Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: weiter leiten auf seektoexplore.com

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.02.2015, 20:03   #1
vivi12
 
weiter leiten auf seektoexplore.com - Frage

weiter leiten auf seektoexplore.com



Hallo,
ich bin neu hier und wenn es das Thema schon gibt dann tut es mir leid....
Nun zu mein Problem ich werde bei einigen seiten auf diese Seite geleitet seektoexplore.com
und ich habe keine Ahnung wie ich das wieder weg bekomme. Ich habe Windows 8.1, 64 bit und benutze google chrome.

danke schon mal für eure hilfe.

Lg Vivi

Alt 04.02.2015, 20:37   #2
schrauber
/// the machine
/// TB-Ausbilder
 

weiter leiten auf seektoexplore.com - Standard

weiter leiten auf seektoexplore.com



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 04.02.2015, 21:01   #3
vivi12
 
weiter leiten auf seektoexplore.com - Standard

weiter leiten auf seektoexplore.com



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by viola (administrator) on VIVI on 04-02-2015 20:51:13
Running from C:\Users\viola\Downloads
Loaded Profiles: viola (Available profiles: viola & vivi)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Time Lapse Solutions) C:\ProgramData\IEtikvV\kPNWJrtEO.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe
() C:\Users\viola\AppData\Local\Apps\2.0\Y3PX7N47.R1Z\NDDAWNER.8KC\dros..tion_0000000000000000_0001.0000_b92f9a6a28f6c42c\Dros.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(sw4you) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(BitTorrent Inc.) C:\Users\viola\AppData\Roaming\uTorrent\uTorrent.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\viola\AppData\Roaming\Search Protection\SP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2406152 2014-12-10] (FSPro Labs)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\Run: [uTorrent] => C:\Users\viola\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-16] (BitTorrent Inc.)
HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\Run: [Driver Operating Service] => C:\Users\viola\AppData\Local\Apps\2.0\Y3PX7N47.R1Z\NDDAWNER.8KC\dros..tion_0000000000000000_0001.0000_b92f9a6a28f6c42c\Driver Operating Service.appref-ms
HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\Run: [Search Protection] => C:\Users\viola\AppData\Roaming\Search Protection\SP.EXE [1128760 2015-01-16] ()
HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\Run: [Browser Extensions] => C:\Users\viola\AppData\Roaming\BrowserExtensions\BEHelper.exe [544720 2015-01-06] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you)
Startup: C:\Users\viola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKU\S-1-5-21-2666474899-350018585-593986233-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2666474899-350018585-593986233-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = webssearches
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = webssearches
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1421753800&from=cvs5&uid=HGSTXHTS541010A9E680_JA1000CRGLENEKGLENEKX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1421753800&from=cvs5&uid=HGSTXHTS541010A9E680_JA1000CRGLENEKGLENEKX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1421753800&from=cvs5&uid=HGSTXHTS541010A9E680_JA1000CRGLENEKGLENEKX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1421753800&from=cvs5&uid=HGSTXHTS541010A9E680_JA1000CRGLENEKGLENEKX&q={searchTerms}
HKU\S-1-5-21-2666474899-350018585-593986233-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2666474899-350018585-593986233-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ie
HKU\S-1-5-21-2666474899-350018585-593986233-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2666474899-350018585-593986233-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = webssearches
HKU\S-1-5-21-2666474899-350018585-593986233-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Websuche
SearchScopes: HKLM -> {B92C6BBE-B353-4150-B296-7EA19B33CC4F} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2666474899-350018585-593986233-1001 -> DefaultScope {BAD33D88-0010-4A7A-8662-63CE860E410F} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2666474899-350018585-593986233-1001 -> {0B6BAD7D-8253-43A0-90B3-19973562AB14} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2666474899-350018585-593986233-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1421753800&from=cvs5&uid=HGSTXHTS541010A9E680_JA1000CRGLENEKGLENEKX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2666474899-350018585-593986233-1001 -> {B92C6BBE-B353-4150-B296-7EA19B33CC4F} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2666474899-350018585-593986233-1001 -> {BAD33D88-0010-4A7A-8662-63CE860E410F} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\viola\AppData\Roaming\BrowserExtensions\Coupons64.dll ()
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\viola\AppData\Roaming\BrowserExtensions\Coupons.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1A4A08AE-D7EA-48B1-851D-095D0A117FFD}: [NameServer] 5.79.84.141,8.38.77.107
Tcpip\..\Interfaces\{3266F5EC-60BB-4599-AB7C-75726E324735}: [NameServer] 5.79.84.141,8.38.77.107
Tcpip\..\Interfaces\{71555489-031F-46F2-8E7C-716AA7EA013D}: [NameServer] 5.79.84.141,8.38.77.107
Tcpip\..\Interfaces\{C3C5762B-ADAE-4510-ACAC-1FD7EDFCD3EC}: [NameServer] 5.79.84.141,8.38.77.107
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Yahoo!
FF Homepage: https://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ff
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF NetworkProxy: "http", "185.49.15.25:7808"
FF NetworkProxy: "http_port", 7808
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2666474899-350018585-593986233-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-2666474899-350018585-593986233-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\user.js
FF SearchPlugin: C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\searchplugins\websuche.xml
FF SearchPlugin: C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: Fast Start - C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\Extensions\faststartff@gmail.com [2015-01-20]
FF Extension: SparPilot - Gutscheine &amp; mehr... - C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\Extensions\sparpilot@sparpilot.com [2015-01-20]
FF Extension: WEB.DE MailCheck - C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\Extensions\toolbar@web.de [2014-12-22]
FF Extension: Slick Savings - C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [2015-02-03]
FF Extension: Start Page - C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\Extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} [2015-02-03]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\Extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C} [2015-02-03]
FF Extension: {99567925-5242-4b5f-a010-4a3f75a198f7} - C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\Extensions\{99567925-5242-4b5f-a010-4a3f75a198f7}.xpi [2015-02-03]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{34E6EBA0548DFE6F285CE07D7B0FE1B6} [2014-11-24]
FF Extension: ffChromeHelper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{71E4EA2FF4B4C459CBBBB89B3E6CD8AC} [2014-11-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-25]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe webssearches

