BitdefenderIS15 kann Adware.AdPeak.V nicht löschen.

Jo85 · 05.01.2015, 16:21

Moin moin,
hoffe ich mache hier nix falsch, da es mein erster Beitrag ist.
Ich bekomme seit ca 1 Woche immer wieder Werbesounds eingespielt, was mich dazu bewegt hat mein Bitdefender IS 15 einen System scan machen zu lassen.
Es wurden 5 ungelöste Probleme gefunden.:
1. Adware.AdPeak.V (Desinfektion Fehlgeschlagen)
2. Application.Generic.1016845 (Problem Besteht noch)
3. Application.Generic. 1024105 (Problem Besteht noch)
4. Application.Generic. 1028214 (Problem Besteht noch)
5. Application.OptimizerPro.Q (Problem Besteht noch)

Anfangs kam oft ein Fenster aufgepoppt Benutzerkontensteuerung das die
Datei ss7.exe ausgeführt werden möchte.

Programmname ss7.exe
Herausgeber: Unbekannt
Dateiursprung: Festplatte auf dem Computer
Programmpfad: C:\Windows\Teamp\ss7.exe usw........

Dies hat Bitdefender glaube ich gelöst bekommen, habe über den Rettungsmodus einen scan gemacht und etwas gelöscht bekommen. Wenn ich mal Bitdefender von Autopilot auf normal stelle kommen alle paar sec Meldungen "Infizierte Web Ressource gefunden"

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Jo (administrator) on JONEUPC on 05-01-2015 16:40:17
Running from E:\
Loaded Profile: Jo (Available profiles: Jo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(FSPro Labs) C:\Windows\SysWOW64\fsproflt2.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
() C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
() C:\Users\Jo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\odscanui.exe
() C:\Users\Jo\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Jo\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Jo\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Jo\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AppWork GmbH) C:\Program Files\JDownloader 2\JDownloader 2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1626752 2014-11-24] (Bitdefender)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5021448 2014-02-27] (FNet Co., Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [3325952 2012-02-22] ()
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Run: [Microsoft Office Outlook] => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE [196440 2010-06-23] (Microsoft Corporation)
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Run: [HitsBlender] => [X]
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\MountPoints2: H - H:\setup.exe /autorun
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\MountPoints2: {1d453e76-e6c0-11e1-813e-bc5ff43a70c4} - H:\setup.exe
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\MountPoints2: {2d3b6677-dbfa-11e1-bdae-bc5ff43a70c4} - E:\setup.exe -a
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\MountPoints2: {419c321a-04d0-11e2-ad9d-bc5ff43a70c4} - H:\setup.exe /autorun
Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=644c3855-1726-49e8-ba98-9a79cfa288b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=644c3855-1726-49e8-ba98-9a79cfa288b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=644c3855-1726-49e8-ba98-9a79cfa288b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2091203308-3088951350-3500837121-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=644c3855-1726-49e8-ba98-9a79cfa288b7&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2091203308-3088951350-3500837121-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320845&octid=EB_ORIGINAL_CTID&ISID=MF59A80F1-D312-4B4E-A11E-BD9BBDF3119B&SearchSource=58&CUI=&UM=6&UP=SP2A3FB4C6-3691-4418-A54A-DD786892354C&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2091203308-3088951350-3500837121-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-2091203308-3088951350-3500837121-1000 -> {B224AA02-F7C8-3A2B-859F-560B80767E4A} URL = hxxp://kl.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=876&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.5.0&install_country=DE&install_date=20130306&user_guid=7606A6511D744730BAEC3397F653E13A&machine_id=e2800a63dffd9ccdf423fa695fdf3b50&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Jo\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKU\S-1-5-21-2091203308-3088951350-3500837121-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-09-15]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-09-03]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-09-15]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3320845&octid=EB_ORIGINAL_CTID&ISID=MF59A80F1-D312-4B4E-A11E-BD9BBDF3119B&SearchSource=55&CUI=&UM=6&UP=SP2A3FB4C6-3691-4418-A54A-DD786892354C&SSPV=
CHR Profile: C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (MeinProspekt) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bboapklbfgchofdopiohcfhmaeghhgko [2014-05-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-20]
CHR Extension: (Adblock Plus) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-07-22]
CHR Extension: (Google-Suche) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-20]
CHR Extension: (Dark Vibe) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2014-07-14]
CHR Extension: (Mini Radio Player) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffeaebedjghkdbccfenjbiilalegknlj [2013-04-17]
CHR Extension: (FoxyProxy Standard) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2014-07-14]
CHR Extension: (Hola Besseres Internet) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-09-23]
CHR Extension: (Google Wallet) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Deutsch Englisch Übersetzer) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcknciadhimdlbjjfndidcgnhokfbgnd [2014-08-24]
CHR Extension: (Google Mail) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-20]
CHR HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jo\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-09-22]
CHR HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Jo\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2012-07-22]
CHR HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Jo\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-24]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Jo\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2012-07-22]
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2014-02-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-11-24] (Bitdefender)
R2 fsproflt2; C:\Windows\SysWOW64\fsproflt2.exe [49512 2012-07-12] (FSPro Labs)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-24] (Bitdefender)
R2 Verifies and fixes application compatibility issues; C:\Users\Jo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2014-12-30] () [File not signed]
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1527360 2014-11-24] (Bitdefender)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-11-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [263032 2014-11-24] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-05-16] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2010-10-01] (C-Media Inc)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-10-18] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-02-27] (FNet Co., Ltd.)
R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-06] (Intel(R) Corporation) [File not signed]
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-01] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-24] (BitDefender S.R.L.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2014-07-31] (Wondershare)
U3 agj7rxp9; C:\Windows\System32\Drivers\agj7rxp9.sys [0 ] (Microsoft Corporation)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S1 EIO64; system32\DRIVERS\EIO64.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 16:16 - 2015-01-05 16:16 - 00000000 __SHD () C:\Users\Jo\AppData\Local\EmieBrowserModeList
2015-01-05 07:06 - 2015-01-05 15:01 - 00000112 _____ () C:\Windows\setupact.log
2015-01-05 07:06 - 2015-01-05 07:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-04 23:03 - 2015-01-04 23:03 - 00035905 _____ () C:\Users\Jo\Desktop\Addition.txt
2015-01-04 23:03 - 2015-01-04 23:03 - 00031380 _____ () C:\Users\Jo\Desktop\FRST.txt
2015-01-04 23:00 - 2015-01-05 16:40 - 00000000 ____D () C:\FRST
2015-01-04 20:48 - 2015-01-04 20:48 - 00072122 _____ () C:\Users\Jo\Desktop\cc_20150104_204848.reg
2014-12-29 18:42 - 2015-01-05 15:21 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\Compatibility Verifier
2014-12-28 20:20 - 2014-12-28 20:20 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 11:51 - 2014-12-21 11:51 - 00000000 ____D () C:\ProgramData\vsosdk
2014-12-21 11:14 - 2014-12-21 11:14 - 00000000 ____D () C:\Users\Jo\Documents\4Videosoft Studio
2014-12-21 11:13 - 2014-12-21 11:13 - 00000000 ____D () C:\Users\Jo\AppData\Local\4Videosoft Studio
2014-12-21 11:12 - 2014-12-21 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Videosoft
2014-12-21 11:12 - 2014-12-21 11:12 - 00000000 ____D () C:\ProgramData\4Videosoft Studio
2014-12-21 11:12 - 2014-12-21 11:12 - 00000000 ____D () C:\Program Files (x86)\4Videosoft Studio
2014-12-20 18:00 - 2014-12-20 18:00 - 00000849 _____ () C:\Users\Jo\Desktop\Nappistar - Verknüpfung.lnk
2014-12-20 12:00 - 2014-12-20 12:00 - 00000000 ____D () C:\Users\Public\Documents\{F0489EF2-D393-4114-85BA-A94D71D89543}
2014-12-20 11:46 - 2014-12-20 11:46 - 00000859 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster 5.lnk
2014-12-20 11:46 - 2014-12-20 11:46 - 00000847 _____ () C:\Users\Public\Desktop\Napster 5.lnk
2014-12-20 11:46 - 2014-12-20 11:46 - 00000000 ____D () C:\Program Files (x86)\Napster 5
2014-12-20 11:40 - 2014-12-20 11:40 - 00002609 _____ () C:\Users\Public\Desktop\Napster Rienf Repair.lnk
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Users\Jo\AppData\Local\NapsterRienfRepair
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster Rienf Repair
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Program Files (x86)\NA
2014-12-15 20:33 - 2014-12-15 20:33 - 00000000 ____D () C:\Users\Jo\Documents\default
2014-12-13 10:46 - 2014-12-13 10:46 - 00000000 ____D () C:\Users\Jo\Desktop\up221
2014-12-10 22:01 - 2014-12-10 22:01 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-12-10 22:00 - 2014-12-10 22:32 - 00000000 __SHD () C:\AI_RecycleBin
2014-12-10 19:31 - 2014-12-10 19:31 - 00000000 ____D () C:\Users\Jo\AppData\Local\hitsblender
2014-12-10 19:31 - 2014-12-10 19:31 - 00000000 ____D () C:\Program Files (x86)\HitsBlenderUpdater
2014-12-10 19:24 - 2014-12-10 19:24 - 00000000 ____D () C:\Program Files (x86)\DB6FA7A7-844E-4017-92E2-73FA405F7637
2014-12-10 19:21 - 2015-01-04 15:45 - 00000000 ____D () C:\Program Files\010
2014-12-10 19:21 - 2014-12-10 19:21 - 00000000 ____D () C:\Program Files\DB6FA7A7-844E-4017-92E2-73FA405F7637
2014-12-09 20:05 - 2014-12-10 22:32 - 00000000 ____D () C:\Program Files (x86)\Audials
2014-12-09 20:02 - 2014-12-09 20:02 - 00000000 ____D () C:\Users\Jo\AppData\Local\Tempaf33c2f9cc86c2a73dc08b44799b0616

