Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig

Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig


Log-Analyse und Auswertung: Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 04.07.2014, 09:01   #1
CeDAT
 
Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig - Standard

Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig


Hallo, ich habe hier einen Rechner auf dem sich kein gängiger Virenscanner installieren lässt. Des Weiteren startet auch Firefox selbstständig und ruft Spiele- und/oder Pornoseiten auf.

FRST.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by Computer (administrator) on PCBECKER on 04-07-2014 09:24:55
Running from E:\Virenentfernung
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Valve Corporation) C:\Steam\Steam.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe
() C:\Users\Computer\AppData\Local\nfmffef.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WksCal.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.EXE
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-10-03] ()
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Steam] => C:\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Google+ Auto Backup] => C:\Users\Computer\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.EXE
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [GoogleChromeAutoLaunch_99AE18632314C5772DDF1A65D9BFB3A0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [nfmffef] => c:\users\computer\appdata\local\nfmffef.exe [3080192 2014-07-02] ()
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\MountPoints2: {77717763-0d4e-11e2-be69-806e6f6e6963} - "J:\autorun.exe" 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.3.0.12
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {63183CC4-C8CA-4276-BDF2-47706CC4EC60} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0ByCyDzy0DtA0EtBtCtN0D0Tzu0CyCyCtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z2Y1N2Y1H1B1Q&cr=691960370&ir=
SearchScopes: HKLM - {7EC40E7C-DA68-857B-84C7-3AD81B7A9077} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3320216&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3A298DD6-1F89-4B53-B768-CE94BDB5B920&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=&systemid=&v=-&apn_uid=&apn_dtid=BND&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: easYtosHop - {E569D2C5-82B3-56D7-CC4E-2E3DF6A278BD} - C:\ProgramData\easYtosHop\gOT8meg.x64.dll No File
BHO: CoonverrtMe - {E664A4CA-CBB5-9B01-D333-2B7AFB5CB4C2} - C:\ProgramData\CoonverrtMe\aKj_.x64.dll No File
BHO-x32: easYtosHop - {E569D2C5-82B3-56D7-CC4E-2E3DF6A278BD} - C:\ProgramData\easYtosHop\gOT8meg.dll No File
BHO-x32: CoonverrtMe - {E664A4CA-CBB5-9B01-D333-2B7AFB5CB4C2} - C:\ProgramData\CoonverrtMe\aKj_.dll No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default
FF Homepage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_99f740896c4e4f5db538310a9845c664_39_1006_20130731_DE_ff_sp_
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default\extensions\shortcutff@gmail.com

