linkury,toolbar

paula1504 · 10.01.2015, 00:41

hallo...bei mir hat sich eine seite aufgemacht die sich linkury nennt oder von denen kommt...habe schon die add-ons durchsucht und meine programme und finde nirgends einen eintrag dazu um das zu löschen...habe auch das advanced durchlaufen lassen aber nix passiert...kann mir noch jemand einen tip geben wie ich diese nervige seite wegbekomme?

gruß paula

schrauber · 10.01.2015, 01:07

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

paula1504 · 11.01.2015, 00:32

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2015
Ran by katrin (administrator) on KATRIN-PC on 11-01-2015 00:21:24
Running from C:\Users\katrin\Downloads
Loaded Profile: katrin (Available profiles: katrin)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ICQ) C:\Users\katrin\AppData\Roaming\ICQM\icq.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Smartbar) C:\Users\katrin\AppData\Local\Smartbar\Application\SafeFinder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Dropbox, Inc.) C:\Users\katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\katrin\AppData\Local\Smartbar\Application\Lrcnta.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [gmsd_de_66] => [X]
HKLM\...\Run: [mbot_de_395] => [X]
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [icq] => C:\Users\katrin\AppData\Roaming\ICQM\icq.exe [33664344 2014-01-03] (ICQ)
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [UpdateStar Drivers] => C:\Program Files\UpdateStar Drivers\drivers.exe [7332776 2014-01-28] ()
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\katrin\AppData\Local\Smartbar\Application\SafeFinder.exe [30224 2014-11-19] (Smartbar)
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\MountPoints2: {8187d9a1-707d-11e4-bc28-90e6ba6c5abb} - F:\XSManager.exe
Startup: C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sasnative32
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-430205881-583344909-559689374-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWwRlCR5iaWrwOo9ltcw9MWdkwMuV3wwb6KrwVr3V_T8Bzvk4V29T8l98hX8T8Ok-ezNtAagXO6dmtArdSQ_dJWxj3RX-pEh3dcXPJG5347pbCn9eSYfUzQvTPpR8ZaQPwv7QyL98FRGFwIl3h3cK2z6mnQ_oV5hgOwrDst1iKua7AhLLUQSTw,,&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-430205881-583344909-559689374-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-430205881-583344909-559689374-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWwRlCR5iaWrwOo9ltcw9MWdkwMuV3wwb6KrwVr3V_T8Bzvk4V29T8l98hX8T8Ok-ezNtAagXO6dmtArdSQ_dJWxj3RX-pEh3dcXPJG5347pbCn9eSYfUzQvTPpR8ZaQPwv7QyL98FRGFwIl3h3cK2z6mnQ_oV5i4Eop2AUncwyHnX6O59vcag,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-430205881-583344909-559689374-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\katrin\AppData\Roaming\Mozilla\Firefox\Profiles\gyku3bxj.default
FF NewTab: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWwRlCR5iaWrwOo9ltcw9MWdkwMuV3wwb6KrwVr3V_T8Bzvk4V29T8l98hX8T8Ok-ezNtAagXO6dmtArdSQ_dJWxj3RX-pErAnDauzxuEz-SU-9r6pVlRMEuisHy6XeKlFWixyIdPPcDwnhxrjX2XDZ0sk45eEv2Fucc1OVR9Fcb2PVzCXc5rw,,
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: SafeFinder Search
FF Homepage: https://www.facebook.com/
FF Keyword.URL: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWwRlCR5iaWrwOo9ltcw9MWdkwMuV3wwb6KrwVr3V_T8Bzvk4V29T8l98hX8T8Ok-ezNtAagXO6dmtArdSQ_dJWxj3RX-pEh3dcXPJG5347pbCn9eSYfUzQvTPpR8ZaQPwv7QyL98FRGFwIl3h3cK2z6mnQ_oV5i4Eop2AUncwyHnX6O59vcag,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-430205881-583344909-559689374-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\katrin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-430205881-583344909-559689374-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\katrin\AppData\Roaming\Mozilla\Firefox\Profiles\gyku3bxj.default\searchplugins\SafeFinder Search.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-10]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\katrin\AppData\Roaming\Mozilla\Firefox\Profiles\gyku3bxj.default\extensions\faststartff@gmail.com
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-13] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-13] (NVIDIA Corporation)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [5886824 2014-12-02] (Reimage®)
S2 ClaraUpdater; C:\Program Files\Common Files\ClaraUpdater\ClaraUpdater.exe [X]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 dSToWg; "C:\ProgramData\porFuCmvvC\dSToWg.exe" [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [278528 2011-10-24] (AVEO)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-09] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
S3 athr; system32\DRIVERS\athr.sys [X]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [X]
S3 cpuz134; \??\C:\Users\katrin\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 00:21 - 2015-01-11 00:21 - 00014740 _____ () C:\Users\katrin\Downloads\FRST.txt
2015-01-11 00:16 - 2015-01-11 00:16 - 02124288 _____ (Farbar) C:\Users\katrin\Downloads\FRST64.exe
2015-01-11 00:16 - 2015-01-11 00:16 - 01115648 _____ (Farbar) C:\Users\katrin\Downloads\FRST.exe
2015-01-10 17:02 - 2015-01-10 17:04 - 00000000 ___RD () C:\Users\katrin\Dropbox
2015-01-10 17:02 - 2015-01-10 17:02 - 00001129 _____ () C:\Users\katrin\Desktop\Dropbox.lnk
2015-01-10 11:22 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-10 11:20 - 2015-01-10 17:02 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Dropbox
2015-01-10 11:18 - 2015-01-10 11:20 - 46882112 _____ (Dropbox, Inc.) C:\Users\katrin\Downloads\Dropbox_3.0.5.exe
2015-01-10 05:45 - 2015-01-10 05:45 - 00002344 _____ () C:\Windows\system32\ScanResults.xml
2015-01-10 05:38 - 2015-01-10 05:38 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-01-09 13:47 - 2015-01-09 13:47 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-01-09 13:46 - 2015-01-09 13:46 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\katrin\Downloads\SpyHunter-Installer.exe
2015-01-09 03:05 - 2015-01-09 07:33 - 00000000 ____D () C:\ProgramData\Browser
2015-01-08 23:26 - 2015-01-09 08:47 - 00000000 ____D () C:\Users\katrin\AppData\Local\LPT
2015-01-08 23:26 - 2015-01-08 23:26 - 00000000 ____D () C:\Users\katrin\AppData\Local\Smartbar
2015-01-08 09:16 - 2015-01-08 09:16 - 11236528 _____ (Adobe Systems, Inc.) C:\Users\katrin\Downloads\flashplayer15_sa_win_32.exe
2015-01-08 07:38 - 2015-01-10 05:37 - 00010002 _____ () C:\Windows\PFRO.log
2015-01-08 03:44 - 2015-01-08 03:44 - 00857712 _____ ( ) C:\Users\katrin\Downloads\adobe_flash_setup.exe
2015-01-08 03:23 - 2015-01-08 23:40 - 00000000 ____D () C:\Program Files\Reimage
2015-01-08 03:23 - 2015-01-08 03:23 - 00002010 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-01-08 03:23 - 2015-01-08 03:23 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-01-08 03:22 - 2015-01-08 03:24 - 00000165 _____ () C:\Windows\Reimage.ini
2015-01-08 03:22 - 2015-01-08 03:24 - 00000000 ____D () C:\rei
2015-01-08 03:08 - 2015-01-08 23:24 - 00000000 ____D () C:\Program Files\mbot_de_395
2015-01-08 03:08 - 2015-01-08 03:08 - 00000000 ____D () C:\Program Files\predm
2015-01-08 03:01 - 2015-01-08 03:01 - 00000000 ____D () C:\ProgramData\658662426
2015-01-08 02:28 - 2015-01-08 03:59 - 00000000 ____D () C:\Users\katrin\AppData\Local\ConvertAd
2015-01-08 02:27 - 2015-01-09 08:57 - 00000000 ____D () C:\Users\katrin\AppData\Local\MovieWizard
2015-01-08 02:27 - 2015-01-08 02:55 - 00000000 ____D () C:\Users\katrin\Documents\ProPCCleaner
2015-01-08 02:27 - 2015-01-08 02:27 - 00003584 _____ () C:\Users\katrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-08 02:27 - 2015-01-08 02:27 - 00000000 ____D () C:\Users\katrin\AppData\Local\Pro_PC_Cleaner
2015-01-08 02:26 - 2015-01-08 02:26 - 00000000 ____D () C:\ProgramData\porFuCmvvC
2015-01-08 02:25 - 2015-01-08 02:57 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Pro PC Cleaner
2015-01-06 21:46 - 2015-01-06 23:35 - 803750130 _____ () C:\Users\katrin\Downloads\Being_Human_Wandern_zwischen_den_Zeiten_2015-01-02_2205_549476.avi
2015-01-06 21:46 - 2015-01-06 23:34 - 754118808 _____ () C:\Users\katrin\Downloads\Being_Human_Ausser_Kontrolle_2015-01-02_2015_549476.avi
2015-01-06 21:45 - 2015-01-06 23:32 - 707912142 _____ () C:\Users\katrin\Downloads\Being_Human_Der_Vollstrecker_2015-01-02_2305_549476.avi
2015-01-06 21:45 - 2015-01-06 23:29 - 792297842 _____ () C:\Users\katrin\Downloads\Sleepy_Hollow_Geborgte_Zeit_2015-01-05_2015_549476.avi
2015-01-06 21:45 - 2015-01-06 23:24 - 754359906 _____ () C:\Users\katrin\Downloads\Grimm_Blondes_Gift_Folge66_2015-01-05_2115_549476.avi
2015-01-06 21:45 - 2015-01-06 23:15 - 791104906 _____ () C:\Users\katrin\Downloads\Arrow_In_letzter_Sekunde_Folge46_2015-01-05_2015_549476.avi
2015-01-04 01:00 - 2015-01-10 10:38 - 00001848 _____ () C:\Windows\setupact.log
2015-01-04 01:00 - 2015-01-04 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-30 00:30 - 2014-12-30 01:42 - 755186136 _____ () C:\Users\katrin\Downloads\Grimm_Die_Truhe_Folge65_2014-12-29_2115_549476.avi
2014-12-30 00:29 - 2014-12-30 01:44 - 696604130 _____ () C:\Users\katrin\Downloads\Sleepy_Hollow_Die_verlorene_Kolonie_2014-12-29_2015_549476.avi
2014-12-30 00:29 - 2014-12-30 01:41 - 708656824 _____ () C:\Users\katrin\Downloads\Supernatural_Nur_ein_Zeichen_2014-12-29_2105_549476.avi
2014-12-30 00:29 - 2014-12-30 01:36 - 792997216 _____ () C:\Users\katrin\Downloads\Arrow_Brennende_Strassen_Folge45_2014-12-29_2015_549476.avi
2014-12-27 19:41 - 2014-12-27 21:20 - 1307545854 _____ () C:\Users\katrin\Downloads\Gefangene_der_Zeit_Teil_2_2014-12-22_2203_549476.avi
2014-12-27 19:41 - 2014-12-27 21:13 - 1237428886 _____ () C:\Users\katrin\Downloads\Gefangene_der_Zeit_Teil_1_2014-12-22_2015_549476.avi
2014-12-27 19:41 - 2014-12-27 21:01 - 801512836 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Rapunzels_Turm_der_Angst_Folge58_2014-12-17_2110_549476.avi
2014-12-27 19:41 - 2014-12-27 20:58 - 755052972 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Hexenjagd_Folge57_2014-12-17_2015_549476.avi
2014-12-24 02:50 - 2014-12-24 03:25 - 754064362 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Schattenseite_Folge57_2014-12-17_2305_549476.avi
2014-12-24 02:50 - 2014-12-24 03:22 - 745940088 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Wahrheit_oder_Pflicht_Folge56_2014-12-17_2210_549476.avi
2014-12-21 19:33 - 2014-12-21 19:33 - 00435672 _____ () C:\Users\katrin\Downloads\10568600_616375998467159_836702792_n.php
2014-12-21 12:34 - 2014-12-21 13:39 - 744530278 _____ () C:\Users\katrin\Downloads\The_Originals_Von_der_Wiege_bis_ins_Grab_2014-12-19_2110_549476.avi
2014-12-21 12:34 - 2014-12-21 13:36 - 615681282 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Rate_wer_zum_Essen_kommt_2014-12-19_0050_549476.avi
2014-12-21 12:34 - 2014-12-21 13:34 - 752956744 _____ () C:\Users\katrin\Downloads\The_Originals_Schlacht_um_New_Orleans_2014-12-19_2015_549476.avi
2014-12-21 12:34 - 2014-12-21 13:26 - 614699332 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Erpressung_2014-12-19_0130_549476.avi
2014-12-18 22:30 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 02:02 - 2014-12-18 02:02 - 00000700 _____ () C:\Users\katrin\Documents\cc_20141218_020241.reg
2014-12-17 00:57 - 2014-11-22 11:46 - 00032912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-12-16 07:44 - 2014-12-16 09:08 - 696315930 _____ () C:\Users\katrin\Downloads\Being_Human_Der_Alphawolf_2014-12-12_2110_549476.avi
2014-12-15 12:39 - 2014-12-15 13:13 - 1339776888 _____ (Unity Technologies ApS) C:\Users\katrin\Downloads\UnitySetup-4.6.1.exe
2014-12-14 21:39 - 2014-12-14 21:39 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-14 21:39 - 2014-12-14 21:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-14 21:39 - 2014-12-14 21:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-14 00:52 - 2014-12-14 00:52 - 00001248 _____ () C:\Users\katrin\Documents\cc_20141214_005229.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 00:21 - 2014-03-27 10:11 - 00000000 ____D () C:\FRST
2015-01-11 00:18 - 2013-12-20 01:16 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Skype
2015-01-11 00:12 - 2013-12-19 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 00:01 - 2014-04-25 09:12 - 00000258 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2015-01-10 20:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-01-10 17:02 - 2013-12-19 22:18 - 00000000 ____D () C:\Users\katrin
2015-01-10 10:47 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 10:47 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 10:38 - 2014-11-24 02:05 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-10 10:38 - 2013-12-19 22:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-10 10:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 06:23 - 2013-12-19 22:16 - 01061965 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 13:47 - 2014-01-26 02:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-09 11:01 - 2014-09-15 01:31 - 00000000 ____D () C:\Program Files\ASP
2015-01-09 08:47 - 2014-11-18 22:42 - 00000000 ____D () C:\Program Files\Common Files\ClaraUpdater
2015-01-09 08:47 - 2014-09-04 09:01 - 00000000 ____D () C:\Program Files\SupTab
2015-01-09 08:47 - 2014-01-08 01:55 - 00000000 ____D () C:\Program Files\VideoPlayer
2015-01-09 08:46 - 2014-09-15 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2015-01-08 23:26 - 2014-09-04 09:01 - 00000000 ____D () C:\ProgramData\IePluginServices
2015-01-08 03:49 - 2014-08-20 20:13 - 00000000 ____D () C:\Users\katrin\AppData\Local\Adobe
2015-01-08 03:49 - 2013-12-19 22:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-08 03:49 - 2013-12-19 22:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-08 03:21 - 2014-03-21 01:06 - 00000000 ____D () C:\Users\katrin\Downloads\backups
2015-01-08 03:13 - 2014-03-21 01:04 - 00005699 _____ () C:\Users\katrin\Downloads\hijackthis.log
2015-01-08 03:01 - 2014-11-18 22:56 - 00000000 ____D () C:\ProgramData\2308189059
2015-01-06 04:36 - 2012-01-10 21:52 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 21:18 - 2010-11-20 22:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 00:58 - 2013-12-20 00:15 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-13 11:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-13 09:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-13 01:12 - 2014-08-03 08:23 - 01291464 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-12-13 01:12 - 2013-12-20 00:31 - 02210040 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-12-12 01:09 - 2014-12-11 23:59 - 792191532 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Geraubte_Kuesse_Folge55_2014-12-10_2300_549476.avi
2014-12-12 01:08 - 2014-12-11 23:59 - 754764180 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Verrueckt_Folge54_2014-12-10_2205_549476.avi
2014-12-12 01:08 - 2014-12-11 23:59 - 754184846 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Es_war_keinmal_Folge55_2014-12-10_2015_549476.avi
2014-12-12 01:07 - 2014-12-11 23:59 - 744589354 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Gruen_ist_das_neue_Schwarz_Folge56_2014-12-10_2110_549476.avi