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1421753800&from=cvs5&uid=HGSTXHTS541010A9E680_JA1000CRGLENEKGLENEKX
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1421753800&from=cvs5&uid=HGSTXHTS541010A9E680_JA1000CRGLENEKGLENEKX"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\viola\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-11]
CHR Extension: (Google Drive) - C:\Users\viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]
CHR Extension: (YouTube) - C:\Users\viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (WEB.DE MailCheck) - C:\Users\viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\viola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-23] (AVAST Software)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [66560 2013-10-08] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 kPNWJrtEO; C:\ProgramData\IEtikvV\kPNWJrtEO.exe [2734456 2014-12-20] (Time Lapse Solutions)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-07-02] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-07-02] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-20] (SysTool PasSame LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-23] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50976 2014-09-27] (AVG Technologies)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-02] (Disc Soft Ltd)
R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-12-28] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [27904 2013-08-08] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2979544 2013-09-26] (Realtek Semiconductor Corporation                           )
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-07-02] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 20:51 - 2015-02-04 20:52 - 00026483 _____ () C:\Users\viola\Downloads\FRST.txt
2015-02-04 20:51 - 2015-02-04 20:51 - 00000000 ____D () C:\FRST
2015-02-04 20:50 - 2015-02-04 20:50 - 02131968 _____ (Farbar) C:\Users\viola\Downloads\FRST64.exe
2015-02-04 18:28 - 2015-02-03 19:49 - 132042176 _____ () C:\Users\viola\Desktop\Lo Zipper intro Banane ohne Name 3.m2t
2015-02-04 18:28 - 2015-02-03 13:04 - 43925448 _____ () C:\Users\viola\Desktop\Lo Zipper Loz Santoz Recors Spongebozz Diss.m2t
2015-02-04 18:28 - 2015-02-03 12:02 - 21013512 _____ () C:\Users\viola\Desktop\Intro LoZipper Since.m2t
2015-02-04 18:26 - 2015-02-04 18:33 - 00000000 ____D () C:\Users\viola\Desktop\Warcraft III
2015-02-03 23:38 - 2015-02-03 23:38 - 33517302 _____ () C:\Users\viola\Desktop\Puppet Building Ep13.avi.mp4
2015-02-03 23:20 - 2015-02-03 23:22 - 00000000 ____D () C:\Users\viola\Desktop\Worms Armageddon v3.7.2.1
2015-02-03 23:19 - 2015-02-03 23:20 - 00000000 ____D () C:\Users\viola\Desktop\Spelunky HD [MULTI5][PC][P2P][WwW.GamesTorrents.CoM]
2015-02-03 23:13 - 2015-02-03 23:13 - 80117843 _____ () C:\Users\viola\Desktop\Anleitung (2_3) _ So bauen wir eine Muppet-ähnliche Handpuppe (HD).mp4
2015-02-03 23:13 - 2015-02-03 23:13 - 56289856 _____ () C:\Users\viola\Desktop\Anleitung (3_3) _ So bauen wir eine Muppet-ähnliche Handpuppe (HD).mp4
2015-02-03 23:12 - 2015-02-03 23:12 - 194352231 _____ () C:\Users\viola\Desktop\_EINE HANDPUPPE SELBER BASTELN _ HOW TO MAKE A PUPPET LIKE GODZILLA_ -Part 1_2.mp4
2015-02-03 23:12 - 2015-02-03 23:12 - 147853348 _____ () C:\Users\viola\Desktop\_EINE HANDPUPPE SELBER BASTELN _ HOW TO MAKE A PUPPET LIKE GODZILLA_ -Part 2_2.mp4
2015-02-03 23:11 - 2015-02-03 23:11 - 74036202 _____ () C:\Users\viola\Desktop\Anleitung (1_3) _ So bauen wir eine Muppet-ähnliche Handpuppe (HD).mp4
2015-02-03 23:10 - 2015-02-03 23:10 - 00000000 ____D () C:\Users\viola\AppData\Roaming\Search Protection
2015-02-03 23:10 - 2015-02-03 23:10 - 00000000 ____D () C:\Users\viola\AppData\Roaming\BrowserExtensions
2015-02-03 23:08 - 2015-02-03 23:08 - 00001307 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2015-02-03 23:08 - 2015-02-03 23:08 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2015-02-03 23:08 - 2015-02-03 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2015-02-03 23:08 - 2015-02-03 23:08 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications
2015-02-03 23:07 - 2015-02-03 23:07 - 00105808 _____ (GreenTree Applications SRL) C:\Users\viola\Downloads\YTDSetup.exe
2015-02-03 23:07 - 2015-02-03 23:07 - 00105808 _____ (GreenTree Applications SRL) C:\Users\viola\Downloads\YTDSetup (1).exe
2015-02-01 20:33 - 2015-02-01 20:33 - 00077728 _____ () C:\Users\viola\Downloads\FLVPlayer-Chrome.exe
2015-02-01 17:53 - 2015-02-01 17:54 - 00000000 ____D () C:\Users\viola\AppData\Roaming\Gomo
2015-02-01 17:53 - 2015-02-01 17:53 - 00001198 _____ () C:\Users\Public\Desktop\Gomo.lnk
2015-02-01 17:53 - 2015-02-01 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment
2015-02-01 17:53 - 2015-02-01 17:53 - 00000000 ____D () C:\Program Files (x86)\Daedalic Entertainment
2015-02-01 17:51 - 2014-02-17 14:39 - 00000000 ____D () C:\Users\viola\Desktop\defa-gomo
2015-02-01 17:37 - 2015-02-01 17:37 - 00020867 _____ () C:\Users\viola\Downloads\Capsized.%5BEnglish%5D%5BPCDVD%5D%5BWwW.GamesTorrents.CoM%5D.t7375.torrent
2015-02-01 17:36 - 2015-02-01 17:36 - 00014352 _____ () C:\Users\viola\Downloads\dont-starve-reign-of-giants-englishpcdvdcodexwwwgamestorrentsco..torrent
2015-02-01 17:12 - 2015-02-01 17:12 - 00000000 ____D () C:\Users\viola\AppData\Local\EMU
2015-02-01 17:10 - 2015-02-01 17:10 - 00000716 _____ () C:\WINDOWS\DirectX.log
2015-02-01 17:01 - 2015-02-01 17:01 - 00014538 _____ () C:\Users\viola\Downloads\halo-spartan-assault-multi14pcdvdrepack-rg-mechanicswwwgamestorrentsco..torrent
2015-02-01 16:56 - 2015-02-01 16:56 - 00016714 _____ () C:\Users\viola\Downloads\munin-plaz..torrent
2015-02-01 16:53 - 2015-02-01 16:53 - 00019961 _____ () C:\Users\viola\Downloads\The.Humans.%5BMULTI5%5D%5BPC%5D%5BWwW.GamesTorrents.CoM%5D.t4994.torrent
2015-02-01 16:51 - 2015-02-01 16:51 - 00032285 _____ () C:\Users\viola\Downloads\Dracula.Twins.%5BGERMAN%5D%5BPC%5D%5BWwW.GamesTorrents.CoM%5D.t6268.torrent
