Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Firefox: Werbe-Addons installieren sich selbsständig neu

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.02.2015, 13:22   #16
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Noch Probleme mit dem Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.02.2015, 17:04   #17
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Bis jetzt ist alles sauber! Ich werde das ganze über die nächsten Tage noch ein wenig beobachten und dann hier Rückmeldung geben,obs so geblieben ist. Danke dir erstmal, schrauber! Was war eigentlich mit den vielen Funden bei eset? Egal?

LG kriD_

Gerade wurden mir freundlicherweise zwei neue werbe addons installiert.. Es ist gelinde gesagt zum kotzen!

Schraubi, was kann ich tun? Oder weiß sonst wer Rat?

LG kriD_
__________________


Alt 07.02.2015, 11:30   #18
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



In welchem Browser, wieder nur in FIrefox?
__________________
__________________

Alt 07.02.2015, 12:28   #19
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Auch IE



Hahaaa!
Nein, dieses mal wurden zum ersten Mal auch Add ons im Internet Explorer installiert!

Ich habe das Gefühl, damit könnte man der ganzen Geschichte auf die Schliche kommen, allerdings ist mein know-how begrenzt, was Malware/Adware angeht..

LG kriD_

Alt 07.02.2015, 16:05   #20
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Dann bitte jetzt nochmal 2 frische FRST Logs posten.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.02.2015, 16:10   #21
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

FRST die dritte



Alles klar,

FRST.txt:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by kriD (administrator) on KRID-PC on 07-02-2015 16:09:07
Running from E:\Downloads
Loaded Profiles: kriD (Available profiles: kriD)
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SteelSeries ApS) D:\Tools\SteelSeries Engine\SteelSeriesEngine.exe
(Jumping Bytes) D:\Tools\PureSync\PureSyncTray.exe
(Dropbox, Inc.) C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piotr Pawlowski) D:\Tools\foobar2000\foobar2000.exe
() D:\Tools\Rainmeter\Rainmeter.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Safer-Networking Ltd.) D:\Tools\Spybot - Search & Destroy 2\SDFSSvc.exe
(Telegram Messenger LLP) D:\Tools\Telegram\Telegram.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Safer-Networking Ltd.) D:\Tools\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) D:\Tools\Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\Adobe Application Manager (Updater) <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Run: [SteelSeries Engine] => D:\Tools\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Run: [PureSync] => D:\Tools\PureSync\PureSyncTray.exe [915120 2014-08-09] (Jumping Bytes)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\foobar2000.lnk
ShortcutTarget: foobar2000.lnk -> D:\Tools\foobar2000\foobar2000.exe (Piotr Pawlowski)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> D:\Tools\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk
ShortcutTarget: Telegram.lnk -> D:\Tools\Telegram\Telegram.exe (Telegram Messenger LLP)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2803228219-286040756-942108547-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2803228219-286040756-942108547-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: JaooniCOupon -> {09e5118a-5f6a-4770-9152-db56e3e11860} -> C:\Program Files (x86)\JaooniCOupon\CuutiSutZGnsnu.x64.dll ()
BHO: RegouLaRDealSS -> {1dfd6bc5-0bde-4183-8cd8-d9aa46b18392} -> C:\Program Files (x86)\RegouLaRDealSS\ip5LTApmb8IpnE.x64.dll ()
BHO: SaveaNNeewaaApppez -> {2f4d7fea-5f46-4bd4-b47c-0eb06de54849} -> C:\Program Files (x86)\SaveaNNeewaaApppez\R5raSdlZ9YYphs.x64.dll ()
BHO: IIsiaver -> {4632a80e-358f-4c85-86a1-4f56f9b30c50} -> C:\Program Files (x86)\IIsiaver\KrIgfWd0MZ0Uo4.x64.dll ()
BHO-x32: JaooniCOupon -> {09e5118a-5f6a-4770-9152-db56e3e11860} -> C:\Program Files (x86)\JaooniCOupon\CuutiSutZGnsnu.dll ()
BHO-x32: RegouLaRDealSS -> {1dfd6bc5-0bde-4183-8cd8-d9aa46b18392} -> C:\Program Files (x86)\RegouLaRDealSS\ip5LTApmb8IpnE.dll ()
BHO-x32: SaveaNNeewaaApppez -> {2f4d7fea-5f46-4bd4-b47c-0eb06de54849} -> C:\Program Files (x86)\SaveaNNeewaaApppez\R5raSdlZ9YYphs.dll ()
BHO-x32: IIsiaver -> {4632a80e-358f-4c85-86a1-4f56f9b30c50} -> C:\Program Files (x86)\IIsiaver\KrIgfWd0MZ0Uo4.dll ()
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Tools\Microsoft Office 2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: WOT - C:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-03]
FF Extension: Adblock Plus - C:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-12-06]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 7baa6e25; c:\Program Files (x86)\SystemHero\SystemHero.dll [2508800 2015-01-10] () [File not signed]
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S4 Disc Soft Bus Service; D:\Tools\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
S3 Microsoft Office Groove Audit Service; D:\Tools\Microsoft Office 2007\Office12\GrooveAuditService.exe [65824 2006-10-26] (Microsoft Corporation)
R2 SDScannerService; D:\Tools\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Tools\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc) [File not signed]
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-07-08] (Disc Soft Ltd)
R3 ks2avs; C:\Windows\System32\Drivers\ks2avs.sys [359784 2012-12-18] (Native Instruments GmbH)
R3 ks2usb_svc; C:\Windows\System32\Drivers\ks2usb.sys [83816 2012-12-18] (Native Instruments GmbH)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\kriD\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 12:45 - 2015-02-07 12:45 - 00000000 ____D () C:\Program Files (x86)\TakeTHeCoupoN
2015-02-07 12:45 - 2015-02-07 12:45 - 00000000 ____D () C:\Program Files (x86)\SaveaNNeewaaApppez
2015-02-07 12:45 - 2015-02-07 12:45 - 00000000 ____D () C:\Program Files (x86)\Reddit Liquid Streams
2015-02-07 12:25 - 2015-02-07 12:25 - 00000000 __SHD () C:\Users\kriD\AppData\Local\EmieBrowserModeList
2015-02-06 19:59 - 2015-02-06 19:59 - 00000000 ____D () C:\Program Files (x86)\Windows 8 App Store
2015-02-06 19:59 - 2015-02-06 19:59 - 00000000 ____D () C:\Program Files (x86)\JaooniCOupon
2015-02-06 19:59 - 2015-02-06 19:59 - 00000000 ____D () C:\Program Files (x86)\ENjOyyCCoupoon
2015-02-06 11:39 - 2015-02-07 12:45 - 00000000 ____D () C:\ProgramData\13523111935511328913
2015-02-06 11:39 - 2015-02-06 11:39 - 00000000 ____D () C:\Program Files (x86)\TeakeTheCoupon
2015-02-06 11:39 - 2015-02-06 11:39 - 00000000 ____D () C:\Program Files (x86)\RegouLaRDealSS
2015-02-06 11:39 - 2015-02-06 11:39 - 00000000 ____D () C:\Program Files (x86)\NeawSaivEr
2015-02-06 11:39 - 2015-02-06 11:39 - 00000000 ____D () C:\Program Files (x86)\Jobisjob Alerts
2015-02-06 11:39 - 2015-02-06 11:39 - 00000000 ____D () C:\Program Files (x86)\IIsiaver
2015-02-06 11:39 - 2015-02-06 11:39 - 00000000 ____D () C:\Program Files (x86)\EnjjoyCooupeon
2015-02-06 01:30 - 2015-02-06 01:30 - 00000289 _____ () C:\Users\kriD\Desktop\Firefox Werbe-Addons installieren sich selbsständig neu - Seite 2 - Trojaner-Board.URL
2015-02-05 21:48 - 2015-02-05 21:48 - 00000626 _____ () C:\Users\kriD\Desktop\JRT.txt
2015-02-05 14:20 - 2015-02-05 14:20 - 00000000 ____D () C:\ProgramData\Browser AdBlocker
2015-02-05 14:05 - 2015-02-05 14:05 - 00038699 _____ () C:\Users\kriD\Desktop\FRST 2.txt
2015-02-05 14:05 - 2015-02-05 14:05 - 00034006 _____ () C:\Users\kriD\Desktop\Addition 2.txt
2015-02-05 14:03 - 2015-02-05 14:03 - 00004450 _____ () C:\Users\kriD\Desktop\AdwCleaner[S8].txt
2015-02-05 13:58 - 2015-02-05 13:58 - 00001063 _____ () C:\Users\kriD\Desktop\malwarebytes 2.txt
2015-02-05 11:13 - 2015-02-05 11:13 - 00017741 _____ () C:\ComboFix.txt
2015-02-05 11:04 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 11:04 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 11:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 11:02 - 2015-02-05 11:13 - 00000000 ____D () C:\Qoobox
2015-02-05 11:02 - 2015-02-05 11:07 - 00000000 ____D () C:\Windows\erdnt
2015-02-03 22:31 - 2015-02-05 12:43 - 00000000 ____D () C:\Users\kriD\Desktop\trojaner board
2015-02-03 21:37 - 2015-02-03 21:37 - 00031106 _____ () C:\Users\kriD\Downloads\Addition.txt
2015-02-03 21:36 - 2015-02-07 16:09 - 00000000 ____D () C:\FRST
2015-02-03 21:36 - 2015-02-03 21:37 - 00039645 _____ () C:\Users\kriD\Downloads\FRST.txt
2015-02-03 21:35 - 2015-02-03 21:36 - 02131456 _____ (Farbar) C:\Users\kriD\Downloads\FRST64.exe
2015-02-03 13:41 - 2015-02-03 13:41 - 00000000 ____D () C:\Program Files (x86)\Facebook Chat Platinum
2015-02-02 22:00 - 2015-02-02 22:00 - 00000000 ____D () C:\Users\kriD\Documents\ProcAlyzer Dumps
2015-02-02 22:00 - 2015-02-02 22:00 - 00000000 ____D () C:\Program Files (x86)\NBA Live News
2015-02-02 21:38 - 2015-02-02 21:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 21:38 - 2015-02-02 21:38 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-02 21:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-02 20:58 - 2015-02-02 20:58 - 00000000 ____D () C:\Program Files (x86)\Fuskr
2015-02-02 18:03 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-02 18:03 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-02 18:03 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-02 18:03 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-02 18:03 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-02 18:03 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-02 18:03 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-02 18:03 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-02 18:03 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-02 18:03 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-02 18:01 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-02 18:01 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-02 18:01 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-02 18:01 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-02 18:01 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-02 18:01 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-02 18:01 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-02 18:01 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-02 18:01 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-02 18:01 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-02 18:01 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-02 18:01 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-02 18:01 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-02 18:01 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-02 18:01 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-02 18:01 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-02 18:01 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-02 18:01 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-02 18:01 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-02 18:01 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-02 18:01 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-02 18:01 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-02 18:01 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-02 18:01 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-02 18:01 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-02 18:01 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-02 18:01 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-02 18:01 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-02 18:01 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-02 18:01 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-02 18:01 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-02 18:01 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-02 18:01 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-02 18:01 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-02 18:01 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-02 18:01 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-02 18:01 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-02 18:01 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-02 18:01 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-02 18:00 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-02 18:00 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-02 18:00 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-02 18:00 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-02 18:00 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-02 18:00 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-02 18:00 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-02 18:00 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-02 18:00 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-02 18:00 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-02 18:00 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-02 18:00 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-02 18:00 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-02 18:00 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-02 18:00 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-02 18:00 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-02 18:00 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-02 17:59 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-02 17:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-02 17:59 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-02 17:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-02 17:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-02 17:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-02 17:59 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-02 17:59 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-02 17:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-02 17:59 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-02 17:59 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-02 17:59 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-02 17:59 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-02 17:59 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-02 17:59 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-02 17:59 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-02-02 17:59 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-02 17:59 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-02 17:59 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-02-02 17:59 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-02 17:59 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-02-02 17:59 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-02 17:59 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-02-02 17:59 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-02 17:59 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-02 17:59 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-02 17:59 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-02 17:59 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-02 17:59 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-02 17:59 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-02 17:59 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-02 17:59 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-02 17:59 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-02 17:59 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-02-02 17:59 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-02-02 17:59 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-02-02 17:59 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-02-02 17:59 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-02-02 17:58 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-02-02 17:58 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-02-02 17:58 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-02 17:58 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-02 17:58 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-02-02 17:58 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-02-02 17:58 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-02 17:39 - 2015-02-02 17:39 - 00000703 _____ () C:\Users\kriD\Desktop\Revo Uninstaller.lnk
2015-02-02 10:16 - 2015-02-02 10:16 - 00000262 _____ () C:\Users\kriD\Desktop\Video Downloader entfernen - Trojaner-Board.URL
2015-02-02 10:14 - 2015-02-02 10:14 - 00000000 ____D () C:\Program Files (x86)\Download Button
2015-02-01 21:14 - 2015-02-01 21:14 - 00000000 ____D () C:\Program Files (x86)\DubLi Toolbar
2015-02-01 12:54 - 2015-02-01 12:54 - 00000000 ____D () C:\Program Files (x86)\Tab Resize split screen layouts
2015-01-31 20:59 - 2015-01-31 20:59 - 00000000 ____D () C:\Program Files (x86)\Fairy Tail Fighting
2015-01-30 12:11 - 2015-01-30 12:11 - 00000260 _____ () C:\Users\kriD\Desktop\CouponDropDown entfernen - Trojaner-Board.URL
2015-01-30 12:11 - 2015-01-30 12:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 12:03 - 2015-02-02 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 12:02 - 2015-02-04 20:24 - 00000000 ____D () C:\Users\kriD\Desktop\mbar
2015-01-30 11:37 - 2015-01-30 11:37 - 00000000 ____D () C:\Program Files (x86)\UGamesFree
2015-01-30 10:33 - 2015-01-30 10:33 - 00000000 ____D () C:\Program Files (x86)\Extreme User Agent Switcher
2015-01-29 10:43 - 2015-01-29 10:43 - 00000000 ____D () C:\Program Files (x86)\MetaProducts Offline Explorer integration
2015-01-29 10:15 - 2015-01-29 10:15 - 00000242 _____ () C:\Users\kriD\Desktop\how do i remove ads by coupon drop down from my browser i never installed it and it is not an add-on. it is not in my addrem.URL
2015-01-29 09:50 - 2015-01-29 10:21 - 00000000 ____D () C:\Program Files (x86)\Emotee
2015-01-29 03:04 - 2015-02-05 13:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 02:53 - 2015-02-02 20:39 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 02:53 - 2015-01-29 02:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 02:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 02:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 12:29 - 2015-02-05 13:59 - 00000000 ____D () C:\AdwCleaner
2015-01-27 00:05 - 2015-01-27 00:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 22:23 - 2015-01-24 22:23 - 00000244 _____ () C:\Users\kriD\Desktop\Alfie Utility - Utility CaseGlassesPens.URL
2015-01-24 22:23 - 2015-01-24 22:23 - 00000233 _____ () C:\Users\kriD\Desktop\Pinterest.URL
2015-01-24 16:54 - 2015-01-24 20:52 - 01207492 _____ () C:\Users\kriD\Desktop\cutting pattern initial signs.psd
2015-01-20 21:06 - 2015-01-20 21:06 - 635104812 _____ () C:\Users\kriD\Desktop\IloveMUSIC wallpaper.psd
2015-01-18 19:31 - 2015-02-06 11:24 - 07577595 _____ () C:\Users\kriD\Desktop\handy cover cutting pattern.psd
2015-01-16 21:48 - 2015-01-20 21:24 - 12562263 _____ () C:\Users\kriD\Desktop\cutting pattern small wallet leo disassembled.psd
2015-01-16 19:51 - 2015-01-16 19:51 - 00897534 _____ () C:\Users\kriD\Desktop\button scribble.psd
2015-01-15 21:01 - 2015-01-23 20:51 - 12467407 _____ () C:\Users\kriD\Desktop\cutting pattern small wallet leo.psd
2015-01-15 01:59 - 2015-01-15 01:59 - 110381935 _____ () C:\Users\kriD\Desktop\wallpaper organic.psd
2015-01-13 21:58 - 2015-01-13 21:58 - 00000247 _____ () C:\Users\kriD\Desktop\Ring Belts.URL
2015-01-13 21:57 - 2015-01-13 21:57 - 00000273 _____ () C:\Users\kriD\Desktop\CoRLection Santa Rosa by HTC Ying Yang Double Ring belt.URL
2015-01-10 20:14 - 2015-01-11 03:41 - 00000000 ____D () C:\Program Files (x86)\SystemHero
2015-01-08 17:33 - 2015-01-08 17:33 - 00000427 _____ () C:\Users\kriD\Desktop\TomorrowLand 2015 - Be part of the madness.URL
2015-01-08 00:29 - 2015-01-08 00:29 - 00000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe AIFF Format CS5 Prefs