Some content of TEMP:
====================
C:\Users\katrin\AppData\Local\Temp\BackupSetup.exe
C:\Users\katrin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpagoshq.dll
C:\Users\katrin\AppData\Local\Temp\inevw1qx.dll
C:\Users\katrin\AppData\Local\Temp\optprosetup.exe
C:\Users\katrin\AppData\Local\Temp\ReimagePackage.exe
C:\Users\katrin\AppData\Local\Temp\sdf1FC5.exe
C:\Users\katrin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\katrin\AppData\Local\Temp\tedlzqug.dll
C:\Users\katrin\AppData\Local\Temp\vy-lzjg0.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 13:12

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2015
Ran by katrin (administrator) on KATRIN-PC on 11-01-2015 00:31:28
Running from C:\Users\katrin\Downloads
Loaded Profile: katrin (Available profiles: katrin)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ICQ) C:\Users\katrin\AppData\Roaming\ICQM\icq.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Smartbar) C:\Users\katrin\AppData\Local\Smartbar\Application\SafeFinder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Dropbox, Inc.) C:\Users\katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\katrin\AppData\Local\Smartbar\Application\Lrcnta.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [gmsd_de_66] => [X]
HKLM\...\Run: [mbot_de_395] => [X]
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [icq] => C:\Users\katrin\AppData\Roaming\ICQM\icq.exe [33664344 2014-01-03] (ICQ)
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [UpdateStar Drivers] => C:\Program Files\UpdateStar Drivers\drivers.exe [7332776 2014-01-28] ()
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\katrin\AppData\Local\Smartbar\Application\SafeFinder.exe [30224 2014-11-19] (Smartbar)
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\MountPoints2: {8187d9a1-707d-11e4-bc28-90e6ba6c5abb} - F:\XSManager.exe
Startup: C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sasnative32
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-430205881-583344909-559689374-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWwRlCR5iaWrwOo9ltcw9MWdkwMuV3wwb6KrwVr3V_T8Bzvk4V29T8l98hX8T8Ok-ezNtAagXO6dmtArdSQ_dJWxj3RX-pEh3dcXPJG5347pbCn9eSYfUzQvTPpR8ZaQPwv7QyL98FRGFwIl3h3cK2z6mnQ_oV5hgOwrDst1iKua7AhLLUQSTw,,&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-430205881-583344909-559689374-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-430205881-583344909-559689374-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWwRlCR5iaWrwOo9ltcw9MWdkwMuV3wwb6KrwVr3V_T8Bzvk4V29T8l98hX8T8Ok-ezNtAagXO6dmtArdSQ_dJWxj3RX-pEh3dcXPJG5347pbCn9eSYfUzQvTPpR8ZaQPwv7QyL98FRGFwIl3h3cK2z6mnQ_oV5i4Eop2AUncwyHnX6O59vcag,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-430205881-583344909-559689374-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\katrin\AppData\Roaming\Mozilla\Firefox\Profiles\gyku3bxj.default
FF NewTab: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWwRlCR5iaWrwOo9ltcw9MWdkwMuV3wwb6KrwVr3V_T8Bzvk4V29T8l98hX8T8Ok-ezNtAagXO6dmtArdSQ_dJWxj3RX-pErAnDauzxuEz-SU-9r6pVlRMEuisHy6XeKlFWixyIdPPcDwnhxrjX2XDZ0sk45eEv2Fucc1OVR9Fcb2PVzCXc5rw,,
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: SafeFinder Search
FF Homepage: https://www.facebook.com/
FF Keyword.URL: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWwRlCR5iaWrwOo9ltcw9MWdkwMuV3wwb6KrwVr3V_T8Bzvk4V29T8l98hX8T8Ok-ezNtAagXO6dmtArdSQ_dJWxj3RX-pEh3dcXPJG5347pbCn9eSYfUzQvTPpR8ZaQPwv7QyL98FRGFwIl3h3cK2z6mnQ_oV5i4Eop2AUncwyHnX6O59vcag,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-430205881-583344909-559689374-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\katrin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-430205881-583344909-559689374-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\katrin\AppData\Roaming\Mozilla\Firefox\Profiles\gyku3bxj.default\searchplugins\SafeFinder Search.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-10]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\katrin\AppData\Roaming\Mozilla\Firefox\Profiles\gyku3bxj.default\extensions\faststartff@gmail.com
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-13] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-13] (NVIDIA Corporation)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [5886824 2014-12-02] (Reimage®)
S2 ClaraUpdater; C:\Program Files\Common Files\ClaraUpdater\ClaraUpdater.exe [X]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 dSToWg; "C:\ProgramData\porFuCmvvC\dSToWg.exe" [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [278528 2011-10-24] (AVEO)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-09] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
S3 athr; system32\DRIVERS\athr.sys [X]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [X]
S3 cpuz134; \??\C:\Users\katrin\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 00:21 - 2015-01-11 00:31 - 00014740 _____ () C:\Users\katrin\Downloads\FRST.txt
2015-01-11 00:16 - 2015-01-11 00:16 - 02124288 _____ (Farbar) C:\Users\katrin\Downloads\FRST64.exe
2015-01-11 00:16 - 2015-01-11 00:16 - 01115648 _____ (Farbar) C:\Users\katrin\Downloads\FRST.exe
2015-01-10 17:02 - 2015-01-10 17:04 - 00000000 ___RD () C:\Users\katrin\Dropbox
2015-01-10 17:02 - 2015-01-10 17:02 - 00001129 _____ () C:\Users\katrin\Desktop\Dropbox.lnk
2015-01-10 11:22 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-10 11:20 - 2015-01-10 17:02 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Dropbox
2015-01-10 11:18 - 2015-01-10 11:20 - 46882112 _____ (Dropbox, Inc.) C:\Users\katrin\Downloads\Dropbox_3.0.5.exe
2015-01-10 05:45 - 2015-01-10 05:45 - 00002344 _____ () C:\Windows\system32\ScanResults.xml
2015-01-10 05:38 - 2015-01-10 05:38 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-01-09 13:47 - 2015-01-09 13:47 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-01-09 13:46 - 2015-01-09 13:46 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\katrin\Downloads\SpyHunter-Installer.exe
2015-01-09 03:05 - 2015-01-09 07:33 - 00000000 ____D () C:\ProgramData\Browser
2015-01-08 23:26 - 2015-01-09 08:47 - 00000000 ____D () C:\Users\katrin\AppData\Local\LPT
2015-01-08 23:26 - 2015-01-08 23:26 - 00000000 ____D () C:\Users\katrin\AppData\Local\Smartbar
2015-01-08 09:16 - 2015-01-08 09:16 - 11236528 _____ (Adobe Systems, Inc.) C:\Users\katrin\Downloads\flashplayer15_sa_win_32.exe
2015-01-08 07:38 - 2015-01-10 05:37 - 00010002 _____ () C:\Windows\PFRO.log
2015-01-08 03:44 - 2015-01-08 03:44 - 00857712 _____ ( ) C:\Users\katrin\Downloads\adobe_flash_setup.exe
2015-01-08 03:23 - 2015-01-08 23:40 - 00000000 ____D () C:\Program Files\Reimage
2015-01-08 03:23 - 2015-01-08 03:23 - 00002010 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-01-08 03:23 - 2015-01-08 03:23 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-01-08 03:22 - 2015-01-08 03:24 - 00000165 _____ () C:\Windows\Reimage.ini
2015-01-08 03:22 - 2015-01-08 03:24 - 00000000 ____D () C:\rei
2015-01-08 03:08 - 2015-01-08 23:24 - 00000000 ____D () C:\Program Files\mbot_de_395
2015-01-08 03:08 - 2015-01-08 03:08 - 00000000 ____D () C:\Program Files\predm
2015-01-08 03:01 - 2015-01-08 03:01 - 00000000 ____D () C:\ProgramData\658662426
2015-01-08 02:28 - 2015-01-08 03:59 - 00000000 ____D () C:\Users\katrin\AppData\Local\ConvertAd
2015-01-08 02:27 - 2015-01-09 08:57 - 00000000 ____D () C:\Users\katrin\AppData\Local\MovieWizard
2015-01-08 02:27 - 2015-01-08 02:55 - 00000000 ____D () C:\Users\katrin\Documents\ProPCCleaner
2015-01-08 02:27 - 2015-01-08 02:27 - 00003584 _____ () C:\Users\katrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-08 02:27 - 2015-01-08 02:27 - 00000000 ____D () C:\Users\katrin\AppData\Local\Pro_PC_Cleaner
2015-01-08 02:26 - 2015-01-08 02:26 - 00000000 ____D () C:\ProgramData\porFuCmvvC
2015-01-08 02:25 - 2015-01-08 02:57 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Pro PC Cleaner
2015-01-06 21:46 - 2015-01-06 23:35 - 803750130 _____ () C:\Users\katrin\Downloads\Being_Human_Wandern_zwischen_den_Zeiten_2015-01-02_2205_549476.avi
2015-01-06 21:46 - 2015-01-06 23:34 - 754118808 _____ () C:\Users\katrin\Downloads\Being_Human_Ausser_Kontrolle_2015-01-02_2015_549476.avi
2015-01-06 21:45 - 2015-01-06 23:32 - 707912142 _____ () C:\Users\katrin\Downloads\Being_Human_Der_Vollstrecker_2015-01-02_2305_549476.avi
2015-01-06 21:45 - 2015-01-06 23:29 - 792297842 _____ () C:\Users\katrin\Downloads\Sleepy_Hollow_Geborgte_Zeit_2015-01-05_2015_549476.avi
2015-01-06 21:45 - 2015-01-06 23:24 - 754359906 _____ () C:\Users\katrin\Downloads\Grimm_Blondes_Gift_Folge66_2015-01-05_2115_549476.avi
2015-01-06 21:45 - 2015-01-06 23:15 - 791104906 _____ () C:\Users\katrin\Downloads\Arrow_In_letzter_Sekunde_Folge46_2015-01-05_2015_549476.avi
2015-01-04 01:00 - 2015-01-10 10:38 - 00001848 _____ () C:\Windows\setupact.log
2015-01-04 01:00 - 2015-01-04 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-30 00:30 - 2014-12-30 01:42 - 755186136 _____ () C:\Users\katrin\Downloads\Grimm_Die_Truhe_Folge65_2014-12-29_2115_549476.avi
2014-12-30 00:29 - 2014-12-30 01:44 - 696604130 _____ () C:\Users\katrin\Downloads\Sleepy_Hollow_Die_verlorene_Kolonie_2014-12-29_2015_549476.avi
2014-12-30 00:29 - 2014-12-30 01:41 - 708656824 _____ () C:\Users\katrin\Downloads\Supernatural_Nur_ein_Zeichen_2014-12-29_2105_549476.avi
2014-12-30 00:29 - 2014-12-30 01:36 - 792997216 _____ () C:\Users\katrin\Downloads\Arrow_Brennende_Strassen_Folge45_2014-12-29_2015_549476.avi
2014-12-27 19:41 - 2014-12-27 21:20 - 1307545854 _____ () C:\Users\katrin\Downloads\Gefangene_der_Zeit_Teil_2_2014-12-22_2203_549476.avi
2014-12-27 19:41 - 2014-12-27 21:13 - 1237428886 _____ () C:\Users\katrin\Downloads\Gefangene_der_Zeit_Teil_1_2014-12-22_2015_549476.avi
2014-12-27 19:41 - 2014-12-27 21:01 - 801512836 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Rapunzels_Turm_der_Angst_Folge58_2014-12-17_2110_549476.avi
2014-12-27 19:41 - 2014-12-27 20:58 - 755052972 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Hexenjagd_Folge57_2014-12-17_2015_549476.avi
2014-12-24 02:50 - 2014-12-24 03:25 - 754064362 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Schattenseite_Folge57_2014-12-17_2305_549476.avi
2014-12-24 02:50 - 2014-12-24 03:22 - 745940088 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Wahrheit_oder_Pflicht_Folge56_2014-12-17_2210_549476.avi
2014-12-21 19:33 - 2014-12-21 19:33 - 00435672 _____ () C:\Users\katrin\Downloads\10568600_616375998467159_836702792_n.php
2014-12-21 12:34 - 2014-12-21 13:39 - 744530278 _____ () C:\Users\katrin\Downloads\The_Originals_Von_der_Wiege_bis_ins_Grab_2014-12-19_2110_549476.avi
2014-12-21 12:34 - 2014-12-21 13:36 - 615681282 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Rate_wer_zum_Essen_kommt_2014-12-19_0050_549476.avi
2014-12-21 12:34 - 2014-12-21 13:34 - 752956744 _____ () C:\Users\katrin\Downloads\The_Originals_Schlacht_um_New_Orleans_2014-12-19_2015_549476.avi
2014-12-21 12:34 - 2014-12-21 13:26 - 614699332 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Erpressung_2014-12-19_0130_549476.avi
2014-12-18 22:30 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 02:02 - 2014-12-18 02:02 - 00000700 _____ () C:\Users\katrin\Documents\cc_20141218_020241.reg
2014-12-17 00:57 - 2014-11-22 11:46 - 00032912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-12-16 07:44 - 2014-12-16 09:08 - 696315930 _____ () C:\Users\katrin\Downloads\Being_Human_Der_Alphawolf_2014-12-12_2110_549476.avi
2014-12-15 12:39 - 2014-12-15 13:13 - 1339776888 _____ (Unity Technologies ApS) C:\Users\katrin\Downloads\UnitySetup-4.6.1.exe
2014-12-14 21:39 - 2014-12-14 21:39 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-14 21:39 - 2014-12-14 21:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-14 21:39 - 2014-12-14 21:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-14 00:52 - 2014-12-14 00:52 - 00001248 _____ () C:\Users\katrin\Documents\cc_20141214_005229.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 00:31 - 2014-03-27 10:11 - 00000000 ____D () C:\FRST
2015-01-11 00:22 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 00:22 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 00:18 - 2013-12-20 01:16 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Skype
2015-01-11 00:12 - 2013-12-19 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 00:01 - 2014-04-25 09:12 - 00000258 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2015-01-10 23:02 - 2013-12-19 22:16 - 01061965 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 20:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-01-10 17:02 - 2013-12-19 22:18 - 00000000 ____D () C:\Users\katrin
2015-01-10 10:38 - 2014-11-24 02:05 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-10 10:38 - 2013-12-19 22:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-10 10:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 13:47 - 2014-01-26 02:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-09 11:01 - 2014-09-15 01:31 - 00000000 ____D () C:\Program Files\ASP
2015-01-09 08:47 - 2014-11-18 22:42 - 00000000 ____D () C:\Program Files\Common Files\ClaraUpdater
2015-01-09 08:47 - 2014-09-04 09:01 - 00000000 ____D () C:\Program Files\SupTab
2015-01-09 08:47 - 2014-01-08 01:55 - 00000000 ____D () C:\Program Files\VideoPlayer
2015-01-09 08:46 - 2014-09-15 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2015-01-08 23:26 - 2014-09-04 09:01 - 00000000 ____D () C:\ProgramData\IePluginServices
2015-01-08 03:49 - 2014-08-20 20:13 - 00000000 ____D () C:\Users\katrin\AppData\Local\Adobe
2015-01-08 03:49 - 2013-12-19 22:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-08 03:49 - 2013-12-19 22:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-08 03:21 - 2014-03-21 01:06 - 00000000 ____D () C:\Users\katrin\Downloads\backups
2015-01-08 03:13 - 2014-03-21 01:04 - 00005699 _____ () C:\Users\katrin\Downloads\hijackthis.log
2015-01-08 03:01 - 2014-11-18 22:56 - 00000000 ____D () C:\ProgramData\2308189059
2015-01-06 04:36 - 2012-01-10 21:52 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 21:18 - 2010-11-20 22:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 00:58 - 2013-12-20 00:15 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-13 11:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-13 09:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-13 01:12 - 2014-08-03 08:23 - 01291464 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-12-13 01:12 - 2013-12-20 00:31 - 02210040 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-12-12 01:09 - 2014-12-11 23:59 - 792191532 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Geraubte_Kuesse_Folge55_2014-12-10_2300_549476.avi
2014-12-12 01:08 - 2014-12-11 23:59 - 754764180 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Verrueckt_Folge54_2014-12-10_2205_549476.avi
2014-12-12 01:08 - 2014-12-11 23:59 - 754184846 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Es_war_keinmal_Folge55_2014-12-10_2015_549476.avi
2014-12-12 01:07 - 2014-12-11 23:59 - 744589354 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Gruen_ist_das_neue_Schwarz_Folge56_2014-12-10_2110_549476.avi