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 16:24 - 2013-02-28 13:43 - 00000000 ____D () C:\Program Files\JDownloader 2
2015-01-05 16:17 - 2014-09-22 08:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 15:08 - 2009-07-14 05:45 - 00031776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 15:08 - 2009-07-14 05:45 - 00031776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 15:07 - 2011-04-12 08:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-01-05 15:07 - 2011-04-12 08:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-01-05 15:07 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 15:04 - 2012-07-24 15:42 - 01796289 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 15:01 - 2014-11-09 12:25 - 00372736 ___SH () C:\Users\Jo\Desktop\Thumbs.db
2015-01-05 15:01 - 2014-09-22 08:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 15:01 - 2014-08-24 13:32 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-05 15:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 20:50 - 2013-11-17 23:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-04 20:50 - 2012-09-22 17:11 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\DAEMON Tools Lite
2015-01-04 20:50 - 2012-07-23 11:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-04 20:50 - 2012-03-14 12:10 - 00000000 ____D () C:\Windows\Panther
2015-01-04 20:31 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-04 18:54 - 2014-09-15 10:40 - 00000686 ____H () C:\bdr-cf01
2015-01-04 17:35 - 2014-09-22 08:10 - 00000000 ___RD () C:\Users\Jo\Google Drive
2015-01-04 16:09 - 2014-09-15 12:03 - 00253404 ____H () C:\bdr-ld01
2015-01-04 16:09 - 2014-09-15 12:03 - 00009216 ____H () C:\bdr-ld01.mbr
2015-01-04 15:46 - 2012-12-01 19:25 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{742037F3-38E2-4FC3-9720-FAA4E822EB23}
2014-12-30 23:03 - 2012-09-11 10:25 - 00000000 ____D () C:\ProgramData\Origin
2014-12-30 17:55 - 2012-09-11 10:25 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-30 01:01 - 2014-09-09 20:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-29 22:55 - 2012-10-25 17:58 - 00000000 ___RD () C:\Users\Jo\Downloads\Bitdefender Safepay
2014-12-21 14:17 - 2012-07-23 18:48 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\vlc
2014-12-20 11:57 - 2012-12-18 17:23 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\com.Rhapsody.Napster5
2014-12-20 11:45 - 2014-06-24 22:01 - 00000000 ____D () C:\Users\Jo\AppData\Local\Adobe
2014-12-11 09:18 - 2014-10-08 13:13 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 22:32 - 2012-12-18 19:41 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-12-10 22:23 - 2009-07-14 03:34 - 00000601 _____ () C:\Windows\win.ini
2014-12-10 21:33 - 2012-07-23 22:10 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\FileZilla
2014-12-10 20:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-10 18:41 - 2014-10-11 17:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 20:05 - 2012-12-18 19:41 - 00000000 ____D () C:\ProgramData\RapidSolution
2014-12-09 20:04 - 2012-12-18 19:40 - 00000000 ____D () C:\Users\Jo\AppData\Local\RapidSolution
2014-12-09 19:58 - 2012-07-20 08:52 - 00000000 ____D () C:\Users\Jo\AppData\Local\Deployment

Some content of TEMP:
====================
C:\Users\Jo\AppData\Local\Temp\amazonicon_v10.exe
C:\Users\Jo\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Jo\AppData\Local\Temp\Audials_Tunebite_Premium-Setup.exe
C:\Users\Jo\AppData\Local\Temp\bBJ3E2UlbM.exe
C:\Users\Jo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa0l6o1.dll
C:\Users\Jo\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Jo\AppData\Local\Temp\optprosetup.exe
C:\Users\Jo\AppData\Local\Temp\proxy_vole8491966454438958071.dll
C:\Users\Jo\AppData\Local\Temp\sdan.exe
C:\Users\Jo\AppData\Local\Temp\sdapk.exe
C:\Users\Jo\AppData\Local\Temp\sdaspwn.exe
C:\Users\Jo\AppData\Local\Temp\SRLDetectionLibrary6762623128406172098.dll
C:\Users\Jo\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Jo\AppData\Local\Temp\wBiRJxuqZ2.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-28 21:02

==================== End Of Log ============================

--- --- ---

--- --- ---

Danke Schrauber

schrauber · 05.01.2015, 16:27

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Jo85 · 05.01.2015, 17:29

Habe mbam mal durchlaufen lassen, hat auch einiges gefunden, alles in Quarantäne. Musste dann einen Neustart machen, ab da an geht nix mehr richtig schreibe jetzt vom Handy. Windows 7 startet langsam und wenn dann alles da ist kann ich zwar die Maus bewegen, nur steuern kann ich nix es passiert nichts wenn ich wo drauf klicke bzw extrem extrem langsam 5min für Outlook beenden. :-(

schrauber · 05.01.2015, 19:16

Beim Starten des Rechners schnell F8 drücken. Wähle letzte als funktionierend bekannte Version. Wenn das nicht geht boote in den Safe Mode.