2015-02-01 16:43 - 2015-02-01 16:58 - 00000000 ____D () C:\Users\viola\Downloads\GOMO [MULTI9][PCDVD][DEFA][WwW.GamesTorrents.CoM]
2015-02-01 16:43 - 2015-02-01 16:43 - 00012532 _____ () C:\Users\viola\Downloads\gomo-multi9pcdvddefawwwgamestorrentsco..torrent
2015-02-01 16:41 - 2015-02-01 16:44 - 00000000 ____D () C:\Users\viola\Downloads\The Room [MULTI6][PCDVD][FLT][WwW.GamesTorrents.CoM]
2015-02-01 16:41 - 2015-02-01 16:41 - 00012554 _____ () C:\Users\viola\Downloads\the-room-multi6pcdvdfltwwwgamestorrentsco..torrent
2015-02-01 16:26 - 2015-02-01 16:26 - 00015126 _____ () C:\Users\viola\Downloads\Pokemon_GBA_collection_+_emulator.torrent
2015-02-01 16:26 - 2015-02-01 16:26 - 00015126 _____ () C:\Users\viola\Downloads\Pokemon_GBA_collection_+_emulator (1).torrent
2015-02-01 16:24 - 2015-02-01 16:29 - 00000000 ____D () C:\Program Files (x86)\JUJU
2015-02-01 16:12 - 2015-02-01 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Costume Quest 2
2015-02-01 16:11 - 2015-02-01 16:14 - 00000000 ____D () C:\Program Files (x86)\Costume Quest 2
2015-02-01 15:44 - 2015-02-01 16:07 - 00000000 ____D () C:\Users\viola\Downloads\Spelunky HD [MULTI5][PC][P2P][WwW.GamesTorrents.CoM]
2015-02-01 15:44 - 2015-02-01 15:44 - 00012556 _____ () C:\Users\viola\Downloads\spelunky-hd-multi5pcp2pwwwgamestorrentsco..torrent
2015-02-01 15:33 - 2015-02-01 16:10 - 00000000 ____D () C:\Users\viola\Downloads\JUJU [MULTI8][PCDVD][HI2U][WwW.GamesTorrents.CoM]
2015-02-01 15:32 - 2015-02-01 16:03 - 00000000 ____D () C:\Users\viola\Downloads\Costume Quest 2 [MULTI5][PCDVD][PLAZA][WwW.GamesTorrents.CoM]
2015-02-01 15:31 - 2015-02-01 15:31 - 00011969 _____ () C:\Users\viola\Downloads\costume-quest-2-multi5pcdvdplazawwwgamestorrentsco..torrent
2015-02-01 15:26 - 2015-02-01 15:26 - 00017170 _____ () C:\Users\viola\Downloads\chaos-on-deponia-multi9pcdvdprophetwwwgamestorrentsco..torrent
2015-02-01 15:24 - 2015-02-01 15:24 - 00017524 _____ () C:\Users\viola\Downloads\juju-multi8pcdvdhi2uwwwgamestorrentsco..torrent
2015-02-01 15:20 - 2015-02-01 15:20 - 00018630 _____ () C:\Users\viola\Downloads\Goodbye.Deponia.MULTi5-PROPHET..torrent
2015-01-27 12:49 - 2015-01-27 12:49 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2666474899-350018585-593986233-1002
2015-01-27 12:44 - 2015-01-27 12:44 - 00000000 ____D () C:\Users\vivi\AppData\Roaming\AVAST Software
2015-01-27 12:44 - 2015-01-27 12:44 - 00000000 ____D () C:\Users\vivi\AppData\Roaming\ASUS WebStorage
2015-01-27 12:43 - 2015-01-27 12:44 - 00000074 _____ () C:\Users\vivi\AppData\Roaming\sp_data.sys
2015-01-27 12:42 - 2015-01-27 12:42 - 00002269 _____ () C:\Users\vivi\Desktop\Google Chrome.lnk
2015-01-27 12:42 - 2015-01-27 12:42 - 00001412 _____ () C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 12:42 - 2015-01-27 12:42 - 00000000 ____D () C:\Users\vivi\AppData\Roaming\Adobe
2015-01-27 12:42 - 2015-01-27 12:42 - 00000000 ____D () C:\Users\vivi\AppData\Local\VirtualStore
2015-01-27 12:42 - 2015-01-27 12:42 - 00000000 ____D () C:\Users\vivi\AppData\Local\Google
2015-01-27 12:41 - 2015-01-27 12:51 - 00001894 _____ () C:\Users\vivi\AppData\Local\BTServer.log
2015-01-27 12:41 - 2015-01-27 12:47 - 00000000 ____D () C:\Users\vivi\AppData\Local\Packages
2015-01-27 12:41 - 2015-01-27 12:43 - 00000000 ____D () C:\Users\vivi
2015-01-27 12:41 - 2015-01-27 12:41 - 00000020 ___SH () C:\Users\vivi\ntuser.ini
2015-01-27 12:41 - 2015-01-27 12:41 - 00000000 _SHDL () C:\Users\vivi\Vorlagen
2015-01-27 12:41 - 2015-01-27 12:41 - 00000000 _SHDL () C:\Users\vivi\Startmenü
2015-01-27 12:41 - 2015-01-27 12:41 - 00000000 _SHDL () C:\Users\vivi\Netzwerkumgebung
2015-01-27 12:41 - 2015-01-27 12:41 - 00000000 _SHDL () C:\Users\vivi\Lokale Einstellungen
2015-01-27 12:41 - 2015-01-27 12:41 - 00000000 _SHDL () C:\Users\vivi\Eigene Dateien
2015-01-27 12:41 - 2015-01-27 12:41 - 00000000 _SHDL () C:\Users\vivi\Druckumgebung
2015-01-27 12:41 - 2015-01-27 12:41 - 00000000 _SHDL () C:\Users\vivi\Documents\Eigene Musik
2015-01-27 12:41 - 2015-01-27 12:41 - 00000000 _SHDL () C:\Users\vivi\Documents\Eigene Bilder
2015-01-27 12:41 - 2015-01-27 12:41 - 00000000 _SHDL () C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-27 12:41 - 2015-01-27 12:41 - 00000000 _SHDL () C:\Users\vivi\AppData\Local\Verlauf
2015-01-27 12:41 - 2015-01-27 12:41 - 00000000 _SHDL () C:\Users\vivi\AppData\Local\Anwendungsdaten
2015-01-27 12:41 - 2015-01-27 12:41 - 00000000 _SHDL () C:\Users\vivi\Anwendungsdaten
2015-01-27 12:41 - 2015-01-27 12:41 - 00000000 ____D () C:\Users\vivi\Documents\My Bluetooth
2015-01-27 12:41 - 2014-08-27 18:00 - 00000000 ____D () C:\Users\vivi\AppData\Roaming\Macromedia
2015-01-27 12:41 - 2014-07-02 14:19 - 00000000 ___RD () C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-27 12:41 - 2014-03-18 11:31 - 00000000 ___RD () C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-27 12:41 - 2014-03-18 11:11 - 00000369 _____ () C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-27 12:41 - 2014-03-18 11:11 - 00000369 _____ () C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-27 12:41 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-27 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-27 12:39 - 2015-01-27 12:39 - 00001296 _____ () C:\Users\TEMP\Desktop\hh.reg
2015-01-27 12:28 - 2015-01-27 12:29 - 00000000 ____D () C:\Users\TEMP\AppData\Local\ZombieInvasion
2015-01-27 12:28 - 2015-01-27 12:28 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\AVAST Software
2015-01-27 12:28 - 2015-01-27 12:28 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\ASUS WebStorage
2015-01-27 12:27 - 2015-01-27 12:28 - 00002269 _____ () C:\Users\TEMP\Desktop\Google Chrome.lnk
2015-01-27 12:27 - 2015-01-27 12:28 - 00000074 _____ () C:\Users\TEMP\AppData\Roaming\sp_data.sys
2015-01-27 12:27 - 2015-01-27 12:27 - 00001412 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 12:27 - 2015-01-27 12:27 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Adobe
