Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PUP.Optional.WebSteroids.A

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.08.2014, 10:49   #1
Mark-Peter
 
PUP.Optional.WebSteroids.A - Standard

PUP.Optional.WebSteroids.A



Hallo zusammen,

ich habe gerade meinen PC mit dem Programm Malwarebytes Anti-Malware
abscannen lassen und dabei hat er einige Meldungen rausgeworfen :-(

Und zwar :

Registrierungsschlüssel: 4
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [ab340abc304ba393047c0a65748eb14f],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [23bc685e1b60a98de06f6a057092d030],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, , [26b946803e3de74f4aa59651867c3cc4],
PUP.Optional.MultiIE.A, HKU\S-1-5-21-3307784932-3257054885-3720409516-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [25ba12b477042f07c63b49f6bd470bf5],

Registrierungswerte: 1
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, , [26b946803e3de74f4aa59651867c3cc4]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 1
PUP.Optional.Conduit.A, C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\searchplugins\conduit-search.xml, , [2fb0e8de423979bd63e70839848010f0],

Habe ich nun ein Problem und muss meinen PC komplett neu machen ( gerade erst neu gemacht ) oder kann man diese Probleme beheben ??

Würde mich freuen wenn sich sobald wie möglich jemand melden würde.
Ab und zu geht auf meinem Desktop auch noch ein Fenster in regelmäßigen
Abständen auf, Screen hänge ich mal an.



Mark-Peter
Miniaturansicht angehängter Grafiken
PUP.Optional.WebSteroids.A-img_2600.jpg  

Alt 15.08.2014, 10:52   #2
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional.WebSteroids.A - Standard

PUP.Optional.WebSteroids.A



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 15.08.2014, 12:08   #3
Mark-Peter
 
PUP.Optional.WebSteroids.A - Standard

PUP.Optional.WebSteroids.A




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014
Ran by Mark-Peter (administrator) on MARK-PETER-PC on 15-08-2014 12:58:46
Running from D:\Mozilla-Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\FeedReader30\feedreader.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() D:\janrufmonitor\jam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(AVM Berlin) C:\Users\Mark-Peter\AppData\Local\Apps\2.0\N9QOBBD3.TOD\PE8TCT8J.41Y\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [BirthdayRemember6] => C:\Program Files (x86)\BirthdayRemember\BirthdayRemember.exe [2440704 2008-07-28] (BirthdayRemember)
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Mark-Peter\AppData\Local\Apps\2.0\N9QOBBD3.TOD\PE8TCT8J.41Y\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-06-08] (AVM Berlin)
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1866544 2013-03-05] (Sanford, L.P.)
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\MountPoints2: {86a225f9-4aff-11e3-9b1b-002618988ac8} - K:\LaunchU3.exe -a
Startup: C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jAnrufmonitor 5.0.lnk
ShortcutTarget: jAnrufmonitor 5.0.lnk -> D:\janrufmonitor\jam.exe ()
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} =>  No File
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} =>  No File
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB2D04FEBB143CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP7B061BD6-4860-4D72-AE7E-E762E5AA5BB9&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://udo.selfhost.me/FSIPCam.cab
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16}
/codebase/DVM_IPCam2.ocx
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer]