Ich brauch das Logfiel von MBAM.

Jo85 · 06.01.2015, 15:39

Habe im abgesichertem Modus MBAM entfernt, normal starten lassen und mit CCleaner komplett alles gesäubert, jetzt startet und Funktioniert der Pc wieder wie vor dem MBAM Scan.
Bitdefender findet immer noch die 5 Bedrohungen, wieder MBAM in stalliert und scannen lassen ohne Probleme und Funde. Unter Verlauf Quarantäne ist eine lange Liste, bei Anwendungsprotokolle habe ich die txt datei von gestern gefunden.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 05.01.2015 17:02:22, SYSTEM, JONEUPC, Protection, Malware Protection, Starting, 
Protection, 05.01.2015 17:02:22, SYSTEM, JONEUPC, Protection, Malware Protection, Started, 
Protection, 05.01.2015 17:02:22, SYSTEM, JONEUPC, Protection, Malicious Website Protection, Starting, 
Protection, 05.01.2015 17:02:22, SYSTEM, JONEUPC, Protection, Malicious Website Protection, Started, 
Update, 05.01.2015 17:02:27, SYSTEM, JONEUPC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 05.01.2015 17:02:28, SYSTEM, JONEUPC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.30.1, 
Update, 05.01.2015 17:02:52, SYSTEM, JONEUPC, Manual, Malware Database, 2014.11.20.6, 2015.1.5.6, 
Protection, 05.01.2015 17:02:52, SYSTEM, JONEUPC, Protection, Refresh, Starting, 
Protection, 05.01.2015 17:02:52, SYSTEM, JONEUPC, Protection, Malicious Website Protection, Stopping, 
Protection, 05.01.2015 17:02:52, SYSTEM, JONEUPC, Protection, Malicious Website Protection, Stopped, 
Protection, 05.01.2015 17:02:59, SYSTEM, JONEUPC, Protection, Refresh, Success, 
Protection, 05.01.2015 17:02:59, SYSTEM, JONEUPC, Protection, Malicious Website Protection, Starting, 
Protection, 05.01.2015 17:02:59, SYSTEM, JONEUPC, Protection, Malicious Website Protection, Started, 
Detection, 05.01.2015 17:05:10, SYSTEM, JONEUPC, Protection, Malware Protection, File, PUP.Optional.CompatibilityVerifier.A, C:\Users\Jo\AppData\Roaming\Compatibility Verifier\cef.pak, Quarantine Failed, 303, Queued for removal on reboot, [05c5d41fff8af640f7b1e57e91728779]
Detection, 05.01.2015 17:05:16, SYSTEM, JONEUPC, Protection, Malware Protection, File, PUP.Optional.CompatibilityVerifier.A, C:\Users\Jo\AppData\Roaming\Compatibility Verifier\cef.pak, Quarantine Failed, 303, Queued for removal on reboot, [05c5d41fff8af640f7b1e57e91728779]
Detection, 05.01.2015 17:10:18, SYSTEM, JONEUPC, Protection, Malware Protection, File, PUP.Optional.CompatibilityVerifier.A, C:\Users\Jo\AppData\Roaming\Compatibility Verifier\cef.pak, Quarantine Failed, 303, Queued for removal on reboot, [05c5d41fff8af640f7b1e57e91728779]
Detection, 05.01.2015 17:10:24, SYSTEM, JONEUPC, Protection, Malware Protection, File, PUP.Optional.CompatibilityVerifier.A, C:\Users\Jo\AppData\Roaming\Compatibility Verifier\cef.pak, Quarantine Failed, 303, Queued for removal on reboot, [05c5d41fff8af640f7b1e57e91728779]
Scan, 05.01.2015 17:13:30, SYSTEM, JONEUPC, Manual, Start: % 1 "% 2", Dauer: % 1 min 8 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 80-Malwareerkennung, 
Protection, 05.01.2015 17:14:43, SYSTEM, JONEUPC, Protection, Malware Protection, Starting, 
Protection, 05.01.2015 17:14:43, SYSTEM, JONEUPC, Protection, Malware Protection, Started, 
Protection, 05.01.2015 17:21:46, SYSTEM, JONEUPC, Protection, Malware Protection, Starting, 
Protection, 05.01.2015 17:21:46, SYSTEM, JONEUPC, Protection, Malware Protection, Started, 
Protection, 05.01.2015 17:21:46, SYSTEM, JONEUPC, Protection, Malicious Website Protection, Starting, 
Protection, 05.01.2015 17:21:46, SYSTEM, JONEUPC, Protection, Malicious Website Protection, Started, 
Protection, 05.01.2015 18:11:16, SYSTEM, JONEUPC, Protection, Malware Protection, Starting, 
Protection, 05.01.2015 18:11:16, SYSTEM, JONEUPC, Protection, Malware Protection, Started, 
Protection, 05.01.2015 18:11:16, SYSTEM, JONEUPC, Protection, Malicious Website Protection, Starting, 
Protection, 05.01.2015 18:11:16, SYSTEM, JONEUPC, Protection, Malicious Website Protection, Started, 

(end)

schrauber · 06.01.2015, 16:50

Dann mach jetzt den Rest von meiner letzten Anleitung.