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=&systemid=&v=-&apn_uid=&apn_dtid=BND&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-18]
CHR Extension: (Google Drive) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-10]
CHR Extension: (YouTube) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-10]
CHR Extension: (Google-Suche) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-10]
CHR Extension: (Raven Internet Marketing Tools) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfnifaophpooekkminfbekpgmanjlcf [2014-06-09]
CHR Extension: (Google Wallet) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (No Name) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-06-13]
CHR Extension: (Google Mail) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-18]
CHR Extension: (Anti-Banner) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-06-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-11-25] (Acer Incorporated)
S4 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S4 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
S4 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-15] (WildTangent)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
S4 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S4 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21600 2013-03-29] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-12] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-03] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-02] (NetFilterSDK.com)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-06-23] ()
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
S2 SPDRIVER_1.0.0.21; \??\C:\Program Files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 ____D () C:\FRST
2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 _____ () C:\Users\Computer\defogger_reenable
2014-07-03 14:53 - 2014-07-03 14:54 - 04161050 _____ () C:\Users\Computer\Downloads\tdsskiller.zip
2014-07-03 14:22 - 2014-07-03 14:22 - 00380416 _____ () C:\Users\Computer\Downloads\rhstcvpu.exe
2014-07-03 11:21 - 2014-07-03 11:28 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-03 10:57 - 2014-07-03 11:02 - 281672840 ____N (Symantec Corporation) C:\Users\Computer\Downloads\NIS-ESD-21.3.0-GE.exe
2014-07-03 08:30 - 2014-07-03 08:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 08:29 - 2014-07-03 08:29 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-03 08:29 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-03 08:29 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-03 08:29 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-03 08:27 - 2014-07-03 08:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-07-02 11:34 - 2013-12-04 00:14 - 00601376 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll
2014-07-02 11:34 - 2013-12-04 00:14 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml160.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp160.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2014-07-02 11:34 - 2013-12-04 00:12 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja160.dll
2014-07-02 11:34 - 2013-12-04 00:11 - 00447264 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn160.dll
2014-07-02 11:34 - 2013-12-04 00:11 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2014-07-02 11:34 - 2013-12-04 00:07 - 00446240 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3160.dll
2014-07-02 11:34 - 2011-02-11 14:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll
2014-07-02 11:34 - 2011-02-11 14:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
2014-07-02 11:34 - 2009-02-25 16:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll
2014-07-02 11:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-02 11:07 - 2014-07-04 09:25 - 01041569 _____ () C:\Users\Computer\AppData\Local\nfmffef.gss
2014-07-02 11:07 - 2014-07-03 14:59 - 00555008 _____ () C:\Users\Computer\AppData\Local\nfmffef.gdb
2014-07-02 11:07 - 2014-07-02 11:07 - 03080192 _____ () C:\Users\Computer\AppData\Local\nfmffef.exe
2014-07-02 11:06 - 2014-07-02 11:12 - 00000000 ____D () C:\AdwCleaner
2014-07-02 11:06 - 2014-07-02 11:06 - 01346519 _____ () C:\Users\Computer\Downloads\adwcleaner_3.214.exe
2014-07-02 11:01 - 2014-07-03 09:16 - 00000795 _____ () C:\Windows\setupact.log
2014-07-02 11:01 - 2014-07-02 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-29 23:30 - 2014-06-29 23:30 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-06-28 13:55 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Desktop\diagnose.exe
2014-06-28 13:49 - 2014-06-28 13:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose (1).exe
2014-06-27 18:37 - 2014-06-27 18:37 - 00000863 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.zip
2014-06-27 17:49 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose.exe
2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Program Files (x86)\C1788BAC-0FCE-48F4-AF6A-AB180B237191
2014-06-25 16:17 - 2014-07-03 09:29 - 00001080 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.lnk
2014-06-24 22:57 - 2014-06-24 22:57 - 00287864 _____ () C:\Windows\Minidump\062414-18843-01.dmp
2014-06-22 21:47 - 2014-06-22 21:47 - 00287864 _____ () C:\Windows\Minidump\062214-19421-01.dmp
2014-06-22 21:46 - 2014-06-22 21:46 - 00000017 _____ () C:\Users\Computer\AppData\Local\resmon.resmoncfg
2014-06-20 22:20 - 2014-06-20 22:20 - 00007312 _____ () C:\Windows\system32\SettingsFile
2014-06-15 18:24 - 2014-06-15 18:24 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-09 22:11 - 2014-06-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\㩃啜敳獲䍜浯異整屲灁䑰瑡屡潒浡湩屧潍楺汬屡楆敲潦屸牐景汩獥浜歱渰牪⹹敤慦汵屴潣歯敩⹳煳楬整
2014-06-09 14:14 - 2014-06-09 14:14 - 03448360 _____ (Smart PC Solutions ) C:\Users\Computer\Downloads\PCSpeedMaximizer.exe
2014-06-09 14:00 - 2014-06-09 14:00 - 00287864 _____ () C:\Windows\Minidump\060914-14000-01.dmp
2014-06-09 12:08 - 2014-06-09 12:08 - 00256992 _____ () C:\Users\Computer\Downloads\DriverFinder_Setup.exe
2014-06-09 12:04 - 2014-06-09 12:04 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\DriverFinder
2014-06-09 11:54 - 2014-06-23 23:57 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-06-09 11:54 - 2014-06-09 11:54 - 00002469 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Computer\AppData\Local\SlimWare Utilities Inc
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-06-06 12:56 - 2014-06-06 13:00 - 00000000 ____D () C:\Users\Computer\AppData\Local\Adobe
2014-06-06 12:44 - 2014-06-06 12:44 - 00007552 ____N () C:\bootsqm.dat
2014-06-06 12:43 - 2014-06-06 12:43 - 00000000 __SHD () C:\found.000