FireFox:
========
FF ProfilePath: C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "ftp", "79.142.126.3"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "79.142.126.3"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "79.142.126.3"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "79.142.126.3"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-11]
FF Extension: AutoPager - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\autopager@mozilla.org.xpi [2013-11-15]
FF Extension: Facebook Disconnect - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\facebook@disconnect.me.xpi [2013-11-15]
FF Extension: Firebug - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\firebug@software.joehewitt.com.xpi [2013-11-15]
FF Extension: Stealthy - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\stealthyextension@gmail.com.xpi [2013-11-15]
FF Extension: عارض PDF - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\uriloader@pdf.js.xpi [2013-11-15]
FF Extension: ShowIP - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-11-15]
FF Extension: NoScript - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-28]
FF Extension: ReloadEvery - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-11-15]
FF Extension: Adblock Plus - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-05]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-11] (AVAST Software)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-11-14] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 HPSLPSVC; C:\Users\MARK-P~1\AppData\Local\Temp\7zS53A1\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 %ServiceName%; C:\Windows\System32\drivers\iusb3hcs.sys [19264 2014-04-05] (Intel Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-11] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-11] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-06-08] (AVM Berlin)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2014-04-05] (Intel Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-17] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2013-11-14] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-11-11] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-11-11] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-11-11] (Acronis International GmbH)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 12:36 - 2014-08-15 12:58 - 00000000 ____D () C:\FRST
2014-08-15 12:26 - 2014-08-15 12:26 - 00000056 _____ () C:\Windows\setupact.log
2014-08-15 12:26 - 2014-08-15 12:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 12:25 - 2014-08-15 12:25 - 00000314 _____ () C:\Windows\PFRO.log
2014-08-15 11:55 - 2014-08-15 11:55 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Nico Mak Computing
2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-15 11:55 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-08-11 21:50 - 2014-08-11 21:54 - 00000000 ____D () C:\ProgramData\firebird
2014-08-11 21:08 - 2014-08-11 21:50 - 00000000 ____D () C:\Users\Mark-Peter\Scoutsystems
2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.Report
2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.jfreereport
2014-08-07 00:29 - 2014-08-07 00:29 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-08-07 00:29 - 2014-08-07 00:29 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-06 00:49 - 2014-08-06 00:49 - 00001933 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-08-06 00:49 - 2014-08-06 00:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\SelfMV
2014-08-06 00:48 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-08-03 19:50 - 2014-08-03 19:50 - 06004615 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-03 16:09 - 2014-06-11 03:53 - 00423936 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmon.dll
2014-08-03 16:09 - 2014-06-11 03:53 - 00413184 _____ (Hewlett-Packard) C:\Windows\system32\hpbrprtmon.dll
2014-08-03 16:09 - 2014-06-11 03:52 - 00231424 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmonui.dll
2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\HP_ePrint
2014-08-02 12:18 - 2014-08-02 12:22 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Feedreader
2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader
2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\Program Files (x86)\FeedReader30
2014-07-29 10:35 - 2014-07-29 10:35 - 05981830 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-07-25 14:43 - 2014-08-06 01:03 - 00000000 ___RD () C:\Users\Mark-Peter\Dropbox
2014-07-25 14:42 - 2014-08-06 00:41 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Dropbox
2014-07-25 14:42 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-23 00:55 - 2014-07-23 00:55 - 00000088 _____ () C:\Users\Mark-Peter\Desktop\listen.pls
2014-07-22 23:55 - 2014-08-15 12:20 - 00000000 ____D () C:\AdwCleaner
2014-07-21 11:47 - 2014-07-21 11:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-21 11:47 - 2014-07-21 11:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 21:29 - 2014-07-18 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-17 22:59 - 2014-07-29 16:11 - 00000000 ____D () C:\Users\Mark-Peter\Desktop\Neuer Ordner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 12:58 - 2014-08-15 12:36 - 00000000 ____D () C:\FRST
2014-08-15 12:37 - 2014-03-05 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 12:33 - 2009-07-14 06:45 - 00016336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 12:33 - 2009-07-14 06:45 - 00016336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 12:32 - 2009-07-14 19:58 - 05626472 _____ () C:\Windows\system32\perfh007.dat
2014-08-15 12:32 - 2009-07-14 19:58 - 01679632 _____ () C:\Windows\system32\perfc007.dat
2014-08-15 12:32 - 2009-07-14 07:13 - 00006232 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 12:26 - 2014-08-15 12:26 - 00000056 _____ () C:\Windows\setupact.log
2014-08-15 12:26 - 2014-08-15 12:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 12:26 - 2014-04-06 01:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-15 12:26 - 2013-11-16 02:11 - 00000432 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-15 12:26 - 2013-11-16 02:10 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Wise Care 365
2014-08-15 12:26 - 2013-11-15 00:35 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 12:26 - 2013-11-14 16:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\jAnrufmonitor
2014-08-15 12:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 12:25 - 2014-08-15 12:25 - 00000314 _____ () C:\Windows\PFRO.log
2014-08-15 12:20 - 2014-07-22 23:55 - 00000000 ____D () C:\AdwCleaner
2014-08-15 12:20 - 2013-11-15 00:35 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-15 12:01 - 2013-11-14 01:37 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Skype
2014-08-15 11:55 - 2014-08-15 11:55 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Nico Mak Computing
2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-15 09:28 - 2014-06-29 15:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 09:27 - 2013-11-14 01:44 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Winamp
2014-08-15 00:15 - 2013-11-14 20:01 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\vlc
2014-08-14 17:44 - 2014-06-24 00:27 - 00000000 ____D () C:\cbfunk-deutschland-neu
2014-08-13 17:52 - 2013-11-11 20:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-12 17:55 - 2013-11-11 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-12 14:24 - 2014-05-18 13:39 - 00002062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-08-12 14:24 - 2014-05-18 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-08-12 10:17 - 2013-11-15 01:40 - 00000000 ____D () C:\Users\Mark-Peter\Documents\lqpl Invoice 2012
2014-08-11 21:54 - 2014-08-11 21:50 - 00000000 ____D () C:\ProgramData\firebird
2014-08-11 21:50 - 2014-08-11 21:08 - 00000000 ____D () C:\Users\Mark-Peter\Scoutsystems
2014-08-11 21:08 - 2013-11-11 19:43 - 00000000 ____D () C:\Users\Mark-Peter
2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.Report
2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.jfreereport
2014-08-11 19:38 - 2013-11-15 01:43 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\teamspeak2
2014-08-10 21:54 - 2013-12-19 14:19 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-10 21:54 - 2013-12-19 14:19 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-07 00:29 - 2014-08-07 00:29 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-08-07 00:29 - 2014-08-07 00:29 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-06 23:42 - 2013-11-14 01:37 - 00000000 ____D () C:\ProgramData\Skype
2014-08-06 13:42 - 2013-11-14 02:29 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\TS3Client
2014-08-06 11:19 - 2013-12-27 20:51 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-08-06 01:03 - 2014-07-25 14:43 - 00000000 ___RD () C:\Users\Mark-Peter\Dropbox
2014-08-06 00:52 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\Documents\samsung
2014-08-06 00:51 - 2013-11-14 14:57 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-06 00:50 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Samsung
2014-08-06 00:50 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\Samsung
2014-08-06 00:50 - 2013-11-14 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-08-06 00:50 - 2013-11-14 14:57 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-08-06 00:50 - 2013-11-12 22:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-06 00:49 - 2014-08-06 00:49 - 00001933 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-08-06 00:49 - 2014-08-06 00:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\SelfMV
2014-08-06 00:41 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Dropbox
2014-08-05 11:57 - 2013-11-11 21:16 - 00000600 _____ () C:\Users\Mark-Peter\AppData\Roaming\winscp.rnd
2014-08-04 14:28 - 2013-11-12 22:34 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\FileZilla
2014-08-04 10:06 - 2013-11-14 15:23 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\Deployment
2014-08-03 19:50 - 2014-08-03 19:50 - 06004615 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-03 17:20 - 2013-11-14 18:25 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\HP
2014-08-03 17:19 - 2013-11-22 13:33 - 00000000 ____D () C:\Program Files\stinger
2014-08-03 16:11 - 2013-11-14 18:26 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\HpUpdate
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\HP_ePrint
2014-08-03 16:08 - 2013-11-14 18:26 - 00000000 ____D () C:\ProgramData\HP
2014-08-03 16:08 - 2013-11-14 18:26 - 00000000 ____D () C:\Program Files (x86)\HP
2014-08-03 16:00 - 2013-11-23 14:18 - 00000000 ____D () C:\Quarantine
2014-08-02 12:22 - 2014-08-02 12:18 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Feedreader
2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader
2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\Program Files (x86)\FeedReader30
2014-08-02 11:42 - 2013-11-14 15:31 - 00000000 ____D () C:\Users\Mark-Peter\Documents\LiveZilla
2014-07-30 11:21 - 2014-06-18 12:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 16:11 - 2014-07-17 22:59 - 00000000 ____D () C:\Users\Mark-Peter\Desktop\Neuer Ordner
2014-07-29 10:35 - 2014-07-29 10:35 - 05981830 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-07-26 01:00 - 2013-11-16 02:11 - 00000412 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-07-25 14:42 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 00:23 - 2013-11-14 01:41 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-23 16:27 - 2013-11-17 21:04 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\DigiJay
2014-07-23 00:55 - 2014-07-23 00:55 - 00000088 _____ () C:\Users\Mark-Peter\Desktop\listen.pls
2014-07-21 14:24 - 2013-11-12 22:34 - 00000955 _____ () C:\Users\Public\Desktop\DigiJay.lnk
2014-07-21 14:24 - 2013-11-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigiJay
2014-07-21 14:24 - 2013-11-12 22:34 - 00000000 ____D () C:\Program Files (x86)\DigiJay
2014-07-21 11:47 - 2014-07-21 11:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-21 11:47 - 2014-07-21 11:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 21:29 - 2014-07-18 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-18 21:29 - 2013-11-14 20:01 - 00000831 _____ () C:\Users\Public\Desktop\VLC media player.lnk

Some content of TEMP:
====================
C:\Users\Mark-Peter\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 08:37