Jo85 · 06.01.2015, 18:40

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Jo on 06.01.2015 at 16:56:18,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2319825
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2319825
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskToolbarNRO_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskToolbarNRO_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskToolbarNRO_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskToolbarNRO_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B224AA02-F7C8-3A2B-859F-560B80767E4A}



~~~ Files

Successfully deleted: [File] "C:\Users\Jo\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jo\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Jo\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Jo\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Jo\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Jo\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Jo\appdata\local\{0D2A2140-226A-4A92-A49F-CB7CB8E80E3B}
Successfully deleted: [Empty Folder] C:\Users\Jo\appdata\local\{328B2C3D-FEC0-4437-8BD6-E7BB0256B401}
Successfully deleted: [Empty Folder] C:\Users\Jo\appdata\local\{3949C900-5349-4E11-8DB5-779C98B2D480}
Successfully deleted: [Empty Folder] C:\Users\Jo\appdata\local\{62C47FCB-CCD7-43B3-A7AE-983E1E7EF913}
Successfully deleted: [Empty Folder] C:\Users\Jo\appdata\local\{63A89540-F038-44E0-AE5B-EBB0E774362C}
Successfully deleted: [Empty Folder] C:\Users\Jo\appdata\local\{C3ED79EB-58A2-482C-81BA-84A30E244FBD}
Successfully deleted: [Empty Folder] C:\Users\Jo\appdata\local\{EC12F84C-88A8-47CF-830E-CA67482A4BD8}
Successfully deleted: [Empty Folder] C:\Users\Jo\appdata\local\{FECA12AB-069B-4CC9-84D6-45B5B8307806}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Jo\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.01.2015 at 17:11:26,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner

Code:

ATTFilter

# AdwCleaner v4.106 - Bericht erstellt am 06/01/2015 um 18:37:28
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Jo - JONEUPC
# Gestartet von : C:\Users\Jo\Desktop\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\Allmyapps
Ordner Gelöscht : C:\Program Files (x86)\HitsBlenderUpdater
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
Ordner Gelöscht : C:\Users\Jo\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Jo\AppData\Local\HitsBlender
Ordner Gelöscht : C:\Users\Jo\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Jo\AppData\Roaming\Allmyapps
Ordner Gelöscht : C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allmyapps
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Zugo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\YourFileDownloader
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [4474 octets] - [06/01/2015 18:35:02]
AdwCleaner[S0].txt - [3999 octets] - [06/01/2015 18:37:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4059 octets] ##########

schrauber · 06.01.2015, 19:47

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Jo85 · 07.01.2015, 17:50

Eset log.txt

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2a53b756d901414fbf9a461edb2fb80b
# engine=21842
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-06 10:47:27
# local_time=2015-01-06 11:47:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2066 16777213 100 100 6972 124433356 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 16943075 172214297 0 0
# scanned=251139
# found=9
# cleaned=0
# scan_time=6810
sh=CF6185A9EDFBA0217C9D36D25CA9F6ADCC9F6BC8 ft=1 fh=f90d49fcbe154eac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=284FB15B1A9EAC9122656131F52F7951BCA601D2 ft=1 fh=0dab6800715bbe86 vn="Variante von Win32/ExpressDownloader.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HitsBlenderUpdater\Uninstall.exe.vir"
sh=36BCCD59DAA6E68E6E16C416675A366DBFDDC513 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000328"
sh=771342C1305A20C9B7C0E45BAA02146DE65168BA ft=1 fh=fb5b6499d0efdcc0 vn="Variante von Win32/ExpressDownloader.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jo\AppData\Local\Temp\b372jcJTZm.tmp"
sh=284FB15B1A9EAC9122656131F52F7951BCA601D2 ft=1 fh=0dab6800715bbe86 vn="Variante von Win32/ExpressDownloader.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jo\AppData\Local\Temp\bBJ3E2UlbM.exe"
sh=771342C1305A20C9B7C0E45BAA02146DE65168BA ft=1 fh=fb5b6499d0efdcc0 vn="Variante von Win32/ExpressDownloader.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jo\AppData\Local\Temp\iSdDaJQNEk.tmp"
sh=284FB15B1A9EAC9122656131F52F7951BCA601D2 ft=1 fh=0dab6800715bbe86 vn="Variante von Win32/ExpressDownloader.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jo\AppData\Local\Temp\nn02Uyu0Wk.tmp"
sh=4CE200879664514AA029B495D6E6EC01F1EFF70E ft=1 fh=34ca45f9d70c625c vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jo\AppData\Local\Temp\optprosetup.exe"
sh=284FB15B1A9EAC9122656131F52F7951BCA601D2 ft=1 fh=0dab6800715bbe86 vn="Variante von Win32/ExpressDownloader.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jo\AppData\Local\Temp\Wk9rcQBrA7.tmp"

checkup.txt

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Bitdefender Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Adobe Flash Player 15.0.0.189 Flash Player out of Date!  
 Adobe Reader XI  
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Bitdefender 2015 vsserv.exe  
 Bitdefender Bitdefender 2015 bdagent.exe  
 Bitdefender Bitdefender 2015 updatesrv.exe  
 Bitdefender Bitdefender 2015 seccenter.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Jo (administrator) on JONEUPC on 07-01-2015 16:34:48
Running from E:\
Loaded Profile: Jo (Available profiles: Jo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(FSPro Labs) C:\Windows\SysWOW64\fsproflt2.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
() C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Farbar) E:\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1626752 2014-11-24] (Bitdefender)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5021448 2014-02-27] (FNet Co., Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [3325952 2012-02-22] ()
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Run: [Microsoft Office Outlook] => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE [196440 2010-06-23] (Microsoft Corporation)
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Run: [HitsBlender] => [X]
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\MountPoints2: H - H:\setup.exe /autorun
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\MountPoints2: {1d453e76-e6c0-11e1-813e-bc5ff43a70c4} - H:\setup.exe
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\MountPoints2: {2d3b6677-dbfa-11e1-bdae-bc5ff43a70c4} - E:\setup.exe -a
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\MountPoints2: {419c321a-04d0-11e2-ad9d-bc5ff43a70c4} - H:\setup.exe /autorun
Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-09-15]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-09-03]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-09-15]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3320845&octid=EB_ORIGINAL_CTID&ISID=MF59A80F1-D312-4B4E-A11E-BD9BBDF3119B&SearchSource=55&CUI=&UM=6&UP=SP2A3FB4C6-3691-4418-A54A-DD786892354C&SSPV=