==================== One Month Modified Files and Folders =======

2014-07-04 09:25 - 2014-07-02 11:07 - 01041569 _____ () C:\Users\Computer\AppData\Local\nfmffef.gss
2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 ____D () C:\FRST
2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 _____ () C:\Users\Computer\defogger_reenable
2014-07-04 09:24 - 2013-01-25 18:57 - 00000000 ____D () C:\Users\Computer
2014-07-04 09:23 - 2013-02-21 23:16 - 00000000 ____D () C:\Steam
2014-07-04 09:22 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-03 15:11 - 2013-01-25 19:07 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-424039607-3106668974-96046439-1001
2014-07-03 15:05 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-03 15:00 - 2012-08-02 17:04 - 01568942 _____ () C:\Windows\PFRO.log
2014-07-03 14:59 - 2014-07-02 11:07 - 00555008 _____ () C:\Users\Computer\AppData\Local\nfmffef.gdb
2014-07-03 14:57 - 2012-10-03 13:45 - 01374240 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 14:54 - 2014-07-03 14:53 - 04161050 _____ () C:\Users\Computer\Downloads\tdsskiller.zip
2014-07-03 14:47 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-03 14:32 - 2013-07-29 19:27 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 14:22 - 2014-07-03 14:22 - 00380416 _____ () C:\Users\Computer\Downloads\rhstcvpu.exe
2014-07-03 14:21 - 2013-07-31 23:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-03 14:21 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-03 14:21 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-03 14:18 - 2012-10-03 14:20 - 00000000 ____D () C:\ProgramData\Norton
2014-07-03 14:18 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-03 14:09 - 2014-02-12 23:26 - 00000000 ____D () C:\temp
2014-07-03 12:36 - 2014-04-16 18:45 - 00000000 ____D () C:\ProgramData\CoonverrtMe
2014-07-03 11:28 - 2014-07-03 11:21 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-03 11:02 - 2014-07-03 10:57 - 281672840 ____N (Symantec Corporation) C:\Users\Computer\Downloads\NIS-ESD-21.3.0-GE.exe
2014-07-03 10:51 - 2014-01-11 16:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-07-03 09:32 - 2014-01-11 17:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-03 09:31 - 2013-02-02 15:14 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-03 09:29 - 2014-06-25 16:17 - 00001080 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.lnk
2014-07-03 09:29 - 2013-02-02 20:29 - 00000000 ____D () C:\Users\Computer\AppData\Local\clear.fi
2014-07-03 09:17 - 2012-10-02 08:54 - 00752930 _____ () C:\Windows\system32\perfh007.dat
2014-07-03 09:17 - 2012-10-02 08:54 - 00156156 _____ () C:\Windows\system32\perfc007.dat
2014-07-03 09:17 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-03 09:16 - 2014-07-02 11:01 - 00000795 _____ () C:\Windows\setupact.log
2014-07-03 08:30 - 2014-07-03 08:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 08:29 - 2014-07-03 08:29 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-03 08:28 - 2014-07-03 08:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-03 08:08 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-07-02 11:12 - 2014-07-02 11:06 - 00000000 ____D () C:\AdwCleaner
2014-07-02 11:11 - 2014-06-01 18:41 - 00001079 _____ () C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-02 11:11 - 2013-07-29 19:27 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-02 11:11 - 2013-07-29 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-02 11:11 - 2013-02-03 12:44 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-02 11:11 - 2013-02-03 12:44 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-02 11:10 - 2013-07-31 23:19 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-07-02 11:07 - 2014-07-02 11:07 - 03080192 _____ () C:\Users\Computer\AppData\Local\nfmffef.exe