==================== End Of Log ============================
         
--- --- ---
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014
Ran by Mark-Peter at 2014-08-15 12:59:05
Running from D:\Mozilla-Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A1-Faktura 1.429 (HKLM-x32\...\A1-Faktura_is1) (Version:  - A1-Faktura)
Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{E6D44B7E-1B1E-04A7-86E3-06AD74583FE9}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
BirthdayRemember 6.3.2 (HKLM-x32\...\BirthdayRemember_is1) (Version:  - geburtstagsgeschenk-online.de)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0405.2218.38205 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0405.2218.38205 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0405.2218.38205 - ATI Technologies, Inc.) Hidden
CCC Help English (x32 Version: 2011.0405.2217.38205 - ATI) Hidden
ccc-utility64 (Version: 2011.0405.2218.38205 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.7 - REINER SCT)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DigiJay 1.611 (HKLM-x32\...\DigiJay_is1) (Version:  - MB Audio)
DiskSpeed32 (HKLM-x32\...\DiskSpeed32) (Version: 3, 0, 0, 5 - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.0.1751 - Sanford, L.P.)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FeedReader (HKLM-x32\...\FeedReader_is1) (Version:  - i-Systems Inc.)
FGS_Cashbook (HKLM-x32\...\FGS_Cashbook6.0.1.9) (Version: 6.0.1.9 - FGS-Software)
FileZilla Client 3.9.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.2 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
FotoGrusskarten DruckShop (HKLM-x32\...\{B7DE26E5-565D-4FEB-A596-09A96E0D788C}) (Version:  - )
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
FRITZ!Box USB-Fernanschluss (HKCU\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
High-Definition Video Playback (x32 Version: 11.1.11100.4.196 - Nero AG) Hidden
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 14.0.14176.1823 - Hewlett-Packard)
HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{56F91CE8-0168-4619-8FEC-13F5087E40F8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Unified IO (Version: 2.0.0.434 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.434 - HP) Hidden
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
IPCWebComponents 3.0.0.1 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.1 - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
jAlbum (HKLM-x32\...\{300A49B9-C458-4681-BF10-3EFCAD56751E}) (Version: 11.6 - Jalbum AB)
jAnrufmonitor 5.0 (HKLM-x32\...\jam50-64) (Version:  - Thilo Brandt)
Java 8 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KingBill 2009 (HKLM-x32\...\{23CEBB17-F054-42EE-8A1C-06E80E12756F}) (Version: 4.5.2 - KingBill GmbH)
LiveZilla (HKLM-x32\...\LiveZilla) (Version: 5.2.5.0 - LiveZilla GmbH)
LiveZilla (x32 Version: 5.2.5.0 - LiveZilla GmbH) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
lqpl Invoice 2012 (HKLM-x32\...\{F2E24019-6832-49D6-9060-6CC6092AA91A}) (Version: 4.2.31 - lqpl Software)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
MAGIX Foto Manager 10 (HKLM-x32\...\MAGIX_MSI_Foto_Manager_10) (Version: 8.0.0.123 - MAGIX AG)
MAGIX Foto Manager 10 (x32 Version: 8.0.0.123 - MAGIX AG) Hidden
MAGIX Online Druck Service (HKLM-x32\...\{ECF47E32-14CD-4ED2-9539-4083E873BFFC}) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\{D4073F62-505F-4E05-AB13-B399E67C0DED}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{EC154DE4-54C6-427A-941F-FCF9B3A78DF1}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Video deluxe 17 Plus (HKLM-x32\...\MAGIX_MSI_Videodeluxe17_plus) (Version: 10.0.2.8 - MAGIX AG)
MAGIX Video deluxe 17 Plus (x32 Version: 10.0.2.8 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
ManyCam 3.1.58 (HKLM-x32\...\ManyCam) (Version: 3.1.58 - ManyCam LLC)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Access Runtime 2010 (HKLM-x32\...\Office14.AccessRT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access Runtime 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Runtime MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office FrontPage 2003 (HKLM-x32\...\{91170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 de)) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NB PC-Banking 3.7 (HKLM-x32\...\{017C20AC-25E0-4473-C99B-B7958AE6931D}) (Version:  - )
Nero 11 (HKLM-x32\...\{810B7362-6B05-4714-AF6A-EF3A20CCD634}) (Version: 11.2.00600 - Nero AG)
Nero 11 Cliparts (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Disc Menus Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Effects Basic (x32 Version: 11.0.11400.14.0 - Nero AG) Hidden
Nero 11 Image Samples (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 PiP Effects Basic (x32 Version: 11.0.11400.14.0 - Nero AG) Hidden
Nero 11 Video Samples (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp 11 (x32 Version: 6.2.18400.2.100 - Nero AG) Hidden
Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Nero Burning ROM 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden
Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero ControlCenter 11 (x32 Version: 11.0.12700.0.27 - Nero AG) Hidden
Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Core Components 11 (x32 Version: 11.0.16300.1.23 - Nero AG) Hidden
Nero CoverDesigner 11 (x32 Version: 6.0.11000.13.100 - Nero AG) Hidden
Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Express 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden
Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.10.24800.146.100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden
Nero Recode 11 (x32 Version: 5.2.10900.0.0 - Nero AG) Hidden
Nero Recode 11 Help (CHM) (x32 Version: 11.0.10600 - Nero AG) Hidden
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.11500.1.5 - Nero AG) Hidden
Nero SoundTrax 11 (x32 Version: 5.0.10700.6.100 - Nero AG) Hidden
Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Nero Video 11 (x32 Version: 8.2.15700.3.100 - Nero AG) Hidden
Nero Video 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero WaveEditor 11 (x32 Version: 6.2.11300.0.100 - Nero AG) Hidden
Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20010 - Nero AG) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF-XChange Editor (HKLM-x32\...\{57476447-95ee-4c7c-8373-875ad649bbb9}) (Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.) Hidden
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PoP-Tools Levelmeter (HKLM-x32\...\PoP-Tools Levelmeter_is1) (Version:  - PoP-Tools Software Development GbR)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Access 2010 Runtime (KB2687444) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{54846D1D-E5D5-4A28-AA6D-7208259007EA}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Access 2010 Runtime (KB2687444) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
SuperHTML Web Studio 8.5.6 (HKLM-x32\...\{31D72726-2A42-11E1-9D98-20824824019B}_is1) (Version: 8.5.6 - mirabyte GmbH & Co. KG)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TischFotoKalender 2010 Druckshop (HKLM-x32\...\{84C3B66D-E3EA-4EFF-8920-3526F4464217}) (Version:  - )
TS3 Admin (HKCU\...\7a0e88a04267d7dd) (Version: 1.0.3.106 - noa-x)
TV-Browser 3.3a (HKLM-x32\...\tvbrowser) (Version: 3.3a - TV-Browser Team)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visitenkarten DruckShop 50 (HKLM-x32\...\{9411D0C4-0641-4077-BB31-5418857C11AB}) (Version:  - )
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VP6 VFW Codec (HKLM-x32\...\{A23866A0-738B-4091-9924-0B0DE3988A15}) (Version:  - )
Welcome App (Start-up experience) (x32 Version: 11.0.23500.0.0 - Nero AG) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.66  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinHTTrack Website Copier 3.47-27 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack)
WinSCP 5.1.5 (HKLM-x32\...\winscp3_is1) (Version: 5.1.5 - Martin Prikryl)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
Wise Care 365 version 2.86 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.86 - WiseCleaner.com, Inc.)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3307784932-3257054885-3720409516-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

04-08-2014 10:11:42 Geplanter Prüfpunkt
05-08-2014 22:48:44 Installed Samsung Kies3
05-08-2014 22:50:02 Removed Samsung Kies
13-08-2014 09:11:53 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2B9596ED-D216-4B5C-AB85-1F71CAF41BFB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {2DEAFEBE-1551-4C84-BBD1-A25E6839334C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)
Task: {3A29B759-EC01-4217-BAC4-C2365C1D997D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {6637808B-6447-4DD3-B95C-9673769463EC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {84046041-8D73-4F31-8CBF-CC210C432CD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
Task: {91B8D683-B45B-484A-A14D-3924DA7E6952} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-11] (AVAST Software)
Task: {92E4C455-4F30-4B09-8B13-80C36DF5FA56} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
Task: {95A5667A-66A0-492F-BA7D-8C1A4B8944FE} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-08-23] (WiseCleaner.com)
Task: {A514C885-9579-4F87-8607-D6268A97ED64} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
Task: {CE6DC0FB-F080-4E6E-B7C9-DFC07BAD18C8} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2013-08-22] (WiseCleaner.COM)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (whitelisted) =============

