-09-21 20:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 19:58 - 2014-06-02 17:04 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 19:58 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-03 19:58 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-03 19:57 - 2014-06-03 19:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-03 19:49 - 2014-06-03 19:49 - 00001380 _____ () C:\Users\Nadine\Desktop\FRST64 - Verknüpfung.lnk
2014-06-03 19:49 - 2014-06-03 19:49 - 00000000 ____D () C:\Users\Nadine\Downloads\FRST-OlderVersion
2014-06-03 19:49 - 2014-06-02 16:51 - 02068992 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe
2014-06-03 19:44 - 2014-06-03 19:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nadine\Downloads\revosetup95.exe
2014-06-03 19:44 - 2014-06-03 19:44 - 00001268 _____ () C:\Users\Nadine\Desktop\Revo Uninstaller.lnk
2014-06-03 19:44 - 2014-06-03 19:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-03 17:24 - 2013-10-18 16:43 - 00000000 ____D () C:\Users\Nadine\Documents\Facharbeit
2014-06-03 17:10 - 2013-09-21 10:13 - 00647376 _____ () C:\Windows\system32\perfh007.dat
2014-06-03 17:10 - 2013-09-21 10:13 - 00127404 _____ () C:\Windows\system32\perfc007.dat
2014-06-03 17:10 - 2009-07-14 07:13 - 01480666 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-06-02 19:29 - 2014-06-02 16:53 - 00027647 _____ () C:\Users\Nadine\Downloads\Addition.txt
2014-06-02 17:26 - 2013-09-21 20:56 - 00000000 ____D () C:\Users\Domo\AppData\Local\Temp
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 17:04 - 2014-06-02 17:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 16:41 - 2014-06-02 16:37 - 00000000 ____D () C:\Users\Nadine\Desktop\AdwCleaner
2014-06-02 16:41 - 2013-09-21 20:56 - 00000000 ___RD () C:\Users\Domo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-02 16:41 - 2013-09-21 20:25 - 00000815 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-02 16:37 - 2014-06-02 16:37 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(1).exe
2014-06-02 16:36 - 2014-06-02 16:35 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211.exe
2014-06-02 16:34 - 2014-06-02 16:34 - 00001162 _____ () C:\Users\Nadine\Desktop\Live PC Help.lnk
2014-06-02 08:34 - 2013-09-21 21:02 - 00000000 ____D () C:\Users\Domo\AppData\Local\Autodesk
2014-06-02 08:29 - 2014-05-03 20:12 - 00001426 _____ () C:\Users\Domo\Desktop\Registry kostenlos entrümpeln!.lnk
2014-06-02 08:28 - 2013-10-05 16:36 - 00000000 ____D () C:\Users\Domo\AppData\Local\LogMeIn Hamachi
2014-06-01 19:04 - 2014-06-01 18:34 - 00224300 _____ () C:\Users\Domo\Desktop\zeichnung dach.dwg
2014-05-27 15:38 - 2013-10-01 22:32 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Local\Temp
2014-05-27 15:36 - 2013-10-12 17:44 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Local\LogMeIn Hamachi
2014-05-22 18:45 - 2013-09-21 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-19 20:11 - 2013-10-02 18:40 - 00011668 _____ () C:\Users\Verena&Ali\Documents\bankdaten.xlsx
2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-18 19:11 - 2013-09-21 20:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-18 19:11 - 2013-09-21 20:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-18 19:11 - 2013-09-21 20:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-02 17:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-02 17:04 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-02 17:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 18:34 - 2014-04-24 15:23 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-11 18:34 - 2014-04-24 15:23 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 18:47 - 2014-05-08 18:47 - 00008495 _____ () C:\Users\Domo\Documents\Mappe1.xlsx
2014-05-07 19:46 - 2014-05-07 19:46 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Roaming\Apple Computer

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.3972.dll


Some content of TEMP:
====================
C:\Users\Domo\AppData\Local\Temp\AcDeltree.exe
C:\Users\Domo\AppData\Local\Temp\APNSetup.exe
C:\Users\Domo\AppData\Local\Temp\AutoRun.exe
C:\Users\Domo\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Domo\AppData\Local\Temp\avgnt.exe
C:\Users\Domo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Domo\AppData\Local\Temp\eauninstall.exe
C:\Users\Domo\AppData\Local\Temp\octE035.tmp.exe
C:\Users\Domo\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\Domo\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Nadine\AppData\Local\Temp\avgnt.exe
C:\Users\Nadine\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Nadine\AppData\Local\Temp\Quarantine.exe
C:\Users\Nadine\AppData\Local\Temp\vlc-2.0.8-win64.exe
C:\Users\Nadine\AppData\Local\Temp\_isE717.exe
C:\Users\Nadine\AppData\Local\Temp\_isFC6B.exe
C:\Users\Verena&Ali\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 16:10