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 13:25 - 2014-07-06 10:36 - 01405240 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 13:18 - 2014-12-08 20:54 - 00000000 ____D () C:\Users\kriD\Documents\AirDroid
2015-02-07 12:32 - 2009-07-14 05:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-07 12:32 - 2009-07-14 05:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-07 12:31 - 2011-04-12 09:14 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-02-07 12:31 - 2011-04-12 09:14 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-02-07 12:31 - 2009-07-14 06:12 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-07 12:25 - 2014-07-14 09:47 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Dropbox
2015-02-07 12:25 - 2014-07-08 18:19 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\foobar2000
2015-02-07 12:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 12:25 - 2009-07-14 05:56 - 00112737 _____ () C:\Windows\setupact.log
2015-02-06 22:27 - 2014-07-07 07:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 22:27 - 2014-07-07 07:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 22:26 - 2014-07-07 12:50 - 00000000 ____D () C:\Users\kriD\AppData\Local\Adobe
2015-02-06 11:21 - 2014-07-10 20:34 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-05 14:00 - 2010-11-21 04:47 - 00030412 _____ () C:\Windows\PFRO.log
2015-02-05 11:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 11:08 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-04 02:11 - 2014-08-10 22:02 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Mumble
2015-02-04 00:28 - 2014-07-07 08:09 - 00000000 ____D () C:\Program Files (x86)\Heroes of Newerth
2015-02-03 13:51 - 2015-01-05 12:06 - 00000000 ____D () C:\Users\kriD\Desktop\Alte Firefox-Daten
2015-02-03 13:36 - 2014-07-06 11:17 - 00000000 ____D () C:\Windows\pss
2015-02-02 21:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-02 20:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2015-02-02 20:24 - 2009-07-14 05:50 - 04970744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-02 20:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-02 18:03 - 2014-07-06 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-02 10:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2015-01-30 11:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Vss
2015-01-29 09:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-01-28 11:50 - 2014-07-30 20:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 10:12 - 2014-10-21 00:51 - 00010508 _____ () C:\Users\kriD\Desktop\Leder.xlsx
2015-01-21 01:37 - 2014-09-23 21:34 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\TS3Client
2015-01-20 16:42 - 2014-08-20 09:40 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-15 03:32 - 2014-08-28 21:41 - 00000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-14 22:17 - 2014-07-06 13:14 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Adobe
2015-01-12 11:58 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\kriD\Desktop\Homepage Bilder

==================== Files in the root of some directories =======

2015-01-08 00:29 - 2015-01-08 00:29 - 0000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2014-08-28 21:41 - 2015-01-15 03:32 - 0000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe PNG Format CS5 Prefs

Some content of TEMP:
====================
C:\Users\kriD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbofuvl.dll
C:\Users\kriD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfletvo.dll
C:\Users\kriD\AppData\Local\Temp\Quarantine.exe
C:\Users\kriD\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 21:32

==================== End Of Log ============================
         
--- --- ---


und Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by kriD at 2015-02-07 16:09:28
Running from E:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AirDroid 3.0.1 (HKLM-x32\...\AirDroid) (Version: 3.0.1 - Sand Studio)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcaniA – Gothic 4 (HKLM-x32\...\Steam App 39690) (Version:  - Spellbound Studios)
Browser AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Browser AdBlocker) <==== ATTENTION
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.3.0.0254 - Disc Soft Ltd)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ENjOyyCCoupoon (HKLM-x32\...\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}) (Version:  - "") <==== ATTENTION
EViews 7 (HKLM-x32\...\{6A5AEDA0-3B9E-4006-90A7-E78779951A43}) (Version:  - )
EViews 7 (HKLM-x32\...\{B68FC32E-D58F-4B74-A838-B265BF40A445}) (Version:  - )
EViews 7.1 Documentation (HKLM-x32\...\{A6B1D5D2-2CB1-4FBC-B3AA-BEC656406215}) (Version:  - )
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
IIsiaver (HKLM-x32\...\{F1422DAA-0829-09A1-7536-73936CAB8FFA}) (Version:  - "") <==== ATTENTION
JaooniCOupon (HKLM-x32\...\{51417852-174C-88D4-34A0-D0FE7858BE47}) (Version:  - "") <==== ATTENTION
Jobisjob Alerts (HKLM-x32\...\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}) (Version:  - "")
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
Mumble 1.2.8 (HKLM-x32\...\{1BC144A3-20EF-49DD-8EBB-E421E128E30F}) (Version: 1.2.8 - Thorvald Natvig)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.0.150 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.8.382 - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
NeawSaivEr (HKLM-x32\...\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}) (Version:  - "") <==== ATTENTION
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
ObjectDock Plus (HKLM-x32\...\ObjectDock Plus2.01) (Version: 2.01 - Stardock Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PureSync (x32 Version: 3.8.0 - Jumping Bytes) Hidden
PureSync 3.8.0 (HKLM-x32\...\PureSync) (Version: 3.8.0 - Jumping Bytes)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Reddit Liquid Streams (HKLM-x32\...\{478472F9-9E09-492A-BDAB-42EE595EF1AD}) (Version:  - "")
RegouLaRDealSS (HKLM-x32\...\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4}) (Version:  - "") <==== ATTENTION
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Risen 3 - Titan Lords (HKLM-x32\...\Steam App 249230) (Version:  - Piranha Bytes)
SaveaNNeewaaApppez (HKLM-x32\...\{7304C9D1-98AD-55F0-636E-22D8DD57F176}) (Version:  - "") <==== ATTENTION
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
Strife (HKLM-x32\...\Strife) (Version:  - S2 Games)
TakeTHeCoupoN (HKLM-x32\...\{53B21E29-3967-C332-57EB-C02631658584}) (Version:  - "") <==== ATTENTION
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Telegram Desktop version 0.7.10 (HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.10 - Telegram Messenger LLP)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 8 App Store (HKLM-x32\...\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}) (Version:  - "") <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

30-01-2015 14:08:57 Geplanter Prüfpunkt
02-02-2015 18:01:25 Windows Update
02-02-2015 20:26:51 Revo Uninstaller's restore point - CheeapMe
02-02-2015 20:28:07 Revo Uninstaller's restore point - DiscoountuEExTensi
02-02-2015 20:28:40 Revo Uninstaller's restore point - DuigiiSAver
02-02-2015 20:29:08 Windows Defender Checkpoint
02-02-2015 20:29:40 Revo Uninstaller's restore point - ExstiraSavings
02-02-2015 20:30:34 Revo Uninstaller's restore point - Redirect Path
05-02-2015 10:55:23 Revo Uninstaller's restore point - DisocoUntExttensi
05-02-2015 10:56:19 Revo Uninstaller's restore point - Dr.Web Anti-Virus Link Checker
05-02-2015 10:57:00 Revo Uninstaller's restore point - ShooppDroop
05-02-2015 10:57:48 Revo Uninstaller's restore point - Extreme Blocker
05-02-2015 10:58:31 Revo Uninstaller's restore point - Isaavaeeri
05-02-2015 10:58:58 Revo Uninstaller's restore point - JoNiCoupon
05-02-2015 10:59:22 Revo Uninstaller's restore point - Panel View for Play Music
05-02-2015 10:59:49 Revo Uninstaller's restore point - DigiCouPOnn
05-02-2015 11:00:16 Revo Uninstaller's restore point - DigiSaveR
05-02-2015 11:00:38 Revo Uninstaller's restore point - EneJoayCooupoN
05-02-2015 11:01:03 Revo Uninstaller's restore point - SimpleClear