2014-04-06 01:01 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-14 14:50 - 2010-06-17 22:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2014-08-02 12:18 - 2009-03-29 11:30 - 02058240 _____ () C:\Program Files (x86)\FeedReader30\feedreader.exe
2014-04-25 08:52 - 2014-04-25 08:52 - 00163328 ____N () D:\janrufmonitor\jam.exe
2014-07-11 20:14 - 2014-07-11 20:14 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-15 09:22 - 2014-08-15 09:22 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081500\algo.dll
2013-03-05 08:58 - 2013-03-05 08:58 - 00085504 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2013-11-14 00:40 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2013-11-14 00:40 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-07-11 20:14 - 2014-07-11 20:14 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-14 17:50 - 2007-05-31 09:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2014-02-04 19:25 - 2014-02-04 19:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-02-04 19:28 - 2014-02-04 19:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-04-06 00:54 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Transfer Utility Camera Monitor.lnk => C:\Windows\pss\Transfer Utility Camera Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Mark-Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Mark-Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet 6500 E710n-z (Netzwerk).lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet 6500 E710n-z (Netzwerk).lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: BirthdayRemember6 => "C:\Program Files (x86)\BirthdayRemember\BirthdayRemember.exe" "autostart"
MSCONFIG\startupreg: DLSService => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
MSCONFIG\startupreg: DymoQuickPrint => "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files (x86)\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: HP Officejet 6500 E710n-z (NET) => "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN146113DB05JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LiveZilla => "C:\Program Files (x86)\LiveZilla\LiveZilla.exe" -minimize
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrayServer => C:\Program Files (x86)\MAGIX\Video_deluxe_17_Plus\TrayServer.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2014 00:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (08/15/2014 00:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/15/2014 00:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/15/2014 11:46:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (08/15/2014 11:46:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/15/2014 11:46:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/15/2014 11:33:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (08/15/2014 11:33:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/15/2014 11:33:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/15/2014 09:44:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.


System errors:
=============
Error: (08/15/2014 00:25:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/15/2014 09:58:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/15/2014 09:53:47 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/15/2014 09:38:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/15/2014 01:11:21 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/15/2014 00:26:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/15/2014 00:15:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/13/2014 10:24:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/13/2014 01:10:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/12/2014 05:55:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (08/15/2014 00:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (08/15/2014 00:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (08/15/2014 00:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (08/15/2014 11:46:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (08/15/2014 11:46:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (08/15/2014 11:46:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (08/15/2014 11:33:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (08/15/2014 11:33:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (08/15/2014 11:33:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (08/15/2014 09:44:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 23%
Total physical RAM: 8132.04 MB
Available physical RAM: 6182.23 MB
Total Pagefile: 10178.23 MB
Available Pagefile: 7808.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:70.1 GB) NTFS
Drive d: (Volume) (Fixed) (Total:551.76 GB) (Free:507.18 GB) NTFS
Drive e: (Volume) (Fixed) (Total:551.76 GB) (Free:545.75 GB) NTFS
Drive f: (Volume) (Fixed) (Total:408.91 GB) (Free:386.77 GB) NTFS
Drive g: () (Removable) (Total:7.39 GB) (Free:1.42 GB) FAT32
Drive h: (Volume) (Fixed) (Total:620.12 GB) (Free:611.53 GB) NTFS
Drive i: (Volume) (Fixed) (Total:622.78 GB) (Free:566.59 GB) NTFS
Drive k: (Volume) (Fixed) (Total:620.12 GB) (Free:586.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: 1D774CC6)
Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 35372313)
Partition 1: (Not Active) - (Size=552 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=961 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4E55956E)
Partition 1: (Not Active) - (Size=620 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=620 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=623 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 16.08.2014, 06:52   #4
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional.WebSteroids.A - Standard

PUP.Optional.WebSteroids.A



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.08.2014, 11:21   #5
Mark-Peter
 
PUP.Optional.WebSteroids.A - Standard

PUP.Optional.WebSteroids.A



Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mark-Peter on 16.08.2014 at 11:33:51,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993}