==================== End Of Log ============================

--- --- ---

schrauber · 04.06.2014, 18:29

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

nadine95 · 05.06.2014, 15:05

Code:

ATTFilter

C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\Amazon Browser Bar\search_protect.exe.vir	Win32/Distromatic.B evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe.vir	Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\HDTotalS\53172.crx.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\HDTotalS\53172.xpi.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\HDTotalS\HDTotalS-bg.exe.vir	Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\HDTotalS\HDTotalS-bho.dll.vir	Variante von Win32/Toolbar.CrossRider.AF evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\HDTotalS\HDTotalS-bho64.dll.vir	Variante von Win64/Toolbar.Crossrider.D evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\HDTotalS\utils.exe.vir	Win32/Toolbar.CrossRider.AB evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\44150.crx.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\44150.xpi.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\media enhance-bg.exe.vir	Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\media enhance-bho64.dll.vir	Variante von Win64/Toolbar.Crossrider.D evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\media enhance-codedownloader.exe.vir	Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\media enhance-enabler.exe.vir	Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\media enhance-updater.exe.vir	Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-2528630756-1155624373-988283130-1000\$R8YM42S\Quarantine\C\Program Files (x86)\media enhance\utils.exe.vir	Win32/Toolbar.CrossRider.AB evtl. unerwünschte Anwendung
C:\Users\Domo\AppData\Local\nsn67C2.tmp	Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung
C:\Users\Domo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3A9Y17A\monetizationLoader[1].js	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Domo\AppData\Local\Mozilla\Firefox\Profiles\tcw8pe6j.default\Cache\1\6F\6CC7Bd01	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Domo\AppData\Local\Temp\jkiDFEA.tmp	Variante von MSIL/DomaIQ.X evtl. unerwünschte Anwendung
C:\Users\Domo\AppData\Local\Temp\nsn67C2.tmp	Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung
C:\Users\Domo\AppData\Local\Temp\92009763-1644-4b1c-bc6b-5735c9938d8b\software\Cloud_Backup_Setup.exe	Win32/MyPCBackup.A evtl. unerwünschte Anwendung
C:\Users\Domo\AppData\Local\Temp\92009763-1644-4b1c-bc6b-5735c9938d8b\software\Re-markit_2040-2082.exe	Variante von Win32/AdWare.AddLyrics.AH Anwendung
C:\Users\Domo\AppData\Local\Temp\is45637729\27129928_stp\AnyProtectScannerSetup.exe	Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung
C:\Users\Domo\AppData\Local\Temp\is45637729\27130070_stp\wajam_validate.exe	Win32/Wajam.F evtl. unerwünschte Anwendung
C:\Users\Domo\AppData\Local\Temp\is45637729\28332680_stp\AnyProtectScannerSetup.exe	Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung
C:\Users\Domo\AppData\Local\Temp\is45637729\28332705_stp\wajam_validate.exe	Win32/Wajam.F evtl. unerwünschte Anwendung
C:\Users\Domo\AppData\Local\Temp\is45637729\29534924_stp\AnyProtectScannerSetup.exe	Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung
C:\Users\Domo\AppData\Local\Temp\is45637729\30739308_stp\AnyProtectScannerSetup.exe	Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung
C:\Users\Domo\AppData\Local\Temp\is45637729\30739343_stp\wajam_validate.exe	Win32/Wajam.F evtl. unerwünschte Anwendung
C:\Users\Domo\Downloads\rcpsaymgcam_smg2526500.exe	Win32/Systweak.B evtl. unerwünschte Anwendung
C:\Users\Nadine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2WNY10VX\monetizationLoader[1].js	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Nadine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMNMXY5S\monetizationLoader[1].js	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Nadine\AppData\Local\Temp\nsa8402.tmp\zplugins.dll	Win32/Distromatic.B evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\Amazon Browser Bar\search_protect.exe.vir	Win32/Distromatic.B evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe.vir	Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\HDTotalS\53172.crx.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\HDTotalS\53172.xpi.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\HDTotalS\HDTotalS-bg.exe.vir	Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\HDTotalS\HDTotalS-bho.dll.vir	Variante von Win32/Toolbar.CrossRider.AF evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\HDTotalS\HDTotalS-bho64.dll.vir	Variante von Win64/Toolbar.Crossrider.D evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\HDTotalS\utils.exe.vir	Win32/Toolbar.CrossRider.AB evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\44150.crx.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\44150.xpi.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-bg.exe.vir	Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-bho64.dll.vir	Variante von Win64/Toolbar.Crossrider.D evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-codedownloader.exe.vir	Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-enabler.exe.vir	Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\media enhance-updater.exe.vir	Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\media enhance\utils.exe.vir	Win32/Toolbar.CrossRider.AB evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markit157.exe.vir	Variante von Win32/AdWare.AddLyrics.AK Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe.vir	Variante von Win32/AdWare.AddLyrics.AJ Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit-soft\ReMar.exe.vir	Variante von Win32/AdWare.AddLyrics.AI Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit-soft\Uninstall.exe.vir	Variante von Win32/AdWare.AddLyrics.AH Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir	Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir	Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir	Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir	Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir	Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Domo\AppData\Roaming\Mozilla\Firefox\Profiles\tcw8pe6j.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Domo\AppData\Roaming\Mozilla\Firefox\Profiles\tcw8pe6j.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\91_monetizationLoader.js.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Domo\AppData\Roaming\SupTab\SupTab.dll.vir	Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Domo\AppData\Roaming\VOPackage\VOPackage.exe.vir	Win32/VOPackage.D evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\266_icm_ws_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\Users\Nadine\Desktop\AdwCleaner\Quarantine\C\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\91_monetizationLoader.js.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.83  
 Windows 7  x64 (UAC is disabled!)  
 Out of date service pack!! 
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 40  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.214  
 Adobe Reader 10.1.1 Adobe Reader out of Date!  
 Mozilla Firefox (29.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Nadine (administrator) on NADINE-PC on 05-06-2014 16:02:52
Running from C:\Users\Nadine\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Chiavetta Internet TM201\UIMain.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {6a541d9c-227e-11e3-aa11-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {8a538d68-76f4-11e3-bd9e-4c0f6e785fc0} - F:\Autorun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {d09dc8b4-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-2528630756-1155624373-988283130-1000\...\MountPoints2: {d09dc8c6-2511-11e3-9d25-4c0f6e785fc0} - E:\Windows\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27360913i106l0448z145t4781o97s
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27360913i106l0448z145t4781o97s
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Toolbar: HKLM - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
Toolbar: HKLM-x32 - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{BE7A9438-6A04-4F99-9618-CBC1D1789426}: [NameServer]10.207.43.46 10.206.56.132