2014-07-02 11:06 - 2014-07-02 11:06 - 01346519 _____ () C:\Users\Computer\Downloads\adwcleaner_3.214.exe
2014-07-02 11:02 - 2012-08-02 17:19 - 00000000 ____D () C:\ProgramData\Temp
2014-07-02 11:01 - 2014-07-02 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-30 18:47 - 2014-01-11 15:01 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-06-29 23:30 - 2014-06-29 23:30 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-06-29 21:37 - 2013-01-25 19:16 - 00000000 ____D () C:\Users\Computer\AppData\Local\CrashDumps
2014-06-28 18:04 - 2014-02-13 00:49 - 00016896 ___SH () C:\Users\Computer\Documents\Thumbs.db
2014-06-28 13:49 - 2014-06-28 13:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose (1).exe
2014-06-27 18:37 - 2014-06-27 18:37 - 00000863 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.zip
2014-06-27 17:49 - 2014-06-28 13:55 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Desktop\diagnose.exe
2014-06-27 17:49 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose.exe
2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Program Files (x86)\C1788BAC-0FCE-48F4-AF6A-AB180B237191
2014-06-26 18:18 - 2013-05-18 14:37 - 00000000 ____D () C:\Users\Computer\Documents\kai zeug
2014-06-24 22:57 - 2014-06-24 22:57 - 00287864 _____ () C:\Windows\Minidump\062414-18843-01.dmp
2014-06-24 22:57 - 2014-04-03 21:44 - 1688198262 _____ () C:\Windows\MEMORY.DMP
2014-06-24 22:57 - 2014-02-21 23:01 - 00000000 ____D () C:\Windows\Minidump
2014-06-24 22:49 - 2013-02-03 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-24 21:56 - 2012-10-03 14:13 - 00002435 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2014-06-23 23:57 - 2014-06-09 11:54 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-06-22 21:54 - 2013-10-16 21:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 21:47 - 2014-06-22 21:47 - 00287864 _____ () C:\Windows\Minidump\062214-19421-01.dmp
2014-06-22 21:46 - 2014-06-22 21:46 - 00000017 _____ () C:\Users\Computer\AppData\Local\resmon.resmoncfg
2014-06-20 22:20 - 2014-06-20 22:20 - 00007312 _____ () C:\Windows\system32\SettingsFile
2014-06-18 18:20 - 2014-05-29 23:00 - 00000000 ____D () C:\rei
2014-06-18 18:20 - 2014-05-29 22:46 - 00000163 _____ () C:\Windows\Reimage.ini
2014-06-15 18:24 - 2014-06-15 18:24 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-15 18:24 - 2012-08-02 17:13 - 00002486 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
2014-06-15 18:24 - 2012-08-02 17:13 - 00002470 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-06-15 18:24 - 2012-08-02 17:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-15 18:24 - 2012-08-02 17:13 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-06-09 22:11 - 2014-06-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\㩃啜敳獲䍜浯異整屲灁䑰瑡屡潒浡湩屧潍楺汬屡楆敲潦屸牐景汩獥浜歱渰牪⹹敤慦汵屴潣歯敩⹳煳楬整
2014-06-09 19:03 - 2014-04-04 22:38 - 00000000 ____D () C:\ProgramData\a4b33b63d1694301
2014-06-09 14:14 - 2014-06-09 14:14 - 03448360 _____ (Smart PC Solutions ) C:\Users\Computer\Downloads\PCSpeedMaximizer.exe
2014-06-09 14:00 - 2014-06-09 14:00 - 00287864 _____ () C:\Windows\Minidump\060914-14000-01.dmp
2014-06-09 12:08 - 2014-06-09 12:08 - 00256992 _____ () C:\Users\Computer\Downloads\DriverFinder_Setup.exe
2014-06-09 12:04 - 2014-06-09 12:04 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\DriverFinder
2014-06-09 11:54 - 2014-06-09 11:54 - 00002469 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Computer\AppData\Local\SlimWare Utilities Inc
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-06-06 21:51 - 2013-12-11 18:43 - 00000000 ____D () C:\Users\Computer\AppData\Local\Runic Games
2014-06-06 13:00 - 2014-06-06 12:56 - 00000000 ____D () C:\Users\Computer\AppData\Local\Adobe
2014-06-06 12:44 - 2014-06-06 12:44 - 00007552 ____N () C:\bootsqm.dat
2014-06-06 12:43 - 2014-06-06 12:43 - 00000000 __SHD () C:\found.000