Some content of TEMP:
====================
C:\Users\katrin\AppData\Local\Temp\BackupSetup.exe
C:\Users\katrin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpagoshq.dll
C:\Users\katrin\AppData\Local\Temp\inevw1qx.dll
C:\Users\katrin\AppData\Local\Temp\optprosetup.exe
C:\Users\katrin\AppData\Local\Temp\ReimagePackage.exe
C:\Users\katrin\AppData\Local\Temp\sdf1FC5.exe
C:\Users\katrin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\katrin\AppData\Local\Temp\tedlzqug.dll
C:\Users\katrin\AppData\Local\Temp\vy-lzjg0.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 13:12

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 11.01.2015, 08:30

Du hast zweimal die FRST.txt gepostet, dafür fehlt die Addition.txt

paula1504 · 11.01.2015, 23:23

ups...sorry...hab ich garnicht bemerkt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-01-2015
Ran by katrin at 2015-01-11 23:21:08
Running from C:\Users\katrin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advanced-System Protector (HKLM\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1) (Version: 2.1.1000.14452 - systweak.com) <==== ATTENTION
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Brick-Force (HKLM\...\{9853ABB2-6416-4C87-8650-DD8E528FF564}}_is1) (Version: 3.19.331.104.16 - Infernum Productions AG)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
ConvertAd (HKLM\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION!
Dropbox (HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
eMule (HKLM\...\eMule) (Version:  - )
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{8D7507C3-DF2B-4740-8700-8227C2C7AE81}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Hilfe (HKLM\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
ICQ 8.2 (build 6901) (HKU\S-1-5-21-430205881-583344909-559689374-1000\...\ICQ) (Version: 8.2.6901.0 - ICQ)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Need for Speed™ Most Wanted (HKLM\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{2DF7E764-1BA5-4291-B8CB-E222DFC91746}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity (HKLM\...\Unity) (Version: 4.5.5f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-430205881-583344909-559689374-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
UpdateStar Drivers (HKLM\...\UpdateStar Drivers) (Version: 7.0.0 - UpdateStar)
VideoPlayer v2.0.6 (HKLM\...\VideoPlayer) (Version: v2.0.6 - TUGUU SL) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-430205881-583344909-559689374-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-430205881-583344909-559689374-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-430205881-583344909-559689374-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\katrin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-430205881-583344909-559689374-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-430205881-583344909-559689374-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-430205881-583344909-559689374-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-430205881-583344909-559689374-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-430205881-583344909-559689374-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-430205881-583344909-559689374-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-430205881-583344909-559689374-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-430205881-583344909-559689374-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

07-01-2015 00:16:13 Windows Update
08-01-2015 02:49:29 Revo Uninstaller's restore point - Movie Wizard
08-01-2015 02:52:45 Revo Uninstaller's restore point - MyPC Backup 
08-01-2015 02:54:22 Revo Uninstaller's restore point - Pro PC Cleaner
08-01-2015 02:58:55 Revo Uninstaller's restore point - winengine
08-01-2015 03:00:41 Revo Uninstaller's restore point - Optimizer Pro v3.2
08-01-2015 03:02:41 Revo Uninstaller's restore point - InetStat
08-01-2015 03:04:39 Revo Uninstaller's restore point - Search Protect
08-01-2015 03:07:40 Revo Uninstaller's restore point - GamesDesktop 014.66
08-01-2015 03:50:12 Revo Uninstaller's restore point - Vosteran
08-01-2015 03:51:38 Revo Uninstaller's restore point - WSE_Vosteran
08-01-2015 23:32:39 Revo Uninstaller's restore point - SafeFinder Smartbar
08-01-2015 23:34:15 Revo Uninstaller's restore point - SafeFinder Smartbar Engine
08-01-2015 23:35:11 Revo Uninstaller's restore point - SafeFinder Smartbar
08-01-2015 23:37:46 Revo Uninstaller's restore point - SafeFinder Smartbar
08-01-2015 23:38:45 Revo Uninstaller's restore point - Reimage Repair
09-01-2015 08:46:55 Advanced-System Protector
09-01-2015 16:36:37 Revo Uninstaller's restore point - SpyHunter 4

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-11-18 22:59 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {024A6D31-8AC3-4700-A6CE-3BB741BA8EE0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {0ABF46D1-BDBD-4170-AEBC-09605FBD8F0F} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {1B3F1CC2-BE60-4276-B66B-419D3A9D2388} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files\Pro PC Cleaner\Splash.exe
Task: {2EDB005A-E09A-4068-B4D0-485D4EDFBB43} - System32\Tasks\{78A4D4D5-A097-4E62-934F-10719AFB36EA} => pcalua.exe -a C:\Users\katrin\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe
Task: {34C43488-0F4A-40A3-B811-C4A1A5C2C993} - System32\Tasks\Run_Bobby_Browser => C:\Users\katrin\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {40A0994E-05E6-4E71-81CF-28F18FDF04F9} - System32\Tasks\Advanced-System Protector => C:\Program Files\ASP\AspManager.exe [2014-12-09] ()
Task: {54122829-6CA7-48A3-A084-1DBDF0C5136A} - System32\Tasks\{EE8FB953-2697-4CF0-BCB4-126841796013} => pcalua.exe -a C:\ProgramData\Websteroids\uninstall.exe -c /kb=y /ic=2
Task: {7ACAE2E0-B6EF-4E6E-9DD7-0AF61F30C9EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-08] (Adobe Systems Incorporated)
Task: {924AB9AB-F8C6-45FC-8B0C-4DDF5924552D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9982F324-60D2-4F06-9A28-D0B05EEE1F8E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-26] (AVAST Software)
Task: {AD3329CD-35C5-42F8-8084-151AA984C41E} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {B1F57654-EEF7-4F63-AE4C-A428BC409E94} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {BAF79153-2317-41B0-8B44-37AE1210F4F8} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== ATTENTION
Task: {BEDA6AC6-7AA6-4836-B493-363A6BF8372E} - System32\Tasks\{984CBC3F-AD23-4BBD-A163-CDD2677DDECC} => pcalua.exe -a E:\setup\rsrc\Autorun.exe -d E:\
Task: {D19C0D12-B67D-4F69-A900-DDA9035D6534} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-12-02] (Reimage®) <==== ATTENTION
Task: {EEA21AE4-0FD6-483F-9B19-D432AD2E1606} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files\CHIP Updater\CHIPUpdater.exe
Task: {EF505A9E-575C-4826-BFD3-9A7E1F68C9A4} - System32\Tasks\ProPCCleaner_Start => C:\Program Files\Pro PC Cleaner\ProPCCleaner.exe
Task: {F9511491-35BC-41AE-B64F-E2214063CBCE} - System32\Tasks\Smart Driver Updater Schedule => C:\Program Files\Smart Driver Updater\SDUTray.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2015-01-10 18:46 - 2015-01-10 18:46 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011002\algo.dll
2015-01-11 21:28 - 2015-01-11 21:28 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011101\algo.dll
2013-12-20 00:28 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-11-26 18:59 - 2014-11-26 18:59 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-03 16:19 - 2014-01-03 16:19 - 00857944 _____ () C:\Users\katrin\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2014-11-19 16:37 - 2014-11-19 16:37 - 00053264 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 00088080 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\srau.dll
2014-11-19 16:37 - 2014-11-19 16:37 - 00167952 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-11-19 16:37 - 2014-11-19 16:37 - 02508816 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 00069136 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\spbl.dll
2014-11-19 16:37 - 2014-11-19 16:37 - 00160784 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00016400 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\siem.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 00069648 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\sppsm.dll
2014-11-19 16:37 - 2014-11-19 16:37 - 00698896 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-11-19 16:37 - 2014-11-19 16:37 - 00016912 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-11-19 16:37 - 2014-11-19 16:37 - 00080912 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-11-19 16:37 - 2014-11-19 16:37 - 00029200 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 00072720 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\srut.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 00031760 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\srsbs.dll
2014-11-19 16:37 - 2014-11-19 16:37 - 00067600 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 00152592 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\smti.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 00075792 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\smsp.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00012304 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\sidc.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 00032784 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\smtu.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 00040976 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\smta.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 00033296 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\srom.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 00049680 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\srbu.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00026128 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\sgml.dll
2014-11-19 16:37 - 2014-11-19 16:37 - 00064016 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 00027152 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\srpdm.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00045584 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-11-19 16:29 - 2014-11-19 16:29 - 00027152 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-11-19 16:37 - 2014-11-19 16:37 - 00037392 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00195088 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\sgmu.dll
2014-05-11 17:46 - 2014-05-11 17:46 - 00061440 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-11-19 16:38 - 2014-11-19 16:38 - 00257552 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\srns.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00750080 _____ () C:\Users\katrin\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-11 09:28 - 2015-01-11 09:28 - 00043008 _____ () c:\users\katrin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkx30m8.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00047616 _____ () C:\Users\katrin\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00863744 _____ () C:\Users\katrin\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00200704 _____ () C:\Users\katrin\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-14 21:39 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-05 18:39 - 2014-11-05 18:39 - 02107464 _____ () C:\Users\katrin\AppData\LocalLow\Unity\WebPlayer\mono\Stable3.x.x\mono-1-vc.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00025616 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\Lrcnta.exe
2014-11-19 16:36 - 2014-11-19 16:36 - 00035344 _____ () C:\Users\katrin\AppData\Local\Smartbar\Application\lrcnt.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-430205881-583344909-559689374-500 - Administrator - Disabled)
Gast (S-1-5-21-430205881-583344909-559689374-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-430205881-583344909-559689374-1002 - Limited - Enabled)
katrin (S-1-5-21-430205881-583344909-559689374-1000 - Administrator - Enabled) => C:\Users\katrin