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-06 11:18 - 00000057 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {8003F45B-C700-4A6B-846B-EE120783A444} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A592B856-120F-4870-8A38-A6F2904913E4} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) ==============

2014-07-28 19:29 - 2014-07-28 19:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 19:32 - 2014-07-28 19:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 19:29 - 2014-07-28 19:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 19:31 - 2014-07-28 19:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00504832 _____ () D:\Tools\SteelSeries Engine\SSEngineLib.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 09315328 _____ () D:\Tools\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00015872 _____ () D:\Tools\SteelSeries Engine\Localization.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () D:\Tools\SteelSeries Engine\ISSPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () D:\Tools\SteelSeries Engine\Utilities.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00115200 _____ () D:\Tools\SteelSeries Engine\DriverCommunication.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 00047616 _____ () D:\Tools\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00034304 _____ () D:\Tools\SteelSeries Engine\DBUtils.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 01102336 _____ () D:\Tools\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00189440 _____ () D:\Tools\SteelSeries Engine\MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00031744 _____ () D:\Tools\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\SRawPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00159744 _____ () D:\Tools\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00020992 _____ () D:\Tools\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00029696 _____ () D:\Tools\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () D:\Tools\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00023040 _____ () D:\Tools\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () D:\Tools\SteelSeries Engine\WoTMousePlugin.dll
2014-05-25 15:18 - 2014-05-25 15:18 - 00036536 _____ () D:\Tools\Rainmeter\Rainmeter.exe
2014-05-25 15:18 - 2014-05-25 15:18 - 00747192 _____ () D:\Tools\Rainmeter\Rainmeter.dll
2014-05-25 15:17 - 2014-05-25 15:17 - 00019968 _____ () D:\Tools\Rainmeter\Plugins\SysInfo.dll
2014-05-25 15:17 - 2014-05-25 15:17 - 00056832 _____ () D:\Tools\Rainmeter\Plugins\WebParser.dll
2014-08-04 18:37 - 2014-04-21 23:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-01-10 20:14 - 2015-01-10 20:14 - 02508800 _____ () c:\Program Files (x86)\SystemHero\SystemHero.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-07 12:25 - 2015-02-07 12:25 - 00043008 _____ () c:\users\krid\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfletvo.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-05-04 12:57 - 2013-05-04 12:57 - 00095712 _____ () D:\Tools\foobar2000\zlib1.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 00156624 _____ () D:\Tools\foobar2000\shared.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00199168 _____ () D:\Tools\foobar2000\components\foo_dsp_eq.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00285696 _____ () D:\Tools\foobar2000\components\foo_fileops.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00199680 _____ () D:\Tools\foobar2000\components\foo_dsp_std.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00350720 _____ () D:\Tools\foobar2000\components\foo_albumlist.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 01391080 _____ () D:\Tools\foobar2000\components\foo_input_std.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00304640 _____ () D:\Tools\foobar2000\components\foo_cdda.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 00945128 _____ () D:\Tools\foobar2000\components\foo_ui_std.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00299520 _____ () D:\Tools\foobar2000\components\foo_freedb2.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00353280 _____ () D:\Tools\foobar2000\components\foo_rgscan.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00501248 _____ () D:\Tools\foobar2000\components\foo_converter.dll
2014-04-11 10:48 - 2014-04-11 10:48 - 00173056 _____ () D:\Tools\foobar2000\components\foo_unpack.dll
2015-02-02 21:38 - 2014-05-13 12:04 - 00109400 _____ () D:\Tools\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-02 21:38 - 2014-05-13 12:04 - 00416600 _____ () D:\Tools\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-02 21:38 - 2014-05-13 12:04 - 00167768 _____ () D:\Tools\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-02 21:38 - 2012-08-23 10:38 - 00574840 _____ () D:\Tools\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-02 21:38 - 2012-04-03 17:06 - 00565640 _____ () D:\Tools\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-14 14:48 - 2015-01-14 14:48 - 03347056 _____ () D:\Tools\Thunderbird\mozjs.dll
2015-01-14 14:48 - 2015-01-14 14:48 - 00158832 _____ () D:\Tools\Thunderbird\NSLDAP32V60.dll
2015-01-14 14:48 - 2015-01-14 14:48 - 00023152 _____ () D:\Tools\Thunderbird\NSLDAPPR32V60.dll
2015-01-27 00:05 - 2015-01-27 00:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-06 22:27 - 2015-02-06 22:27 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2803228219-286040756-942108547-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: Disc Soft Bus Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^debug.nfo => C:\Windows\pss\debug.nfo.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^foobar2000.lnk => C:\Windows\pss\foobar2000.lnk.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfan.exe => C:\Windows\pss\speedfan.exe.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfanevents.cfg => C:\Windows\pss\speedfanevents.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfanparams.cfg => C:\Windows\pss\speedfanparams.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfansens.cfg => C:\Windows\pss\speedfansens.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk => C:\Windows\pss\Stardock ObjectDock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AirDroid 3 => D:\Tools\Airdroid\AirDroid.exe /start
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "D:\Tools\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "D:\Tools\Microsoft Office 2007\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SDTray => "D:\Tools\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2803228219-286040756-942108547-500 - Administrator - Disabled)
Gast (S-1-5-21-2803228219-286040756-942108547-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2803228219-286040756-942108547-1002 - Limited - Enabled)
kriD (S-1-5-21-2803228219-286040756-942108547-1000 - Administrator - Enabled) => C:\Users\kriD

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Audiocontroller für Multimedia
Description: Audiocontroller für Multimedia
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2015 01:43:47 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/07/2015 00:45:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1394
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (02/07/2015 00:25:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 11:19:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 07:12:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/06/2015 07:12:23 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/06/2015 01:30:55 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (02/07/2015 00:25:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/06/2015 11:19:45 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-05 11:07:17.522
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-05 11:07:17.488
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Percentage of memory in use: 20%
Total physical RAM: 15826.73 MB
Available physical RAM: 12586.12 MB
Total Pagefile: 31651.64 MB
Available Pagefile: 28159.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:232.88 GB) (Free:159.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Programme) (Fixed) (Total:976.56 GB) (Free:908.15 GB) NTFS
Drive e: (Daten) (Fixed) (Total:2749.33 GB) (Free:1508.63 GB) NTFS
Drive f: (Backup) (Fixed) (Total:931.51 GB) (Free:853.28 GB) NTFS
Drive g: (Ex C) (Fixed) (Total:126.72 GB) (Free:14.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (Ex E) (Fixed) (Total:338.94 GB) (Free:78.12 GB) NTFS
Drive i: (TOURO) (Fixed) (Total:931.51 GB) (Free:489.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B2F52B71)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: A33D020D)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3ECC3ECC)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=126.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=338.9 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CD0FD048)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
LG kriD_

Alt 08.02.2015, 09:05   #22
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Was genau hast Du zwischen 6.2 und gestern 7.2 mit dem Rechner getrieben? Was gedownloadet und installiert?

Am 6ten war das Log sauber, jetzt sind wieder 10 Adware-Programme installiert......
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.02.2015, 19:46   #23
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Hallo,

also ich habe außer dem normalen PC betrieb (surfen, Bildbearbeitung etc.) einen Song runtergeladen (keine Angst, legal) und den neusten Flash Player 16.0.0.305 rutnergeladen und auch installiert.
Seitdem ist von mir aus nichts passiert und es wurden am 6.2. sechs adware Programme auf meinem PC installiert und am 7.2. nochmals sechs. Heute habe ich gerade erst den PC angeschaltet und werde mal gucken, was sich da noch tut..

eventuell provozier ich auch mal mit dem download oder der installation irgendeiner software.

LG kriD_

Alt 09.02.2015, 06:44   #24
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Browser AdBlocker

    ENjOyyCCoupoon

    IIsiaver

    JaooniCOupon

    NeawSaivEr

    RegouLaRDealSS

    SaveaNNeewaaApppez

    TakeTHeCoupoN

    Windows 8 App Store


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.02.2015, 10:17   #25
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



So, Hab gestern abend mit Revo alles runter geschmissen.