FireFox:
========
FF ProfilePath: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default
FF SearchEngineOrder.1: Ask Search
FF Homepage: chrome://fastdial/content/fastdial.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Fast Dial - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\8kfzxwdu.default\Extensions\fastdial@telega.phpnet.us [2013-09-21]

==================== Services (Whitelisted) =================

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-05-16] (APN LLC.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-09] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189104 2014-03-29] ()
R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48472 2014-04-24] (Systweak)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-01-06] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 onda_cdc_acm; C:\Windows\System32\DRIVERS\onda_cdc_acm.sys [79872 2012-01-25] (ONDA)
R3 onda_cdc_ecm; C:\Windows\System32\DRIVERS\onda_cdc_ecm.sys [60416 2012-01-25] (ONDA)
R3 onda_ecm_enum; C:\Windows\System32\DRIVERS\onda_ecm_enum.sys [56832 2012-01-25] (ONDA)
R3 onda_ecm_enum_filter; C:\Windows\System32\DRIVERS\onda_ecm_enum_filter.sys [56832 2012-01-25] (ONDA)
S3 onda_wcpo; C:\Windows\System32\DRIVERS\onda_wcpo.sys [10752 2012-01-25] (ONDA)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 15:59 - 2014-06-05 15:59 - 00854367 _____ () C:\Users\Nadine\Downloads\SecurityCheck.exe
2014-06-05 15:32 - 2014-06-05 15:32 - 00011498 _____ () C:\Users\Nadine\Desktop\eset.txt
2014-06-04 19:56 - 2014-06-04 19:56 - 00275104 _____ () C:\Windows\Minidump\060414-24211-01.dmp
2014-06-04 19:56 - 2014-06-04 19:56 - 00000000 ____D () C:\Windows\Minidump
2014-06-04 19:55 - 2014-06-04 19:55 - 412830470 _____ () C:\Windows\MEMORY.DMP
2014-06-04 19:45 - 2014-06-04 19:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-04 19:44 - 2014-06-04 19:44 - 02347384 _____ (ESET) C:\Users\Nadine\Downloads\esetsmartinstaller_deu.exe
2014-06-04 19:36 - 2014-06-04 19:36 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Systweak
2014-06-03 20:41 - 2014-06-03 20:41 - 00001385 _____ () C:\Users\Nadine\Desktop\JRT.txt
2014-06-03 20:34 - 2014-06-03 20:34 - 00000000 ____D () C:\ProgramData\Systweak
2014-06-03 20:30 - 2014-06-03 20:30 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 20:29 - 2014-06-03 20:30 - 01016261 _____ (Thisisu) C:\Users\Nadine\Downloads\JRT.exe
2014-06-03 20:20 - 2014-06-03 20:21 - 00000000 ____D () C:\AdwCleaner
2014-06-03 20:16 - 2014-06-03 20:16 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(2).exe
2014-06-03 20:15 - 2014-06-03 20:15 - 00001143 _____ () C:\Users\Nadine\Desktop\mbam.txt
2014-06-03 19:56 - 2014-06-03 19:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-03 19:49 - 2014-06-03 19:49 - 00001380 _____ () C:\Users\Nadine\Desktop\FRST64 - Verknüpfung.lnk
2014-06-03 19:49 - 2014-06-03 19:49 - 00000000 ____D () C:\Users\Nadine\Downloads\FRST-OlderVersion
2014-06-03 19:44 - 2014-06-03 19:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nadine\Downloads\revosetup95.exe
2014-06-03 19:44 - 2014-06-03 19:44 - 00001268 _____ () C:\Users\Nadine\Desktop\Revo Uninstaller.lnk
2014-06-03 19:44 - 2014-06-03 19:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-02 17:05 - 2014-06-05 14:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 17:04 - 2014-06-03 19:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-02 17:04 - 2014-06-03 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-02 17:04 - 2014-06-03 19:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 17:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-02 17:04 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-02 17:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-02 17:03 - 2014-06-02 17:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 16:53 - 2014-06-02 19:29 - 00027647 _____ () C:\Users\Nadine\Downloads\Addition.txt
2014-06-02 16:52 - 2014-06-05 16:02 - 00015140 _____ () C:\Users\Nadine\Downloads\FRST.txt
2014-06-02 16:52 - 2014-06-05 16:02 - 00000000 ____D () C:\FRST
2014-06-02 16:51 - 2014-06-03 19:49 - 02068992 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe
2014-06-02 16:37 - 2014-06-02 16:41 - 00000000 ____D () C:\Users\Nadine\Desktop\AdwCleaner
2014-06-02 16:37 - 2014-06-02 16:37 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(1).exe
2014-06-02 16:35 - 2014-06-02 16:36 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211.exe
2014-06-02 16:34 - 2014-06-02 16:34 - 00001162 _____ () C:\Users\Nadine\Desktop\Live PC Help.lnk
2014-06-01 18:34 - 2014-06-01 19:04 - 00224300 _____ () C:\Users\Domo\Desktop\zeichnung dach.dwg
2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 18:47 - 2014-05-08 18:47 - 00008495 _____ () C:\Users\Domo\Documents\Mappe1.xlsx
2014-05-07 19:46 - 2014-05-07 19:46 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Roaming\Apple Computer