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2015 09:27:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 10:39:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 05:39:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 05:38:03 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/10/2015 05:38:03 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/10/2015 05:38:03 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (01/09/2015 04:36:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {eab80fe9-e548-4cea-b03b-be374de5cfe6}

Error: (01/09/2015 11:03:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 08:46:55 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {c8551d61-6f31-48cc-91d2-6e6a53b0b466}

Error: (01/09/2015 07:27:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/11/2015 09:27:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "dSToWg" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/11/2015 09:26:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ClaraUpdater" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/11/2015 09:26:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/11/2015 02:41:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet: 
%%1115

Error: (01/10/2015 10:38:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "dSToWg" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/10/2015 10:38:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ClaraUpdater" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/10/2015 10:38:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/10/2015 05:41:24 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (01/10/2015 05:38:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "dSToWg" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/10/2015 05:37:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ClaraUpdater" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (01/11/2015 09:27:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 10:39:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 05:39:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 05:38:03 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/10/2015 05:38:03 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/10/2015 05:38:03 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (01/09/2015 04:36:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {eab80fe9-e548-4cea-b03b-be374de5cfe6}

Error: (01/09/2015 11:03:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 08:46:55 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {c8551d61-6f31-48cc-91d2-6e6a53b0b466}

Error: (01/09/2015 07:27:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 620 Processor
Percentage of memory in use: 80%
Total physical RAM: 2047.18 MB
Available physical RAM: 398.89 MB
Total Pagefile: 4094.35 MB
Available Pagefile: 1348.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:80.92 GB) NTFS
Drive d: () (Fixed) (Total:149.05 GB) (Free:118.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: DCBADCBA)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C5E8C5E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 12.01.2015, 09:30

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Advanced-System Protector

ConvertAd

VideoPlayer v2.0.6
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

paula1504 · 12.01.2015, 18:59

Code:

ATTFilter

ComboFix 15-01-08.01 - katrin 12.01.2015  18:44:05.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.2047.630 [GMT 1:00]
ausgeführt von:: c:\users\katrin\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2308189059
c:\programdata\658662426
c:\programdata\658662426\BIT325C.tmp
c:\users\katrin\AppData\Local\nsr2301.tmp
c:\windows\system32\SET1E7C.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-12 bis 2015-01-12  ))))))))))))))))))))))))))))))
.
.
2015-01-12 17:51 . 2015-01-12 17:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-10 16:02 . 2015-01-12 05:46	--------	d-----r-	c:\users\katrin\Dropbox
2015-01-10 10:33 . 2015-01-12 17:49	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4F0759D-BEF0-473F-BB12-8F05805A8E8E}\offreg.dll
2015-01-10 10:20 . 2015-01-12 05:46	--------	d-----w-	c:\users\katrin\AppData\Roaming\Dropbox
2015-01-09 12:47 . 2015-01-09 12:47	19984	----a-w-	c:\windows\system32\drivers\EsgScanner.sys
2015-01-09 07:34 . 2014-12-02 11:01	9054624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4F0759D-BEF0-473F-BB12-8F05805A8E8E}\mpengine.dll
2015-01-09 06:27 . 2015-01-09 06:27	--------	d-----w-	c:\windows\system32\wbem\AutoRecover
2015-01-09 02:05 . 2015-01-09 06:33	--------	d-----w-	c:\programdata\Browser
2015-01-08 22:26 . 2015-01-09 07:47	--------	d-----w-	c:\users\katrin\AppData\Local\LPT
2015-01-08 22:26 . 2015-01-08 22:26	--------	d-----w-	c:\users\katrin\AppData\Local\Smartbar
2015-01-08 02:23 . 2015-01-08 02:23	--------	d-----w-	c:\programdata\Reimage Protector
2015-01-08 02:23 . 2015-01-08 22:40	--------	d-----w-	c:\program files\Reimage
2015-01-08 02:22 . 2015-01-08 02:24	--------	d-----w-	C:\rei
2015-01-08 02:08 . 2015-01-08 22:24	--------	d-----w-	c:\program files\mbot_de_395
2015-01-08 02:08 . 2015-01-08 02:08	--------	d-----w-	c:\program files\predm
2015-01-08 01:27 . 2015-01-09 07:57	--------	d-----w-	c:\users\katrin\AppData\Local\MovieWizard
2015-01-08 01:27 . 2015-01-08 01:27	--------	d-----w-	c:\users\katrin\AppData\Local\Pro_PC_Cleaner
2015-01-08 01:26 . 2015-01-08 01:26	--------	d-----w-	c:\programdata\porFuCmvvC
2015-01-08 01:25 . 2015-01-08 01:57	--------	d-----w-	c:\users\katrin\AppData\Roaming\Pro PC Cleaner
2014-12-18 21:30 . 2014-12-13 03:33	115712	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-16 23:57 . 2014-11-22 10:46	32912	----a-w-	c:\windows\system32\drivers\nvvad32v.sys
2014-12-14 20:39 . 2014-12-14 20:39	--------	d-----w-	c:\program files\Mozilla Maintenance Service
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-08 02:49 . 2013-12-19 21:22	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-08 02:49 . 2013-12-19 21:22	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-01-06 03:36 . 2012-01-10 20:52	249488	------w-	c:\windows\system32\MpSigStub.exe
2014-12-13 00:12 . 2014-08-03 07:23	1291464	----a-w-	c:\windows\system32\nvspbridge.dll
2014-12-13 00:12 . 2013-12-19 23:31	2210040	----a-w-	c:\windows\system32\nvspcap.dll
2014-12-04 04:38 . 2014-12-10 02:18	337920	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 04:38 . 2014-12-10 02:18	610304	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 04:38 . 2014-12-10 02:18	315392	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 04:38 . 2014-12-10 02:18	728576	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 04:38 . 2014-12-10 02:18	159744	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 04:38 . 2014-12-10 02:18	202752	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 04:34 . 2014-12-10 02:18	873984	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 02:18	1160872	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-26 17:59 . 2014-07-10 10:47	787800	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-11-26 17:59 . 2014-07-10 10:47	423784	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-11-26 17:59 . 2014-07-10 10:47	91496	----a-w-	c:\windows\system32\drivers\aswStm.sys
2014-11-26 17:59 . 2014-07-10 10:47	206248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-11-26 17:59 . 2014-07-10 10:47	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-11-26 17:59 . 2014-07-10 10:47	70384	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-11-26 17:59 . 2014-07-10 10:47	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-11-26 17:59 . 2014-07-10 10:47	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-11-26 17:59 . 2014-11-26 17:59	291352	----a-w-	c:\windows\system32\aswBoot.exe
2014-11-26 17:59 . 2014-11-26 17:59	43152	----a-w-	c:\windows\avastSS.scr
2014-11-22 10:46 . 2013-12-19 23:20	32400	----a-w-	c:\windows\system32\nvaudcap32v.dll
2014-11-22 02:20 . 2014-12-10 02:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-10 02:17	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-10 02:17	501248	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-10 02:17	62464	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-10 02:17	47616	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 02:17	64000	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-10 02:17	102912	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-10 02:17	620032	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-10 02:17	667648	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-10 02:17	60416	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 02:17	4299264	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-10 02:17	2052096	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 02:17	1155072	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-10 02:17	1888256	----a-w-	c:\windows\system32\wininet.dll
2014-11-18 22:25 . 2014-11-18 22:26	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-11-11 02:44 . 2014-12-10 02:18	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 00:02	186880	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 00:02	550912	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 01:32 . 2014-12-10 02:18	74752	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-11-08 02:45 . 2014-12-10 02:16	2048	----a-w-	c:\windows\system32\tzres.dll
2014-10-30 01:45 . 2014-12-10 02:16	155136	----a-w-	c:\windows\system32\charmap.exe
2014-10-25 01:32 . 2014-11-11 20:38	67584	----a-w-	c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-11 20:42	571904	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-12-10 02:37	3209728	----a-w-	c:\windows\system32\mf.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16	131480	----a-w-	c:\users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16	131480	----a-w-	c:\users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16	131480	----a-w-	c:\users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16	131480	----a-w-	c:\users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16	131480	----a-w-	c:\users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16	131480	----a-w-	c:\users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16	131480	----a-w-	c:\users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-01-09 03:16	131480	----a-w-	c:\users\katrin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-26 17:59	723976	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\users\katrin\AppData\Roaming\ICQM\icq.exe" [2014-01-03 33664344]
"UpdateStar Drivers"="c:\program files\UpdateStar Drivers\drivers.exe" [2014-01-28 7332776]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22067296]
"Browser Infrastructure Helper"="c:\users\katrin\AppData\Local\Smartbar\Application\SafeFinder.exe" [2014-11-19 30224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 7514656]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-12-13 2210040]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-09 5227112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
c:\users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-1-9 39206888]
Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3070 B611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1A8437WJ05MQ;CONNECTION=USB;MONITOR=1; [2009-7-14 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sasnative32
.
R2 ClaraUpdater;ClaraUpdater;c:\program files\Common Files\ClaraUpdater\ClaraUpdater.exe [x]
R2 dSToWg;dSToWg;c:\programdata\porFuCmvvC\dSToWg.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x]
R3 AVEO;STARTEC UVC Driver;c:\windows\system32\DRIVERS\AVEOdcnt.sys [2011-10-24 278528]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]
R3 cpuz134;cpuz134;c:\users\katrin\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2015-01-09 19984]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 XDva409;XDva409;c:\windows\system32\XDva409.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-26 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-11-26 423784]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-11-26 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-11-26 70384]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-11-26 91496]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 915600]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 18186896]
S2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\Reimage\Reimage Protector\ReiGuard.exe [2014-12-02 5886824]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-11-22 32912]
S3 XDva410;XDva410;c:\windows\system32\XDva410.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-19 02:49]
.
2015-01-12 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.com/?trackid=sp-006
mStart Page = https://www.google.com/?trackid=sp-006
mSearch Bar = https://www.google.com/?trackid=sp-006
uSearchAssistant = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWwRlCR5iaWrwOo9ltcw9MWdkwMuV3wwb6KrwVr3V_T8Bzvk4V29T8l98hX8T8Ok-ezNtAagXO6dmtArdSQ_dJWxj3RX-pEh3dcXPJG5347pbCn9eSYfUzQvTPpR8ZaQPwv7QyL98FRGFwIl3h3cK2z6mnQ_oV5i4Eop2AUncwyHnX6O59vcag,,&q={searchTerms}
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\katrin\AppData\Roaming\Mozilla\Firefox\Profiles\gyku3bxj.default\
FF - prefs.js: browser.search.defaulturl - hxxps://de.search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - SafeFinder Search
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWwRlCR5iaWrwOo9ltcw9MWdkwMuV3wwb6KrwVr3V_T8Bzvk4V29T8l98hX8T8Ok-ezNtAagXO6dmtArdSQ_dJWxj3RX-pEh3dcXPJG5347pbCn9eSYfUzQvTPpR8ZaQPwv7QyL98FRGFwIl3h3cK2z6mnQ_oV5i4Eop2AUncwyHnX6O59vcag,,&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKLM-Run-gmsd_de_66 - (no file)
HKLM-Run-mbot_de_395 - (no file)
AddRemove-I - Cinema - c:\program files\Common Files\ClaraUpdater\ClaraUpdater.exe
AddRemove-UnityWebPlayer - c:\users\katrin\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-12  18:53:04
ComboFix-quarantined-files.txt  2015-01-12 17:53
.
Vor Suchlauf: 12 Verzeichnis(se), 86.499.733.504 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 86.484.107.264 Bytes frei
.
- - End Of File - - 5825C4E047A8083F70FFC65A47582E2E
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 12.01.2015, 20:39

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

paula1504 · 12.01.2015, 22:18

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 12.01.2015 21:15:12, SYSTEM, KATRIN-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 12.01.2015 21:15:12, SYSTEM, KATRIN-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.7.1, 
Update, 12.01.2015 21:15:27, SYSTEM, KATRIN-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.12.8, 

(end)

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 12/01/2015 um 21:44:05
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-11.2 [Live]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : katrin - KATRIN-PC
# Gestartet von : C:\Users\katrin\Downloads\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : ReimageRealTimeProtector
[#] Dienst Gelöscht : ClaraUpdater

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Meteoroids
Ordner Gelöscht : C:\ProgramData\Browser
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Reimage Protector
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Program Files\predm
Ordner Gelöscht : C:\Program Files\Reimage
Ordner Gelöscht : C:\Program Files\SupTab
Ordner Gelöscht : C:\Program Files\Common Files\IMGUpdater
Ordner Gelöscht : C:\Program Files\Common Files\Umbrella
Ordner Gelöscht : C:\Program Files\Common Files\ClaraUpdater
Ordner Gelöscht : C:\Users\katrin\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Windows\system32\config\systemprofile\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\katrin\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\katrin\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\katrin\AppData\Roaming\Activeris
Ordner Gelöscht : C:\Users\katrin\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\katrin\AppData\Roaming\ARecEngine
Ordner Gelöscht : C:\Users\katrin\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\katrin\AppData\Roaming\Pro PC Cleaner
Ordner Gelöscht : C:\Users\katrin\Documents\Optimizer Pro
Datei Gelöscht : C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\katrin\AppData\Roaming\Mozilla\Firefox\Profiles\2u691e4p.default-1408565689574\user.js