~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\wise care 365.job"
Successfully deleted: [File] "C:\Windows\syswow64\wscm64.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\Mark-Peter\AppData\Roaming\mozilla\firefox\profiles\sucmapd9.default\minidumps [51 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.08.2014 at 11:40:36,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 02
Ran by Mark-Peter (administrator) on MARK-PETER-PC on 16-08-2014 11:42:45
Running from D:\Mozilla-Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\FeedReader30\feedreader.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() D:\janrufmonitor\jam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(AVM Berlin) C:\Users\Mark-Peter\AppData\Local\Apps\2.0\N9QOBBD3.TOD\PE8TCT8J.41Y\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Thisisu) D:\Mozilla-Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [BirthdayRemember6] => C:\Program Files (x86)\BirthdayRemember\BirthdayRemember.exe [2440704 2008-07-28] (BirthdayRemember)
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Mark-Peter\AppData\Local\Apps\2.0\N9QOBBD3.TOD\PE8TCT8J.41Y\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-06-08] (AVM Berlin)
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\MountPoints2: {86a225f9-4aff-11e3-9b1b-002618988ac8} - K:\LaunchU3.exe -a
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\MountPoints2: {a9365d54-bcbd-11e3-8a41-806e6f6e6963} - J:\wubi.exe
Startup: C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jAnrufmonitor 5.0.lnk
ShortcutTarget: jAnrufmonitor 5.0.lnk -> D:\janrufmonitor\jam.exe ()
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} =>  No File
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} =>  No File
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB2D04FEBB143CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP7B061BD6-4860-4D72-AE7E-E762E5AA5BB9&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://udo.selfhost.me/FSIPCam.cab
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.178.24/codebase/DVM_IPCam2.ocx
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "ftp", "79.142.126.3"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "79.142.126.3"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "79.142.126.3"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "79.142.126.3"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-11]
FF Extension: AutoPager - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\autopager@mozilla.org.xpi [2013-11-15]
FF Extension: Facebook Disconnect - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\facebook@disconnect.me.xpi [2013-11-15]
FF Extension: Firebug - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\firebug@software.joehewitt.com.xpi [2013-11-15]
FF Extension: Stealthy - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\stealthyextension@gmail.com.xpi [2013-11-15]
FF Extension: عارض PDF - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\uriloader@pdf.js.xpi [2013-11-15]
FF Extension: ShowIP - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-11-15]
FF Extension: NoScript - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-28]
FF Extension: ReloadEvery - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-11-15]
FF Extension: Adblock Plus - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-05]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-11] (AVAST Software)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-11-14] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)
S2 HPSLPSVC; C:\Users\MARK-P~1\AppData\Local\Temp\7zS53A1\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 %ServiceName%; C:\Windows\System32\drivers\iusb3hcs.sys [19264 2014-04-05] (Intel Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-11] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-11] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-06-08] (AVM Berlin)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2014-04-05] (Intel Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-17] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2013-11-14] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-11-11] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-11-11] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-11-11] (Acronis International GmbH)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\MARK-P~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 11:40 - 2014-08-16 11:40 - 00001276 _____ () C:\Users\Mark-Peter\Desktop\JRT.txt
2014-08-16 11:33 - 2014-08-16 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 11:27 - 2014-08-16 11:27 - 00000056 _____ () C:\Windows\setupact.log
2014-08-16 11:27 - 2014-08-16 11:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 17:11 - 2014-08-15 20:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-15 16:02 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-08-15 16:02 - 2014-08-15 16:02 - 00003464 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\rei
2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-08-15 16:01 - 2014-08-15 16:02 - 00000156 _____ () C:\Windows\Reimage.ini
2014-08-15 12:36 - 2014-08-16 11:42 - 00000000 ____D () C:\FRST
2014-08-15 11:55 - 2014-08-15 11:55 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Nico Mak Computing
2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-15 11:55 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-08-11 21:50 - 2014-08-11 21:54 - 00000000 ____D () C:\ProgramData\firebird
2014-08-11 21:08 - 2014-08-11 21:50 - 00000000 ____D () C:\Users\Mark-Peter\Scoutsystems
2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.Report
2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.jfreereport
2014-08-07 00:29 - 2014-08-07 00:29 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-08-07 00:29 - 2014-08-07 00:29 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-06 00:49 - 2014-08-06 00:49 - 00001933 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-08-06 00:49 - 2014-08-06 00:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\SelfMV
2014-08-06 00:48 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-08-03 19:50 - 2014-08-03 19:50 - 06004615 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-03 16:09 - 2014-06-11 03:53 - 00423936 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmon.dll
2014-08-03 16:09 - 2014-06-11 03:53 - 00413184 _____ (Hewlett-Packard) C:\Windows\system32\hpbrprtmon.dll
2014-08-03 16:09 - 2014-06-11 03:52 - 00231424 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmonui.dll
2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\HP_ePrint
2014-08-02 12:18 - 2014-08-02 12:22 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Feedreader
2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader
2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\Program Files (x86)\FeedReader30
2014-07-29 10:35 - 2014-07-29 10:35 - 05981830 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-07-25 14:43 - 2014-08-06 01:03 - 00000000 ___RD () C:\Users\Mark-Peter\Dropbox
2014-07-25 14:42 - 2014-08-06 00:41 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Dropbox
2014-07-25 14:42 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-23 00:55 - 2014-07-23 00:55 - 00000088 _____ () C:\Users\Mark-Peter\Desktop\listen.pls
2014-07-22 23:55 - 2014-08-15 22:50 - 00000000 ____D () C:\AdwCleaner
2014-07-21 11:47 - 2014-07-21 11:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-21 11:47 - 2014-07-21 11:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 21:29 - 2014-07-18 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-17 22:59 - 2014-07-29 16:11 - 00000000 ____D () C:\Users\Mark-Peter\Desktop\Neuer Ordner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 11:42 - 2014-08-15 12:36 - 00000000 ____D () C:\FRST
2014-08-16 11:40 - 2014-08-16 11:40 - 00001276 _____ () C:\Users\Mark-Peter\Desktop\JRT.txt
2014-08-16 11:37 - 2014-03-05 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-16 11:35 - 2009-07-14 06:45 - 00016336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 11:35 - 2009-07-14 06:45 - 00016336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 11:33 - 2014-08-16 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 11:33 - 2009-07-14 19:58 - 05830060 _____ () C:\Windows\system32\perfh007.dat
2014-08-16 11:33 - 2009-07-14 19:58 - 01742884 _____ () C:\Windows\system32\perfc007.dat
2014-08-16 11:33 - 2009-07-14 07:13 - 00006232 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 11:28 - 2014-06-29 15:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 11:28 - 2013-11-16 02:10 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Wise Care 365
2014-08-16 11:28 - 2013-11-15 00:35 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-16 11:28 - 2013-11-14 16:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\jAnrufmonitor
2014-08-16 11:27 - 2014-08-16 11:27 - 00000056 _____ () C:\Windows\setupact.log
2014-08-16 11:27 - 2014-08-16 11:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-16 11:27 - 2014-04-06 01:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-16 11:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 00:20 - 2013-11-15 00:35 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-15 23:31 - 2014-03-05 16:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-15 23:31 - 2013-11-14 01:20 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 23:31 - 2013-11-14 01:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 22:50 - 2014-07-22 23:55 - 00000000 ____D () C:\AdwCleaner
2014-08-15 22:24 - 2013-11-14 01:37 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Skype
2014-08-15 21:57 - 2013-11-14 20:01 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\vlc
2014-08-15 20:53 - 2014-08-15 17:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-15 19:23 - 2013-11-22 13:33 - 00000000 ____D () C:\Program Files\stinger
2014-08-15 16:14 - 2014-08-15 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-08-15 16:02 - 2014-08-15 16:02 - 00003464 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\rei
2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-08-15 16:02 - 2014-08-15 16:01 - 00000156 _____ () C:\Windows\Reimage.ini
2014-08-15 11:55 - 2014-08-15 11:55 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Nico Mak Computing
2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-15 09:27 - 2013-11-14 01:44 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Winamp
2014-08-14 17:44 - 2014-06-24 00:27 - 00000000 ____D () C:\cbfunk-deutschland-neu
2014-08-13 17:52 - 2013-11-11 20:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-12 17:55 - 2013-11-11 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-12 14:24 - 2014-05-18 13:39 - 00002062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-08-12 14:24 - 2014-05-18 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-08-12 10:17 - 2013-11-15 01:40 - 00000000 ____D () C:\Users\Mark-Peter\Documents\lqpl Invoice 2012
2014-08-11 21:54 - 2014-08-11 21:50 - 00000000 ____D () C:\ProgramData\firebird
2014-08-11 21:50 - 2014-08-11 21:08 - 00000000 ____D () C:\Users\Mark-Peter\Scoutsystems
2014-08-11 21:08 - 2013-11-11 19:43 - 00000000 ____D () C:\Users\Mark-Peter
2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.Report
2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.jfreereport
2014-08-11 19:38 - 2013-11-15 01:43 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\teamspeak2
2014-08-10 21:54 - 2013-12-19 14:19 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-10 21:54 - 2013-12-19 14:19 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-07 00:29 - 2014-08-07 00:29 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-08-07 00:29 - 2014-08-07 00:29 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-06 23:42 - 2013-11-14 01:37 - 00000000 ____D () C:\ProgramData\Skype
2014-08-06 13:42 - 2013-11-14 02:29 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\TS3Client
2014-08-06 11:19 - 2013-12-27 20:51 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-08-06 01:03 - 2014-07-25 14:43 - 00000000 ___RD () C:\Users\Mark-Peter\Dropbox
2014-08-06 00:52 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\Documents\samsung
2014-08-06 00:51 - 2013-11-14 14:57 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-06 00:50 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Samsung
2014-08-06 00:50 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\Samsung
2014-08-06 00:50 - 2013-11-14 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-08-06 00:50 - 2013-11-14 14:57 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-08-06 00:50 - 2013-11-12 22:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-06 00:49 - 2014-08-06 00:49 - 00001933 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-08-06 00:49 - 2014-08-06 00:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\SelfMV
2014-08-06 00:41 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Dropbox
2014-08-05 11:57 - 2013-11-11 21:16 - 00000600 _____ () C:\Users\Mark-Peter\AppData\Roaming\winscp.rnd
2014-08-04 14:28 - 2013-11-12 22:34 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\FileZilla
2014-08-04 10:06 - 2013-11-14 15:23 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\Deployment
2014-08-03 19:50 - 2014-08-03 19:50 - 06004615 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-03 17:20 - 2013-11-14 18:25 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\HP
2014-08-03 16:11 - 2013-11-14 18:26 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\HpUpdate
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\HP_ePrint
2014-08-03 16:08 - 2013-11-14 18:26 - 00000000 ____D () C:\ProgramData\HP
2014-08-03 16:08 - 2013-11-14 18:26 - 00000000 ____D () C:\Program Files (x86)\HP
2014-08-03 16:00 - 2013-11-23 14:18 - 00000000 ____D () C:\Quarantine
2014-08-02 12:22 - 2014-08-02 12:18 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Feedreader
2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader
2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\Program Files (x86)\FeedReader30
2014-08-02 11:42 - 2013-11-14 15:31 - 00000000 ____D () C:\Users\Mark-Peter\Documents\LiveZilla
2014-07-30 11:21 - 2014-06-18 12:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 16:11 - 2014-07-17 22:59 - 00000000 ____D () C:\Users\Mark-Peter\Desktop\Neuer Ordner
2014-07-29 10:35 - 2014-07-29 10:35 - 05981830 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-07-26 01:00 - 2013-11-16 02:11 - 00000412 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-07-25 14:42 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 00:23 - 2013-11-14 01:41 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-23 16:27 - 2013-11-17 21:04 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\DigiJay
2014-07-23 00:55 - 2014-07-23 00:55 - 00000088 _____ () C:\Users\Mark-Peter\Desktop\listen.pls
2014-07-21 14:24 - 2013-11-12 22:34 - 00000955 _____ () C:\Users\Public\Desktop\DigiJay.lnk
2014-07-21 14:24 - 2013-11-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigiJay
2014-07-21 14:24 - 2013-11-12 22:34 - 00000000 ____D () C:\Program Files (x86)\DigiJay
2014-07-21 11:47 - 2014-07-21 11:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-21 11:47 - 2014-07-21 11:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 21:29 - 2014-07-18 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-18 21:29 - 2013-11-14 20:01 - 00000831 _____ () C:\Users\Public\Desktop\VLC media player.lnk