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5488.dll


Some content of TEMP:
====================
C:\Users\Computer\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Computer\AppData\Local\Temp\fpiisrxg.dll
C:\Users\Computer\AppData\Local\Temp\gkc.exe
C:\Users\Computer\AppData\Local\Temp\Quarantine.exe
C:\Users\Computer\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Computer\AppData\Local\Temp\ShoppinHelper2new2.exe
C:\Users\Computer\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-14 16:16

==================== End Of Log ============================
Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by Computer at 2014-07-04 09:25:19
Running from E:\Virenentfernung
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.01.2002 - Acer Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
DriverUpdate (HKLM-x32\...\{6FF69967-0BFE-4F14-B6DF-E73783E52340}) (Version: 2.2.36428 - SlimWare Utilities, Inc.)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Genesis (HKCU\...\nfmffef) (Version:  - ) <==== ATTENTION
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Intel(R) Network Connections 17.2.153.0 (HKLM\...\PROSetDX) (Version: 17.2.153.0 - Intel)
Intel(R) Network Connections 17.2.153.0 (Version: 17.2.153.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.6.6.0 - Reimage)
Save Sense (remove only) (HKCU\...\Save Sense) (Version: 6.4.1.0 - SaveSense) <==== ATTENTION
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shopping Helper Smartbar Engine (HKCU\...\{53a703b6-0f29-4121-b729-e34ec6da8302}) (Version: 11.49.63.16848 - ReSoft Ltd.) <==== ATTENTION
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.13 - WildTangent)