CHR Profile: C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (MeinProspekt) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bboapklbfgchofdopiohcfhmaeghhgko [2014-05-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-20]
CHR Extension: (Adblock Plus) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-07-22]
CHR Extension: (Google-Suche) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-20]
CHR Extension: (Dark Vibe) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2014-07-14]
CHR Extension: (Mini Radio Player) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffeaebedjghkdbccfenjbiilalegknlj [2013-04-17]
CHR Extension: (FoxyProxy Standard) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2014-07-14]
CHR Extension: (Google Wallet) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Deutsch Englisch Übersetzer) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcknciadhimdlbjjfndidcgnhokfbgnd [2014-08-24]
CHR Extension: (Google Mail) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-20]
CHR HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jo\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-09-22]
CHR HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Jo\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Jo\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2014-02-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-11-24] (Bitdefender)
R2 fsproflt2; C:\Windows\SysWOW64\fsproflt2.exe [49512 2012-07-12] (FSPro Labs)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1527360 2014-11-24] (Bitdefender)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-11-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [263032 2014-11-24] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-05-16] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2010-10-01] (C-Media Inc)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-10-18] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-02-27] (FNet Co., Ltd.)
R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-06] (Intel(R) Corporation) [File not signed]
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-01] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-24] (BitDefender S.R.L.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2014-07-31] (Wondershare)
U3 abpq1hll; C:\Windows\System32\Drivers\abpq1hll.sys [0 ] (Advanced Micro Devices)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S1 EIO64; system32\DRIVERS\EIO64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 16:25 - 2015-01-07 16:25 - 00852505 _____ () C:\Users\Jo\Desktop\SecurityCheck.exe
2015-01-06 21:50 - 2015-01-06 21:50 - 00002340 _____ () C:\Windows\SysWOW64\BroomData.bit
2015-01-06 21:50 - 2013-04-08 16:30 - 00022752 _____ () C:\Windows\system32\PCloudBroom64.exe
2015-01-06 21:30 - 2015-01-06 21:30 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-06 21:30 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-06 20:07 - 2015-01-06 20:07 - 02347384 _____ (ESET) C:\Users\Jo\Desktop\esetsmartinstaller_deu.exe
2015-01-06 20:07 - 2015-01-06 20:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-06 18:34 - 2015-01-06 18:37 - 00000000 ____D () C:\AdwCleaner
2015-01-06 17:11 - 2015-01-06 17:11 - 00004794 _____ () C:\Users\Jo\Desktop\JRT.txt
2015-01-06 16:56 - 2015-01-06 16:56 - 00000000 ____D () C:\Windows\ERUNT
2015-01-06 15:37 - 2015-01-06 15:38 - 00003591 _____ () C:\Users\Jo\Desktop\mbam.txt
2015-01-06 14:44 - 2015-01-06 18:37 - 00002146 _____ () C:\Windows\PFRO.log
2015-01-05 18:21 - 2015-01-07 16:21 - 00000392 _____ () C:\Windows\setupact.log
2015-01-05 18:21 - 2015-01-05 18:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-05 18:20 - 2015-01-05 18:20 - 00002870 _____ () C:\Users\Jo\Desktop\cc_20150105_182000.reg
2015-01-05 17:11 - 2015-01-05 17:11 - 02173952 _____ () C:\Users\Jo\Desktop\AdwCleaner_4.106.exe
2015-01-05 17:01 - 2015-01-05 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-05 16:16 - 2015-01-05 16:16 - 00000000 __SHD () C:\Users\Jo\AppData\Local\EmieBrowserModeList
2015-01-04 23:03 - 2015-01-05 16:41 - 00032340 _____ () C:\Users\Jo\Desktop\FRST.txt
2015-01-04 23:03 - 2015-01-04 23:03 - 00035905 _____ () C:\Users\Jo\Desktop\Addition.txt
2015-01-04 23:00 - 2015-01-07 16:34 - 00000000 ____D () C:\FRST
2015-01-04 20:48 - 2015-01-04 20:48 - 00072122 _____ () C:\Users\Jo\Desktop\cc_20150104_204848.reg
2014-12-28 20:20 - 2014-12-28 20:20 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 11:51 - 2014-12-21 11:51 - 00000000 ____D () C:\ProgramData\vsosdk
2014-12-21 11:14 - 2014-12-21 11:14 - 00000000 ____D () C:\Users\Jo\Documents\4Videosoft Studio
2014-12-21 11:13 - 2014-12-21 11:13 - 00000000 ____D () C:\Users\Jo\AppData\Local\4Videosoft Studio
2014-12-21 11:12 - 2014-12-21 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Videosoft
2014-12-21 11:12 - 2014-12-21 11:12 - 00000000 ____D () C:\ProgramData\4Videosoft Studio
2014-12-21 11:12 - 2014-12-21 11:12 - 00000000 ____D () C:\Program Files (x86)\4Videosoft Studio
2014-12-20 18:00 - 2014-12-20 18:00 - 00000849 _____ () C:\Users\Jo\Desktop\Nappistar - Verknüpfung.lnk
2014-12-20 12:00 - 2014-12-20 12:00 - 00000000 ____D () C:\Users\Public\Documents\{F0489EF2-D393-4114-85BA-A94D71D89543}
2014-12-20 11:46 - 2014-12-20 11:46 - 00000859 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster 5.lnk
2014-12-20 11:46 - 2014-12-20 11:46 - 00000847 _____ () C:\Users\Public\Desktop\Napster 5.lnk
2014-12-20 11:46 - 2014-12-20 11:46 - 00000000 ____D () C:\Program Files (x86)\Napster 5
2014-12-20 11:40 - 2014-12-20 11:40 - 00002609 _____ () C:\Users\Public\Desktop\Napster Rienf Repair.lnk
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Users\Jo\AppData\Local\NapsterRienfRepair
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster Rienf Repair
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Program Files (x86)\NA
2014-12-15 20:33 - 2014-12-15 20:33 - 00000000 ____D () C:\Users\Jo\Documents\default
2014-12-13 10:46 - 2014-12-13 10:46 - 00000000 ____D () C:\Users\Jo\Desktop\up221
2014-12-10 22:01 - 2014-12-10 22:01 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-12-10 19:24 - 2014-12-10 19:24 - 00000000 ____D () C:\Program Files (x86)\DB6FA7A7-844E-4017-92E2-73FA405F7637
2014-12-10 19:21 - 2015-01-04 15:45 - 00000000 ____D () C:\Program Files\010
2014-12-10 19:21 - 2014-12-10 19:21 - 00000000 ____D () C:\Program Files\DB6FA7A7-844E-4017-92E2-73FA405F7637
2014-12-09 20:05 - 2014-12-10 22:32 - 00000000 ____D () C:\Program Files (x86)\Audials
2014-12-09 20:02 - 2014-12-09 20:02 - 00000000 ____D () C:\Users\Jo\AppData\Local\Tempaf33c2f9cc86c2a73dc08b44799b0616