Combofix gibt mir als LOG:
Code:
ATTFilter
ComboFix 15-02-09.01 - kriD 09.02.2015  22:42:27.3.8 - x64
Microsoft Windows 7 Professional N   6.1.7601.1.1252.49.1031.18.15827.13362 [GMT 1:00]
ausgeführt von:: e:\downloads\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\JaooniCOupon
c:\program files (x86)\JaooniCOupon\CuutiSutZGnsnu.dat
c:\program files (x86)\JaooniCOupon\CuutiSutZGnsnu.dll
c:\program files (x86)\JaooniCOupon\CuutiSutZGnsnu.exe
c:\program files (x86)\JaooniCOupon\CuutiSutZGnsnu.tlb
c:\program files (x86)\JaooniCOupon\CuutiSutZGnsnu.x64.dll
c:\programdata\13523111935511328913
c:\programdata\13523111935511328913\0f839359446eec4cb5298f94308a2ef2.ini
c:\programdata\13523111935511328913\23a9763700316e4ab5298f94308a2ef2.ini
c:\programdata\13523111935511328913\2a0b23fa8d6e74d4b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\465f8e59c1c2d774b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\508d37f1a64d63afb5298f94308a2ef2.ini
c:\programdata\13523111935511328913\60b6132765a7b0abb5298f94308a2ef2.ini
c:\programdata\13523111935511328913\769e86b727e42adbb5298f94308a2ef2.ini
c:\programdata\13523111935511328913\8452e691c1478e9ab5298f94308a2ef2.ini
c:\programdata\13523111935511328913\8c84dcdc46445dd6b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\a4972f3d267d7857b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\a7739f6d0875f7b0b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\a99a93cd45c8f6c1b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\c639ec01ae8d99a9b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\f392fc60cfeefae4b5298f94308a2ef2.ini
c:\programdata\13523111935511328913\ff9a431c66096748b5298f94308a2ef2.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-09 bis 2015-02-09  ))))))))))))))))))))))))))))))
.
.
2015-02-09 21:45 . 2015-02-09 21:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-09 18:40 . 2015-02-09 18:44	--------	d-----w-	c:\programdata\bbabbea825ff7891
2015-02-07 11:25 . 2015-02-07 11:25	--------	d-sh--w-	c:\users\kriD\AppData\Local\EmieBrowserModeList
2015-02-06 10:39 . 2015-02-06 10:39	--------	d-----w-	c:\program files (x86)\EnjjoyCooupeon
2015-02-06 10:39 . 2015-02-06 10:39	--------	d-----w-	c:\program files (x86)\TeakeTheCoupon
2015-02-03 20:36 . 2015-02-07 15:09	--------	d-----w-	C:\FRST
2015-02-03 12:41 . 2015-02-03 12:41	--------	d-----w-	c:\program files (x86)\Facebook Chat Platinum
2015-02-02 21:00 . 2015-02-02 21:00	--------	d-----w-	c:\program files (x86)\NBA Live News
2015-02-02 20:38 . 2013-09-20 09:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2015-02-02 20:38 . 2015-02-02 20:40	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-02-02 19:58 . 2015-02-02 19:58	--------	d-----w-	c:\program files (x86)\Fuskr
2015-02-02 17:05 . 2014-12-15 03:13	11870360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3695323-60DB-43C9-A5D0-4EC5FD1854EF}\mpengine.dll
2015-02-02 17:03 . 2014-10-18 02:05	4121600	----a-w-	c:\windows\system32\mf.dll
2015-02-02 17:03 . 2014-10-18 01:33	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2015-02-02 17:03 . 2014-07-07 02:06	206848	----a-w-	c:\windows\system32\mfps.dll
2015-02-02 17:03 . 2014-07-07 02:06	55808	----a-w-	c:\windows\system32\rrinstaller.exe
2015-02-02 17:03 . 2014-07-07 02:06	24576	----a-w-	c:\windows\system32\mfpmp.exe
2015-02-02 17:03 . 2014-07-07 02:02	2048	----a-w-	c:\windows\system32\mferror.dll
2015-02-02 17:03 . 2014-07-07 01:40	103424	----a-w-	c:\windows\SysWow64\mfps.dll
2015-02-02 17:03 . 2014-07-07 01:39	50176	----a-w-	c:\windows\SysWow64\rrinstaller.exe
2015-02-02 17:03 . 2014-07-07 01:39	23040	----a-w-	c:\windows\SysWow64\mfpmp.exe
2015-02-02 17:03 . 2014-07-07 01:37	2048	----a-w-	c:\windows\SysWow64\mferror.dll
2015-02-02 17:00 . 2014-11-27 01:10	235176	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2015-02-02 16:59 . 2014-12-12 05:35	5553592	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-02-02 16:58 . 2014-10-25 01:57	77824	----a-w-	c:\windows\system32\packager.dll
2015-02-02 16:58 . 2014-10-25 01:32	67584	----a-w-	c:\windows\SysWow64\packager.dll
2015-02-02 16:58 . 2014-10-14 02:13	3241984	----a-w-	c:\windows\system32\msi.dll
2015-02-02 16:58 . 2014-10-14 01:50	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2015-02-02 16:58 . 2014-10-10 00:57	3198976	----a-w-	c:\windows\system32\win32k.sys
2015-02-02 16:58 . 2014-10-18 02:05	861696	----a-w-	c:\windows\system32\oleaut32.dll
2015-02-02 16:58 . 2014-10-18 01:33	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2015-02-02 09:14 . 2015-02-02 09:14	--------	d-----w-	c:\program files (x86)\Download Button
2015-02-01 20:14 . 2015-02-01 20:14	--------	d-----w-	c:\program files (x86)\DubLi Toolbar
2015-02-01 11:54 . 2015-02-01 11:54	--------	d-----w-	c:\program files (x86)\Tab Resize split screen layouts
2015-01-31 19:59 . 2015-01-31 19:59	--------	d-----w-	c:\program files (x86)\Fairy Tail Fighting
2015-01-30 11:11 . 2015-01-30 11:11	--------	d-----w-	c:\windows\ERUNT
2015-01-30 11:03 . 2015-02-02 20:28	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-30 10:37 . 2015-01-30 10:37	--------	d-----w-	c:\program files (x86)\UGamesFree
2015-01-30 09:33 . 2015-01-30 09:33	--------	d-----w-	c:\program files (x86)\Extreme User Agent Switcher
2015-01-29 09:43 . 2015-01-29 09:43	--------	d-----w-	c:\program files (x86)\MetaProducts Offline Explorer integration
2015-01-29 08:50 . 2015-01-29 09:21	--------	d-----w-	c:\program files (x86)\Emotee
2015-01-29 02:04 . 2015-02-05 12:53	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-29 01:53 . 2015-02-02 19:39	97496	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-01-29 01:53 . 2015-01-29 01:53	--------	d-----w-	c:\programdata\Malwarebytes
2015-01-29 01:53 . 2014-11-21 05:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-01-29 01:53 . 2014-11-21 05:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-01-28 11:29 . 2015-02-05 12:59	--------	d-----w-	C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-08 20:10 . 2014-07-07 06:49	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-08 20:10 . 2014-07-07 06:49	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-31 12:12 . 2014-07-06 11:42	113365784	----a-w-	c:\windows\system32\MRT.exe
2014-12-22 23:41 . 2010-11-21 03:27	298120	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SteelSeries Engine"="d:\tools\SteelSeries Engine\SteelSeriesEngine.exe" [2014-06-26 87040]
"PureSync"="d:\tools\PureSync\PureSyncTray.exe" [2014-08-09 915120]
.
c:\users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
foobar2000.lnk - d:\tools\foobar2000\foobar2000.exe [2014-4-11 1858000]
Rainmeter.lnk - d:\tools\Rainmeter\Rainmeter.exe [2014-5-25 36536]
Telegram.lnk - d:\tools\Telegram\Telegram.exe -autostart [2014-7-7 24075136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 7baa6e25;SystemHero;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;d:\tools\Spybot - Search & Destroy 2\SDFSSvc.exe;d:\tools\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;d:\tools\Spybot - Search & Destroy 2\SDWSCSvc.exe;d:\tools\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GPU-Z;GPU-Z;c:\users\kriD\AppData\Local\Temp\GPU-Z.sys;c:\users\kriD\AppData\Local\Temp\GPU-Z.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x]
R4 Disc Soft Bus Service;Disc Soft Bus Service;d:\tools\DAEMON Tools Ultra\DiscSoftBusService.exe;d:\tools\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 ks2avs;Kontrol S2 WDM Audio;c:\windows\system32\Drivers\ks2avs.sys;c:\windows\SYSNATIVE\Drivers\ks2avs.sys [x]
S3 ks2usb_svc;Traktor Kontrol S2;c:\windows\system32\Drivers\ks2usb.sys;c:\windows\SYSNATIVE\Drivers\ks2usb.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-07-28 10801944]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - d:\tools\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{09e5118a-5f6a-4770-9152-db56e3e11860} - c:\program files (x86)\JaooniCOupon\CuutiSutZGnsnu.dll
Notify-SDWinLogon - SDWinLogon.dll
BHO-{09e5118a-5f6a-4770-9152-db56e3e11860} - c:\program files (x86)\JaooniCOupon\CuutiSutZGnsnu.x64.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-09  22:45:58
ComboFix-quarantined-files.txt  2015-02-09 21:45
ComboFix2.txt  2015-02-05 10:13
ComboFix3.txt  2015-02-05 10:08
.
Vor Suchlauf: 13 Verzeichnis(se), 174.115.958.784 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 173.833.035.776 Bytes frei
.
- - End Of File - - 0FA635C39657ECDA764B1A160D64BCDA
A36C5E4F47E84449FF07ED3517B43A31
         
Mir ist noch aufgefallen, dass alle Adware immer nach C:\Programme(x86) installiert werden und habe dort nachdem ich mit Revo alles deinstalliert habe nochmal gestöbert und mal nach Änderungsdatum sortiert. Dabei fielen mir diverse Ordner auf, die allesamt nicht aus meiner Hand stammen:


Diese Ordner enthalten alle eine gleichnamige .dat-Datei und teilweise noch eine gleichnamige .exe.

Vielleicht kannst du da was mit anfangen..

LG kriD_

EDIT: Achja und das Internet Explorer und Firefox so weit oben stehen bei Sortierung nach Änderungsdatum sollte ggf auch zu bedenken geben.

Geändert von kriD_ (10.02.2015 um 10:19 Uhr) Grund: Ergänzung

Alt 10.02.2015, 18:00   #26
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Wir sind ja auch noch nicht fertig


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.02.2015, 03:59   #27
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Erstmal der Malwarebytes log:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 11.02.2015
Scan Time: 03:45:59
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.11.01
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: kriD

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350058
Time Elapsed: 3 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 1
PUP.Optional.SystemHero.A, C:\Program Files (x86)\SystemHero\SystemHero.dll, Delete-on-Reboot, [6ac3b16ca0eab97d7a472366ba494bb5], 

Registry Keys: 1
PUP.Optional.SystemHero.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\7baa6e25, Quarantined, [4ae3908d0d7d51e580429bee7390e41c], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.SystemHero.A, C:\Program Files (x86)\SystemHero, Delete-on-Reboot, [6ac3b16ca0eab97d7a472366ba494bb5], 

Files: 3
PUP.Optional.Multiplug, C:\Program Files (x86)\TeakeTheCoupon\TeakeTheCoupon.exe, Quarantined, [6fbe65b8abdf8bab06889a5e4fb3f30d], 
PUP.Optional.Multiplug, C:\Program Files (x86)\EnjjoyCooupeon\EnjjoyCooupeon.exe, Quarantined, [75b868b507834ee8424ced0b4db5f30d], 
PUP.Optional.SystemHero.A, C:\Program Files (x86)\SystemHero\SystemHero.dll, Delete-on-Reboot, [6ac3b16ca0eab97d7a472366ba494bb5], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
Dann der AdwCleaner log:
Code:
ATTFilter
# AdwCleaner v4.110 - Bericht erstellt 11/02/2015 um 03:53:03
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-09.1 [Server]
# Betriebssystem : Windows 7 Professional N Service Pack 1 (x64)
# Benutzername : kriD - KRID-PC
# Gestarted von : E:\Downloads\adwcleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\bbabbea825ff7891
Ordner Gelöscht : C:\Program Files (x86)\EnjjoyCooupeon
Ordner Gelöscht : C:\Program Files (x86)\TeakeTheCoupon

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P09e5118a_5f6a_4770_9152_db56e3e11860_.P09e5118a_5f6a_4770_9152_db56e3e11860_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P09e5118a_5f6a_4770_9152_db56e3e11860_.P09e5118a_5f6a_4770_9152_db56e3e11860_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{09e5118a-5f6a-4770-9152-db56e3e11860}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09e5118a-5f6a-4770-9152-db56e3e11860}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{09e5118a-5f6a-4770-9152-db56e3e11860}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)

[kznrb15f.default-1422967902742\prefs.js] - Zeile Gelöscht : user_pref("extensions.1lzNyPP25hp3oXCU.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjrEqjnFrTs5qTw8qdsHpdC9qds\")>-1url.indexOf(\"acebook\")>-[...]
[kznrb15f.default-1422967902742\prefs.js] - Zeile Gelöscht : user_pref("extensions.FTSPlGZmWiBPyobu.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjrEqjnFrTs5qTw8qdsHpdC9qds\")>-1url.indexOf(\"acebook\")>-[...]
[kznrb15f.default-1422967902742\prefs.js] - Zeile Gelöscht : user_pref("extensions.c7WK6il3K0Vc5Q8A.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjrEqjnFrTs5qTw8qdsHpdC9qds\")>-1url.indexOf(\"acebook\")>-[...]
[kznrb15f.default-1422967902742\prefs.js] - Zeile Gelöscht : user_pref("extensions.eC62cvYnxYFm9gk5.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjrEqjnFrTs5qTw8qdsHpdC9qds\")>-1url.indexOf(\"acebook\")>-[...]
[kznrb15f.default-1422967902742\prefs.js] - Zeile Gelöscht : user_pref("extensions.qovHzPC3h84DvkKI.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjrEqjnFrTs5qTw8qdsHpdC9qds\")>-1url.indexOf(\"acebook\")>-[...]