==================== Restore Points  =========================

03-07-2014 07:30:55 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05C4F9FB-8AB9-45DE-AA96-9F4D98259F35} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\SymErr.exe
Task: {1386C002-A2FD-4589-A17C-613A3FEB0B35} - \EPUpdater No Task File <==== ATTENTION
Task: {140B564E-0990-477D-A9E3-7AB847988AE1} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)
Task: {16256578-4D28-468C-B777-E3841CE81F59} - \Dealply No Task File <==== ATTENTION
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21B09A65-E8AF-4CDC-927F-B9C5161C08A9} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2920E379-24D9-4721-870B-2E7B9AE5DCDF} - \spmonitor No Task File <==== ATTENTION
Task: {4145606B-AE45-4C5D-ACBB-6C55CBBC3D07} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {4589006D-977D-481C-95DC-A30A291651B2} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {49D57BD2-7C2F-4531-862C-CB10274C4A5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
Task: {59E8B577-BF8F-416B-97D1-F8732C660C4B} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {61F454E3-38FB-4B6E-9CD9-43F34410EB79} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {63700C6F-EA33-4393-8289-B482449CE6A5} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {8EAB1039-F05C-4EBA-B900-B5AAC8FFDBDA} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {8FDBC6BE-67C7-4079-8BF3-7E72E4447982} - \LyricsContainer Update No Task File <==== ATTENTION
Task: {9222A835-D170-48F7-9619-930AEC32862C} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\SymErr.exe
Task: {9CE5E34F-A933-4C4E-8334-675AB420123F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
Task: {A067634F-DCF2-4E04-AAAB-50C22B95E3AD} - \RegClean Pro No Task File <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A76E1D53-5500-4305-A06A-5E07F02FF866} - \BrowserDefendert No Task File <==== ATTENTION
Task: {B2FBC000-49D3-4BA6-BE04-E39A6DF7686C} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {BAD90900-AB86-4AA7-9998-A25A3F8ED690} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {BEAB9A12-BAC2-43AC-BD35-72C6B6C8F7BA} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-24] ()
Task: {BF00D894-3E73-44FC-B72B-2B6491A09D6B} - \SpeedUpMyPC No Task File <==== ATTENTION
Task: {C4816D17-F227-4519-B558-FCC0AA2953B1} - \LaunchApp No Task File <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C778FE02-EFAB-4886-8A2F-53DA56D9458E} - \RegClean Pro_UPDATES No Task File <==== ATTENTION
Task: {E4813DB8-8F9A-4576-972A-6DEC66CFA0B5} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F6F330BB-9868-482D-9B97-80E97FB1A938} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf500a5f10f8ca.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2013-06-01 16:17 - 2013-06-01 16:18 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-03 14:03 - 2012-10-03 14:03 - 01193176 _____ () C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
2014-07-02 11:07 - 2014-07-02 11:07 - 03080192 _____ () C:\Users\Computer\AppData\Local\nfmffef.exe
2014-05-25 12:33 - 2014-04-30 02:08 - 01135104 _____ () C:\Steam\libavcodec-55.dll
2014-05-25 12:33 - 2014-04-30 02:08 - 00404992 _____ () C:\Steam\libavformat-55.dll
2014-01-08 13:05 - 2014-04-30 02:08 - 00340992 _____ () C:\Steam\libavresample-1.dll
2014-04-26 18:35 - 2014-04-30 02:08 - 00471552 _____ () C:\Steam\libavutil-53.dll
2013-03-25 15:23 - 2014-05-17 03:36 - 00756224 _____ () C:\Steam\SDL2.dll
2014-05-25 12:34 - 2014-05-29 19:37 - 02139840 _____ () C:\Steam\video.dll
2014-05-25 12:33 - 2014-04-29 02:37 - 00519168 _____ () C:\Steam\libswscale-2.dll
2013-02-15 14:08 - 2014-05-29 19:36 - 01116864 _____ () C:\Steam\bin\chromehtml.DLL
2013-01-22 05:22 - 2014-05-02 01:35 - 20628160 _____ () C:\Steam\bin\libcef.dll
2012-12-11 10:51 - 2013-06-15 01:49 - 01100800 _____ () C:\Steam\bin\avcodec-53.dll
2012-12-11 10:51 - 2013-06-15 01:49 - 00124416 _____ () C:\Steam\bin\avutil-51.dll
2012-12-11 10:51 - 2013-06-15 01:49 - 00192000 _____ () C:\Steam\bin\avformat-53.dll
2014-02-13 16:12 - 2014-02-13 16:12 - 00279296 _____ () C:\Program Files (x86)\Acer\Acer Portal\libcurl.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Computer:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\Computer\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Computer\Cookies:gs5sys
AlternateDataStreams: C:\Users\Computer\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\Computer\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Computer\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Computer\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Computer\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Computer\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Computer\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\Computer\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: CCDMonitorService => 2
MSCONFIG\Services: cjpcsc => 2
MSCONFIG\Services: DAUpdaterSvc => 3
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: ePowerSvc => 3
MSCONFIG\Services: ExpressCache => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) PROSet Monitoring Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: StarMoney 8.0 OnlineUpdate => 2
MSCONFIG\Services: StarMoney 9.0 OnlineUpdate => 2
MSCONFIG\Services: Steam Client Service => 3

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 09:25:18 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:25:18Z. Fehlercode: 0x80071A91.

Error: (07/04/2014 09:24:48 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:24:48Z. Fehlercode: 0x80071A91.

Error: (07/04/2014 09:24:15 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:24:15Z. Fehlercode: 0x80071A91.

Error: (07/04/2014 09:23:45 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:23:45Z. Fehlercode: 0x80071A91.

Error: (07/04/2014 09:23:15 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:23:15Z. Fehlercode: 0x80071A91.

Error: (07/04/2014 09:23:03 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.

Error: (07/04/2014 09:23:03 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.