Some content of TEMP:
====================
C:\Users\Mark-Peter\AppData\Local\Temp\Quarantine.exe
C:\Users\Mark-Peter\AppData\Local\Temp\ReimagePackage.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 08:37

==================== End Of Log ============================
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.306 - Bericht erstellt am 16/08/2014 um 11:45:18
# Aktualisiert 15/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Mark-Peter - MARK-PETER-PC
# Gestartet von : D:\Mozilla-Downloads\adwcleaner_3.306.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\prefs.js ]


*************************

AdwCleaner[R5].txt - [714 octets] - [16/08/2014 11:45:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [773 octets] ##########
         
--- --- ---


Alt 17.08.2014, 07:10   #6
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional.WebSteroids.A - Standard

PUP.Optional.WebSteroids.A




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> PUP.Optional.WebSteroids.A

Alt 17.08.2014, 12:19   #7
Mark-Peter
 
PUP.Optional.WebSteroids.A - Standard

PUP.Optional.WebSteroids.A



ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2037e81d4974b541bdb1c40db5300727
# engine=19697
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2014-08-17 10:59:08
# local_time=2014-08-17 12:59:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 93 1390892 14248783 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 23521291 159902998 0 0
# scanned=331420
# found=11
# cleaned=0
# scan_time=5865
sh=3F8CCD9279F8D950622F536D3202CC0E44134A8E ft=1 fh=4cb693d7b46c457f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe.vir"
sh=7560ADB6881D658A46F52AD1DCDF667B615F6EDE ft=1 fh=19f14dde2ee67322 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe.vir"
sh=24EACADAF8910146B00A3B6146FAD19E11BFF03B ft=1 fh=5e1dc8d93e2d8e01 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe"
sh=34D77A23AA7C7648948E4BFAB31F33F517A785DC ft=1 fh=11cdaad78b073df2 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-japan.exe"
sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Agent.NKW Trojaner" ac=I fn="D:\Mozilla-Downloads\137-2014-08-14-185627.tar.gz"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="D:\Mozilla-Downloads\wzmp_8.exe"
sh=9A579D06963998D2E015B69737AA1AA9D8A4F37B ft=1 fh=75557439e7bfbd68 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="D:\PC-neu-Installation\FFSetup3.1.1.exe"
sh=9037E7BE4C82C4F9E717F12ED8FEF35498FC845A ft=0 fh=0000000000000000 vn="PHP/Obfuscated.D evtl. unerwünschte Anwendung" ac=I fn="F:\Homepage's\PHP FUSION\phponline_2.1.2.zip"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Agent.NKW Trojaner" ac=I fn="K:\Vserver-oVZM-137-Backup\01-08-2014\137-2014-08-01-214425.tar.gz"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Agent.NKW Trojaner" ac=I fn="K:\Vserver-oVZM-137-Backup\26-07-2014\137-2014-07-26-222126.tar.gz"



Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 11
Java version out of Date!
Adobe Flash Player 14.0.0.145
Mozilla Firefox (31.0)
Mozilla Thunderbird (31.0.)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Mark-Peter (administrator) on MARK-PETER-PC on 17-08-2014 13:12:05
Running from D:\Mozilla-Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\FeedReader30\feedreader.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() D:\janrufmonitor\jam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(AVM Berlin) C:\Users\Mark-Peter\AppData\Local\Apps\2.0\N9QOBBD3.TOD\PE8TCT8J.41Y\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [BirthdayRemember6] => C:\Program Files (x86)\BirthdayRemember\BirthdayRemember.exe [2440704 2008-07-28] (BirthdayRemember)
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Mark-Peter\AppData\Local\Apps\2.0\N9QOBBD3.TOD\PE8TCT8J.41Y\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe [139264 2014-06-08] (AVM Berlin)
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\MountPoints2: {63960f58-257a-11e4-80ae-bc5ff4e465d9} - G:\EasySuite.exe
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\MountPoints2: {86a225f9-4aff-11e3-9b1b-002618988ac8} - K:\LaunchU3.exe -a
HKU\S-1-5-21-3307784932-3257054885-3720409516-1001\...\MountPoints2: {a9365d54-bcbd-11e3-8a41-806e6f6e6963} - J:\wubi.exe
Startup: C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jAnrufmonitor 5.0.lnk
ShortcutTarget: jAnrufmonitor 5.0.lnk -> D:\janrufmonitor\jam.exe ()
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark-Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} =>  No File
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} =>  No File
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB2D04FEBB143CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP7B061BD6-4860-4D72-AE7E-E762E5AA5BB9&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://udo.selfhost.me/FSIPCam.cab
DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.178.24/codebase/DVM_IPCam2.ocx
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "ftp", "79.142.126.3"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "79.142.126.3"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost,stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "45.41.257"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "459.175.147.3"
FF NetworkProxy: "ssl_port", 8010
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-11]
FF Extension: AutoPager - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\autopager@mozilla.org.xpi [2013-11-15]
FF Extension: Facebook Disconnect - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\facebook@disconnect.me.xpi [2013-11-15]
FF Extension: Firebug - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\firebug@software.joehewitt.com.xpi [2013-11-15]
FF Extension: Stealthy - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\stealthyextension@gmail.com.xpi [2013-11-15]
FF Extension: عارض PDF - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\uriloader@pdf.js.xpi [2013-11-15]
FF Extension: ShowIP - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-11-15]
FF Extension: NoScript - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-28]
FF Extension: ReloadEvery - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-11-15]
FF Extension: Adblock Plus - C:\Users\Mark-Peter\AppData\Roaming\Mozilla\Firefox\Profiles\sucmapd9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-05]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-11] (AVAST Software)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-11-14] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)
S2 HPSLPSVC; C:\Users\MARK-P~1\AppData\Local\Temp\7zS53A1\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 %ServiceName%; C:\Windows\System32\drivers\iusb3hcs.sys [19264 2014-04-05] (Intel Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-11] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-11] ()
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2014-06-08] (AVM Berlin)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2014-04-05] (Intel Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-17] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2013-11-14] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-11-11] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-11-11] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-11-11] (Acronis International GmbH)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\MARK-P~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 11:16 - 2014-08-17 11:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-16 11:33 - 2014-08-16 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-15 17:11 - 2014-08-15 20:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-15 16:02 - 2014-08-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-08-15 16:02 - 2014-08-15 16:02 - 00003464 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\rei
2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-08-15 16:01 - 2014-08-15 16:02 - 00000156 _____ () C:\Windows\Reimage.ini
2014-08-15 12:36 - 2014-08-17 13:12 - 00000000 ____D () C:\FRST
2014-08-15 11:55 - 2014-08-15 11:55 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Nico Mak Computing
2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-15 11:55 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-08-11 21:50 - 2014-08-11 21:54 - 00000000 ____D () C:\ProgramData\firebird
2014-08-11 21:08 - 2014-08-11 21:50 - 00000000 ____D () C:\Users\Mark-Peter\Scoutsystems
2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.Report
2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.jfreereport
2014-08-07 00:29 - 2014-08-07 00:29 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-08-07 00:29 - 2014-08-07 00:29 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-06 00:49 - 2014-08-06 00:49 - 00001933 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-08-06 00:49 - 2014-08-06 00:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\SelfMV
2014-08-06 00:48 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-08-03 19:50 - 2014-08-03 19:50 - 06004615 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-03 16:09 - 2014-06-11 03:53 - 00423936 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmon.dll
2014-08-03 16:09 - 2014-06-11 03:53 - 00413184 _____ (Hewlett-Packard) C:\Windows\system32\hpbrprtmon.dll
2014-08-03 16:09 - 2014-06-11 03:52 - 00231424 _____ (Hewlett-Packard) C:\Windows\system32\hpbprtmonui.dll
2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\HP_ePrint
2014-08-02 12:18 - 2014-08-02 12:22 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Feedreader
2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader
2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\Program Files (x86)\FeedReader30
2014-07-29 10:35 - 2014-07-29 10:35 - 05981830 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-07-25 14:43 - 2014-08-06 01:03 - 00000000 ___RD () C:\Users\Mark-Peter\Dropbox
2014-07-25 14:42 - 2014-08-06 00:41 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Dropbox
2014-07-25 14:42 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-23 00:55 - 2014-07-23 00:55 - 00000088 _____ () C:\Users\Mark-Peter\Desktop\listen.pls
2014-07-22 23:55 - 2014-08-16 11:45 - 00000000 ____D () C:\AdwCleaner
2014-07-21 11:47 - 2014-07-21 11:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-21 11:47 - 2014-07-21 11:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 21:29 - 2014-07-18 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 13:12 - 2014-08-15 12:36 - 00000000 ____D () C:\FRST
2014-08-17 12:37 - 2014-03-05 16:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 12:37 - 2009-07-14 19:58 - 05888228 _____ () C:\Windows\system32\perfh007.dat
2014-08-17 12:37 - 2009-07-14 19:58 - 01760956 _____ () C:\Windows\system32\perfc007.dat
2014-08-17 12:37 - 2009-07-14 07:13 - 00006232 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 12:28 - 2014-06-29 15:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 12:20 - 2013-11-15 00:35 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-17 11:16 - 2014-08-17 11:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-17 11:14 - 2013-11-14 01:37 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Skype
2014-08-17 11:06 - 2009-07-14 06:45 - 00016336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-17 11:06 - 2009-07-14 06:45 - 00016336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-17 11:00 - 2013-11-16 02:10 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Wise Care 365
2014-08-17 10:59 - 2014-04-06 01:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-17 10:59 - 2013-11-15 00:35 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 10:59 - 2013-11-14 16:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\jAnrufmonitor
2014-08-17 10:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 19:28 - 2013-11-14 14:52 - 00000000 ____D () C:\Program Files (x86)\FGS_Cashbook
2014-08-16 11:45 - 2014-07-22 23:55 - 00000000 ____D () C:\AdwCleaner
2014-08-16 11:33 - 2014-08-16 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-15 23:31 - 2014-03-05 16:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-15 23:31 - 2013-11-14 01:20 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 23:31 - 2013-11-14 01:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 21:57 - 2013-11-14 20:01 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\vlc
2014-08-15 20:53 - 2014-08-15 17:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-15 19:23 - 2013-11-22 13:33 - 00000000 ____D () C:\Program Files\stinger
2014-08-15 16:14 - 2014-08-15 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-08-15 16:02 - 2014-08-15 16:02 - 00003464 _____ () C:\Windows\System32\Tasks\Reimage Reminder
2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\rei
2014-08-15 16:02 - 2014-08-15 16:02 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-08-15 16:02 - 2014-08-15 16:01 - 00000156 _____ () C:\Windows\Reimage.ini
2014-08-15 11:55 - 2014-08-15 11:55 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Nico Mak Computing
2014-08-15 11:55 - 2014-08-15 11:55 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-15 09:27 - 2013-11-14 01:44 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Winamp
2014-08-14 17:44 - 2014-06-24 00:27 - 00000000 ____D () C:\cbfunk-deutschland-neu
2014-08-13 17:52 - 2013-11-11 20:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-12 17:55 - 2013-11-11 21:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-12 14:24 - 2014-05-18 13:39 - 00002062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-08-12 14:24 - 2014-05-18 13:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-08-12 10:17 - 2013-11-15 01:40 - 00000000 ____D () C:\Users\Mark-Peter\Documents\lqpl Invoice 2012
2014-08-11 21:54 - 2014-08-11 21:50 - 00000000 ____D () C:\ProgramData\firebird
2014-08-11 21:50 - 2014-08-11 21:08 - 00000000 ____D () C:\Users\Mark-Peter\Scoutsystems
2014-08-11 21:08 - 2013-11-11 19:43 - 00000000 ____D () C:\Users\Mark-Peter
2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.Report
2014-08-11 20:56 - 2014-08-11 20:56 - 00000000 ____D () C:\Users\Mark-Peter\.jfreereport
2014-08-11 19:38 - 2013-11-15 01:43 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\teamspeak2
2014-08-10 21:54 - 2013-12-19 14:19 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-10 21:54 - 2013-12-19 14:19 - 00001050 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-07 00:29 - 2014-08-07 00:29 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-08-07 00:29 - 2014-08-07 00:29 - 00001908 _____ () C:\Windows\diagerr.xml
2014-08-06 23:42 - 2013-11-14 01:37 - 00000000 ____D () C:\ProgramData\Skype
2014-08-06 13:42 - 2013-11-14 02:29 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\TS3Client
2014-08-06 11:19 - 2013-12-27 20:51 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-08-06 01:03 - 2014-07-25 14:43 - 00000000 ___RD () C:\Users\Mark-Peter\Dropbox
2014-08-06 00:52 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\Documents\samsung
2014-08-06 00:51 - 2013-11-14 14:57 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-06 00:50 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Samsung
2014-08-06 00:50 - 2013-11-14 19:21 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\Samsung
2014-08-06 00:50 - 2013-11-14 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-08-06 00:50 - 2013-11-14 14:57 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-08-06 00:50 - 2013-11-12 22:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-06 00:49 - 2014-08-06 00:49 - 00001933 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-08-06 00:49 - 2014-08-06 00:49 - 00000000 ____D () C:\Users\Mark-Peter\Documents\SelfMV
2014-08-06 00:41 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Dropbox
2014-08-05 11:57 - 2013-11-11 21:16 - 00000600 _____ () C:\Users\Mark-Peter\AppData\Roaming\winscp.rnd
2014-08-04 14:28 - 2013-11-12 22:34 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\FileZilla
2014-08-04 10:06 - 2013-11-14 15:23 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\Deployment
2014-08-03 19:50 - 2014-08-03 19:50 - 06004615 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-03 19:50 - 2014-08-03 19:50 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-03 17:20 - 2013-11-14 18:25 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Local\HP
2014-08-03 16:11 - 2013-11-14 18:26 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\HpUpdate
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-03 16:09 - 2014-08-03 16:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-08-03 16:08 - 2014-08-03 16:08 - 00000000 ____D () C:\HP_ePrint
2014-08-03 16:08 - 2013-11-14 18:26 - 00000000 ____D () C:\ProgramData\HP
2014-08-03 16:08 - 2013-11-14 18:26 - 00000000 ____D () C:\Program Files (x86)\HP
2014-08-03 16:00 - 2013-11-23 14:18 - 00000000 ____D () C:\Quarantine
2014-08-02 12:22 - 2014-08-02 12:18 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Feedreader
2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader
2014-08-02 12:18 - 2014-08-02 12:18 - 00000000 ____D () C:\Program Files (x86)\FeedReader30
2014-08-02 11:42 - 2013-11-14 15:31 - 00000000 ____D () C:\Users\Mark-Peter\Documents\LiveZilla
2014-07-30 11:21 - 2014-06-18 12:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 16:11 - 2014-07-17 22:59 - 00000000 ____D () C:\Users\Mark-Peter\Desktop\Neuer Ordner
2014-07-29 10:35 - 2014-07-29 10:35 - 05981830 _____ (Tim Kosse) C:\Users\Mark-Peter\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-07-26 01:00 - 2013-11-16 02:11 - 00000412 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-07-25 14:42 - 2014-07-25 14:42 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 00:23 - 2013-11-14 01:41 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-23 16:27 - 2013-11-17 21:04 - 00000000 ____D () C:\Users\Mark-Peter\AppData\Roaming\DigiJay
2014-07-23 00:55 - 2014-07-23 00:55 - 00000088 _____ () C:\Users\Mark-Peter\Desktop\listen.pls
2014-07-21 14:24 - 2013-11-12 22:34 - 00000955 _____ () C:\Users\Public\Desktop\DigiJay.lnk
2014-07-21 14:24 - 2013-11-12 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigiJay
2014-07-21 14:24 - 2013-11-12 22:34 - 00000000 ____D () C:\Program Files (x86)\DigiJay
2014-07-21 11:47 - 2014-07-21 11:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-21 11:47 - 2014-07-21 11:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-21 11:47 - 2014-07-21 11:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 21:29 - 2014-07-18 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-18 21:29 - 2013-11-14 20:01 - 00000831 _____ () C:\Users\Public\Desktop\VLC media player.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 08:37