*************************

AdwCleaner[R0].txt - [9316 Bytes] - [28/01/2015 12:29:04]
AdwCleaner[R10].txt - [4370 Bytes] - [05/02/2015 13:59:13]
AdwCleaner[R11].txt - [4260 Bytes] - [11/02/2015 03:51:52]
AdwCleaner[R1].txt - [4737 Bytes] - [29/01/2015 10:20:25]
AdwCleaner[R2].txt - [4323 Bytes] - [30/01/2015 11:08:55]
AdwCleaner[R3].txt - [1276 Bytes] - [30/01/2015 11:11:58]
AdwCleaner[R4].txt - [4756 Bytes] - [30/01/2015 12:09:06]
AdwCleaner[R5].txt - [5969 Bytes] - [02/02/2015 10:28:54]
AdwCleaner[R6].txt - [2345 Bytes] - [02/02/2015 20:37:06]
AdwCleaner[R7].txt - [5772 Bytes] - [02/02/2015 21:36:21]
AdwCleaner[R8].txt - [5832 Bytes] - [02/02/2015 21:37:37]
AdwCleaner[R9].txt - [4622 Bytes] - [03/02/2015 14:00:03]
AdwCleaner[S0].txt - [8281 Bytes] - [28/01/2015 12:32:36]
AdwCleaner[S1].txt - [4511 Bytes] - [29/01/2015 10:21:53]
AdwCleaner[S2].txt - [4030 Bytes] - [30/01/2015 11:10:54]
AdwCleaner[S3].txt - [4709 Bytes] - [30/01/2015 12:09:52]
AdwCleaner[S4].txt - [6035 Bytes] - [02/02/2015 10:29:42]
AdwCleaner[S5].txt - [2416 Bytes] - [02/02/2015 20:37:50]
AdwCleaner[S6].txt - [5498 Bytes] - [02/02/2015 21:38:59]
AdwCleaner[S7].txt - [4683 Bytes] - [03/02/2015 14:00:54]
AdwCleaner[S8].txt - [4450 Bytes] - [05/02/2015 13:59:57]
AdwCleaner[S9].txt - [4216 Bytes] - [11/02/2015 03:53:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [4275  Bytes] ##########
         
und noch der JRT Log:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional N x64
Ran by kriD on 11.02.2015 at  3:54:21,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\kriD\AppData\Roaming\mozilla\firefox\profiles\kznrb15f.default-1422967902742\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.02.2015 at  3:55:30,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Die dubiosen Ordner sind im übrigen immer noch da. Allerdings nicht mehr alle, wie es aussieht. Alle die da sind, beinhalten keine .exe mehr, nur noch eine .dat-Datei..

LG kriD_

Alt 11.02.2015, 16:44   #28
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Mach wir nach dem nächsten Schritt alles auf einmal raus.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.02.2015, 10:27   #29
kriD_
 
Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Sop, ESET ist nach ewigkeiten mal wieder fertig geworden:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ef3fc8fb3702ad41b971b6a4f1c586d7
# engine=22425
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-12 03:43:32
# local_time=2015-02-12 04:43:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 22494 175342462 0 0
# scanned=1363283
# found=87
# cleaned=0
# scan_time=18531
sh=E1627887B8D026176C8FDD3B47464994B6C6E75D ft=1 fh=c71c0011d1f04f44 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\50CoUpOnso\KSG8TD7tNI2dID.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\50CoUpOnso\KSG8TD7tNI2dID.exe.vir"
sh=B4A902903F32E193135FDD59056BD3EA6F810E99 ft=1 fh=4abd756ec908c160 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\50CoUpOnso\KSG8TD7tNI2dID.x64.dll.vir"
sh=C2015DA2AB0A6BD7BA458E9A08F3CEE6C23CEFCF ft=1 fh=c71c0011e43d4b09 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitSaVer\PHVOG1epn8U9T8.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitSaVer\PHVOG1epn8U9T8.exe.vir"
sh=7F1453C1ED4F42528282F9C9614CB1479A90B85D ft=1 fh=4abd756e0906e7c9 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitSaVer\PHVOG1epn8U9T8.x64.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CCoupExtensIon\CCoupExtensIon.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CheaaPMe\5kwF9A4iJbYVZG.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CoupExtensiono\CoupExtensiono.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DigiSavier\DigiSavier.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DiscaoauNtEXteanSi\DiscaoauNtEXteanSi.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DisucouunttExuteeNsi\DisucouunttExuteeNsi.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DoWnSavE\98tOQQdP7WnWXK.exe.vir"
sh=A29CE6E035A8C0A6DF87BF8CC2DF27D093E59271 ft=1 fh=c71c0011bf530d8b vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ExSSTTraCoupaon\lNtSgIO9AgWMcJ.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ExSSTTraCoupaon\lNtSgIO9AgWMcJ.exe.vir"
sh=A7F249E6E51FF42FDCE2959B917A17BBA9637FC6 ft=1 fh=8ed56cb421b18009 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ExSSTTraCoupaon\lNtSgIO9AgWMcJ.x64.dll.vir"
sh=9D93EC2563387B1CE6B52B5B37A2176AD73664DC ft=1 fh=c71c0011a93f6c37 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FInndBesstDeall\uonx9otKFFCbtC.dll.vir"
sh=A6F3304D171E9711C5D3264B6D30FF369EED84FF ft=1 fh=4abd756e52565346 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FInndBesstDeall\uonx9otKFFCbtC.x64.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FinndBeSttDeaal\FinndBeSttDeaal.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FuNeDeials\Yh5LJjIgqVuTWP.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\JJoniCOupOn\FthbFcp6Y4kAZS.exe.vir"
sh=F1A3BFCFC052688020E05E4F30495788B90B9E1C ft=1 fh=c71c0011828efe71 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MinoImuemPrice\XzUPz9tcjFuwz3.dll.vir"
sh=DE07B6A229741C068CC701185B689E47FF08B66D ft=1 fh=bbdf2839debd73d8 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MinoImuemPrice\XzUPz9tcjFuwz3.x64.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetoCouPoin\NetoCouPoin.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RaNddoMPorrice\RaNddoMPorrice.exe.vir"
sh=7C120029D7B6A5EA32418BFAA40C1BF198192221 ft=1 fh=c71c00119fad19c9 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RandomPricee\W6XKKg63ETEuWS.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RandomPricee\W6XKKg63ETEuWS.exe.vir"
sh=37B20CCFCB4B3801E2CC75ACDB2F3DE228A9C020 ft=1 fh=8ed56cb4421817df vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RandomPricee\W6XKKg63ETEuWS.x64.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegularDeaLis\IDleHEAJGdooIY.exe.vir"
sh=1A7D6927EB35B4758F32B9F30F829CAD74E0D8F5 ft=1 fh=c71c0011d0681230 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SavveNEwaAappz\3Jg81P0OuieJ9s.dll.vir"
sh=3D7C01451A38FDE6E6668D52039A7AD528CBF9F3 ft=1 fh=8ed56cb44a136286 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SavveNEwaAappz\3Jg81P0OuieJ9s.x64.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SavveriExtiennsion\SavveriExtiennsion.exe.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopDroP\SHoPDrop.exe.vir"
sh=1CC0D139FE436F83B97841FBD81C70826C3328A9 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\gyzs6mar.default-1422612487509\Extensions\7@2y.com\content\bg.js.vir"
sh=D95A50241BC4F042AF73EE5F01BA4E86890654A2 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\gyzs6mar.default-1422612487509\Extensions\GLs9TK@uSKeR.edu\content\bg.js.vir"
sh=82BD689AE17D39BB2C9244520AE7C44DE4EC78EE ft=1 fh=c71c0011680c8e2f vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DIsccounatExTEnsi\vBNcsMj6GUSwUE.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DIsccounatExTEnsi\vBNcsMj6GUSwUE.exe.vir"
sh=C3B5575874F73DEE9A447E866450EBE81BE25A59 ft=1 fh=4abd756e553daae5 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DIsccounatExTEnsi\vBNcsMj6GUSwUE.x64.dll.vir"
sh=DEC914BCEAFC140F388577133688F68EC909B9E1 ft=1 fh=c71c00115b616be3 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\JaooniCOupon\CuutiSutZGnsnu.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\JaooniCOupon\CuutiSutZGnsnu.exe.vir"
sh=301724D15BCF81192A38E2F3F8A1B1A3DBE64442 ft=1 fh=4abd756e7628174f vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\JaooniCOupon\CuutiSutZGnsnu.x64.dll.vir"
sh=82BD689AE17D39BB2C9244520AE7C44DE4EC78EE ft=1 fh=c71c0011680c8e2f vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\NNeotoCoupon\YKT9uAgBXrHCS9.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\NNeotoCoupon\YKT9uAgBXrHCS9.exe.vir"
sh=C3B5575874F73DEE9A447E866450EBE81BE25A59 ft=1 fh=4abd756e553daae5 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\NNeotoCoupon\YKT9uAgBXrHCS9.x64.dll.vir"
sh=53640556A012DF022817F54A1B80AC6000496BF4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\kriD\Desktop\Alte Firefox-Daten\qbdotb1d.default\extensions\0kRInQ6@o.edu\content\bg.js"
sh=2691298211B2BCD21B5A6A6CB098E81AD2B3EEDC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\kriD\Desktop\Alte Firefox-Daten\qbdotb1d.default\extensions\xU@vzN.net\content\bg.js"
sh=480CA45B4367DE9C401F6A2DDD91C22385488DE0 ft=1 fh=74bc3bfeef23f82b vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\allwaysync-14-2-1_CB-DL-Manager.exe"
sh=8FFB3B536DC9EC02797B24756E40C14D86CD2C30 ft=1 fh=6b0d589e7313d044 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\PureSync - CHIP-Installer.exe"
sh=28A3140EE5066D98F4D787711FFAAF300AE081B0 ft=1 fh=74bc3bfe2c8d64d2 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\PureSyncInst_CB-DL-Manager.exe"
sh=709147DF74C2CE4DB824D3DC9FACF1721E46044D ft=1 fh=e1d9858cfd078f8f vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\DAEMON Tools Ultra v2.3.0.0254\DAEMONToolsUltra230-0254.exe"
sh=1C6141995E1D8FC397D3223698E7E5469E5138BD ft=1 fh=8d455c80efd69aaf vn="Variante von Win32/Packed.ExeScript.B Trojaner" ac=I fn="E:\Installer\Software\Windows\Windows 7 Professional (x64) - DVD (German)\W7_HACKS_2009-12-26\W7_HACKS_2009-12-26\BIOS SLIC 2.1\PubKeyCompare 1.0.0.5\PubKeyCompare.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="E:\Installer\Spiele\Action\Batman\Installer\TVM_BAAGOTY.iso"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe"
sh=6C9E7B18FFB2150FABC06B89F4BBF1D1566406D0 ft=1 fh=c71c0011b2640ec9 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="G:\ProgramData\CheaPMe\PYsTn.dll"
sh=C150A0A721A17F6B93193DB567514B96ED85759C ft=1 fh=c71c0011543901fc vn="Variante von Win32/AdWare.MultiPlug.K.gen Anwendung" ac=I fn="G:\ProgramData\CheaPMe\PYsTn.exe"
sh=21401181B5A1203FEE6D3E9706570A453E0EAC5D ft=1 fh=c71c00114e7d76fd vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="G:\ProgramData\CheaPMe\PYsTn.x64.dll"
sh=EB2950551BAB8E070C0DA97976A4073E564D3172 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="G:\ProgramData\effdpkepolgkheoggeeeniakkjmafemo\effdpkepolgkheoggeeeniakkjmafemo.crx"
sh=C1A21E507D657B76B9CEA0FBC4DED8014E071A8B ft=1 fh=c71c001166730531 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="G:\ProgramData\EnijoyCoooUpon\tg0a.dll"
sh=D8F7151E6B8464D846365C45F43633432EE71005 ft=1 fh=c71c00111dcff634 vn="Variante von Win32/AdWare.MultiPlug.K.gen Anwendung" ac=I fn="G:\ProgramData\EnijoyCoooUpon\tg0a.exe"
sh=3A4CE0F81B4A07254ABEE79041A38FCFF32D0C0A ft=1 fh=c71c00116d4495d1 vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="G:\ProgramData\EnijoyCoooUpon\tg0a.x64.dll"
sh=6F7DA0B999F2A216A65FC4F4740D1E37BF8D3DAD ft=1 fh=c71c0011adf2139a vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="G:\ProgramData\Fuon2Save\jETVXwb.dll"
sh=0BFE90FAB6F10C0104F69A06184B63F7FBDBFD93 ft=1 fh=c71c0011f25c11fd vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="G:\ProgramData\Fuon2Save\jETVXwb.exe"
sh=17B24E567626BE32B4ED4541A957BA3EC1E8DA41 ft=1 fh=c71c0011b9dd8ce9 vn="Variante von Win64/Adware.MultiPlug.C Anwendung" ac=I fn="G:\ProgramData\Fuon2Save\jETVXwb.x64.dll"
sh=A8D5583340E2684DEEB5912427BD3AAF510739FB ft=1 fh=8a74790661716c26 vn="Variante von Win32/InstalleRex.U evtl. unerwünschte Anwendung" ac=I fn="G:\ProgramData\InstallMate\{AA752434-D6D7-4F1E-ADF5-9EF5719606C2}\_Setupx.dll"
sh=8F1C8EE7CA80E2CA8132B19F2A2E022C734E5D35 ft=1 fh=1de9b2a4fa1a759e vn="Variante von Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="G:\ProgramData\InstallMate\{EC08794D-8D0E-4238-A0D3-C52C37EB5BBB}\_Setupx.dll"
sh=917BA977A92A4F64557A4F7E9D9E8A87315BB79B ft=1 fh=c71c00111fafff46 vn="Variante von Win32/SProtector.L evtl. unerwünschte Anwendung" ac=I fn="G:\ProgramData\KeepnBrowse\KeepnBrowse.dll"
sh=597106BFFB15AD6E940F5CA7773E4249911ADAF3 ft=1 fh=e0a230b041adda0e vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung" ac=I fn="G:\ProgramData\KeepnBrowse\KeepnBrowseSvc.dll"
sh=74853AE634412091357A6E2F8D0622AF5D7B867A ft=1 fh=c71c0011afa4f21a vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="G:\ProgramData\KeepnBrowse\KeepnBrowse_x64.dll"
sh=412953110392AFC39361BA593C063F8C12CB4946 ft=1 fh=c71c001101371752 vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="G:\ProgramData\NetooCoupon\rs_pah.dll"
sh=C4C1A11001A833F3C634301F21DF83099786A28E ft=1 fh=c71c00117197e7c5 vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="G:\ProgramData\NetooCoupon\rs_pah.exe"
sh=39713544B2A9278CDD1D7609A5371CEF6C512964 ft=1 fh=c71c00119e3b8840 vn="Variante von Win64/Adware.MultiPlug.D Anwendung" ac=I fn="G:\ProgramData\NetooCoupon\rs_pah.x64.dll"
sh=D2353A0CD90F5B3186F3309FE6DE81D40DF6462A ft=1 fh=c71c0011a6d8ee5d vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="G:\ProgramData\RRoboSavvEr\jvmtbH.dll"
sh=4269ACDD607F43005F345EA5604026FEBFD17193 ft=1 fh=c71c00117f8f9250 vn="Variante von Win32/AdWare.MultiPlug.K.gen Anwendung" ac=I fn="G:\ProgramData\RRoboSavvEr\jvmtbH.exe"
sh=9797A6C13CB227E1BECF34EB64191533D292E94C ft=1 fh=c71c001160bedab5 vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="G:\ProgramData\RRoboSavvEr\jvmtbH.x64.dll"
sh=A5CE595C65CF399581438ED620B908852EC512AD ft=1 fh=c71c001117b5bec4 vn="Variante von Win32/AdWare.MultiPlug.AY Anwendung" ac=I fn="G:\ProgramData\SavveLOets\1Xb.dll"
sh=0EDEFA987AD96277656D30D6BBE9E36FF8096603 ft=1 fh=c71c001158d95df3 vn="Variante von Win32/AdWare.MultiPlug.AG Anwendung" ac=I fn="G:\ProgramData\SavveLOets\1Xb.exe"
sh=6E0310BC5898C7AB68EF5B2FFB865BB3BF55C00E ft=1 fh=c71c001137a342b5 vn="Variante von Win64/Adware.MultiPlug.D Anwendung" ac=I fn="G:\ProgramData\SavveLOets\1Xb.x64.dll"
sh=3EED9C2D98A89B750303E8A32955EBBE150545A1 ft=1 fh=c71c0011a1d86ab2 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="G:\ProgramData\YouTUAdBlockeR\19drYwVHc.dll"
sh=5CB443FC2A8663D298ECB3D913F8208785235642 ft=1 fh=c71c0011a1016622 vn="Variante von Win32/AdWare.MultiPlug.K.gen Anwendung" ac=I fn="G:\ProgramData\YouTUAdBlockeR\19drYwVHc.exe"
sh=C6B68E00CD7F11E2CDD35F2273ACD2E56DB78EDE ft=1 fh=c71c00114b6ea686 vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="G:\ProgramData\YouTUAdBlockeR\19drYwVHc.x64.dll"
sh=22AF448EFE218A16CAE70C43D1A54DB25CA01C47 ft=1 fh=68e16631a81d0e2a vn="Win32/InstalleRex.K evtl. unerwünschte Anwendung" ac=I fn="G:\Users\kriD\AppData\Local\Temp\d6fjQXoY.exe.part"
sh=9E71E95FC770FB1B29B75ABF22A74B29AEB95299 ft=1 fh=4d0471d49ca62664 vn="Win32/InstalleRex.L evtl. unerwünschte Anwendung" ac=I fn="G:\Users\kriD\AppData\Local\Temp\jD4Y94Mr.exe.part"
sh=264F75DBB28C3B29CB7D22DD0AC98F1CA53D35D9 ft=1 fh=2437f72e9ca62664 vn="Win32/InstalleRex.L evtl. unerwünschte Anwendung" ac=I fn="G:\Users\kriD\AppData\Local\Temp\V3XmEL0v.exe.part"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\Users\kriD\AppData\Local\Temp\OCS\ocs_v71a.exe"
sh=7FD3DB54264A63C00B3B3894B8F9C76E86215068 ft=1 fh=f8300a0c77a4950c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\Users\kriD\AppData\Local\Temp\OCS\ocs_v8.exe"
sh=49D97AA8F4BDC7588ADA917DA5866EF59937C402 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK Anwendung" ac=I fn="G:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\qzz7vwzx.default\extensions\u2j_03y@uyacom-.com\content\bg.js"
sh=8B179DB33F881C928795BEF9521101A9A78C69F2 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK Anwendung" ac=I fn="G:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\qzz7vwzx.default\extensions\wipr_o61@sttpovd-.com\content\bg.js"
         