Error: (07/04/2014 09:22:56 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.

Error: (07/04/2014 09:22:56 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.

Error: (07/04/2014 09:22:48 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung Fehler in der Wiederherstellungsphase. beendet.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Gatherer wird heruntergefahren.  (HRESULT : 0x80040d23) (0x80040d23)


System errors:
=============
Error: (07/04/2014 09:23:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 8 Mal passiert.

Error: (07/04/2014 09:23:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%6801

Error: (07/04/2014 09:22:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert.

Error: (07/04/2014 09:22:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%6801

Error: (07/04/2014 09:22:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (07/04/2014 09:22:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%6801

Error: (07/03/2014 03:08:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.

Error: (07/03/2014 03:08:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
%%6801

Error: (07/03/2014 03:08:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Windows Search" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1062

Error: (07/03/2014 03:07:34 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056


Microsoft Office Sessions:
=========================
Error: (07/04/2014 09:25:18 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x80071A912114-06-10T07:25:18Z

Error: (07/04/2014 09:24:48 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x80071A912114-06-10T07:24:48Z

Error: (07/04/2014 09:24:15 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x80071A912114-06-10T07:24:15Z

Error: (07/04/2014 09:23:45 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x80071A912114-06-10T07:23:45Z

Error: (07/04/2014 09:23:15 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x80071A912114-06-10T07:23:15Z

Error: (07/04/2014 09:23:03 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (07/04/2014 09:23:03 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91

Error: (07/04/2014 09:22:56 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (07/04/2014 09:22:56 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91

Error: (07/04/2014 09:22:48 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Gatherer wird heruntergefahren.  (HRESULT : 0x80040d23) (0x80040d23)
Fehler in der Wiederherstellungsphase.


==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 8134.05 MB
Available physical RAM: 7072.57 MB
Total Pagefile: 16326.05 MB
Available Pagefile: 15141.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:453.1 GB) (Free:251.62 GB) NTFS
Drive d: (DATA) (Fixed) (Total:453.61 GB) (Free:453.46 GB) NTFS
Drive e: (XBOOT) (Removable) (Total:14.62 GB) (Free:14.32 GB) FAT32
Drive j: (kis 2014) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: E13DBE7D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=15 GB) - (Type=73)

========================================================
Disk: 7 (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
GMER.log

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-04 09:28:53
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST1000DM003-9YN162 rev.CC4B 931,51GB
Running: rhstcvpu.exe; Driver: C:\Users\Computer\AppData\Local\Temp\pwdcapow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Windows\System32\spoolsv.exe[1328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                         000007fd9455177a 4 bytes [55, 94, FD, 07]
.text    C:\Windows\System32\spoolsv.exe[1328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                         000007fd94551782 4 bytes [55, 94, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                               000007fd8fac1b32 4 bytes [AC, 8F, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                               000007fd8fac1b3a 4 bytes [AC, 8F, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                           000007fd86d71532 4 bytes [D7, 86, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                           000007fd86d7153a 4 bytes [D7, 86, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                         000007fd86d7165a 4 bytes [D7, 86, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                 000007fd9455177a 4 bytes [55, 94, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                 000007fd94551782 4 bytes [55, 94, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                   000007fd86d71532 4 bytes [D7, 86, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                   000007fd86d7153a 4 bytes [D7, 86, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                 000007fd86d7165a 4 bytes [D7, 86, FD, 07]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [2336:4400]                                                                                                  fffff960009005e8
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:4288]                 000007fd95b923a8
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:2188]                 000007fd8b3977b0
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:1796]                 000007fd8b3977b0
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:3596]                 000007fd947e8c44
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:1828]                 000007fd93b7c648
---- Processes - GMER 2.1 ----

Process  C:\Users\Computer\AppData\Local\nfmffef.exe (*** suspicious ***) @ C:\Users\Computer\AppData\Local\nfmffef.exe [736](2014-07-02 09:07:04)  0000000000400000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----

 