2015-01-27 12:27 - 2015-01-27 12:27 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Packages
2015-01-27 12:27 - 2015-01-27 12:27 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2015-01-27 12:26 - 2015-01-27 12:39 - 00001894 _____ () C:\Users\TEMP\AppData\Local\BTServer.log
2015-01-27 12:26 - 2015-01-27 12:27 - 00000000 ____D () C:\Users\TEMP
2015-01-27 12:26 - 2015-01-27 12:26 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2015-01-27 12:26 - 2015-01-27 12:26 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen
2015-01-27 12:26 - 2015-01-27 12:26 - 00000000 _SHDL () C:\Users\TEMP\Startmenü
2015-01-27 12:26 - 2015-01-27 12:26 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung
2015-01-27 12:26 - 2015-01-27 12:26 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen
2015-01-27 12:26 - 2015-01-27 12:26 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien
2015-01-27 12:26 - 2015-01-27 12:26 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung
2015-01-27 12:26 - 2015-01-27 12:26 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2015-01-27 12:26 - 2015-01-27 12:26 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2015-01-27 12:26 - 2015-01-27 12:26 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-27 12:26 - 2015-01-27 12:26 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf
2015-01-27 12:26 - 2015-01-27 12:26 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten
2015-01-27 12:26 - 2015-01-27 12:26 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten
2015-01-27 12:26 - 2015-01-27 12:26 - 00000000 ____D () C:\Users\TEMP\Documents\My Bluetooth
2015-01-27 12:26 - 2014-08-27 18:00 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
2015-01-27 12:26 - 2014-07-02 14:19 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-27 12:26 - 2014-03-18 11:31 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-27 12:26 - 2014-03-18 11:11 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-27 12:26 - 2014-03-18 11:11 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-27 12:26 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-27 12:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-27 00:25 - 2015-01-27 00:25 - 00003202 _____ () C:\WINDOWS\System32\Tasks\{233DAECF-9624-47B4-ADA0-E3E919218884}
2015-01-20 22:37 - 2015-01-20 22:40 - 00000000 ____D () C:\Users\viola\Downloads\Beast.Boxing.Turbo-PROPHET
2015-01-20 22:36 - 2015-01-20 22:36 - 00019575 _____ () C:\Users\viola\Downloads\beastboxingturbo-prophe..torrent
2015-01-20 17:20 - 2015-01-20 17:57 - 113274417 _____ () C:\Users\viola\Downloads\352xY2JzF.rar
2015-01-20 12:38 - 2015-01-20 12:38 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-20 12:37 - 2015-01-27 00:33 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-20 12:37 - 2015-01-20 12:37 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-20 12:34 - 2015-01-20 12:34 - 00431008 _____ () C:\Users\viola\Downloads\FreeAudioConverterSetup-NdPwWyuTr.exe
2015-01-20 12:29 - 2015-01-27 00:25 - 00000000 ____D () C:\Users\viola\AppData\Local\WebPlayer
2015-01-20 12:29 - 2015-01-20 12:29 - 00431008 _____ () C:\Users\viola\Downloads\FLVPlayerSetup-N5HJitUif.exe
2015-01-20 11:19 - 2015-01-20 11:55 - 109566150 _____ () C:\Users\viola\Downloads\352E3kVRy.rar
2015-01-19 23:08 - 2015-01-19 23:43 - 106044008 _____ () C:\Users\viola\Downloads\352dqJDDQ.rar
2015-01-19 19:47 - 2015-01-19 20:22 - 107080816 _____ () C:\Users\viola\Downloads\5506.rar
2015-01-19 00:45 - 2015-01-19 00:45 - 109829936 _____ (Apple Inc.) C:\Users\viola\Downloads\iTunesSetup.exe
2015-01-18 21:35 - 2015-01-18 22:46 - 218208742 _____ () C:\Users\viola\Downloads\351QALJe3.rar
2015-01-18 20:57 - 2015-01-26 20:16 - 00003442 _____ () C:\WINDOWS\System32\Tasks\CleanerPro_Popup
2015-01-18 20:57 - 2015-01-26 20:16 - 00000000 ____D () C:\Users\viola\Documents\CleanerPro
2015-01-18 20:57 - 2015-01-18 20:57 - 00003178 _____ () C:\WINDOWS\System32\Tasks\CleanerPro_Start
2015-01-18 20:57 - 2015-01-18 20:57 - 00000000 ____D () C:\Users\viola\AppData\Local\CleanerPro
2015-01-18 20:56 - 2015-01-18 20:57 - 05749088 _____ (Cleaner Pro) C:\Users\viola\Downloads\cleaner-pro.exe
2015-01-18 20:43 - 2015-01-18 20:43 - 01195608 _____ (Elex do Brasil Participações Ltda) C:\Users\viola\Downloads\yet_another_cleaner_mat.exe
2015-01-18 20:42 - 2015-01-27 00:29 - 00000165 _____ () C:\WINDOWS\Reimage.ini
2015-01-18 20:42 - 2015-01-18 20:42 - 00775968 _____ (Reimage®) C:\Users\viola\Downloads\ReimageRepair.exe
2015-01-18 20:38 - 2015-02-04 20:12 - 00000000 ____D () C:\Users\viola\AppData\Local\ZombieInvasion
2015-01-18 20:23 - 2015-01-18 20:24 - 02186752 _____ () C:\Users\viola\Downloads\AdwCleaner_4.108.exe
2015-01-16 21:36 - 2015-01-16 22:13 - 111819234 _____ () C:\Users\viola\Downloads\352u4rWLG.rar
2015-01-16 18:04 - 2015-01-16 18:40 - 109942141 _____ () C:\Users\viola\Downloads\352bchWSq.rar
2015-01-15 21:47 - 2015-01-15 22:25 - 115151248 _____ () C:\Users\viola\Downloads\352rIzYGh.rar
2015-01-15 00:13 - 2015-01-15 00:48 - 109107714 _____ () C:\Users\viola\Downloads\352solfHt.rar
2015-01-14 20:12 - 2015-01-14 20:12 - 00003142 _____ () C:\WINDOWS\System32\Tasks\{CA41E25C-4D63-42EF-AF33-7A987D0DDBF6}
2015-01-14 20:05 - 2015-01-14 20:42 - 112627198 _____ () C:\Users\viola\Downloads\352LRaIms.rar
2015-01-14 16:52 - 2015-01-14 16:57 - 00000000 ____D () C:\Users\viola\AppData\Roaming\TS3Client
2015-01-14 16:09 - 2015-01-14 16:44 - 109646817 _____ () C:\Users\viola\Downloads\352wiZQYz.rar
2015-01-14 12:37 - 2015-01-14 13:13 - 111228984 _____ () C:\Users\viola\Downloads\352PVxaUU.rar
2015-01-13 22:40 - 2015-01-13 23:16 - 109548075 _____ () C:\Users\viola\Downloads\352F89uXB.rar
2015-01-13 18:43 - 2015-01-13 18:43 - 00001944 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-01-13 14:33 - 2015-01-13 15:08 - 107871778 _____ () C:\Users\viola\Downloads\352SvipeC.rar