Security Check sagt mir:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1) 
 Mozilla Thunderbird (31.4.0) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Und denn noch FRST.txt:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by kriD (administrator) on KRID-PC on 12-02-2015 10:26:13
Running from E:\Downloads
Loaded Profiles: kriD (Available profiles: kriD)
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SteelSeries ApS) D:\Tools\SteelSeries Engine\SteelSeriesEngine.exe
(Jumping Bytes) D:\Tools\PureSync\PureSyncTray.exe
(Dropbox, Inc.) C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piotr Pawlowski) D:\Tools\foobar2000\foobar2000.exe
() D:\Tools\Rainmeter\Rainmeter.exe
(Telegram Messenger LLP) D:\Tools\Telegram\Telegram.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Mozilla Corporation) D:\Tools\Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() E:\Downloads\SecurityCheck(1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\Adobe Application Manager (Updater) <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Run: [SteelSeries Engine] => D:\Tools\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Run: [PureSync] => D:\Tools\PureSync\PureSyncTray.exe [915120 2014-08-09] (Jumping Bytes)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\foobar2000.lnk
ShortcutTarget: foobar2000.lnk -> D:\Tools\foobar2000\foobar2000.exe (Piotr Pawlowski)
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> D:\Tools\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk
ShortcutTarget: Telegram.lnk -> D:\Tools\Telegram\Telegram.exe (Telegram Messenger LLP)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Tools\Microsoft Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2803228219-286040756-942108547-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2803228219-286040756-942108547-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Tools\Microsoft Office 2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: WOT - C:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-03]
FF Extension: Adblock Plus - C:\Users\kriD\AppData\Roaming\Mozilla\Firefox\Profiles\kznrb15f.default-1422967902742\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-12-06]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S4 Disc Soft Bus Service; D:\Tools\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
S3 Microsoft Office Groove Audit Service; D:\Tools\Microsoft Office 2007\Office12\GrooveAuditService.exe [65824 2006-10-26] (Microsoft Corporation)
S2 SDScannerService; D:\Tools\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDWSCService; D:\Tools\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc) [File not signed]
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-07-08] (Disc Soft Ltd)
R3 ks2avs; C:\Windows\System32\Drivers\ks2avs.sys [359784 2012-12-18] (Native Instruments GmbH)
R3 ks2usb_svc; C:\Windows\System32\Drivers\ks2usb.sys [83816 2012-12-18] (Native Instruments GmbH)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\kriD\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 23:30 - 2015-02-11 23:30 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-11 03:55 - 2015-02-11 03:55 - 00000770 _____ () C:\Users\kriD\Desktop\JRT.txt
2015-02-11 03:53 - 2015-02-11 03:53 - 00004355 _____ () C:\Users\kriD\Desktop\AdwCleaner[S9].txt
2015-02-11 03:52 - 2015-02-11 03:52 - 00004260 _____ () C:\Users\kriD\Desktop\AdwCleaner[R11].txt
2015-02-11 03:49 - 2015-02-11 03:49 - 00001706 _____ () C:\Users\kriD\Desktop\mbam.txt
2015-02-09 22:45 - 2015-02-09 22:45 - 00019271 _____ () C:\ComboFix.txt
2015-02-09 22:32 - 2015-02-09 22:32 - 01477804 _____ () C:\Users\kriD\Desktop\dat.psd
2015-02-07 12:25 - 2015-02-07 12:25 - 00000000 __SHD () C:\Users\kriD\AppData\Local\EmieBrowserModeList
2015-02-06 01:30 - 2015-02-06 01:30 - 00000289 _____ () C:\Users\kriD\Desktop\Firefox Werbe-Addons installieren sich selbsständig neu - Seite 2 - Trojaner-Board.URL
2015-02-05 14:05 - 2015-02-05 14:05 - 00038699 _____ () C:\Users\kriD\Desktop\FRST 2.txt
2015-02-05 14:05 - 2015-02-05 14:05 - 00034006 _____ () C:\Users\kriD\Desktop\Addition 2.txt
2015-02-05 14:03 - 2015-02-05 14:03 - 00004450 _____ () C:\Users\kriD\Desktop\AdwCleaner[S8].txt
2015-02-05 13:58 - 2015-02-05 13:58 - 00001063 _____ () C:\Users\kriD\Desktop\malwarebytes 2.txt
2015-02-05 11:04 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 11:04 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 11:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 11:04 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 11:02 - 2015-02-09 22:46 - 00000000 ____D () C:\Qoobox
2015-02-05 11:02 - 2015-02-05 11:07 - 00000000 ____D () C:\Windows\erdnt
2015-02-03 22:31 - 2015-02-05 12:43 - 00000000 ____D () C:\Users\kriD\Desktop\trojaner board
2015-02-03 21:37 - 2015-02-03 21:37 - 00031106 _____ () C:\Users\kriD\Downloads\Addition.txt
2015-02-03 21:36 - 2015-02-12 10:26 - 00000000 ____D () C:\FRST
2015-02-03 21:36 - 2015-02-03 21:37 - 00039645 _____ () C:\Users\kriD\Downloads\FRST.txt
2015-02-03 21:35 - 2015-02-03 21:36 - 02131456 _____ (Farbar) C:\Users\kriD\Downloads\FRST64.exe
2015-02-03 13:41 - 2015-02-03 13:41 - 00000000 ____D () C:\Program Files (x86)\Facebook Chat Platinum
2015-02-02 22:00 - 2015-02-02 22:00 - 00000000 ____D () C:\Users\kriD\Documents\ProcAlyzer Dumps
2015-02-02 22:00 - 2015-02-02 22:00 - 00000000 ____D () C:\Program Files (x86)\NBA Live News
2015-02-02 21:38 - 2015-02-02 21:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 21:38 - 2015-02-02 21:38 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-02 21:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-02 20:58 - 2015-02-02 20:58 - 00000000 ____D () C:\Program Files (x86)\Fuskr
2015-02-02 18:03 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-02 18:03 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-02 18:03 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-02 18:03 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-02 18:03 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-02 18:03 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-02 18:03 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-02 18:03 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-02 18:03 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-02 18:03 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-02 18:01 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-02 18:01 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-02 18:01 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-02 18:01 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-02 18:01 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-02 18:01 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-02 18:01 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-02 18:01 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-02 18:01 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-02 18:01 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-02 18:01 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-02 18:01 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-02 18:01 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-02 18:01 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-02 18:01 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-02 18:01 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-02 18:01 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-02 18:01 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-02 18:01 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-02 18:01 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-02 18:01 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-02 18:01 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-02 18:01 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-02 18:01 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-02 18:01 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-02 18:01 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-02 18:01 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-02 18:01 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-02 18:01 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-02 18:01 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-02 18:01 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-02 18:01 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-02 18:01 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-02 18:01 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-02 18:01 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-02 18:01 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-02 18:01 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-02 18:01 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-02 18:01 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-02 18:00 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-02 18:00 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-02 18:00 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-02 18:00 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-02 18:00 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-02 18:00 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-02 18:00 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-02 18:00 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-02 18:00 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-02 18:00 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-02 18:00 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-02 18:00 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-02 18:00 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-02 18:00 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-02 18:00 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-02 18:00 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-02 18:00 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-02 17:59 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-02 17:59 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-02 17:59 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-02 17:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-02 17:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-02 17:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-02 17:59 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-02 17:59 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-02 17:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-02 17:59 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-02 17:59 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-02 17:59 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-02 17:59 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-02 17:59 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-02 17:59 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-02 17:59 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-02 17:59 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-02-02 17:59 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-02 17:59 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-02 17:59 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-02-02 17:59 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-02 17:59 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-02-02 17:59 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-02 17:59 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-02-02 17:59 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-02 17:59 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-02 17:59 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-02 17:59 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-02 17:59 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-02 17:59 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-02 17:59 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-02 17:59 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-02 17:59 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-02 17:59 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-02 17:59 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-02-02 17:59 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-02 17:59 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-02 17:59 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-02 17:59 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-02 17:59 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-02 17:59 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-02-02 17:59 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-02-02 17:59 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-02-02 17:59 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-02-02 17:59 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-02-02 17:58 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-02-02 17:58 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-02-02 17:58 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-02 17:58 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-02 17:58 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-02-02 17:58 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-02-02 17:58 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-02 17:39 - 2015-02-02 17:39 - 00000703 _____ () C:\Users\kriD\Desktop\Revo Uninstaller.lnk
2015-02-02 10:16 - 2015-02-02 10:16 - 00000262 _____ () C:\Users\kriD\Desktop\Video Downloader entfernen - Trojaner-Board.URL
2015-02-02 10:14 - 2015-02-02 10:14 - 00000000 ____D () C:\Program Files (x86)\Download Button
2015-02-01 21:14 - 2015-02-01 21:14 - 00000000 ____D () C:\Program Files (x86)\DubLi Toolbar
2015-02-01 12:54 - 2015-02-01 12:54 - 00000000 ____D () C:\Program Files (x86)\Tab Resize split screen layouts
2015-01-31 20:59 - 2015-01-31 20:59 - 00000000 ____D () C:\Program Files (x86)\Fairy Tail Fighting
2015-01-30 12:11 - 2015-01-30 12:11 - 00000260 _____ () C:\Users\kriD\Desktop\CouponDropDown entfernen - Trojaner-Board.URL
2015-01-30 12:11 - 2015-01-30 12:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 12:03 - 2015-02-02 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-30 12:02 - 2015-02-04 20:24 - 00000000 ____D () C:\Users\kriD\Desktop\mbar
2015-01-30 11:37 - 2015-01-30 11:37 - 00000000 ____D () C:\Program Files (x86)\UGamesFree
2015-01-30 10:33 - 2015-01-30 10:33 - 00000000 ____D () C:\Program Files (x86)\Extreme User Agent Switcher
2015-01-29 10:43 - 2015-01-29 10:43 - 00000000 ____D () C:\Program Files (x86)\MetaProducts Offline Explorer integration
2015-01-29 10:15 - 2015-01-29 10:15 - 00000242 _____ () C:\Users\kriD\Desktop\how do i remove ads by coupon drop down from my browser i never installed it and it is not an add-on. it is not in my addrem.URL
2015-01-29 09:50 - 2015-01-29 10:21 - 00000000 ____D () C:\Program Files (x86)\Emotee
2015-01-29 03:04 - 2015-02-11 03:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 02:53 - 2015-02-02 20:39 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 02:53 - 2015-01-29 02:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 02:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 02:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 12:29 - 2015-02-11 03:53 - 00000000 ____D () C:\AdwCleaner
2015-01-27 00:05 - 2015-01-27 00:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 22:23 - 2015-01-24 22:23 - 00000244 _____ () C:\Users\kriD\Desktop\Alfie Utility - Utility CaseGlassesPens.URL
2015-01-24 22:23 - 2015-01-24 22:23 - 00000233 _____ () C:\Users\kriD\Desktop\Pinterest.URL
2015-01-24 16:54 - 2015-01-24 20:52 - 01207492 _____ () C:\Users\kriD\Desktop\cutting pattern initial signs.psd
2015-01-20 21:06 - 2015-01-20 21:06 - 635104812 _____ () C:\Users\kriD\Desktop\IloveMUSIC wallpaper.psd
2015-01-18 19:31 - 2015-02-06 11:24 - 07577595 _____ () C:\Users\kriD\Desktop\handy cover cutting pattern.psd
2015-01-16 21:48 - 2015-01-20 21:24 - 12562263 _____ () C:\Users\kriD\Desktop\cutting pattern small wallet leo disassembled.psd
2015-01-16 19:51 - 2015-01-16 19:51 - 00897534 _____ () C:\Users\kriD\Desktop\button scribble.psd
2015-01-15 21:01 - 2015-01-23 20:51 - 12467407 _____ () C:\Users\kriD\Desktop\cutting pattern small wallet leo.psd
2015-01-15 01:59 - 2015-01-15 01:59 - 110381935 _____ () C:\Users\kriD\Desktop\wallpaper organic.psd
2015-01-13 21:58 - 2015-01-13 21:58 - 00000247 _____ () C:\Users\kriD\Desktop\Ring Belts.URL
2015-01-13 21:57 - 2015-01-13 21:57 - 00000273 _____ () C:\Users\kriD\Desktop\CoRLection Santa Rosa by HTC Ying Yang Double Ring belt.URL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 23:34 - 2009-07-14 05:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 23:34 - 2009-07-14 05:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 23:32 - 2011-04-12 09:14 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-02-11 23:32 - 2011-04-12 09:14 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-02-11 23:32 - 2009-07-14 06:12 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-11 23:31 - 2014-07-06 10:36 - 01500537 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 23:27 - 2014-07-14 09:47 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Dropbox
2015-02-11 23:27 - 2014-07-08 18:19 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\foobar2000
2015-02-11 23:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 23:27 - 2009-07-14 05:56 - 00113353 _____ () C:\Windows\setupact.log
2015-02-11 03:53 - 2010-11-21 04:47 - 00032580 _____ () C:\Windows\PFRO.log
2015-02-11 03:50 - 2014-07-10 21:08 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-11 00:56 - 2014-09-23 21:34 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\TS3Client
2015-02-10 22:50 - 2014-07-07 08:09 - 00000000 ____D () C:\Program Files (x86)\Heroes of Newerth
2015-02-09 22:45 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-08 21:10 - 2014-07-07 12:50 - 00000000 ____D () C:\Users\kriD\AppData\Local\Adobe
2015-02-08 21:10 - 2014-07-07 07:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-08 21:10 - 2014-07-07 07:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-07 13:18 - 2014-12-08 20:54 - 00000000 ____D () C:\Users\kriD\Documents\AirDroid
2015-02-06 11:21 - 2014-07-10 20:34 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-05 11:08 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-04 02:11 - 2014-08-10 22:02 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Mumble
2015-02-03 13:51 - 2015-01-05 12:06 - 00000000 ____D () C:\Users\kriD\Desktop\Alte Firefox-Daten
2015-02-03 13:36 - 2014-07-06 11:17 - 00000000 ____D () C:\Windows\pss
2015-02-02 21:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-02 20:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2015-02-02 20:24 - 2009-07-14 05:50 - 04970744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-02 20:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-02 18:03 - 2014-07-06 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-02 10:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2015-01-30 11:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Vss
2015-01-29 09:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-01-28 11:50 - 2014-07-30 20:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 10:12 - 2014-10-21 00:51 - 00010508 _____ () C:\Users\kriD\Desktop\Leder.xlsx
2015-01-20 16:42 - 2014-08-20 09:40 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-15 03:32 - 2014-08-28 21:41 - 00000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-14 22:17 - 2014-07-06 13:14 - 00000000 ____D () C:\Users\kriD\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2015-01-08 00:29 - 2015-01-08 00:29 - 0000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2014-08-28 21:41 - 2015-01-15 03:32 - 0000132 _____ () C:\Users\kriD\AppData\Roaming\Adobe PNG Format CS5 Prefs