Themen zu Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig
4d36e972-e325-11ce-bfc1-08002be10318, js/toolbar.crossrider.b, msiexec.exe, msil/advancedsystemprotector.b, msil/domaiq.a, pmmupdate.exe, spotify web helper, starmoney, teredo, win32/adware.addlyrics.an, win32/adware.addlyrics.ao, win32/adware.addlyrics.as, win32/anyprotect.d, win32/dealply.n, win32/distromatic.b, win32/elex.q, win32/elex.y, win32/packed.vmdetector.b, win32/toolbar.crossrider.al, win32/toolbar.crossrider.k, win32/toolbar.crossrider.l, win32/toolbar.crossrider.m, win32/toolbar.crossrider.n, win32/toolbar.crossrider.p, win32/toolbar.escort.a, win32/toolbar.montiera.a, win32/toolbar.montiera.b, win32/toolbar.montiera.f, win32/toolbar.montiera.j, win64/adware.adpeak.c, win64/toolbar.crossrider.a, windowsapps


« (mehrere) Trojanermeldung(en) AVG (Win8.1) : "Trojaner: Dropper.Generic2.ANGG.dropper" | Trojan.GenericKD.942439 / Trojan.GenericKD.1305731 u.a. »


Ähnliche Themen: Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig


  1. Avira lässt sich nicht installieren, Firefox macht zig Fenster auf
    Plagegeister aller Art und deren Bekämpfung - 29.03.2015 (31)
  2. Sandboxie funktionierte nicht mehr und lässt sich jetzt nicht neu installieren. (Windows 7)
    Log-Analyse und Auswertung - 15.10.2014 (5)
  3. Bundestrojaner - Windows XP lässt sich nicht neu installieren
    Plagegeister aller Art und deren Bekämpfung - 07.09.2014 (16)
  4. Update Windows 7 SP1 lässt sich nicht installieren Fehlercode 80073701
    Alles rund um Windows - 25.04.2014 (26)
  5. IE9 64bit und Firefox starten nicht / Firefox lässt sich nicht neu installieren
    Log-Analyse und Auswertung - 14.03.2012 (17)
  6. Service Pack 1 Windows 7 lässt sich nicht installieren SP1 win7
    Alles rund um Windows - 19.04.2011 (31)
  7. HP Druckersoftware lässt sich unter Windows 7 nicht installieren.
    Alles rund um Windows - 10.10.2010 (7)
  8. Windows xp lässt sich nicht installieren
    Alles rund um Windows - 01.08.2010 (11)
  9. Virenscanner lässt sich nicht installiren, Firefox schließt sich
    Plagegeister aller Art und deren Bekämpfung - 02.02.2010 (5)
  10. kein virenscanner lässt sich mehr starten oder installieren
    Log-Analyse und Auswertung - 25.12.2009 (3)
  11. Firefox lässt sich nicht downloaden und installieren
    Alles rund um Windows - 14.09.2009 (21)
  12. Windows fährt nicht hoch und lässt sich nich installieren.
    Alles rund um Windows - 19.07.2009 (4)
  13. Vundo.og - Windows lässt sich nicht neu installieren
    Plagegeister aller Art und deren Bekämpfung - 18.12.2008 (6)
  14. Flash Player lässt sich nicht für Firefox (nur für Opera) installieren!
    Alles rund um Windows - 06.07.2008 (1)
  15. Virenscanner lässt sich nicht installieren
    Antiviren-, Firewall- und andere Schutzprogramme - 22.08.2007 (7)
  16. Firefox update lässt sich nicht installieren.
    Alles rund um Windows - 09.08.2007 (2)
  17. Kein Virenscanner lässt sich mehr installieren!
    Log-Analyse und Auswertung - 17.02.2007 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig - Hallo, ich habe hier einen Rechner auf dem sich kein gängiger Virenscanner installieren lässt. Des Weiteren startet auch Firefox selbstständig und ruft Spiele- und/oder Pornoseiten auf. FRST.txt Code: Alles auswählen - Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig...
Archiv
Du betrachtest: Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131