2015-01-12 19:45 - 2015-01-12 20:20 - 107525013 _____ () C:\Users\viola\Downloads\352mrMmR6.rar
2015-01-11 22:36 - 2015-01-11 23:11 - 109128111 _____ () C:\Users\viola\Downloads\3528DER1g.rar
2015-01-11 15:52 - 2015-01-11 16:28 - 111402691 _____ () C:\Users\viola\Downloads\352vLw48i.rar
2015-01-11 11:02 - 2015-01-11 11:39 - 111533780 _____ () C:\Users\viola\Downloads\352AYgV5G.rar
2015-01-10 23:30 - 2015-01-11 00:06 - 109253123 _____ () C:\Users\viola\Downloads\3527tmQHO.rar
2015-01-10 20:12 - 2015-01-10 20:48 - 111556735 _____ () C:\Users\viola\Downloads\352MlYNop.rar
2015-01-09 22:46 - 2015-01-09 23:23 - 113471705 _____ () C:\Users\viola\Downloads\352LvoBa5.rar
2015-01-09 21:53 - 2015-01-09 21:53 - 00000000 ____D () C:\Users\viola\AppData\Roaming\OpenOffice
2015-01-09 21:51 - 2015-01-09 21:52 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-01-09 21:46 - 2015-01-09 21:47 - 165182416 _____ () C:\Users\viola\Downloads\OpenOffice_4.1.1_Win_x86_install_de.exe
2015-01-09 19:36 - 2015-01-09 20:11 - 108841855 _____ () C:\Users\viola\Downloads\352Ddxwz3.rar
2015-01-07 18:21 - 2015-01-07 19:04 - 131962857 _____ () C:\Users\viola\Downloads\352DoyAsX.rar
2015-01-06 22:06 - 2015-01-06 22:41 - 107855901 _____ () C:\Users\viola\Downloads\352ZyDpeT.rar
2015-01-06 18:59 - 2015-01-06 19:34 - 107975734 _____ () C:\Users\viola\Downloads\352uqFghf.rar
2015-01-05 23:24 - 2015-01-05 23:59 - 108188958 _____ () C:\Users\viola\Downloads\352OicwiJ.rar
2015-01-05 19:29 - 2015-01-05 20:05 - 110978997 _____ () C:\Users\viola\Downloads\352gU4SNF.rar
2015-01-05 16:29 - 2015-01-05 17:06 - 115013182 _____ () C:\Users\viola\Downloads\352fh3jFR.rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 20:50 - 2014-06-28 19:11 - 00000000 ____D () C:\Users\viola\AppData\Roaming\uTorrent
2015-02-04 20:48 - 2014-08-10 22:26 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{926DA7A3-AFBF-4BD9-B66C-1A2023BD0467}
2015-02-04 20:32 - 2014-09-27 18:06 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:32 - 2014-09-27 18:06 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-04 20:29 - 2014-06-19 03:57 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 20:28 - 2014-12-28 23:33 - 01352610 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-04 20:25 - 2014-06-22 19:13 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2666474899-350018585-593986233-1001
2015-02-04 20:20 - 2014-06-19 03:57 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-04 18:31 - 2014-08-24 19:45 - 00000000 ____D () C:\Users\viola\AppData\Roaming\vlc
2015-02-04 18:30 - 2014-03-18 11:03 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-04 18:30 - 2014-03-18 10:25 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-04 18:30 - 2014-03-18 10:25 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-04 15:01 - 2014-09-23 10:23 - 00000298 _____ () C:\WINDOWS\Tasks\FastAgain PC Booster_DEFAULT.job
2015-02-04 11:23 - 2014-09-23 10:23 - 00000306 _____ () C:\WINDOWS\Tasks\FastAgain PC Booster_UPDATES.job
2015-02-03 15:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-02 19:06 - 2014-06-19 03:24 - 00270288 _____ () C:\Users\viola\AppData\Local\BTServer.log
2015-02-01 19:18 - 2014-06-19 05:27 - 00000000 ___RD () C:\Users\viola\Desktop\hörspiele
2015-02-01 17:10 - 2014-01-23 15:41 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-01 16:29 - 2014-07-01 14:53 - 00000000 ____D () C:\Users\viola\Documents\My Games
2015-02-01 16:14 - 2014-07-10 11:38 - 00000000 ____D () C:\Users\viola\AppData\Roaming\Doublefine
2015-02-01 16:11 - 2014-07-01 11:08 - 00000000 ____D () C:\Users\viola\AppData\Roaming\DAEMON Tools Lite
2015-02-01 15:13 - 2014-10-19 13:31 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-02-01 15:13 - 2014-01-23 15:48 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-02-01 15:11 - 2014-07-02 15:21 - 00000000 ____D () C:\Users\viola\AppData\Local\Deployment
2015-02-01 15:11 - 2014-06-19 03:25 - 00000074 _____ () C:\Users\viola\AppData\Roaming\sp_data.sys
2015-01-27 12:52 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-27 12:51 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-27 12:44 - 2014-06-25 08:05 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-27 12:43 - 2014-07-02 15:21 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-01-27 12:11 - 2015-01-03 16:35 - 00005130 _____ () C:\WINDOWS\PFRO.log
2015-01-27 11:16 - 2014-07-02 13:45 - 00000000 ____D () C:\Users\viola
2015-01-20 12:42 - 2014-07-01 11:09 - 00000000 ____D () C:\Users\viola\AppData\Roaming\dlg
2015-01-20 12:41 - 2014-11-10 22:08 - 00000000 ____D () C:\Users\viola\AppData\Roaming\freac
2015-01-20 12:40 - 2014-11-10 22:07 - 00000000 ____D () C:\Program Files (x86)\freac
2015-01-20 12:36 - 2014-07-02 15:20 - 00001191 _____ () C:\Users\viola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 12:36 - 2014-06-19 03:57 - 00001660 _____ () C:\Users\viola\Desktop\Google Chrome.lnk
2015-01-18 20:45 - 2014-06-25 12:24 - 00000000 ____D () C:\AdwCleaner
2015-01-18 20:34 - 2014-10-20 20:45 - 00000000 ____D () C:\Users\viola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall
2015-01-18 20:34 - 2014-06-19 03:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-18 20:06 - 2014-10-21 20:19 - 00073728 _____ () C:\WINDOWS\SysWOW64\tasks.dll
2015-01-14 20:11 - 2014-10-20 19:53 - 00000000 ____D () C:\Users\viola\AppData\Local\Sony
2015-01-14 20:11 - 2014-10-20 19:53 - 00000000 ____D () C:\Program Files\Sony
2015-01-14 20:10 - 2014-10-20 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-01-14 20:10 - 2014-10-20 19:53 - 00000000 ____D () C:\ProgramData\Sony
2015-01-14 20:08 - 2014-08-11 21:40 - 00000000 ____D () C:\Users\viola\AppData\Roaming\Skype
2015-01-14 20:08 - 2014-08-11 21:40 - 00000000 ____D () C:\ProgramData\Skype
2015-01-13 18:42 - 2014-01-23 15:40 - 00000000 ____D () C:\ProgramData\Realtek
2015-01-13 18:40 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-01-13 18:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration