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup
Task Gelöscht : ReimageUpdater
Task Gelöscht : Reimage Reminder
Task Gelöscht : WOT WTHUR1
Task Gelöscht : WOT WTUE1
Task Gelöscht : WOT WMON1
Task Gelöscht : WOT WW1
Task Gelöscht : WOT WFRI1
Task Gelöscht : WOT WW2
Task Gelöscht : WOT WWED1
Task Gelöscht : Run_Bobby_Browser
Task Gelöscht : WOT W1
Task Gelöscht : WOT W2
Task Gelöscht : WOT T
Task Gelöscht : WOT N
Task Gelöscht : Smart Driver Updater Schedule
Task Gelöscht : ProPCCleaner_Start
Task Gelöscht : ProPCCleaner_Popup
Task Gelöscht : GoodGameEmpire W1
Task Gelöscht : GoodGameEmpire W2
Task Gelöscht : GoodGameEmpire NextW1
Task Gelöscht : GoodGameEmpire NextW2

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\katrin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Tune
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKCU\Software\Wnkey
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tune
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)

[2u691e4p.default-1408565689574\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Vosteran");
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "SafeFinder Search");
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_coinis_15_02_ff&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AyC0CyD0A0B0Bzy0AtDtAtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzyt[...]
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_coinis_15_02_ff&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AyC0CyD0A0B0Bzy0AtDtAtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBz[...]
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_coinis_15_02_ff&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AyC0CyD0A0B0Bzy0AtDtAtN0D0Tzu0StCtCtDtBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEt[...]
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.BUTTON_STRUCTURE", "[{\"b\":221525069,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221525070,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.firstKnownVersion", "6.72.4.57159");
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?n=780ce8aa&p2=^AYY^xpi000^LADEDE^");
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.initialized", true);
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.contextKey", "");
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.installDate", "2014111914");
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerId", "^AYY^xpi000^LADEDE^");
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerSubId", "");
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.success", false);
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.isCompliantUninstallImplementation", true);
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.lastKnownVersion", "6.72.4.57159");
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.defaultSearch", false);
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.homePageEnabled", false);
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.keywordEnabled", false);
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.tabEnabled", false);
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.partnerPixelFired", false);
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.successUrl", "hxxp://allin1convert.dl.tb.ask.com/installComplete.jhtml");
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.toolbarCollapsed", false);
[gyku3bxj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");