==================== One Month Modified Files and Folders =======

2014-06-05 16:02 - 2014-06-02 16:52 - 00015140 _____ () C:\Users\Nadine\Downloads\FRST.txt
2014-06-05 16:02 - 2014-06-02 16:52 - 00000000 ____D () C:\FRST
2014-06-05 16:02 - 2013-09-21 07:37 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Temp
2014-06-05 15:59 - 2014-06-05 15:59 - 00854367 _____ () C:\Users\Nadine\Downloads\SecurityCheck.exe
2014-06-05 15:39 - 2014-04-24 15:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 15:32 - 2014-06-05 15:32 - 00011498 _____ () C:\Users\Nadine\Desktop\eset.txt
2014-06-05 15:11 - 2013-09-21 20:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 15:03 - 2014-04-24 15:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 14:56 - 2014-06-02 17:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 14:05 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 14:05 - 2009-07-14 06:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 14:01 - 2013-09-21 07:39 - 01310318 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 13:58 - 2014-04-24 14:36 - 00003068 _____ () C:\Windows\System32\Tasks\Right Backup_startup
2014-06-05 13:58 - 2013-10-06 20:28 - 00000000 ____D () C:\Users\Nadine\AppData\Local\LogMeIn Hamachi
2014-06-05 13:58 - 2013-09-24 14:10 - 00000000 ____D () C:\Program Files (x86)\Chiavetta Internet TM201
2014-06-05 13:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 13:57 - 2009-07-14 06:51 - 00090017 _____ () C:\Windows\setupact.log
2014-06-04 19:56 - 2014-06-04 19:56 - 00275104 _____ () C:\Windows\Minidump\060414-24211-01.dmp
2014-06-04 19:56 - 2014-06-04 19:56 - 00000000 ____D () C:\Windows\Minidump
2014-06-04 19:55 - 2014-06-04 19:55 - 412830470 _____ () C:\Windows\MEMORY.DMP
2014-06-04 19:45 - 2014-06-04 19:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-04 19:44 - 2014-06-04 19:44 - 02347384 _____ (ESET) C:\Users\Nadine\Downloads\esetsmartinstaller_deu.exe
2014-06-04 19:40 - 2010-05-07 01:36 - 00173590 _____ () C:\Windows\PFRO.log
2014-06-04 19:39 - 2013-09-21 19:19 - 00000000 ____D () C:\ProgramData\Avira
2014-06-04 19:36 - 2014-06-04 19:36 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Systweak
2014-06-03 20:41 - 2014-06-03 20:41 - 00001385 _____ () C:\Users\Nadine\Desktop\JRT.txt
2014-06-03 20:34 - 2014-06-03 20:34 - 00000000 ____D () C:\ProgramData\Systweak
2014-06-03 20:30 - 2014-06-03 20:30 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 20:30 - 2014-06-03 20:29 - 01016261 _____ (Thisisu) C:\Users\Nadine\Downloads\JRT.exe
2014-06-03 20:21 - 2014-06-03 20:20 - 00000000 ____D () C:\AdwCleaner
2014-06-03 20:16 - 2014-06-03 20:16 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(2).exe
2014-06-03 20:15 - 2014-06-03 20:15 - 00001143 _____ () C:\Users\Nadine\Desktop\mbam.txt
2014-06-03 19:58 - 2014-06-02 17:04 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 19:58 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-03 19:58 - 2014-06-02 17:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-03 19:57 - 2014-06-03 19:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-03 19:49 - 2014-06-03 19:49 - 00001380 _____ () C:\Users\Nadine\Desktop\FRST64 - Verknüpfung.lnk
2014-06-03 19:49 - 2014-06-03 19:49 - 00000000 ____D () C:\Users\Nadine\Downloads\FRST-OlderVersion