==================== Files in the root of some directories =======

2014-06-19 03:25 - 2015-02-01 15:11 - 0000074 _____ () C:\Users\viola\AppData\Roaming\sp_data.sys
2014-06-19 03:24 - 2015-02-02 19:06 - 0270288 _____ () C:\Users\viola\AppData\Local\BTServer.log
2014-07-21 21:53 - 2014-07-21 21:53 - 0591152 _____ (ClickMeIn Limited) C:\Users\viola\AppData\Local\nsu4AA0.tmp
2014-07-02 13:33 - 2014-07-02 13:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-04-26 00:15 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\viola\AppData\Local\Temp\ReimageExpressSetup.exe
C:\Users\viola\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-27 13:04

==================== End Of Log ============================
         
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by viola at 2015-02-04 20:54:35
Running from C:\Users\viola\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
A.R.E.S. Extinction Agenda EX (HKLM-x32\...\A.R.E.S. Extinction Agenda EX_is1) (Version:  - )
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_is1) (Version:  - )
Agent Hugo - Operation Lemoon Twist (HKLM-x32\...\{6056A88A-57E5-4690-9A46-5245F778191B}) (Version: 1.00.0000 - NDS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Barbie as The Island Princess (HKLM-x32\...\Barbie) (Version:  - )
Barbie(TM) and the Magic of Pegasus(TM) (HKLM-x32\...\Barbie(TM) and the Magic of Pegasus(TM)) (Version:  - )
Browser Extensions (HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.6 - Spigot, Inc.) <==== ATTENTION
Catz (remove only) (HKLM-x32\...\Catz) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Chariot (HKLM-x32\...\Q2hhcmlvdA==_is1) (Version: 1 - )
Chicken Little (HKLM-x32\...\{1D2E2C9C-5661-4383-945D-F6F787329B51}) (Version: 1.0 - )
Costume Quest 2 (HKLM-x32\...\Costume Quest 2_is1) (Version: 1.0 - PLAZA)
Croc (HKLM-x32\...\Croc) (Version:  - )
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Disney Infinity 2.0 - Marvel Super Heroes (HKLM-x32\...\RGlzbmV5SW5maW5pdHkyME1hcnZlbFN1cGVySGVyb2Vz_is1) (Version: 1 - )
Disney Prinzessin - Mein märchenhaftes Abenteuer  (HKLM-x32\...\{34647679-5D7E-455C-9DC6-618FA3B7FE1A}) (Version: 1.00.0000 - Disney Interactive Studios)
Disney Universe (HKLM-x32\...\{8265F2BC-5961-4A0D-8A34-F08C02E8974D}) (Version: 1.00.0000 - Disney Interactive Studios)
Disney's Aladdin (HKLM-x32\...\Aladdin) (Version:  - )
Disney's Peter Pan Adventures in Never Land (HKLM-x32\...\{A6B0E526-D1E8-11D5-AA2E-0008C760B784}) (Version:  - )
Driver Operating Service (HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\9b8aaf488bf6380a) (Version: 1.0.0.89 - Driver Operating Service)
Evil Mirror (HKLM-x32\...\ITE_Autorun_173) (Version:  - )
Final Exam (HKLM-x32\...\Final Exam_is1) (Version:  - )
Giana Sisters - Twisted Dreams (HKLM-x32\...\Giana Sisters - Twisted Dreams_is1) (Version:  - )
Gomo (HKLM-x32\...\Gomo_is1) (Version: 1.0 - Daedalic Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gothic 3 (HKLM-x32\...\{17BADF87-3597-46FE-8D74-69C4FA78883E}) (Version: 1.0.0 - JoWood)
Hardcopy (HKLM-x32\...\Hardcopy) (Version: 2014.10.06 - Hardcopy für Windows - Ein Tastendruck und Ihr Bildschirm oder Fenster wird ausgedruckt oder abgespeichert.)
Ice Age 2 The Meltdown (HKLM-x32\...\{47F0F784-96DD-4213-A0AB-85AF5C4A2E60}) (Version: 1.00 - Sierra Entertainment, Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JUJU (HKLM-x32\...\SlVKVQ==_is1) (Version: 1 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Lockbox 3.6.4 (HKLM\...\My Lockbox_is1) (Version: 3.6.4 - )
Never Alone (HKLM-x32\...\Never Alone_is1) (Version:  - )
Randals Monday (HKLM-x32\...\Randals Monday_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Schein Version 1.0.7 (HKLM-x32\...\{E17A3A24-0365-40AB-9D0C-9FB11E2035DF}_is1) (Version: 1.0.7 - Zeppelin Studio)
Schrödingers Cat And The Raiders Of The Lost Quark (HKLM-x32\...\Schrödingers Cat And The Raiders Of The Lost Quark_is1) (Version:  - )
Search Protection (HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\Search Protection) (Version: 10.8.0.1 - Spigot, Inc.) <==== ATTENTION
Shrek 2 Team Action (x32 Version: 1.00.0000 - Activision) Hidden
Shrek 2(TM): Team Action (TM) (HKLM-x32\...\InstallShield_{0A387537-CCAA-4E41-81D6-B3BDF349BB7F}) (Version: 1.00.0000 - Activision)
Siedler3 (HKLM-x32\...\Siedler3Deinstall) (Version:  - )
Spirit (remove only) (HKLM-x32\...\spirit-9.06) (Version:  - )
SpongeBob SquarePants - Nighty Nightmare (HKLM-x32\...\{ECAAC00F-74C7-4F1C-A110-F526ED630044}) (Version: 1.0 - )
StormFall (HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\StormFall) (Version:  - StormFall)
Swords & Soldiers (HKLM-x32\...\SwordsAndSoldiers) (Version:  - )
TazWanted (HKLM-x32\...\{647DDE8E-5246-4ED1-B762-B68FF8A0DD9D}) (Version:  - )
The Room (HKLM-x32\...\The Room_is1) (Version:  - Fireproof Games)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION
Windows Driver Package - ASUS (ATP) Mouse  (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Yahoo Community Smartbar (HKLM-x32\...\{C9AC6061-68A8-475E-B75E-E59C35AF0972}) (Version: 11.123.66.20439 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\{37c97efe-1776-4568-b9ae-6e1d2b6559a2}) (Version: 11.123.66.20439 - Linkury Inc.) <==== ATTENTION
YTD Video Downloader 4.8.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-01-2015 18:24:19 Wiederherstellungsvorgang
14-01-2015 20:07:01 Removed Skype™ 7.0
18-01-2015 21:10:05 Before Cleaner Pro fix
26-01-2015 01:26:11 Geplanter Prüfpunkt
01-02-2015 17:07:06 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
01-02-2015 17:08:37 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-01-06 21:21 - 00000865 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0         .psf
0.0.0.0         psf