Some content of TEMP:
====================
C:\Users\kriD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvep1my.dll
C:\Users\kriD\AppData\Local\Temp\Quarantine.exe
C:\Users\kriD\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 21:32

==================== End Of Log ============================
         
--- --- ---



und Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by kriD at 2015-02-12 10:26:29
Running from E:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AirDroid 3.0.1 (HKLM-x32\...\AirDroid) (Version: 3.0.1 - Sand Studio)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcaniA – Gothic 4 (HKLM-x32\...\Steam App 39690) (Version:  - Spellbound Studios)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.3.0.0254 - Disc Soft Ltd)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EViews 7 (HKLM-x32\...\{6A5AEDA0-3B9E-4006-90A7-E78779951A43}) (Version:  - )
EViews 7 (HKLM-x32\...\{B68FC32E-D58F-4B74-A838-B265BF40A445}) (Version:  - )
EViews 7.1 Documentation (HKLM-x32\...\{A6B1D5D2-2CB1-4FBC-B3AA-BEC656406215}) (Version:  - )
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
Mumble 1.2.8 (HKLM-x32\...\{1BC144A3-20EF-49DD-8EBB-E421E128E30F}) (Version: 1.2.8 - Thorvald Natvig)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.0.150 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.8.382 - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
ObjectDock Plus (HKLM-x32\...\ObjectDock Plus2.01) (Version: 2.01 - Stardock Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PureSync (x32 Version: 3.8.0 - Jumping Bytes) Hidden
PureSync 3.8.0 (HKLM-x32\...\PureSync) (Version: 3.8.0 - Jumping Bytes)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Risen 3 - Titan Lords (HKLM-x32\...\Steam App 249230) (Version:  - Piranha Bytes)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
Strife (HKLM-x32\...\Strife) (Version:  - S2 Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Telegram Desktop version 0.7.13 (HKU\S-1-5-21-2803228219-286040756-942108547-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.13 - Telegram Messenger LLP)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2803228219-286040756-942108547-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kriD\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