==================== End Of Log ============================
         
--- --- ---

Über eine baldige Antwort würde ich mich freuen.

Alt 17.08.2014, 22:57   #8
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional.WebSteroids.A - Standard

PUP.Optional.WebSteroids.A



Java updaten. Backups auf K, die von ESET angemeckert werden, löschen.

Zitat:
Startup: C:\Users\Mark-Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jAnrufmonitor 5.0.lnk
ShortcutTarget: jAnrufmonitor 5.0.lnk -> D:\janrufmonitor\jam.exe ()
Kennst du das?
Noch Probleme mit dem Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.08.2014, 23:15   #9
Mark-Peter
 
PUP.Optional.WebSteroids.A - Standard

PUP.Optional.WebSteroids.A



Hallo,

bei dem Update sagt er aber das die aktuelle Java 8 Update 11 Installiert
ist, und wenn ich es versuche bekomme ich eine Fehlermeldung.
Miniaturansicht angehängter Grafiken
PUP.Optional.WebSteroids.A-java.jpg  

Alt 18.08.2014, 20:54   #10
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional.WebSteroids.A - Standard

PUP.Optional.WebSteroids.A



Ignorier Java, Flaschanzeige von Securitycheck.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu PUP.Optional.WebSteroids.A
beheben, conduit-search, conduit-search entfernen, fenster, hallo zusammen, js/agent.nkw, komplett, malicious, malwarebytes, melde, melden, msil/advancedsystemprotector.a, neu, php/obfuscated.d, programm, pup.optional.conduit.a, pup.optional.dynconie.a, pup.optional.multiie.a, pup.optional.searchprotect.a, pup.optional.websteroids.a, sobald, win32/clientconnect.a, win32/hao123.a, zusammen




Ähnliche Themen: PUP.Optional.WebSteroids.A


  1. GMER stürzt ab - MBAM erkennt PUP.Optional.Agent, PUP.Optional.IEBho.A, PUP.Optional.MyFreeze.A
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (13)
  2. WIN7: Fund PUP.Optional.DigitalSites.A, PUP.Optional.OpenCandy, PUP.Optional.Softonic.A, PUP.Optional.Updater.A. Weitere Vorgehensweise
    Log-Analyse und Auswertung - 08.10.2014 (11)
  3. Websteroids 2.6.53 installiert sich immer wieder automatisch
    Plagegeister aller Art und deren Bekämpfung - 07.09.2014 (3)
  4. Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (3)
  5. XP SP3 und externe Festplatte haben EXP/CVE-2013-1493.A.Gen, PUP.Optional.SweetIM.A und PUP.Optional.SweetPacks
    Log-Analyse und Auswertung - 19.04.2014 (7)
  6. Websteroids lässt sich nicht entfernen - mit MyPhoneExplorer wohl installiert
    Plagegeister aller Art und deren Bekämpfung - 18.04.2014 (19)
  7. Security.Hijack, PUP.Optional.OpenCandy, PUP.Optional.Somoto, PUP.Optional.MoviesToolBar etc gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  8. PUP.Optional.DomalQ / PUP.Optional.BProtector / PUP.Optional.InstallMonetizer.A
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (9)
  9. Websteroids & Safe Web Alliance - Status der Infektion unbekannt
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (5)
  10. Windows 8: Fund von TR/Dropper.gen, PUP.Optional.Iminent.A, PUP.Optional.BizzyBolt, PUP.Optional.DigitalSites.A
    Log-Analyse und Auswertung - 10.12.2013 (13)
  11. Websteroids entfernen
    Anleitungen, FAQs & Links - 06.12.2013 (2)
  12. PC läuft langsam Adware Agent,Pup Optional B..,Pup Optional S..,wurde von Malewarebytes gefunden
    Log-Analyse und Auswertung - 04.10.2013 (41)
  13. Malwarebytes und Avira finden PUP.Optional.OpenCandy, PUP.Optional.Softonic, ADWARE/InstallCo.HF
    Log-Analyse und Auswertung - 14.09.2013 (9)
  14. Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  15. 2x Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Mülltonne - 08.09.2013 (1)
  16. PUP.Optional.BrowserDefender.A, PUP.Optional.Babylon.A, PUP.Optional.Delta
    Log-Analyse und Auswertung - 25.08.2013 (8)
  17. Windows 7 Ultimate 64bit: Malewarebytes findet PUP.Optional.Conduit.A/PUP.Optional.Softonic
    Plagegeister aller Art und deren Bekämpfung - 22.08.2013 (6)

Zum Thema PUP.Optional.WebSteroids.A - Hallo zusammen, ich habe gerade meinen PC mit dem Programm Malwarebytes Anti-Malware abscannen lassen und dabei hat er einige Meldungen rausgeworfen :-( Und zwar : Registrierungsschlüssel: 4 PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , - PUP.Optional.WebSteroids.A...
Archiv
Du betrachtest: PUP.Optional.WebSteroids.A auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.