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06DC8382-4BEA-448A-AA66-85B816B6F2D5} - System32\Tasks\FastAgain PC Booster_UPDATES => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
Task: {07512507-4594-4959-AFB1-35680F9CFA6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
Task: {0CD8BA97-3CE6-4808-88AD-AC4B46EF9539} - System32\Tasks\{CA41E25C-4D63-42EF-AF33-7A987D0DDBF6} => pcalua.exe -a C:\Users\viola\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=irs <==== ATTENTION
Task: {10E908FF-C403-4DD4-9DFA-9948A7526722} - System32\Tasks\{17A708D2-1F3C-4105-B07F-E0D161353905} => pcalua.exe -a F:\setup.exe -d F:\
Task: {15CEBBDC-A642-4421-817D-9435ED8EC741} - System32\Tasks\{5ED0104C-8E74-46DC-A4A6-39BDB094A743} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\Die Sims 2\EAUninstall.exe"
Task: {17770F60-4E6C-43D0-A479-7225E9B130B9} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {234F6F76-F06C-488B-92A8-670B470C45D9} - System32\Tasks\FastAgain PC Booster_DEFAULT => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
Task: {3AD824D3-08A4-4A9F-9ED4-7B3F5B345937} - \71d01180-5c28-4efe-a22e-86d8dbcd48e8-4 No Task File <==== ATTENTION
Task: {3B21EFE2-105B-4087-8756-C3A9C450E1A1} - System32\Tasks\hcdll2_ex_x64 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe [2012-11-08] ()
Task: {4C74E639-714A-4B46-A07F-CC58B74D6721} - System32\Tasks\CleanerPro_Start => C:\Program Files (x86)\Cleaner Pro\CleanerPro.exe
Task: {4CCEB011-AC3A-4DDD-BA76-6CAD58E812EC} - System32\Tasks\{976AA2A3-DEA7-4F22-B3E0-DF266ED26BF0} => pcalua.exe -a C:\tombraider\dxsetup.exe -d C:\tombraider
Task: {53187573-0FA6-4D8C-9686-82446FCC3FE5} - \71d01180-5c28-4efe-a22e-86d8dbcd48e8-5_user No Task File <==== ATTENTION
Task: {65E0FF31-9E79-4595-B08D-28029CF53835} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
Task: {661F6E17-E754-4661-987D-DF4F55D02718} - System32\Tasks\{233DAECF-9624-47B4-ADA0-E3E919218884} => pcalua.exe -a C:\Users\viola\AppData\Local\WebPlayer\uninstall.exe -c _?=C:\Users\viola\AppData\Local\WebPlayer\FLV Player
Task: {714042CC-D356-47CC-9ECC-FA9716EB238D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {75D3CFCE-1B35-44A1-ACA2-7A52CC232441} - System32\Tasks\hcdll2_ex_Win32 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe [2013-07-17] ()
Task: {7629AF2F-B3F6-4BE2-8D6C-7FA0C916B44E} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ATTENTION
Task: {7B0F42AA-62C0-44F8-B5CA-94F9A7A8DE78} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
Task: {943489BE-AF0A-418E-869D-6857950C7B74} - System32\Tasks\CleanerPro_Popup => C:\Program Files (x86)\Cleaner Pro\Splash.exe
Task: {99ECD947-E5E4-4E73-A567-5900BB1F26AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {9EAB4630-119F-4A44-982A-B627C46B3E63} - System32\Tasks\{1070518D-BFCC-41CB-ADD4-68C885A412B3} => pcalua.exe -a D:\spiele\Launcher.exe -d D:\spiele\
Task: {B1748864-B1E7-4C88-9225-A6589421DCF3} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {B71E8F8E-253D-4FBB-A49B-9ED4F56197BC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-23] (AVAST Software)
Task: {BC8ADD60-F771-4119-B5DF-60AF2420F489} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {CAA8C4FC-6F15-4787-9077-644E6CC202F0} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {D942C0C6-8ACD-4E87-B8B6-67F1563E6172} - System32\Tasks\FastAgain PC Booster => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
Task: {DE39CBCE-D515-4078-AF56-7E05374641BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
Task: {E4C10D1C-3D03-4420-9396-027F9DFDBAC4} - System32\Tasks\Open Chrome => Chrome.exe --new-window AVG Secure Search
Task: {E788775F-164E-48BE-B6C1-E9109DBB1A27} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {EF9E9AF5-E4D9-4A46-9322-3E97A511FA59} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {F3F8AB9C-E37E-4F29-9626-E353AEE8D8BC} - \71d01180-5c28-4efe-a22e-86d8dbcd48e8-5 No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FastAgain PC Booster_DEFAULT.job => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
Task: C:\WINDOWS\Tasks\FastAgain PC Booster_UPDATES.job => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe

==================== Loaded Modules (whitelisted) ==============

2012-12-19 07:10 - 2012-12-19 07:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2014-01-23 15:40 - 2013-10-08 18:02 - 00066560 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-12-29 20:17 - 2013-10-30 10:49 - 00126968 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_43_x64.dll
2014-12-29 20:17 - 2012-11-08 07:38 - 00044608 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
2014-12-29 20:17 - 2013-07-17 16:03 - 00037880 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
2014-09-23 22:58 - 2014-09-23 22:58 - 00222208 _____ () C:\Users\viola\AppData\Local\Apps\2.0\Y3PX7N47.R1Z\NDDAWNER.8KC\dros..tion_0000000000000000_0001.0000_b92f9a6a28f6c42c\Dros.exe
2014-09-23 22:58 - 2014-09-23 22:58 - 00005120 ____N () C:\Users\viola\AppData\Local\Apps\2.0\Y3PX7N47.R1Z\NDDAWNER.8KC\dros..tion_0000000000000000_0001.0000_b92f9a6a28f6c42c\de\Dros.resources.dll
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-09-25 19:44 - 2014-09-25 19:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-16 10:30 - 2015-01-16 10:30 - 01128760 _____ () C:\Users\viola\AppData\Roaming\Search Protection\SP.EXE
2014-07-23 06:45 - 2014-07-23 06:45 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-01-27 12:12 - 2015-01-27 12:12 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012700\algo.dll
2015-02-04 20:53 - 2015-02-04 20:53 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020401\algo.dll
2014-12-29 20:17 - 2012-07-05 14:56 - 00052800 _____ () C:\Program Files (x86)\Hardcopy\hardcopy_05.dll
2014-12-29 20:17 - 2013-10-30 10:49 - 00117752 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_43_Win32.dll
2013-08-19 18:16 - 2013-08-19 18:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-08-16 11:03 - 2013-08-16 11:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-12-29 20:17 - 2014-10-06 14:26 - 03650016 _____ () C:\Program Files (x86)\Hardcopy\HcDllS.dll
2014-07-23 06:45 - 2014-07-23 06:45 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-04-27 11:24 - 2013-04-27 11:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2015-01-27 12:21 - 2015-01-25 07:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 12:21 - 2015-01-25 07:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 12:21 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-01-27 12:21 - 2015-01-25 07:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2666474899-350018585-593986233-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\viola\Desktop\pf_1413375771.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\StartupApproved\Run: => "uTorrent"