2014-06-03 19:49 - 2014-06-02 16:51 - 02068992 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe
2014-06-03 19:44 - 2014-06-03 19:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nadine\Downloads\revosetup95.exe
2014-06-03 19:44 - 2014-06-03 19:44 - 00001268 _____ () C:\Users\Nadine\Desktop\Revo Uninstaller.lnk
2014-06-03 19:44 - 2014-06-03 19:44 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-03 17:24 - 2013-10-18 16:43 - 00000000 ____D () C:\Users\Nadine\Documents\Facharbeit
2014-06-03 17:10 - 2013-09-21 10:13 - 00647376 _____ () C:\Windows\system32\perfh007.dat
2014-06-03 17:10 - 2013-09-21 10:13 - 00127404 _____ () C:\Windows\system32\perfc007.dat
2014-06-03 17:10 - 2009-07-14 07:13 - 01480666 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-06-02 19:29 - 2014-06-02 16:53 - 00027647 _____ () C:\Users\Nadine\Downloads\Addition.txt
2014-06-02 17:26 - 2013-09-21 20:56 - 00000000 ____D () C:\Users\Domo\AppData\Local\Temp
2014-06-02 17:04 - 2014-06-02 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 17:04 - 2014-06-02 17:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 16:41 - 2014-06-02 16:37 - 00000000 ____D () C:\Users\Nadine\Desktop\AdwCleaner
2014-06-02 16:41 - 2013-09-21 20:56 - 00000000 ___RD () C:\Users\Domo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-02 16:41 - 2013-09-21 20:25 - 00000815 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-02 16:37 - 2014-06-02 16:37 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211(1).exe
2014-06-02 16:36 - 2014-06-02 16:35 - 01327971 _____ () C:\Users\Nadine\Downloads\adwcleaner_3.211.exe
2014-06-02 16:34 - 2014-06-02 16:34 - 00001162 _____ () C:\Users\Nadine\Desktop\Live PC Help.lnk
2014-06-02 08:34 - 2013-09-21 21:02 - 00000000 ____D () C:\Users\Domo\AppData\Local\Autodesk
2014-06-02 08:29 - 2014-05-03 20:12 - 00001426 _____ () C:\Users\Domo\Desktop\Registry kostenlos entrümpeln!.lnk
2014-06-02 08:28 - 2013-10-05 16:36 - 00000000 ____D () C:\Users\Domo\AppData\Local\LogMeIn Hamachi
2014-06-01 19:04 - 2014-06-01 18:34 - 00224300 _____ () C:\Users\Domo\Desktop\zeichnung dach.dwg
2014-05-27 15:38 - 2013-10-01 22:32 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Local\Temp
2014-05-27 15:36 - 2013-10-12 17:44 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Local\LogMeIn Hamachi
2014-05-22 18:45 - 2013-09-21 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-19 20:11 - 2013-10-02 18:40 - 00011668 _____ () C:\Users\Verena&Ali\Documents\bankdaten.xlsx
2014-05-18 19:25 - 2014-05-18 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-18 19:11 - 2013-09-21 20:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-18 19:11 - 2013-09-21 20:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-18 19:11 - 2013-09-21 20:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-02 17:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-02 17:04 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-02 17:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 18:34 - 2014-04-24 15:23 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-11 18:34 - 2014-04-24 15:23 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 18:47 - 2014-05-08 18:47 - 00008495 _____ () C:\Users\Domo\Documents\Mappe1.xlsx
2014-05-07 19:46 - 2014-05-07 19:46 - 00000000 ____D () C:\Users\Verena&Ali\AppData\Roaming\Apple Computer

