Windows 7: Weiterleitung auf Webseiten mit Clicup und Moviemode

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
Ran by Sebi at 2014-07-29 15:04:04 Run:1
Running from C:\Users\Sebi\Desktop\Trojaner
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
*****************

esgiguard => Service deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D360FA88-17C8-4F14-B67F-13AAF9607B12}\\SystemComponent => value deleted successfully.

==== End of Fixlog ====
         

SystemLook 30.07.11 by jpshortstuff
Log created at 15:05 on 29/07/2014 by Sebi
Administrator - Elevation successful

========== regfind ==========

Searching for "MovieMode"
[HKEY_CURRENT_USER\Software\Paint.NET]
"MRU7"="C:\Users\Sebi\Desktop\Trojaner\Screenshot Moviemode.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MovieMode]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MovieMode]
"DisplayIcon"="\MovieMode\MovieMode.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MovieMode]
"HelpLink"="hxxp://www.moviemodeapp.com/about.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MovieMode]
"UninstallString"="\MovieMode\uninstall.exe /kb=y /ic=1"
[HKEY_USERS\S-1-5-21-923060634-244694402-522841917-1000\Software\Paint.NET]
"MRU7"="C:\Users\Sebi\Desktop\Trojaner\Screenshot Moviemode.jpg"

-= EOF =-