05-02-2015 10:55:23 Revo Uninstaller's restore point - DisocoUntExttensi
05-02-2015 10:56:19 Revo Uninstaller's restore point - Dr.Web Anti-Virus Link Checker
05-02-2015 10:57:00 Revo Uninstaller's restore point - ShooppDroop
05-02-2015 10:57:48 Revo Uninstaller's restore point - Extreme Blocker
05-02-2015 10:58:31 Revo Uninstaller's restore point - Isaavaeeri
05-02-2015 10:58:58 Revo Uninstaller's restore point - JoNiCoupon
05-02-2015 10:59:22 Revo Uninstaller's restore point - Panel View for Play Music
05-02-2015 10:59:49 Revo Uninstaller's restore point - DigiCouPOnn
05-02-2015 11:00:16 Revo Uninstaller's restore point - DigiSaveR
05-02-2015 11:00:38 Revo Uninstaller's restore point - EneJoayCooupoN
05-02-2015 11:01:03 Revo Uninstaller's restore point - SimpleClear
09-02-2015 19:38:41 Revo Uninstaller's restore point - Browser AdBlocker
09-02-2015 19:39:57 Revo Uninstaller's restore point - Windows 8 App Store
09-02-2015 19:40:34 Revo Uninstaller's restore point - RegouLaRDealSS
09-02-2015 19:40:56 Revo Uninstaller's restore point - NeawSaivEr
09-02-2015 19:41:22 Revo Uninstaller's restore point - Jobisjob Alerts
09-02-2015 19:41:46 Revo Uninstaller's restore point - IIsiaver
09-02-2015 19:42:08 Revo Uninstaller's restore point - ENjOyyCCoupoon
09-02-2015 19:42:30 Revo Uninstaller's restore point - TakeTHeCoupoN
09-02-2015 19:42:53 Revo Uninstaller's restore point - SaveaNNeewaaApppez
09-02-2015 19:43:32 Revo Uninstaller's restore point - Reddit Liquid Streams
09-02-2015 19:44:01 Revo Uninstaller's restore point - JoniCOupoin
09-02-2015 19:44:29 Revo Uninstaller's restore point - Fix Url Links Redirect
09-02-2015 19:44:54 Revo Uninstaller's restore point - DDeAlExiprEss

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-10 10:12 - 00000057 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {8003F45B-C700-4A6B-846B-EE120783A444} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A592B856-120F-4870-8A38-A6F2904913E4} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) ==============

2014-07-28 19:29 - 2014-07-28 19:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 19:32 - 2014-07-28 19:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 19:29 - 2014-07-28 19:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 19:31 - 2014-07-28 19:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00504832 _____ () D:\Tools\SteelSeries Engine\SSEngineLib.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 09315328 _____ () D:\Tools\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00015872 _____ () D:\Tools\SteelSeries Engine\Localization.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () D:\Tools\SteelSeries Engine\ISSPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () D:\Tools\SteelSeries Engine\Utilities.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00115200 _____ () D:\Tools\SteelSeries Engine\DriverCommunication.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 00047616 _____ () D:\Tools\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00034304 _____ () D:\Tools\SteelSeries Engine\DBUtils.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 01102336 _____ () D:\Tools\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00189440 _____ () D:\Tools\SteelSeries Engine\MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00031744 _____ () D:\Tools\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\SRawPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00159744 _____ () D:\Tools\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00020992 _____ () D:\Tools\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00029696 _____ () D:\Tools\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () D:\Tools\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00023040 _____ () D:\Tools\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () D:\Tools\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () D:\Tools\SteelSeries Engine\WoTMousePlugin.dll
2014-05-25 15:18 - 2014-05-25 15:18 - 00036536 _____ () D:\Tools\Rainmeter\Rainmeter.exe
2014-05-25 15:18 - 2014-05-25 15:18 - 00747192 _____ () D:\Tools\Rainmeter\Rainmeter.dll
2014-05-25 15:17 - 2014-05-25 15:17 - 00019968 _____ () D:\Tools\Rainmeter\Plugins\SysInfo.dll
2014-05-25 15:17 - 2014-05-25 15:17 - 00056832 _____ () D:\Tools\Rainmeter\Plugins\WebParser.dll
2014-08-04 18:37 - 2014-04-21 23:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-02-12 10:24 - 2015-02-12 10:24 - 00852594 _____ () E:\Downloads\SecurityCheck(1).exe
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-11 23:27 - 2015-02-11 23:27 - 00043008 _____ () c:\users\krid\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvep1my.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\kriD\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-05-04 12:57 - 2013-05-04 12:57 - 00095712 _____ () D:\Tools\foobar2000\zlib1.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 00156624 _____ () D:\Tools\foobar2000\shared.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00501248 _____ () D:\Tools\foobar2000\components\foo_converter.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00199680 _____ () D:\Tools\foobar2000\components\foo_dsp_std.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00299520 _____ () D:\Tools\foobar2000\components\foo_freedb2.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00199168 _____ () D:\Tools\foobar2000\components\foo_dsp_eq.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00353280 _____ () D:\Tools\foobar2000\components\foo_rgscan.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00350720 _____ () D:\Tools\foobar2000\components\foo_albumlist.dll
2014-04-11 10:48 - 2014-04-11 10:48 - 00173056 _____ () D:\Tools\foobar2000\components\foo_unpack.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 01391080 _____ () D:\Tools\foobar2000\components\foo_input_std.dll
2014-04-11 10:51 - 2014-04-11 10:51 - 00945128 _____ () D:\Tools\foobar2000\components\foo_ui_std.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00304640 _____ () D:\Tools\foobar2000\components\foo_cdda.dll
2014-04-11 10:49 - 2014-04-11 10:49 - 00285696 _____ () D:\Tools\foobar2000\components\foo_fileops.dll
2015-01-14 14:48 - 2015-01-14 14:48 - 03347056 _____ () D:\Tools\Thunderbird\mozjs.dll
2015-01-14 14:48 - 2015-01-14 14:48 - 00158832 _____ () D:\Tools\Thunderbird\NSLDAP32V60.dll
2015-01-14 14:48 - 2015-01-14 14:48 - 00023152 _____ () D:\Tools\Thunderbird\NSLDAPPR32V60.dll
2015-01-27 00:05 - 2015-01-27 00:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2803228219-286040756-942108547-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kriD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: Disc Soft Bus Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^debug.nfo => C:\Windows\pss\debug.nfo.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^foobar2000.lnk => C:\Windows\pss\foobar2000.lnk.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfan.exe => C:\Windows\pss\speedfan.exe.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfanevents.cfg => C:\Windows\pss\speedfanevents.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfanparams.cfg => C:\Windows\pss\speedfanparams.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^speedfansens.cfg => C:\Windows\pss\speedfansens.cfg.Startup
MSCONFIG\startupfolder: C:^Users^kriD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk => C:\Windows\pss\Stardock ObjectDock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AirDroid 3 => D:\Tools\Airdroid\AirDroid.exe /start
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "D:\Tools\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "D:\Tools\Microsoft Office 2007\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SDTray => "D:\Tools\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Accounts: =============================

Administrator (S-1-5-21-2803228219-286040756-942108547-500 - Administrator - Disabled)
Gast (S-1-5-21-2803228219-286040756-942108547-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2803228219-286040756-942108547-1002 - Limited - Enabled)
kriD (S-1-5-21-2803228219-286040756-942108547-1000 - Administrator - Enabled) => C:\Users\kriD

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Audiocontroller für Multimedia
Description: Audiocontroller für Multimedia
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2015 10:23:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/12/2015 06:10:23 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "Ex C (G:)" wurde aufgrund eines Fehlers nicht defragmentiert: Der Datenträger wurde vom System getrennt. (0x89000011)

Error: (02/12/2015 05:07:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/12/2015 05:07:18 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/11/2015 11:30:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/11/2015 11:30:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/11/2015 11:27:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/12/2015 06:10:26 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error: (02/12/2015 06:10:24 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error: (02/12/2015 06:10:23 AM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk3\DR3 ist für den Zugriff noch nicht bereit.

Error: (02/12/2015 06:10:23 AM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk3\DR3 ist für den Zugriff noch nicht bereit.

Error: (02/12/2015 06:10:23 AM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk3\DR3 ist für den Zugriff noch nicht bereit.

Error: (02/12/2015 06:10:23 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (02/12/2015 06:10:23 AM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk3\DR3 ist für den Zugriff noch nicht bereit.

Error: (02/12/2015 06:10:23 AM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk3\DR3 ist für den Zugriff noch nicht bereit.

Error: (02/12/2015 06:10:23 AM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk3\DR3 ist für den Zugriff noch nicht bereit.

Error: (02/12/2015 06:10:23 AM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk3\DR3 ist für den Zugriff noch nicht bereit.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-09 22:44:55.709
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-09 22:44:55.672
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-09 22:44:55.636
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-09 22:44:55.601
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-05 11:07:17.522
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-05 11:07:17.488
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Percentage of memory in use: 18%
Total physical RAM: 15826.73 MB
Available physical RAM: 12931.6 MB
Total Pagefile: 31651.64 MB
Available Pagefile: 28749.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:232.88 GB) (Free:160.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Programme) (Fixed) (Total:976.56 GB) (Free:904.62 GB) NTFS
Drive e: (Daten) (Fixed) (Total:2749.33 GB) (Free:1508.62 GB) NTFS
Drive f: (Backup) (Fixed) (Total:931.51 GB) (Free:853.26 GB) NTFS
Drive i: (TOURO) (Fixed) (Total:931.51 GB) (Free:489.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B2F52B71)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: A33D020D)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CD0FD048)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Danke und LG, kriD_

Alt 12.02.2015, 18:48   #30
schrauber
/// the machine
/// TB-Ausbilder
 

Firefox: Werbe-Addons installieren sich selbsständig neu - Standard

Firefox: Werbe-Addons installieren sich selbsständig neu



Was ist Laufwerk E und G?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Firefox: Werbe-Addons installieren sich selbsständig neu
.dll, addon, booten, browser, cheapme, desktop, downloader, downloadlink, einstellungen, explorer, fehlermeldung, firefox, frage, google, helper, internet, internet explorer, junkware, langsam, launch, malware, mozilla, popup, popups, schutz, software, super, system, werbung, win32/adware.multiplug.eg, win64/adware.multiplug.f, windows, öffnet




Ähnliche Themen: Firefox: Werbe-Addons installieren sich selbsständig neu


  1. Avira lässt sich nicht installieren, Firefox macht zig Fenster auf
    Plagegeister aller Art und deren Bekämpfung - 29.03.2015 (31)
  2. avast! meldet: URL Mal - https://54.186.138.97 - firefox.exe / Firefox addons unter anderem QueenaCouppoN
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (4)
  3. Firefox - addons verschwunden - Download Protect als Ursache?
    Plagegeister aller Art und deren Bekämpfung - 21.11.2014 (7)
  4. Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig
    Log-Analyse und Auswertung - 11.07.2014 (9)
  5. Werbe Tabs öffnen sich in Firefox
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (20)
  6. Werbe-PopUps öffnen sich in Firefox
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (13)
  7. Windows 7: Weißes Popup in Firefox, OfferMosquito in Addons, anderer Startbildschirm
    Log-Analyse und Auswertung - 17.09.2013 (7)
  8. IE9 64bit und Firefox starten nicht / Firefox lässt sich nicht neu installieren
    Log-Analyse und Auswertung - 14.03.2012 (17)
  9. Firefox addons unbemerkte installation?
    Plagegeister aller Art und deren Bekämpfung - 22.01.2012 (4)
  10. Rechner meldet sich selbsständig an und ab
    Plagegeister aller Art und deren Bekämpfung - 02.11.2009 (4)
  11. Firefox lässt sich nicht downloaden und installieren
    Alles rund um Windows - 14.09.2009 (21)
  12. Firefox: Buttons + Addons funktionieren nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 06.09.2009 (3)
  13. Flash Player lässt sich nicht für Firefox (nur für Opera) installieren!
    Alles rund um Windows - 06.07.2008 (1)
  14. Firefox Problem seiten öffnen sich selbsständig
    Log-Analyse und Auswertung - 26.02.2008 (6)
  15. IE macht sich selbsständig
    Log-Analyse und Auswertung - 18.12.2007 (7)
  16. Internet Explorer öffnet sich selbsständig, hängt sich auf
    Log-Analyse und Auswertung - 09.11.2007 (10)
  17. Firefox update lässt sich nicht installieren.
    Alles rund um Windows - 09.08.2007 (2)

Zum Thema Firefox: Werbe-Addons installieren sich selbsständig neu - Noch Probleme mit dem Rechner? - Firefox: Werbe-Addons installieren sich selbsständig neu...
Archiv
Du betrachtest: Firefox: Werbe-Addons installieren sich selbsständig neu auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.