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.3972.dll


Some content of TEMP:
====================
C:\Users\Domo\AppData\Local\Temp\AcDeltree.exe
C:\Users\Domo\AppData\Local\Temp\APNSetup.exe
C:\Users\Domo\AppData\Local\Temp\AutoRun.exe
C:\Users\Domo\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Domo\AppData\Local\Temp\avgnt.exe
C:\Users\Domo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Domo\AppData\Local\Temp\eauninstall.exe
C:\Users\Domo\AppData\Local\Temp\octE035.tmp.exe
C:\Users\Domo\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\Domo\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Nadine\AppData\Local\Temp\avgnt.exe
C:\Users\Nadine\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Nadine\AppData\Local\Temp\Quarantine.exe
C:\Users\Nadine\AppData\Local\Temp\vlc-2.0.8-win64.exe
C:\Users\Nadine\AppData\Local\Temp\_isE717.exe
C:\Users\Nadine\AppData\Local\Temp\_isFC6B.exe
C:\Users\Verena&Ali\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 16:10

==================== End Of Log ============================

--- --- ---

(die meisten programme werden bei mir unter DOWNLOADS gespeichert, deshalb habe ich ESET manuell in den Downloads und im Papierkorb gelöscht, weil es unter installierte programme nicht aufscheint)

schrauber · 06.06.2014, 11:45

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\$Recycle.Bin
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Java, Adobe und unbedingt Windows updaten, da fehlt ein ganzes Servicepack.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

nadine95 · 08.06.2014, 12:56

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014
Ran by Nadine at 2014-06-08 13:53:12 Run:1
Running from C:\Users\Nadine\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$Recycle.Bin
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
*****************

C:\$Recycle.Bin => Moved successfully.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.

==== End of Fixlog ====

habe jetzt alles so gemacht=) keine werbung mehr=) danke..sehr einfache und gut beschriebene anleitung. zudem schnelle hilfe/antworten. alles super.

schrauber · 09.06.2014, 06:36

Gern Geschehen

09.06.2014, 06:36	#10
schrauber /// the machine /// TB-Ausbilder	mozilla firefox-viele fenster (v.a. werbung für spiele) öffnen sich automatisch Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

mozilla firefox-viele fenster (v.a. werbung für spiele) öffnen sich automatisch

Plagegeister aller Art und deren Bekämpfung: mozilla firefox-viele fenster (v.a. werbung für spiele) öffnen sich automatisch