*************************

AdwCleaner[R0].txt - [4036 octets] - [26/01/2014 03:09:28]
AdwCleaner[R1].txt - [4253 octets] - [20/03/2014 20:53:30]
AdwCleaner[R2].txt - [1881 octets] - [28/03/2014 09:44:57]
AdwCleaner[R3].txt - [9598 octets] - [20/08/2014 12:26:34]
AdwCleaner[R4].txt - [9470 octets] - [12/01/2015 21:39:31]
AdwCleaner[S0].txt - [3770 octets] - [26/01/2014 03:10:58]
AdwCleaner[S1].txt - [4144 octets] - [20/03/2014 20:54:28]
AdwCleaner[S2].txt - [1793 octets] - [28/03/2014 09:50:36]
AdwCleaner[S3].txt - [8904 octets] - [20/08/2014 12:29:38]
AdwCleaner[S4].txt - [9989 octets] - [12/01/2015 21:44:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [10049 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x86
Ran by katrin on 12.01.2015 at 21:51:00,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\005"
Successfully deleted: [Folder] "C:\Users\katrin\documents\propccleaner"



~~~ FireFox

Emptied folder: C:\Users\katrin\AppData\Roaming\mozilla\firefox\profiles\gyku3bxj.default\minidumps [263 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.01.2015 at 21:53:07,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-01-2015
Ran by katrin (administrator) on KATRIN-PC on 12-01-2015 21:54:15
Running from C:\Users\katrin\Downloads
Loaded Profile: katrin (Available profiles: katrin)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ICQ) C:\Users\katrin\AppData\Roaming\ICQM\icq.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [icq] => C:\Users\katrin\AppData\Roaming\ICQM\icq.exe [33664344 2014-01-03] (ICQ)
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [UpdateStar Drivers] => C:\Program Files\UpdateStar Drivers\drivers.exe [7332776 2014-01-28] ()
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
Startup: C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sasnative32
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-430205881-583344909-559689374-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-430205881-583344909-559689374-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\katrin\AppData\Roaming\Mozilla\Firefox\Profiles\gyku3bxj.default
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-430205881-583344909-559689374-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\katrin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-430205881-583344909-559689374-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-10]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-13] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-13] (NVIDIA Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 dSToWg; "C:\ProgramData\porFuCmvvC\dSToWg.exe" [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [278528 2011-10-24] (AVEO)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-09] ()
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [114904 2015-01-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
S3 athr; system32\DRIVERS\athr.sys [X]
S3 catchme; \??\C:\Users\katrin\AppData\Local\Temp\catchme.sys [X]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [X]
S3 cpuz134; \??\C:\Users\katrin\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 21:53 - 2015-01-12 21:53 - 00000886 _____ () C:\Users\katrin\Desktop\JRT.txt
2015-01-12 21:50 - 2015-01-12 21:50 - 01707939 _____ (Thisisu) C:\Users\katrin\Downloads\JRT(1).exe
2015-01-12 21:38 - 2015-01-12 21:38 - 02191360 _____ () C:\Users\katrin\Downloads\AdwCleaner_4.107.exe
2015-01-12 21:15 - 2015-01-12 21:15 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 21:14 - 2015-01-12 21:14 - 00001016 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-12 21:14 - 2015-01-12 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-12 21:14 - 2015-01-12 21:14 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-12 21:14 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-12 21:14 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-12 21:14 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-12 21:13 - 2015-01-12 21:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\katrin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-12 18:53 - 2015-01-12 18:53 - 00018092 _____ () C:\ComboFix.txt
2015-01-12 18:41 - 2015-01-12 18:53 - 00000000 ____D () C:\Qoobox
2015-01-12 18:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-12 18:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-12 18:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-12 18:40 - 2015-01-12 18:52 - 00000000 ____D () C:\Windows\erdnt
2015-01-12 18:40 - 2015-01-12 18:40 - 05609736 ____R (Swearware) C:\Users\katrin\Downloads\ComboFix.exe
2015-01-12 18:32 - 2015-01-12 18:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\katrin\Downloads\revosetup95.exe
2015-01-12 07:42 - 2015-01-12 10:31 - 754783698 _____ () C:\Users\katrin\Downloads\Being_Human_Schoene_neue_Welt_2015-01-09_2255_549476.avi
2015-01-12 07:42 - 2015-01-12 10:31 - 752956754 _____ () C:\Users\katrin\Downloads\Being_Human_Die_Unwissenden_2015-01-09_2015_549476.avi
2015-01-12 07:42 - 2015-01-12 10:28 - 751618454 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Du_darfst_nicht_sterben_2015-01-08_2015_549476.avi
2015-01-12 07:42 - 2015-01-12 10:27 - 698100160 _____ () C:\Users\katrin\Downloads\Being_Human_Der_Ursprung_des_Boesen_2015-01-09_2110_549476.avi
2015-01-12 07:42 - 2015-01-12 10:25 - 759168070 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Wo_Lumi_re_ist_ist_auch_Schatten_Folge59_2015-01-07_2015_549476.avi
2015-01-12 07:42 - 2015-01-12 10:21 - 745529272 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Vorfahren_2015-01-08_2110_549476.avi
2015-01-12 07:42 - 2015-01-12 10:16 - 754429464 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Weiblich_Ledig_Aengstlich_sucht_Folge58_2015-01-07_2205_549476.avi
2015-01-12 07:42 - 2015-01-12 10:15 - 745470722 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Kleine_Morde_unter_Freunden_Folge59_2015-01-07_2300_549476.avi
2015-01-12 07:42 - 2015-01-12 10:14 - 745796118 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Gruen_vor_Neid_Folge60_2015-01-07_2110_549476.avi
2015-01-12 07:42 - 2015-01-12 10:08 - 745910652 _____ () C:\Users\katrin\Downloads\Being_Human_Gefangen_im_Horrorhaus_2015-01-09_2200_549476.avi
2015-01-11 00:21 - 2015-01-12 21:54 - 00011753 _____ () C:\Users\katrin\Downloads\FRST.txt
2015-01-11 00:16 - 2015-01-11 00:16 - 02124288 _____ (Farbar) C:\Users\katrin\Downloads\FRST64.exe
2015-01-11 00:16 - 2015-01-11 00:16 - 01115648 _____ (Farbar) C:\Users\katrin\Downloads\FRST.exe
2015-01-10 17:02 - 2015-01-12 21:47 - 00000000 ___RD () C:\Users\katrin\Dropbox
2015-01-10 17:02 - 2015-01-10 17:02 - 00001129 _____ () C:\Users\katrin\Desktop\Dropbox.lnk
2015-01-10 11:22 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-10 11:20 - 2015-01-12 21:46 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Dropbox
2015-01-10 11:18 - 2015-01-10 11:20 - 46882112 _____ (Dropbox, Inc.) C:\Users\katrin\Downloads\Dropbox_3.0.5.exe
2015-01-10 05:45 - 2015-01-10 05:45 - 00002344 _____ () C:\Windows\system32\ScanResults.xml
2015-01-10 05:38 - 2015-01-10 05:38 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-01-09 13:47 - 2015-01-09 13:47 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-01-09 13:46 - 2015-01-09 13:46 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\katrin\Downloads\SpyHunter-Installer.exe
2015-01-08 09:16 - 2015-01-08 09:16 - 11236528 _____ (Adobe Systems, Inc.) C:\Users\katrin\Downloads\flashplayer15_sa_win_32.exe
2015-01-08 07:38 - 2015-01-12 21:45 - 00012898 _____ () C:\Windows\PFRO.log
2015-01-08 03:44 - 2015-01-08 03:44 - 00857712 _____ ( ) C:\Users\katrin\Downloads\adobe_flash_setup.exe
2015-01-08 03:22 - 2015-01-08 03:24 - 00000000 ____D () C:\rei
2015-01-08 03:08 - 2015-01-08 23:24 - 00000000 ____D () C:\Program Files\mbot_de_395
2015-01-08 02:27 - 2015-01-08 02:27 - 00003584 _____ () C:\Users\katrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-08 02:27 - 2015-01-08 02:27 - 00000000 ____D () C:\Users\katrin\AppData\Local\Pro_PC_Cleaner
2015-01-08 02:26 - 2015-01-08 02:26 - 00000000 ____D () C:\ProgramData\porFuCmvvC
2015-01-06 21:46 - 2015-01-06 23:35 - 803750130 _____ () C:\Users\katrin\Downloads\Being_Human_Wandern_zwischen_den_Zeiten_2015-01-02_2205_549476.avi
2015-01-06 21:46 - 2015-01-06 23:34 - 754118808 _____ () C:\Users\katrin\Downloads\Being_Human_Ausser_Kontrolle_2015-01-02_2015_549476.avi
2015-01-06 21:45 - 2015-01-06 23:32 - 707912142 _____ () C:\Users\katrin\Downloads\Being_Human_Der_Vollstrecker_2015-01-02_2305_549476.avi
2015-01-06 21:45 - 2015-01-06 23:29 - 792297842 _____ () C:\Users\katrin\Downloads\Sleepy_Hollow_Geborgte_Zeit_2015-01-05_2015_549476.avi
2015-01-06 21:45 - 2015-01-06 23:24 - 754359906 _____ () C:\Users\katrin\Downloads\Grimm_Blondes_Gift_Folge66_2015-01-05_2115_549476.avi
2015-01-06 21:45 - 2015-01-06 23:15 - 791104906 _____ () C:\Users\katrin\Downloads\Arrow_In_letzter_Sekunde_Folge46_2015-01-05_2015_549476.avi
2015-01-04 01:00 - 2015-01-12 21:45 - 00002688 _____ () C:\Windows\setupact.log
2015-01-04 01:00 - 2015-01-04 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-30 00:30 - 2014-12-30 01:42 - 755186136 _____ () C:\Users\katrin\Downloads\Grimm_Die_Truhe_Folge65_2014-12-29_2115_549476.avi
2014-12-30 00:29 - 2014-12-30 01:44 - 696604130 _____ () C:\Users\katrin\Downloads\Sleepy_Hollow_Die_verlorene_Kolonie_2014-12-29_2015_549476.avi
2014-12-30 00:29 - 2014-12-30 01:41 - 708656824 _____ () C:\Users\katrin\Downloads\Supernatural_Nur_ein_Zeichen_2014-12-29_2105_549476.avi
2014-12-30 00:29 - 2014-12-30 01:36 - 792997216 _____ () C:\Users\katrin\Downloads\Arrow_Brennende_Strassen_Folge45_2014-12-29_2015_549476.avi
2014-12-27 19:41 - 2014-12-27 21:20 - 1307545854 _____ () C:\Users\katrin\Downloads\Gefangene_der_Zeit_Teil_2_2014-12-22_2203_549476.avi
2014-12-27 19:41 - 2014-12-27 21:13 - 1237428886 _____ () C:\Users\katrin\Downloads\Gefangene_der_Zeit_Teil_1_2014-12-22_2015_549476.avi
2014-12-27 19:41 - 2014-12-27 21:01 - 801512836 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Rapunzels_Turm_der_Angst_Folge58_2014-12-17_2110_549476.avi
2014-12-27 19:41 - 2014-12-27 20:58 - 755052972 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Hexenjagd_Folge57_2014-12-17_2015_549476.avi
2014-12-24 02:50 - 2014-12-24 03:25 - 754064362 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Schattenseite_Folge57_2014-12-17_2305_549476.avi
2014-12-24 02:50 - 2014-12-24 03:22 - 745940088 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Wahrheit_oder_Pflicht_Folge56_2014-12-17_2210_549476.avi
2014-12-21 19:33 - 2014-12-21 19:33 - 00435672 _____ () C:\Users\katrin\Downloads\10568600_616375998467159_836702792_n.php
2014-12-21 12:34 - 2014-12-21 13:39 - 744530278 _____ () C:\Users\katrin\Downloads\The_Originals_Von_der_Wiege_bis_ins_Grab_2014-12-19_2110_549476.avi
2014-12-21 12:34 - 2014-12-21 13:36 - 615681282 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Rate_wer_zum_Essen_kommt_2014-12-19_0050_549476.avi
2014-12-21 12:34 - 2014-12-21 13:34 - 752956744 _____ () C:\Users\katrin\Downloads\The_Originals_Schlacht_um_New_Orleans_2014-12-19_2015_549476.avi
2014-12-21 12:34 - 2014-12-21 13:26 - 614699332 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Erpressung_2014-12-19_0130_549476.avi
2014-12-18 22:30 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 02:02 - 2014-12-18 02:02 - 00000700 _____ () C:\Users\katrin\Documents\cc_20141218_020241.reg
2014-12-17 00:57 - 2014-11-22 11:46 - 00032912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-12-16 07:44 - 2014-12-16 09:08 - 696315930 _____ () C:\Users\katrin\Downloads\Being_Human_Der_Alphawolf_2014-12-12_2110_549476.avi
2014-12-15 12:39 - 2014-12-15 13:13 - 1339776888 _____ (Unity Technologies ApS) C:\Users\katrin\Downloads\UnitySetup-4.6.1.exe
2014-12-14 21:39 - 2014-12-14 21:39 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-14 21:39 - 2014-12-14 21:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-14 21:39 - 2014-12-14 21:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-14 00:52 - 2014-12-14 00:52 - 00001248 _____ () C:\Users\katrin\Documents\cc_20141214_005229.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 21:54 - 2014-03-27 10:11 - 00000000 ____D () C:\FRST
2015-01-12 21:53 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 21:53 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 21:47 - 2013-12-20 01:16 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Skype
2015-01-12 21:45 - 2014-11-24 02:05 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-12 21:45 - 2013-12-19 22:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-12 21:45 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 21:44 - 2014-01-26 03:09 - 00000000 ____D () C:\AdwCleaner
2015-01-12 21:44 - 2013-12-19 22:19 - 00001106 _____ () C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-12 21:44 - 2013-12-19 22:16 - 01162920 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 21:12 - 2013-12-19 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-12 21:01 - 2014-04-25 09:12 - 00000258 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2015-01-12 20:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-01-12 19:02 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-12 18:53 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-12 18:51 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-12 18:33 - 2014-01-26 02:08 - 00001178 _____ () C:\Users\katrin\Desktop\Revo Uninstaller.lnk
2015-01-12 18:33 - 2014-01-26 02:07 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-11 23:21 - 2014-03-27 10:12 - 00029008 _____ () C:\Users\katrin\Downloads\Addition.txt
2015-01-10 17:02 - 2013-12-19 22:18 - 00000000 ____D () C:\Users\katrin
2015-01-09 13:47 - 2014-01-26 02:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-08 03:49 - 2014-08-20 20:13 - 00000000 ____D () C:\Users\katrin\AppData\Local\Adobe
2015-01-08 03:49 - 2013-12-19 22:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-08 03:49 - 2013-12-19 22:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-08 03:21 - 2014-03-21 01:06 - 00000000 ____D () C:\Users\katrin\Downloads\backups
2015-01-08 03:13 - 2014-03-21 01:04 - 00005699 _____ () C:\Users\katrin\Downloads\hijackthis.log
2015-01-06 04:36 - 2012-01-10 21:52 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 21:18 - 2010-11-20 22:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 00:58 - 2013-12-20 00:15 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-13 11:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-13 09:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-13 01:12 - 2014-08-03 08:23 - 01291464 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-12-13 01:12 - 2013-12-20 00:31 - 02210040 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll

Some content of TEMP:
====================
C:\Users\katrin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8gcdkn.dll
C:\Users\katrin\AppData\Local\Temp\Quarantine.exe
C:\Users\katrin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 13:12

==================== End Of Log ============================

--- --- ---

hoffe das ich diesesmal alles richtige habe

schrauber · 13.01.2015, 09:06

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

paula1504 · 15.01.2015, 03:05

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e3eec5ab2d07004d8fd12613b1ac086c
# engine=21971
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-15 01:43:25
# local_time=2015-01-15 02:43:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 95 425165 16296992 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 33124 172917396 0 0
# scanned=182165
# found=29
# cleaned=29
# scan_time=6479
sh=CCD90EE6E9B1ADFF9657E8F2C126BC6CB5C2EB24 ft=1 fh=91473923cd86549e vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptProCrash.dll.vir"
sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir"
sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir"
sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir"
sh=5FD06EA419F63E16FBAACB4FAF5EF0D97B6E59E7 ft=1 fh=db486576c6582f70 vn="Win32/VOPackage.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\katrin\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=88E2B79B42B9A2A10B0092295EF70FA4939718DC ft=1 fh=6d699db7bbeecb7f vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot.exe.vir"
sh=D7E89EA1D9C174CF594A9CDB157CDE97107C4423 ft=1 fh=9e0b256b73c27c06 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\katrin\AppData\Local\nsr2301.tmp.vir"
sh=2575A9F9D931CB30505A4AF4A53D6456FB4200FC ft=1 fh=559128ee49cbbff0 vn="Variante von Win32/InstallCore.TL evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\katrin\Downloads\adobe_flash_setup.exe"
sh=A3217EB5DA05A7006183F6A30AD5684550DA9779 ft=1 fh=7d83794a4df28536 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\katrin\Downloads\eMule - CHIP-Installer.exe"
sh=7ECD7F795F915F5877AC4F858577F3E86E2E4861 ft=1 fh=fc5d4d399772f31a vn="Win32/Systweak.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\katrin\Downloads\tamsp_150912280494423699.exe"
sh=B8D9B9B9478A0D4934AC1D89955115D987416C1E ft=1 fh=78155a628be8688e vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\rcpsetup_3335.exe"
sh=3702752D896FBA1369006DB15A56125ADF5B393E ft=1 fh=c11443ffb06e4197 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\rcpsetup_chip_de_chip_de.exe"
sh=18320ED4CC9EC40974227E2191F3A8BFA35F21FE ft=1 fh=d0a39eebbf097f90 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\registrybooster(1).exe"
sh=7F10BF51F8853622C149C95D7A120498AA4DE050 ft=1 fh=98d5764a6a80ffc0 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\registrybooster.exe"