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 16:28 - 2009-07-14 05:45 - 00031776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 16:28 - 2009-07-14 05:45 - 00031776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 16:25 - 2011-04-12 08:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-01-07 16:25 - 2011-04-12 08:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-01-07 16:25 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 16:24 - 2012-07-24 15:42 - 01906566 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 16:21 - 2014-09-22 08:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 16:21 - 2014-08-24 13:32 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-07 16:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 06:43 - 2014-09-22 08:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 20:04 - 2012-07-23 22:10 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\FileZilla
2015-01-06 19:55 - 2013-02-28 13:43 - 00000000 ____D () C:\Program Files\JDownloader 2
2015-01-06 17:13 - 2014-04-07 17:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-06 17:10 - 2012-03-14 12:42 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 16:43 - 2012-07-25 20:23 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-01-05 17:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-01-05 15:01 - 2014-11-09 12:25 - 00372736 ___SH () C:\Users\Jo\Desktop\Thumbs.db
2015-01-04 20:50 - 2013-11-17 23:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-04 20:50 - 2012-09-22 17:11 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\DAEMON Tools Lite
2015-01-04 20:50 - 2012-07-23 11:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-04 20:50 - 2012-03-14 12:10 - 00000000 ____D () C:\Windows\Panther
2015-01-04 20:31 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-04 18:54 - 2014-09-15 10:40 - 00000686 ____H () C:\bdr-cf01
2015-01-04 17:35 - 2014-09-22 08:10 - 00000000 ___RD () C:\Users\Jo\Google Drive
2015-01-04 16:09 - 2014-09-15 12:03 - 00253404 ____H () C:\bdr-ld01
2015-01-04 16:09 - 2014-09-15 12:03 - 00009216 ____H () C:\bdr-ld01.mbr
2015-01-04 15:46 - 2012-12-01 19:25 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{742037F3-38E2-4FC3-9720-FAA4E822EB23}
2014-12-30 23:03 - 2012-09-11 10:25 - 00000000 ____D () C:\ProgramData\Origin
2014-12-30 17:55 - 2012-09-11 10:25 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-30 01:01 - 2014-09-09 20:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-29 22:55 - 2012-10-25 17:58 - 00000000 ___RD () C:\Users\Jo\Downloads\Bitdefender Safepay
2014-12-21 14:17 - 2012-07-23 18:48 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\vlc
2014-12-20 11:57 - 2012-12-18 17:23 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\com.Rhapsody.Napster5
2014-12-20 11:45 - 2014-06-24 22:01 - 00000000 ____D () C:\Users\Jo\AppData\Local\Adobe
2014-12-11 09:18 - 2014-10-08 13:13 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 22:23 - 2009-07-14 03:34 - 00000601 _____ () C:\Windows\win.ini
2014-12-10 20:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-10 18:41 - 2014-10-11 17:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 20:05 - 2012-12-18 19:41 - 00000000 ____D () C:\ProgramData\RapidSolution
2014-12-09 20:04 - 2012-12-18 19:40 - 00000000 ____D () C:\Users\Jo\AppData\Local\RapidSolution
2014-12-09 19:58 - 2012-07-20 08:52 - 00000000 ____D () C:\Users\Jo\AppData\Local\Deployment

Some content of TEMP:
====================
C:\Users\Jo\AppData\Local\Temp\amazonicon_v10.exe
C:\Users\Jo\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Jo\AppData\Local\Temp\Audials_Tunebite_Premium-Setup.exe
C:\Users\Jo\AppData\Local\Temp\bBJ3E2UlbM.exe
C:\Users\Jo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa0l6o1.dll
C:\Users\Jo\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Jo\AppData\Local\Temp\optprosetup.exe
C:\Users\Jo\AppData\Local\Temp\proxy_vole5242000549207536347.dll
C:\Users\Jo\AppData\Local\Temp\Quarantine.exe
C:\Users\Jo\AppData\Local\Temp\sdan.exe
C:\Users\Jo\AppData\Local\Temp\sdapk.exe
C:\Users\Jo\AppData\Local\Temp\sdaspwn.exe
C:\Users\Jo\AppData\Local\Temp\sqlite3.dll
C:\Users\Jo\AppData\Local\Temp\SRLDetectionLibrary6762623128406172098.dll
C:\Users\Jo\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-28 21:02

==================== End Of Log ============================

--- --- ---

--- --- ---

Habe wieder Bitdefender Scan durchgeführt, wieder die 5 Probleme

schrauber · 07.01.2015, 18:25

Flash updaten.

Logfile von Bitdefender bitte, damit ich die Funde sehe.

Jo85 · 08.01.2015, 15:20

Bitdefender log

Code:

ATTFilter

Product : Bitdefender Internet Security 2015
Scanning task : System-Scan
Log date : Dienstag, 6. Januar 2015 16:32:48
Log path : C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\dcf483c4-26d0-4e6f-ba28-6a53a00adae1\1420557710_1_03.xml

 
Scan Paths: 
Path : C:\
Path : E:\
Path : J:\
Path : K:\
 

[-]Scan Results 

[-]Remaining issues: 
Object Path Threat Name Final Status 

File: C:\Users\Jo\AppData\Local\Temp\h2VRL80S65.exe.virus-Adware.AdPeak.V.virus-Adware.AdPeak.V.virus-Adware.AdPeak.V.virus-Adware.AdPeak.V=>(NSIS o)=>lzma_nsis0001 Adware.AdPeak.V Infected 
File: C:\Users\Jo\AppData\Local\Temp\optprosetup.exe=>(Instyler o)=>(Instyler Module 0) Application.Generic.1016845 Infected 
File: C:\Users\Jo\AppData\Local\Temp\optprosetup.exe=>(Instyler o)=>(Instyler Module 7) Application.Generic.1024105 Infected 
File: C:\Users\Jo\AppData\Local\Temp\optprosetup.exe=>(Instyler o)=>(Instyler Module 11) Application.Generic.1028214 Infected 
File: C:\Users\Jo\AppData\Local\Temp\optprosetup.exe=>(Instyler o)=>(Instyler Module 45) Application.OptimizerPro.Q Infected 
 
[+]Resolved issues:
   

   
   
  
[-]Objects that were not scanned: 
Object Path Reason Final Status 

File: C:\System Volume Information\{00424772-9034-11e4-bf56-bc5ff43a70c4}{3808876b-c176-4e48-b7ae-04046e6cc752}  (object was not found) 
File: C:\System Volume Information\{00424776-9034-11e4-bf56-bc5ff43a70c4}{3808876b-c176-4e48-b7ae-04046e6cc752}  (object was not found) 
File: C:\System Volume Information\{0f82aff2-8fb6-11e4-823f-bc5ff43a70c4}{3808876b-c176-4e48-b7ae-04046e6cc752}  (object was not found) 
File: C:\System Volume Information\{745edd09-8ec6-11e4-8cfc-bc5ff43a70c4}{3808876b-c176-4e48-b7ae-04046e6cc752}  (object was not found) 
File: C:\System Volume Information\{83ed2cf9-8f7d-11e4-85b5-bc5ff43a70c4}{3808876b-c176-4e48-b7ae-04046e6cc752}  (object was not found) 
File: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}  (object was not found) 
File: K:\Outlook Backup\Outlook_2014-02-06_20-54-58.mobackup=>C:=>Users=>Jo=>AppData=>Local=>Microsoft=>Outlook=>Outlook.pst=>[Subject: Ihre neuen Zugangsdaten][From: Telekom Deutschland GmbH]=>Zugangsdaten.pdf Password-protected Not scanned (file was password-protected) 
File: C:\Users\Jo\AppData\Local\Microsoft\Outlook\Outlook.pst=>[Subject: Ihre neuen Zugangsdaten][From: Telekom Deutschland GmbH]=>Zugangsdaten.pdf Password-protected Not scanned (file was password-protected) 
 

[-]Detailed Scan Summary 

[-]Basic 
Scanned items : 824326
Infected items : 7
Suspicious items : 0 (no suspected items have been detected)
Resolved items : 2
Unresolved items : 5
 
[+]Advanced 














 

[+]Scan Options

schrauber · 08.01.2015, 17:15

Java und Flash updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000328
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de

Jo85 · 08.01.2015, 19:26

Danke für deine Hilfe

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Jo (administrator) on JONEUPC on 07-01-2015 16:34:48