sh=12A33C7D2B534C5BE4E89DA3A4E91D3D707E55F8 ft=1 fh=dca82166c282d63b vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\Advanced System Protector\AdvancedSystemProtector.exe"
sh=55D85BF669277946BDE31877E69593EC470E5A6C ft=1 fh=529001832cd10951 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\Advanced System Protector\AspManager.exe"
sh=1778A0996D0D72362ED33E937B2DD944477004B4 ft=1 fh=28c5d2f70ecb247d vn="Win32/Systweak.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\Advanced System Protector\Communication.dll"
sh=539BCD6F9F716556456F5BC5797A87DCC05A459D ft=1 fh=2d2c9f5a08875db5 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\Advanced System Protector\scandll.dll"
sh=12A33C7D2B534C5BE4E89DA3A4E91D3D707E55F8 ft=1 fh=dca82166c282d63b vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\windows\Advanced System Protector\AdvancedSystemProtector.exe"
sh=55D85BF669277946BDE31877E69593EC470E5A6C ft=1 fh=529001832cd10951 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\windows\Advanced System Protector\AspManager.exe"
sh=1778A0996D0D72362ED33E937B2DD944477004B4 ft=1 fh=28c5d2f70ecb247d vn="Win32/Systweak.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\windows\Advanced System Protector\Communication.dll"
sh=539BCD6F9F716556456F5BC5797A87DCC05A459D ft=1 fh=2d2c9f5a08875db5 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\windows\Advanced System Protector\scandll.dll"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\windows\Conduit\Community Alerts\Alert.dll"
sh=24C3F4374A80FF84C1D4587663738D42FAFDBBF1 ft=1 fh=34b6f7a56e4e8210 vn="Win32/Systweak.O evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\windows\RegClean Pro\CleanSchedule.exe"
sh=92054C66B365A15E557CA8BF280B1F0709CCF8B8 ft=1 fh=719ce8f1fda4e221 vn="Variante von Win32/Systweak.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\windows\RegClean Pro\RCPUninstall.exe"
sh=161FCE6B3C44E64E3A4AEE5413621EC70FCF615E ft=1 fh=9889e5b7cbfd1edb vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\windows\RegClean Pro\RegCleanPro.exe"
sh=65BF03B1E5769F4962AFFCCCD9E1F357C6D51A85 ft=1 fh=c303962f834e9249 vn="Variante von Win32/Toolbar.CrossRider.BR evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\windows\RewardsArcade\RewardsArcade.exe"
sh=4520B0B2772D559E3A58153F77858F2C8A142645 ft=1 fh=ed61dbb10029b782 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\windows\system32\roboot.exe"
sh=7F29C65D27184E6C1E65253A19154568335D994C ft=1 fh=8dfecc9f0b4d34d4 vn="Win32/AdvancedSystemProtector.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\programme\windows\system32\sasnative32.exe"

Code:

ATTFilter

Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	16.0.0.257  
 Adobe Reader XI  
 Mozilla Firefox (35.0) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-01-2015 01
Ran by katrin (administrator) on KATRIN-PC on 15-01-2015 03:03:33
Running from C:\Users\katrin\Downloads
Loaded Profiles: katrin (Available profiles: katrin)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ICQ) C:\Users\katrin\AppData\Roaming\ICQM\icq.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\katrin\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [icq] => C:\Users\katrin\AppData\Roaming\ICQM\icq.exe [33664344 2014-01-03] (ICQ)
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [UpdateStar Drivers] => C:\Program Files\UpdateStar Drivers\drivers.exe [7332776 2014-01-28] ()
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
Startup: C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sasnative32
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-430205881-583344909-559689374-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-430205881-583344909-559689374-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\katrin\AppData\Roaming\Mozilla\Firefox\Profiles\gyku3bxj.default
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-430205881-583344909-559689374-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\katrin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-430205881-583344909-559689374-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-10]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-13] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-13] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [278528 2011-10-24] (AVEO)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-09] ()
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [114904 2015-01-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
S3 athr; system32\DRIVERS\athr.sys [X]
S3 catchme; \??\C:\Users\katrin\AppData\Local\Temp\catchme.sys [X]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [X]
S3 cpuz134; \??\C:\Users\katrin\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 03:03 - 2015-01-15 03:03 - 01116672 _____ (Farbar) C:\Users\katrin\Downloads\FRST(1).exe
2015-01-15 02:57 - 2015-01-15 02:57 - 00852505 _____ () C:\Users\katrin\Downloads\SecurityCheck.exe
2015-01-15 00:52 - 2015-01-15 00:52 - 02347384 _____ (ESET) C:\Users\katrin\Downloads\esetsmartinstaller_deu.exe
2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 07:30 - 2015-01-14 07:31 - 00016644 _____ () C:\Users\katrin\Documents\cc_20150114_073037.reg
2015-01-14 00:46 - 2015-01-14 00:46 - 00464988 _____ () C:\Users\katrin\Downloads\video-1421192302.mp4.mp4
2015-01-13 23:09 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-13 23:09 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 23:08 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 23:08 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 23:08 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 23:07 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-12 22:14 - 2015-01-12 22:14 - 00000372 _____ () C:\Users\katrin\Desktop\mbam.txt
2015-01-12 21:53 - 2015-01-12 21:53 - 00000886 _____ () C:\Users\katrin\Desktop\JRT.txt
2015-01-12 21:50 - 2015-01-12 21:50 - 01707939 _____ (Thisisu) C:\Users\katrin\Downloads\JRT(1).exe
2015-01-12 21:38 - 2015-01-12 21:38 - 02191360 _____ () C:\Users\katrin\Downloads\AdwCleaner_4.107.exe
2015-01-12 21:15 - 2015-01-12 22:05 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 21:14 - 2015-01-12 21:14 - 00001016 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-12 21:14 - 2015-01-12 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-12 21:14 - 2015-01-12 21:14 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-12 21:14 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-12 21:14 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-12 21:14 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-12 21:13 - 2015-01-12 21:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\katrin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-12 18:53 - 2015-01-12 18:53 - 00018092 _____ () C:\ComboFix.txt
2015-01-12 18:41 - 2015-01-12 18:53 - 00000000 ____D () C:\Qoobox
2015-01-12 18:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-12 18:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-12 18:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-12 18:40 - 2015-01-12 18:52 - 00000000 ____D () C:\Windows\erdnt
2015-01-12 18:40 - 2015-01-12 18:40 - 05609736 ____R (Swearware) C:\Users\katrin\Downloads\ComboFix.exe
2015-01-12 18:32 - 2015-01-12 18:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\katrin\Downloads\revosetup95.exe
2015-01-12 07:42 - 2015-01-12 10:31 - 754783698 _____ () C:\Users\katrin\Downloads\Being_Human_Schoene_neue_Welt_2015-01-09_2255_549476.avi
2015-01-12 07:42 - 2015-01-12 10:31 - 752956754 _____ () C:\Users\katrin\Downloads\Being_Human_Die_Unwissenden_2015-01-09_2015_549476.avi
2015-01-12 07:42 - 2015-01-12 10:28 - 751618454 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Du_darfst_nicht_sterben_2015-01-08_2015_549476.avi
2015-01-12 07:42 - 2015-01-12 10:27 - 698100160 _____ () C:\Users\katrin\Downloads\Being_Human_Der_Ursprung_des_Boesen_2015-01-09_2110_549476.avi
2015-01-12 07:42 - 2015-01-12 10:25 - 759168070 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Wo_Lumi_re_ist_ist_auch_Schatten_Folge59_2015-01-07_2015_549476.avi
2015-01-12 07:42 - 2015-01-12 10:21 - 745529272 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Vorfahren_2015-01-08_2110_549476.avi
2015-01-12 07:42 - 2015-01-12 10:16 - 754429464 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Weiblich_Ledig_Aengstlich_sucht_Folge58_2015-01-07_2205_549476.avi
2015-01-12 07:42 - 2015-01-12 10:15 - 745470722 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Kleine_Morde_unter_Freunden_Folge59_2015-01-07_2300_549476.avi
2015-01-12 07:42 - 2015-01-12 10:14 - 745796118 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Gruen_vor_Neid_Folge60_2015-01-07_2110_549476.avi
2015-01-12 07:42 - 2015-01-12 10:08 - 745910652 _____ () C:\Users\katrin\Downloads\Being_Human_Gefangen_im_Horrorhaus_2015-01-09_2200_549476.avi
2015-01-11 00:21 - 2015-01-15 03:03 - 00011510 _____ () C:\Users\katrin\Downloads\FRST.txt
2015-01-11 00:16 - 2015-01-11 00:16 - 02124288 _____ (Farbar) C:\Users\katrin\Downloads\FRST64.exe
2015-01-11 00:16 - 2015-01-11 00:16 - 01115648 _____ (Farbar) C:\Users\katrin\Downloads\FRST.exe
2015-01-10 17:02 - 2015-01-14 06:58 - 00000000 ___RD () C:\Users\katrin\Dropbox
2015-01-10 17:02 - 2015-01-10 17:02 - 00001129 _____ () C:\Users\katrin\Desktop\Dropbox.lnk
2015-01-10 11:22 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-10 11:20 - 2015-01-14 06:57 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Dropbox
2015-01-10 11:18 - 2015-01-10 11:20 - 46882112 _____ (Dropbox, Inc.) C:\Users\katrin\Downloads\Dropbox_3.0.5.exe
2015-01-10 05:45 - 2015-01-10 05:45 - 00002344 _____ () C:\Windows\system32\ScanResults.xml
2015-01-10 05:38 - 2015-01-10 05:38 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-01-09 13:47 - 2015-01-09 13:47 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-01-09 13:46 - 2015-01-09 13:46 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\katrin\Downloads\SpyHunter-Installer.exe
2015-01-08 09:16 - 2015-01-08 09:16 - 11236528 _____ (Adobe Systems, Inc.) C:\Users\katrin\Downloads\flashplayer15_sa_win_32.exe
2015-01-08 03:22 - 2015-01-08 03:24 - 00000000 ____D () C:\rei
2015-01-08 03:08 - 2015-01-08 23:24 - 00000000 ____D () C:\Program Files\mbot_de_395
2015-01-08 02:27 - 2015-01-08 02:27 - 00003584 _____ () C:\Users\katrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-08 02:27 - 2015-01-08 02:27 - 00000000 ____D () C:\Users\katrin\AppData\Local\Pro_PC_Cleaner
2015-01-08 02:26 - 2015-01-08 02:26 - 00000000 ____D () C:\ProgramData\porFuCmvvC
2015-01-06 21:46 - 2015-01-06 23:35 - 803750130 _____ () C:\Users\katrin\Downloads\Being_Human_Wandern_zwischen_den_Zeiten_2015-01-02_2205_549476.avi
2015-01-06 21:46 - 2015-01-06 23:34 - 754118808 _____ () C:\Users\katrin\Downloads\Being_Human_Ausser_Kontrolle_2015-01-02_2015_549476.avi
2015-01-06 21:45 - 2015-01-06 23:32 - 707912142 _____ () C:\Users\katrin\Downloads\Being_Human_Der_Vollstrecker_2015-01-02_2305_549476.avi
2015-01-06 21:45 - 2015-01-06 23:29 - 792297842 _____ () C:\Users\katrin\Downloads\Sleepy_Hollow_Geborgte_Zeit_2015-01-05_2015_549476.avi
2015-01-06 21:45 - 2015-01-06 23:24 - 754359906 _____ () C:\Users\katrin\Downloads\Grimm_Blondes_Gift_Folge66_2015-01-05_2115_549476.avi
2014-12-30 00:30 - 2014-12-30 01:42 - 755186136 _____ () C:\Users\katrin\Downloads\Grimm_Die_Truhe_Folge65_2014-12-29_2115_549476.avi
2014-12-30 00:29 - 2014-12-30 01:44 - 696604130 _____ () C:\Users\katrin\Downloads\Sleepy_Hollow_Die_verlorene_Kolonie_2014-12-29_2015_549476.avi
2014-12-30 00:29 - 2014-12-30 01:41 - 708656824 _____ () C:\Users\katrin\Downloads\Supernatural_Nur_ein_Zeichen_2014-12-29_2105_549476.avi
2014-12-27 19:41 - 2014-12-27 21:20 - 1307545854 _____ () C:\Users\katrin\Downloads\Gefangene_der_Zeit_Teil_2_2014-12-22_2203_549476.avi
2014-12-27 19:41 - 2014-12-27 21:13 - 1237428886 _____ () C:\Users\katrin\Downloads\Gefangene_der_Zeit_Teil_1_2014-12-22_2015_549476.avi
2014-12-27 19:41 - 2014-12-27 21:01 - 801512836 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Rapunzels_Turm_der_Angst_Folge58_2014-12-17_2110_549476.avi
2014-12-27 19:41 - 2014-12-27 20:58 - 755052972 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Hexenjagd_Folge57_2014-12-17_2015_549476.avi
2014-12-24 02:50 - 2014-12-24 03:25 - 754064362 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Schattenseite_Folge57_2014-12-17_2305_549476.avi
2014-12-24 02:50 - 2014-12-24 03:22 - 745940088 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Wahrheit_oder_Pflicht_Folge56_2014-12-17_2210_549476.avi
2014-12-21 19:33 - 2014-12-21 19:33 - 00435672 _____ () C:\Users\katrin\Downloads\10568600_616375998467159_836702792_n.php
2014-12-21 12:34 - 2014-12-21 13:39 - 744530278 _____ () C:\Users\katrin\Downloads\The_Originals_Von_der_Wiege_bis_ins_Grab_2014-12-19_2110_549476.avi
2014-12-21 12:34 - 2014-12-21 13:36 - 615681282 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Rate_wer_zum_Essen_kommt_2014-12-19_0050_549476.avi
2014-12-21 12:34 - 2014-12-21 13:34 - 752956744 _____ () C:\Users\katrin\Downloads\The_Originals_Schlacht_um_New_Orleans_2014-12-19_2015_549476.avi
2014-12-21 12:34 - 2014-12-21 13:26 - 614699332 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Erpressung_2014-12-19_0130_549476.avi
2014-12-18 22:30 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 02:02 - 2014-12-18 02:02 - 00000700 _____ () C:\Users\katrin\Documents\cc_20141218_020241.reg
2014-12-17 00:57 - 2014-11-22 11:46 - 00032912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-12-16 07:44 - 2014-12-16 09:08 - 696315930 _____ () C:\Users\katrin\Downloads\Being_Human_Der_Alphawolf_2014-12-12_2110_549476.avi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 03:03 - 2014-03-27 10:11 - 00000000 ____D () C:\FRST
2015-01-15 03:01 - 2014-04-25 09:12 - 00000258 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2015-01-15 02:58 - 2013-12-20 01:16 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Skype
2015-01-15 02:12 - 2013-12-19 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 02:06 - 2013-12-19 22:16 - 01469256 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 00:49 - 2014-12-14 21:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-14 07:03 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 07:03 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 06:55 - 2014-11-24 02:05 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-14 06:55 - 2013-12-19 22:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-14 06:55 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 03:05 - 2013-12-19 23:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2012-01-10 21:50 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 23:12 - 2013-12-19 22:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 23:12 - 2013-12-19 22:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-12 21:44 - 2014-01-26 03:09 - 00000000 ____D () C:\AdwCleaner
2015-01-12 21:44 - 2013-12-19 22:19 - 00001106 _____ () C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-12 20:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-01-12 19:02 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-12 18:53 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-12 18:51 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-12 18:33 - 2014-01-26 02:08 - 00001178 _____ () C:\Users\katrin\Desktop\Revo Uninstaller.lnk
2015-01-12 18:33 - 2014-01-26 02:07 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-11 23:21 - 2014-03-27 10:12 - 00029008 _____ () C:\Users\katrin\Downloads\Addition.txt
2015-01-10 17:02 - 2013-12-19 22:18 - 00000000 ____D () C:\Users\katrin
2015-01-09 13:47 - 2014-01-26 02:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-08 03:49 - 2014-08-20 20:13 - 00000000 ____D () C:\Users\katrin\AppData\Local\Adobe
2015-01-08 03:21 - 2014-03-21 01:06 - 00000000 ____D () C:\Users\katrin\Downloads\backups
2015-01-08 03:13 - 2014-03-21 01:04 - 00005699 _____ () C:\Users\katrin\Downloads\hijackthis.log
2015-01-06 04:36 - 2012-01-10 21:52 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 21:18 - 2010-11-20 22:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 00:58 - 2013-12-20 00:15 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

Some content of TEMP:
====================
C:\Users\katrin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3tjfco.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 13:12

==================== End Of Log ===========================

--- --- ---

--- --- ---

--- --- ---

bis jetzt hat sich keine weitere seite davon aufgemacht

schrauber · 15.01.2015, 07:17

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\katrin\Downloads\adobe_flash_setup.exe

C:\Users\katrin\Downloads\eMule - CHIP-Installer.exe

C:\Users\katrin\Downloads\tamsp_150912280494423699.exe

F:\programme\rcpsetup_3335.exe

F:\programme\rcpsetup_chip_de_chip_de.exe

F:\programme\registrybooster

F:\programme\registrybooster.exe

F:\programme\Advanced System Protector

F:\programme\windows\Advanced System Protector

F:\programme\windows\Conduit

F:\programme\windows\RegClean Pro

F:\programme\windows\RewardsArcade

F:\programme\windows\system32\roboot.exe

F:\programme\windows\system32\sasnative32.exe
BootExecute: autocheck autochk * sasnative32
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte.

paula1504 · 15.01.2015, 08:09

guten morgen....der scann funktioniert nicht...es wird mir immer angezeigt das er den fixlist.txt nicht findet...hab es auf dem desktop versucht und da wo das FRST ist aber nix tut sich

schrauber · 15.01.2015, 08:31

Du musst die fixlist im download Ordner speichern, neben FRST.

paula1504 · 15.01.2015, 13:21

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2015
Ran by katrin at 2015-01-15 13:11:17 Run:2
Running from C:\Users\katrin\Downloads
Loaded Profiles: katrin (Available profiles: katrin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\katrin\Downloads\adobe_flash_setup.exe

C:\Users\katrin\Downloads\eMule - CHIP-Installer.exe

C:\Users\katrin\Downloads\tamsp_150912280494423699.exe

F:\programme\rcpsetup_3335.exe

F:\programme\rcpsetup_chip_de_chip_de.exe

F:\programme\registrybooster

F:\programme\registrybooster.exe

F:\programme\Advanced System Protector

F:\programme\windows\Advanced System Protector

F:\programme\windows\Conduit

F:\programme\windows\RegClean Pro

F:\programme\windows\RewardsArcade

F:\programme\windows\system32\roboot.exe

F:\programme\windows\system32\sasnative32.exe
BootExecute: autocheck autochk * sasnative32
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
         
*****************

"C:\Users\katrin\Downloads\adobe_flash_setup.exe" => File/Directory not found.
"C:\Users\katrin\Downloads\eMule - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\katrin\Downloads\tamsp_150912280494423699.exe" => File/Directory not found.
"F:\programme\rcpsetup_3335.exe" => File/Directory not found.
"F:\programme\rcpsetup_chip_de_chip_de.exe" => File/Directory not found.
"F:\programme\registrybooster" => File/Directory not found.
"F:\programme\registrybooster.exe" => File/Directory not found.
"F:\programme\Advanced System Protector" => File/Directory not found.
"F:\programme\windows\Advanced System Protector" => File/Directory not found.
"F:\programme\windows\Conduit" => File/Directory not found.
"F:\programme\windows\RegClean Pro" => File/Directory not found.
"F:\programme\windows\RewardsArcade" => File/Directory not found.
"F:\programme\windows\system32\roboot.exe" => File/Directory not found.
"F:\programme\windows\system32\sasnative32.exe" => File/Directory not found.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
HKLM\SOFTWARE\Policies\Google => Key not found. 
EmptyTemp: => Removed 18.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 13:11:39 ====

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by katrin (administrator) on KATRIN-PC on 15-01-2015 13:19:44
Running from C:\Users\katrin\Downloads
Loaded Profiles: katrin (Available profiles: katrin)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ICQ) C:\Users\katrin\AppData\Roaming\ICQM\icq.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [icq] => C:\Users\katrin\AppData\Roaming\ICQM\icq.exe [33664344 2014-01-03] (ICQ)
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [UpdateStar Drivers] => C:\Program Files\UpdateStar Drivers\drivers.exe [7332776 2014-01-28] ()
HKU\S-1-5-21-430205881-583344909-559689374-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.)
Startup: C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-430205881-583344909-559689374-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-430205881-583344909-559689374-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-430205881-583344909-559689374-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\katrin\AppData\Roaming\Mozilla\Firefox\Profiles\gyku3bxj.default
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-430205881-583344909-559689374-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\katrin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-430205881-583344909-559689374-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-10]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-13] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-13] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [278528 2011-10-24] (AVEO)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-09] ()
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [114904 2015-01-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
S3 athr; system32\DRIVERS\athr.sys [X]
S3 catchme; \??\C:\Users\katrin\AppData\Local\Temp\catchme.sys [X]
S3 cmnsusbser; system32\DRIVERS\cmnsusbser.sys [X]
S3 cpuz134; \??\C:\Users\katrin\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 08:06 - 2015-01-15 12:30 - 00000000 ____D () C:\Users\katrin\Downloads\FRST-OlderVersion
2015-01-15 07:38 - 2015-01-15 13:13 - 00002184 _____ () C:\Windows\PFRO.log
2015-01-15 07:38 - 2015-01-15 13:13 - 00000392 _____ () C:\Windows\setupact.log
2015-01-15 07:38 - 2015-01-15 07:38 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 02:57 - 2015-01-15 02:57 - 00852505 _____ () C:\Users\katrin\Downloads\SecurityCheck.exe
2015-01-15 00:52 - 2015-01-15 00:52 - 02347384 _____ (ESET) C:\Users\katrin\Downloads\esetsmartinstaller_deu.exe
2015-01-14 12:16 - 2015-01-14 12:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 07:30 - 2015-01-14 07:31 - 00016644 _____ () C:\Users\katrin\Documents\cc_20150114_073037.reg
2015-01-14 00:46 - 2015-01-14 00:46 - 00464988 _____ () C:\Users\katrin\Downloads\video-1421192302.mp4.mp4
2015-01-13 23:09 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-13 23:09 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 23:08 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 23:08 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 23:08 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 23:07 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-12 22:14 - 2015-01-12 22:14 - 00000372 _____ () C:\Users\katrin\Desktop\mbam.txt
2015-01-12 21:53 - 2015-01-12 21:53 - 00000886 _____ () C:\Users\katrin\Desktop\JRT.txt
2015-01-12 21:50 - 2015-01-12 21:50 - 01707939 _____ (Thisisu) C:\Users\katrin\Downloads\JRT(1).exe
2015-01-12 21:38 - 2015-01-12 21:38 - 02191360 _____ () C:\Users\katrin\Downloads\AdwCleaner_4.107.exe
2015-01-12 21:15 - 2015-01-12 22:05 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 21:14 - 2015-01-12 21:14 - 00001016 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-12 21:14 - 2015-01-12 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-12 21:14 - 2015-01-12 21:14 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-12 21:14 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-12 21:14 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-12 21:14 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-12 21:13 - 2015-01-12 21:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\katrin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-12 18:53 - 2015-01-12 18:53 - 00018092 _____ () C:\ComboFix.txt
2015-01-12 18:41 - 2015-01-12 18:53 - 00000000 ____D () C:\Qoobox
2015-01-12 18:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-12 18:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-12 18:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-12 18:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-12 18:40 - 2015-01-12 18:52 - 00000000 ____D () C:\Windows\erdnt
2015-01-12 18:40 - 2015-01-12 18:40 - 05609736 ____R (Swearware) C:\Users\katrin\Downloads\ComboFix.exe
2015-01-12 18:32 - 2015-01-12 18:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\katrin\Downloads\revosetup95.exe
2015-01-12 07:42 - 2015-01-12 10:31 - 754783698 _____ () C:\Users\katrin\Downloads\Being_Human_Schoene_neue_Welt_2015-01-09_2255_549476.avi
2015-01-12 07:42 - 2015-01-12 10:31 - 752956754 _____ () C:\Users\katrin\Downloads\Being_Human_Die_Unwissenden_2015-01-09_2015_549476.avi
2015-01-12 07:42 - 2015-01-12 10:28 - 751618454 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Du_darfst_nicht_sterben_2015-01-08_2015_549476.avi
2015-01-12 07:42 - 2015-01-12 10:27 - 698100160 _____ () C:\Users\katrin\Downloads\Being_Human_Der_Ursprung_des_Boesen_2015-01-09_2110_549476.avi
2015-01-12 07:42 - 2015-01-12 10:25 - 759168070 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Wo_Lumi_re_ist_ist_auch_Schatten_Folge59_2015-01-07_2015_549476.avi
2015-01-12 07:42 - 2015-01-12 10:21 - 745529272 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Vorfahren_2015-01-08_2110_549476.avi
2015-01-12 07:42 - 2015-01-12 10:16 - 754429464 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Weiblich_Ledig_Aengstlich_sucht_Folge58_2015-01-07_2205_549476.avi
2015-01-12 07:42 - 2015-01-12 10:15 - 745470722 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Kleine_Morde_unter_Freunden_Folge59_2015-01-07_2300_549476.avi
2015-01-12 07:42 - 2015-01-12 10:14 - 745796118 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Gruen_vor_Neid_Folge60_2015-01-07_2110_549476.avi
2015-01-12 07:42 - 2015-01-12 10:08 - 745910652 _____ () C:\Users\katrin\Downloads\Being_Human_Gefangen_im_Horrorhaus_2015-01-09_2200_549476.avi
2015-01-11 00:21 - 2015-01-15 13:19 - 00011613 _____ () C:\Users\katrin\Downloads\FRST.txt
2015-01-11 00:16 - 2015-01-15 08:06 - 01116672 _____ (Farbar) C:\Users\katrin\Downloads\FRST.exe
2015-01-10 17:02 - 2015-01-15 13:15 - 00000000 ___RD () C:\Users\katrin\Dropbox
2015-01-10 17:02 - 2015-01-10 17:02 - 00001129 _____ () C:\Users\katrin\Desktop\Dropbox.lnk
2015-01-10 11:22 - 2015-01-10 11:22 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-10 11:20 - 2015-01-15 13:15 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Dropbox
2015-01-10 11:18 - 2015-01-10 11:20 - 46882112 _____ (Dropbox, Inc.) C:\Users\katrin\Downloads\Dropbox_3.0.5.exe
2015-01-10 05:45 - 2015-01-10 05:45 - 00002344 _____ () C:\Windows\system32\ScanResults.xml
2015-01-10 05:38 - 2015-01-10 05:38 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-01-09 13:47 - 2015-01-09 13:47 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-01-09 13:46 - 2015-01-09 13:46 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\katrin\Downloads\SpyHunter-Installer.exe
2015-01-08 09:16 - 2015-01-08 09:16 - 11236528 _____ (Adobe Systems, Inc.) C:\Users\katrin\Downloads\flashplayer15_sa_win_32.exe
2015-01-08 03:22 - 2015-01-08 03:24 - 00000000 ____D () C:\rei
2015-01-08 03:08 - 2015-01-08 23:24 - 00000000 ____D () C:\Program Files\mbot_de_395
2015-01-08 02:27 - 2015-01-08 02:27 - 00003584 _____ () C:\Users\katrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-08 02:27 - 2015-01-08 02:27 - 00000000 ____D () C:\Users\katrin\AppData\Local\Pro_PC_Cleaner
2015-01-08 02:26 - 2015-01-08 02:26 - 00000000 ____D () C:\ProgramData\porFuCmvvC
2015-01-06 21:46 - 2015-01-06 23:35 - 803750130 _____ () C:\Users\katrin\Downloads\Being_Human_Wandern_zwischen_den_Zeiten_2015-01-02_2205_549476.avi
2015-01-06 21:46 - 2015-01-06 23:34 - 754118808 _____ () C:\Users\katrin\Downloads\Being_Human_Ausser_Kontrolle_2015-01-02_2015_549476.avi
2015-01-06 21:45 - 2015-01-06 23:32 - 707912142 _____ () C:\Users\katrin\Downloads\Being_Human_Der_Vollstrecker_2015-01-02_2305_549476.avi
2015-01-06 21:45 - 2015-01-06 23:29 - 792297842 _____ () C:\Users\katrin\Downloads\Sleepy_Hollow_Geborgte_Zeit_2015-01-05_2015_549476.avi
2015-01-06 21:45 - 2015-01-06 23:24 - 754359906 _____ () C:\Users\katrin\Downloads\Grimm_Blondes_Gift_Folge66_2015-01-05_2115_549476.avi
2014-12-30 00:30 - 2014-12-30 01:42 - 755186136 _____ () C:\Users\katrin\Downloads\Grimm_Die_Truhe_Folge65_2014-12-29_2115_549476.avi
2014-12-30 00:29 - 2014-12-30 01:44 - 696604130 _____ () C:\Users\katrin\Downloads\Sleepy_Hollow_Die_verlorene_Kolonie_2014-12-29_2015_549476.avi
2014-12-30 00:29 - 2014-12-30 01:41 - 708656824 _____ () C:\Users\katrin\Downloads\Supernatural_Nur_ein_Zeichen_2014-12-29_2105_549476.avi
2014-12-27 19:41 - 2014-12-27 21:20 - 1307545854 _____ () C:\Users\katrin\Downloads\Gefangene_der_Zeit_Teil_2_2014-12-22_2203_549476.avi
2014-12-27 19:41 - 2014-12-27 21:13 - 1237428886 _____ () C:\Users\katrin\Downloads\Gefangene_der_Zeit_Teil_1_2014-12-22_2015_549476.avi
2014-12-27 19:41 - 2014-12-27 21:01 - 801512836 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Rapunzels_Turm_der_Angst_Folge58_2014-12-17_2110_549476.avi
2014-12-27 19:41 - 2014-12-27 20:58 - 755052972 _____ () C:\Users\katrin\Downloads\Once_Upon_A_Time_Es_war_einmal_Hexenjagd_Folge57_2014-12-17_2015_549476.avi
2014-12-24 02:50 - 2014-12-24 03:25 - 754064362 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Schattenseite_Folge57_2014-12-17_2305_549476.avi
2014-12-24 02:50 - 2014-12-24 03:22 - 745940088 _____ () C:\Users\katrin\Downloads\Pretty_Little_Liars_Wahrheit_oder_Pflicht_Folge56_2014-12-17_2210_549476.avi
2014-12-21 19:33 - 2014-12-21 19:33 - 00435672 _____ () C:\Users\katrin\Downloads\10568600_616375998467159_836702792_n.php
2014-12-21 12:34 - 2014-12-21 13:39 - 744530278 _____ () C:\Users\katrin\Downloads\The_Originals_Von_der_Wiege_bis_ins_Grab_2014-12-19_2110_549476.avi
2014-12-21 12:34 - 2014-12-21 13:36 - 615681282 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Rate_wer_zum_Essen_kommt_2014-12-19_0050_549476.avi
2014-12-21 12:34 - 2014-12-21 13:34 - 752956744 _____ () C:\Users\katrin\Downloads\The_Originals_Schlacht_um_New_Orleans_2014-12-19_2015_549476.avi
2014-12-21 12:34 - 2014-12-21 13:26 - 614699332 _____ () C:\Users\katrin\Downloads\Beauty_and_the_Beast_Erpressung_2014-12-19_0130_549476.avi
2014-12-18 22:30 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 02:02 - 2014-12-18 02:02 - 00000700 _____ () C:\Users\katrin\Documents\cc_20141218_020241.reg
2014-12-17 00:57 - 2014-11-22 11:46 - 00032912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-12-16 07:44 - 2014-12-16 09:08 - 696315930 _____ () C:\Users\katrin\Downloads\Being_Human_Der_Alphawolf_2014-12-12_2110_549476.avi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 13:19 - 2014-03-27 10:11 - 00000000 ____D () C:\FRST
2015-01-15 13:15 - 2013-12-20 01:16 - 00000000 ____D () C:\Users\katrin\AppData\Roaming\Skype
2015-01-15 13:13 - 2014-11-24 02:05 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-15 13:13 - 2013-12-19 22:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-15 13:13 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 13:12 - 2013-12-19 22:16 - 01521373 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 13:01 - 2014-04-25 09:12 - 00000258 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2015-01-15 12:41 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 12:41 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 12:12 - 2013-12-19 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 07:38 - 2014-12-14 21:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-14 03:05 - 2013-12-19 23:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2012-01-10 21:50 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 23:12 - 2013-12-19 22:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 23:12 - 2013-12-19 22:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-12 21:44 - 2014-01-26 03:09 - 00000000 ____D () C:\AdwCleaner
2015-01-12 21:44 - 2013-12-19 22:19 - 00001106 _____ () C:\Users\katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-12 20:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-01-12 19:02 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-12 18:53 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-12 18:51 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-12 18:33 - 2014-01-26 02:08 - 00001178 _____ () C:\Users\katrin\Desktop\Revo Uninstaller.lnk
2015-01-12 18:33 - 2014-01-26 02:07 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-11 23:21 - 2014-03-27 10:12 - 00029008 _____ () C:\Users\katrin\Downloads\Addition.txt
2015-01-10 17:02 - 2013-12-19 22:18 - 00000000 ____D () C:\Users\katrin
2015-01-09 13:47 - 2014-01-26 02:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-08 03:49 - 2014-08-20 20:13 - 00000000 ____D () C:\Users\katrin\AppData\Local\Adobe
2015-01-08 03:21 - 2014-03-21 01:06 - 00000000 ____D () C:\Users\katrin\Downloads\backups
2015-01-08 03:13 - 2014-03-21 01:04 - 00005699 _____ () C:\Users\katrin\Downloads\hijackthis.log
2015-01-06 04:36 - 2012-01-10 21:52 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 21:18 - 2010-11-20 22:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 00:58 - 2013-12-20 00:15 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

Some content of TEMP:
====================
C:\Users\katrin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxwa7fm.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-15 13:01

==================== End Of Log ============================

--- --- ---

--- --- ---

11.01.2015, 08:30	#4
schrauber /// the machine /// TB-Ausbilder	linkury,toolbar Du hast zweimal die FRST.txt gepostet, dafür fehlt die Addition.txt __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

15.01.2015, 08:31	#14
schrauber /// the machine /// TB-Ausbilder	linkury,toolbar Du musst die fixlist im download Ordner speichern, neben FRST. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

linkury,toolbar

Plagegeister aller Art und deren Bekämpfung: linkury,toolbar

linkury,toolbar

linkury,toolbar

linkury,toolbar

linkury,toolbar

linkury,toolbar

linkury,toolbar

linkury,toolbar

linkury,toolbar

linkury,toolbar

linkury,toolbar

linkury,toolbar

linkury,toolbar

linkury,toolbar

linkury,toolbar

linkury,toolbar

Ähnliche Themen: linkury,toolbar

10.01.2015, 00:41	#1
paula1504	linkury,toolbar hallo...bei mir hat sich eine seite aufgemacht die sich linkury nennt oder von denen kommt...habe schon die add-ons durchsucht und meine programme und finde nirgends einen eintrag dazu um das zu löschen...habe auch das advanced durchlaufen lassen aber nix passiert...kann mir noch jemand einen tip geben wie ich diese nervige seite wegbekomme? gruß paula

15.01.2015, 08:09	#13
paula1504	linkury,toolbar guten morgen....der scann funktioniert nicht...es wird mir immer angezeigt das er den fixlist.txt nicht findet...hab es auf dem desktop versucht und da wo das FRST ist aber nix tut sich