Running from E:\
Loaded Profile: Jo (Available profiles: Jo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(FSPro Labs) C:\Windows\SysWOW64\fsproflt2.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
() C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Farbar) E:\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1626752 2014-11-24] (Bitdefender)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5021448 2014-02-27] (FNet Co., Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [3325952 2012-02-22] ()
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Run: [Microsoft Office Outlook] => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE [196440 2010-06-23] (Microsoft Corporation)
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Run: [HitsBlender] => [X]
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\MountPoints2: H - H:\setup.exe /autorun
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\MountPoints2: {1d453e76-e6c0-11e1-813e-bc5ff43a70c4} - H:\setup.exe
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\MountPoints2: {2d3b6677-dbfa-11e1-bdae-bc5ff43a70c4} - E:\setup.exe -a
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\MountPoints2: {419c321a-04d0-11e2-ad9d-bc5ff43a70c4} - H:\setup.exe /autorun
Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-09-15]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-09-03]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-09-15]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3320845&octid=EB_ORIGINAL_CTID&ISID=MF59A80F1-D312-4B4E-A11E-BD9BBDF3119B&SearchSource=55&CUI=&UM=6&UP=SP2A3FB4C6-3691-4418-A54A-DD786892354C&SSPV=
CHR Profile: C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (MeinProspekt) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bboapklbfgchofdopiohcfhmaeghhgko [2014-05-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-20]
CHR Extension: (Adblock Plus) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-07-22]
CHR Extension: (Google-Suche) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-20]
CHR Extension: (Dark Vibe) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2014-07-14]
CHR Extension: (Mini Radio Player) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffeaebedjghkdbccfenjbiilalegknlj [2013-04-17]
CHR Extension: (FoxyProxy Standard) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2014-07-14]
CHR Extension: (Google Wallet) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Deutsch Englisch Übersetzer) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcknciadhimdlbjjfndidcgnhokfbgnd [2014-08-24]
CHR Extension: (Google Mail) - C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-20]
CHR HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jo\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-09-22]
CHR HKU\S-1-5-21-2091203308-3088951350-3500837121-1000\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Jo\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Jo\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2014-02-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-11-24] (Bitdefender)
R2 fsproflt2; C:\Windows\SysWOW64\fsproflt2.exe [49512 2012-07-12] (FSPro Labs)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1527360 2014-11-24] (Bitdefender)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-11-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [263032 2014-11-24] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-05-16] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2010-10-01] (C-Media Inc)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-10-18] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-02-27] (FNet Co., Ltd.)
R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-06] (Intel(R) Corporation) [File not signed]
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-01] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-24] (BitDefender S.R.L.)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-19] ()
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2014-07-31] (Wondershare)
U3 abpq1hll; C:\Windows\System32\Drivers\abpq1hll.sys [0 ] (Advanced Micro Devices)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S1 EIO64; system32\DRIVERS\EIO64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 16:25 - 2015-01-07 16:25 - 00852505 _____ () C:\Users\Jo\Desktop\SecurityCheck.exe
2015-01-06 21:50 - 2015-01-06 21:50 - 00002340 _____ () C:\Windows\SysWOW64\BroomData.bit
2015-01-06 21:50 - 2013-04-08 16:30 - 00022752 _____ () C:\Windows\system32\PCloudBroom64.exe
2015-01-06 21:30 - 2015-01-06 21:30 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-06 21:30 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-06 20:07 - 2015-01-06 20:07 - 02347384 _____ (ESET) C:\Users\Jo\Desktop\esetsmartinstaller_deu.exe
2015-01-06 20:07 - 2015-01-06 20:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-06 18:34 - 2015-01-06 18:37 - 00000000 ____D () C:\AdwCleaner
2015-01-06 17:11 - 2015-01-06 17:11 - 00004794 _____ () C:\Users\Jo\Desktop\JRT.txt
2015-01-06 16:56 - 2015-01-06 16:56 - 00000000 ____D () C:\Windows\ERUNT
2015-01-06 15:37 - 2015-01-06 15:38 - 00003591 _____ () C:\Users\Jo\Desktop\mbam.txt
2015-01-06 14:44 - 2015-01-06 18:37 - 00002146 _____ () C:\Windows\PFRO.log
2015-01-05 18:21 - 2015-01-07 16:21 - 00000392 _____ () C:\Windows\setupact.log
2015-01-05 18:21 - 2015-01-05 18:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-05 18:20 - 2015-01-05 18:20 - 00002870 _____ () C:\Users\Jo\Desktop\cc_20150105_182000.reg
2015-01-05 17:11 - 2015-01-05 17:11 - 02173952 _____ () C:\Users\Jo\Desktop\AdwCleaner_4.106.exe
2015-01-05 17:01 - 2015-01-05 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-05 16:16 - 2015-01-05 16:16 - 00000000 __SHD () C:\Users\Jo\AppData\Local\EmieBrowserModeList
2015-01-04 23:03 - 2015-01-05 16:41 - 00032340 _____ () C:\Users\Jo\Desktop\FRST.txt
2015-01-04 23:03 - 2015-01-04 23:03 - 00035905 _____ () C:\Users\Jo\Desktop\Addition.txt
2015-01-04 23:00 - 2015-01-07 16:34 - 00000000 ____D () C:\FRST
2015-01-04 20:48 - 2015-01-04 20:48 - 00072122 _____ () C:\Users\Jo\Desktop\cc_20150104_204848.reg
2014-12-28 20:20 - 2014-12-28 20:20 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 11:51 - 2014-12-21 11:51 - 00000000 ____D () C:\ProgramData\vsosdk
2014-12-21 11:14 - 2014-12-21 11:14 - 00000000 ____D () C:\Users\Jo\Documents\4Videosoft Studio
2014-12-21 11:13 - 2014-12-21 11:13 - 00000000 ____D () C:\Users\Jo\AppData\Local\4Videosoft Studio
2014-12-21 11:12 - 2014-12-21 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Videosoft
2014-12-21 11:12 - 2014-12-21 11:12 - 00000000 ____D () C:\ProgramData\4Videosoft Studio
2014-12-21 11:12 - 2014-12-21 11:12 - 00000000 ____D () C:\Program Files (x86)\4Videosoft Studio
2014-12-20 18:00 - 2014-12-20 18:00 - 00000849 _____ () C:\Users\Jo\Desktop\Nappistar - Verknüpfung.lnk
2014-12-20 12:00 - 2014-12-20 12:00 - 00000000 ____D () C:\Users\Public\Documents\{F0489EF2-D393-4114-85BA-A94D71D89543}
2014-12-20 11:46 - 2014-12-20 11:46 - 00000859 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster 5.lnk
2014-12-20 11:46 - 2014-12-20 11:46 - 00000847 _____ () C:\Users\Public\Desktop\Napster 5.lnk
2014-12-20 11:46 - 2014-12-20 11:46 - 00000000 ____D () C:\Program Files (x86)\Napster 5
2014-12-20 11:40 - 2014-12-20 11:40 - 00002609 _____ () C:\Users\Public\Desktop\Napster Rienf Repair.lnk
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Users\Jo\AppData\Local\NapsterRienfRepair
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster Rienf Repair
2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Program Files (x86)\NA
2014-12-15 20:33 - 2014-12-15 20:33 - 00000000 ____D () C:\Users\Jo\Documents\default
2014-12-13 10:46 - 2014-12-13 10:46 - 00000000 ____D () C:\Users\Jo\Desktop\up221
2014-12-10 22:01 - 2014-12-10 22:01 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-12-10 19:24 - 2014-12-10 19:24 - 00000000 ____D () C:\Program Files (x86)\DB6FA7A7-844E-4017-92E2-73FA405F7637
2014-12-10 19:21 - 2015-01-04 15:45 - 00000000 ____D () C:\Program Files\010
2014-12-10 19:21 - 2014-12-10 19:21 - 00000000 ____D () C:\Program Files\DB6FA7A7-844E-4017-92E2-73FA405F7637
2014-12-09 20:05 - 2014-12-10 22:32 - 00000000 ____D () C:\Program Files (x86)\Audials
2014-12-09 20:02 - 2014-12-09 20:02 - 00000000 ____D () C:\Users\Jo\AppData\Local\Tempaf33c2f9cc86c2a73dc08b44799b0616

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 16:28 - 2009-07-14 05:45 - 00031776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 16:28 - 2009-07-14 05:45 - 00031776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 16:25 - 2011-04-12 08:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-01-07 16:25 - 2011-04-12 08:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-01-07 16:25 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 16:24 - 2012-07-24 15:42 - 01906566 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 16:21 - 2014-09-22 08:02 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 16:21 - 2014-08-24 13:32 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-07 16:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 06:43 - 2014-09-22 08:02 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 20:04 - 2012-07-23 22:10 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\FileZilla
2015-01-06 19:55 - 2013-02-28 13:43 - 00000000 ____D () C:\Program Files\JDownloader 2
2015-01-06 17:13 - 2014-04-07 17:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-06 17:10 - 2012-03-14 12:42 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 16:43 - 2012-07-25 20:23 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-01-05 17:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-01-05 15:01 - 2014-11-09 12:25 - 00372736 ___SH () C:\Users\Jo\Desktop\Thumbs.db
2015-01-04 20:50 - 2013-11-17 23:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-04 20:50 - 2012-09-22 17:11 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\DAEMON Tools Lite
2015-01-04 20:50 - 2012-07-23 11:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-04 20:50 - 2012-03-14 12:10 - 00000000 ____D () C:\Windows\Panther
2015-01-04 20:31 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-04 18:54 - 2014-09-15 10:40 - 00000686 ____H () C:\bdr-cf01
2015-01-04 17:35 - 2014-09-22 08:10 - 00000000 ___RD () C:\Users\Jo\Google Drive
2015-01-04 16:09 - 2014-09-15 12:03 - 00253404 ____H () C:\bdr-ld01
2015-01-04 16:09 - 2014-09-15 12:03 - 00009216 ____H () C:\bdr-ld01.mbr
2015-01-04 15:46 - 2012-12-01 19:25 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{742037F3-38E2-4FC3-9720-FAA4E822EB23}
2014-12-30 23:03 - 2012-09-11 10:25 - 00000000 ____D () C:\ProgramData\Origin
2014-12-30 17:55 - 2012-09-11 10:25 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-30 01:01 - 2014-09-09 20:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-29 22:55 - 2012-10-25 17:58 - 00000000 ___RD () C:\Users\Jo\Downloads\Bitdefender Safepay
2014-12-21 14:17 - 2012-07-23 18:48 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\vlc
2014-12-20 11:57 - 2012-12-18 17:23 - 00000000 ____D () C:\Users\Jo\AppData\Roaming\com.Rhapsody.Napster5
2014-12-20 11:45 - 2014-06-24 22:01 - 00000000 ____D () C:\Users\Jo\AppData\Local\Adobe
2014-12-11 09:18 - 2014-10-08 13:13 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 22:23 - 2009-07-14 03:34 - 00000601 _____ () C:\Windows\win.ini
2014-12-10 20:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-10 18:41 - 2014-10-11 17:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 20:05 - 2012-12-18 19:41 - 00000000 ____D () C:\ProgramData\RapidSolution
2014-12-09 20:04 - 2012-12-18 19:40 - 00000000 ____D () C:\Users\Jo\AppData\Local\RapidSolution
2014-12-09 19:58 - 2012-07-20 08:52 - 00000000 ____D () C:\Users\Jo\AppData\Local\Deployment

Some content of TEMP:
====================
C:\Users\Jo\AppData\Local\Temp\amazonicon_v10.exe
C:\Users\Jo\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Jo\AppData\Local\Temp\Audials_Tunebite_Premium-Setup.exe
C:\Users\Jo\AppData\Local\Temp\bBJ3E2UlbM.exe
C:\Users\Jo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa0l6o1.dll
C:\Users\Jo\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Jo\AppData\Local\Temp\optprosetup.exe
C:\Users\Jo\AppData\Local\Temp\proxy_vole5242000549207536347.dll
C:\Users\Jo\AppData\Local\Temp\Quarantine.exe
C:\Users\Jo\AppData\Local\Temp\sdan.exe
C:\Users\Jo\AppData\Local\Temp\sdapk.exe
C:\Users\Jo\AppData\Local\Temp\sdaspwn.exe
C:\Users\Jo\AppData\Local\Temp\sqlite3.dll
C:\Users\Jo\AppData\Local\Temp\SRLDetectionLibrary6762623128406172098.dll
C:\Users\Jo\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-28 21:02

==================== End Of Log ============================

--- --- ---

-hatte java und Flash eigentlich schon upgedatet, also schwachstellen scan mit Bitdefender gemacht und dort die fehler behoben.

- kann ich denn meine ganzen Lesezeichen irgendwie speichern und dann wieder importieren oder muss komplett alles runter?

- taugt Bitdefender überhaupt was? Wie kamen die Viren denn rein und wieso hat Bitdefender nix gemacht?

schrauber · 08.01.2015, 20:39

Ein AV kann dich nie 100% schützen.

Lesezeichen kannste normal exportieren und dann wieder importieren.

Jo85 · 08.01.2015, 21:29

Danke hat geklappt

Bitdefender hat keine Bedrohungen gefunden

vielen vielen dank

06.01.2015, 16:50	#6
schrauber /// the machine /// TB-Ausbilder	BitdefenderIS15 kann Adware.AdPeak.V nicht löschen. Dann mach jetzt den Rest von meiner letzten Anleitung. __________________ --> BitdefenderIS15 kann Adware.AdPeak.V nicht löschen.

07.01.2015, 18:25	#10
schrauber /// the machine /// TB-Ausbilder	BitdefenderIS15 kann Adware.AdPeak.V nicht löschen. Flash updaten. Logfile von Bitdefender bitte, damit ich die Funde sehe. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

08.01.2015, 20:39	#14
schrauber /// the machine /// TB-Ausbilder	BitdefenderIS15 kann Adware.AdPeak.V nicht löschen. Ein AV kann dich nie 100% schützen. Lesezeichen kannste normal exportieren und dann wieder importieren. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

BitdefenderIS15 kann Adware.AdPeak.V nicht löschen.

Log-Analyse und Auswertung: BitdefenderIS15 kann Adware.AdPeak.V nicht löschen.