==================== Accounts: =============================

Administrator (S-1-5-21-2666474899-350018585-593986233-500 - Administrator - Disabled)
Gast (S-1-5-21-2666474899-350018585-593986233-501 - Limited - Disabled)
viola (S-1-5-21-2666474899-350018585-593986233-1001 - Administrator - Enabled) => C:\Users\viola
vivi (S-1-5-21-2666474899-350018585-593986233-1002 - Administrator - Enabled) => C:\Users\vivi

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2015 06:38:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/03/2015 11:24:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/03/2015 04:27:30 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/02/2015 07:18:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/01/2015 04:01:49 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/31/2015 10:20:34 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/30/2015 05:23:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/29/2015 10:37:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/28/2015 03:24:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/27/2015 09:11:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: vivi)
Description: Bei der Aktivierung der App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (02/03/2015 03:39:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft.WinJS.2.0

Error: (02/02/2015 07:16:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft.WinJS.2.0

Error: (02/01/2015 08:32:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft.WinJS.2.0

Error: (01/31/2015 10:15:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft.WinJS.2.0

Error: (01/28/2015 05:57:10 AM) (Source: DCOM) (EventID: 10010) (User: vivi)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/28/2015 05:56:40 AM) (Source: DCOM) (EventID: 10010) (User: vivi)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/27/2015 04:42:46 PM) (Source: DCOM) (EventID: 10010) (User: vivi)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/27/2015 04:42:16 PM) (Source: DCOM) (EventID: 10010) (User: vivi)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/27/2015 02:01:21 PM) (Source: DCOM) (EventID: 10010) (User: vivi)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/27/2015 02:00:51 PM) (Source: DCOM) (EventID: 10010) (User: vivi)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (02/04/2015 06:38:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/03/2015 11:24:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/03/2015 04:27:30 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/02/2015 07:18:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/01/2015 04:01:49 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/31/2015 10:20:34 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/30/2015 05:23:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/29/2015 10:37:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/28/2015 03:24:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/27/2015 09:11:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: vivi)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927148


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Percentage of memory in use: 69%
Total physical RAM: 3982.63 MB
Available physical RAM: 1211.38 MB
Total Pagefile: 5372 MB
Available Pagefile: 1733.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.17 GB) (Free:35.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:295.77 GB) NTFS
Drive f: (gomo-defa) (CDROM) (Total:0.25 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 57788C0B)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 05.02.2015, 08:23   #4
schrauber
/// the machine
/// TB-Ausbilder
 

weiter leiten auf seektoexplore.com - Standard

weiter leiten auf seektoexplore.com



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Browser Extensions

    Search Protection

    webssearches uninstall

    Yahoo Community Smartbar

    Yahoo Community Smartbar Engine (HKU\S-1-5-21-2666474899-350018585-593986233-1001\...\{37c97efe-1776-4568-b9ae-6e1d2b6559a2}) (Version: 11.123.66.20439 - Linkury Inc.) <==== ATTENTION

    YTD Video Downloader 4.8.9


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.02.2015, 22:47   #5
vivi12
 
weiter leiten auf seektoexplore.com - Standard

weiter leiten auf seektoexplore.com



Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 05.02.2015
Suchlauf-Zeit: 21:09:26
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.30.03
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: viola

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 393037
Verstrichene Zeit: 40 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.ZombieInvasion.A, C:\ProgramData\IEtikvV\kPNWJrtEO.exe, 3040, Löschen bei Neustart, [4784f6fd9fdc063004806b4ba65b01ff]
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1520, Löschen bei Neustart, [b71432c1205bef47563ffef8db274bb5]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 8
PUP.Optional.ZombieInvasion.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\kPNWJrtEO, In Quarantäne, [4784f6fd9fdc063004806b4ba65b01ff],
PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, In Quarantäne, [3695d12275062e0893dca2f643bf45bb],
PUP.Optional.Spigot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, In Quarantäne, [3695d12275062e0893dca2f643bf45bb],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [ba11ad46eb9069cd46fe3940d1339868],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [c803e11256254cea05777fb77e855aa6],
PUP.Optional.Qone8, HKU\S-1-5-21-2666474899-350018585-593986233-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [8d3ee21102792f07745e2b3946beff01],
PUP.Optional.FastStart.A, HKU\S-1-5-21-2666474899-350018585-593986233-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [3695e50efa8111259e8dac64847f59a7],
PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [b71432c1205bef47563ffef8db274bb5],

Registrierungswerte: 2
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com, In Quarantäne, [3c8f6390a0db2610c6967cfc8e768977]
PUP.Optional.FastStart.A, HKU\S-1-5-21-2666474899-350018585-593986233-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [3695e50efa8111259e8dac64847f59a7]

Registrierungsdaten: 10
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, C:\Program Files (x86)\Mozilla Firefox\firefox.exe webssearches, Gut: (firefox.exe), Schlecht: (C:\Program Files (x86)\Mozilla Firefox\firefox.exe webssearches,[83488271d7a42d093cce19ef877ec838]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1421753800&from=cvs5&uid=HGSTXHTS541010A9E680_JA1000CRGLENEKGLENEKX&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1421753800&from=cvs5&uid=HGSTXHTS541010A9E680_JA1000CRGLENEKGLENEKX&q={searchTerms}),Ersetzt,[5f6c0be8d3a81f17a65c8e7abb4a817f]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, webssearches, Gut: (Google), Schlecht: (webssearches,[f9d2b241b9c20036a65ae226a95c748c]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, webssearches, Gut: (Google), Schlecht: (webssearches,[ffcc1ad9dd9ee5518282a8603fc6728e]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, C:\Program Files (x86)\Mozilla Firefox\firefox.exe webssearches, Gut: (firefox.exe), Schlecht: (C:\Program Files (x86)\Mozilla Firefox\firefox.exe webssearches,[3b90c52e146796a09d6df01857aed22e]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, webssearches, Gut: (Google), Schlecht: (webssearches,[903b8d6678038da93aca8c7c0ef7a35d]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, webssearches, Gut: (Google), Schlecht: (webssearches,[408bf5fe5b2054e225dbb0589f66cf31]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1421753800&from=cvs5&uid=HGSTXHTS541010A9E680_JA1000CRGLENEKGLENEKX&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1421753800&from=cvs5&uid=HGSTXHTS541010A9E680_JA1000CRGLENEKGLENEKX&q={searchTerms}),Ersetzt,[63684da6c9b24ee8976b14f465a0db25]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2666474899-350018585-593986233-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ie, Gut: (Google), Schlecht: (https://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ie),Ersetzt,[0dbea54e1665ba7c9ba86e995aabc53b]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2666474899-350018585-593986233-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, webssearches, Gut: (Google), Schlecht: (webssearches,[6d5e6f840b70f541ce3321e77590cb35]

Ordner: 37
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [b71432c1205bef47563ffef8db274bb5],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [b71432c1205bef47563ffef8db274bb5],
PUP.Optional.ZombieInvasion.A, C:\Users\TEMP\AppData\Local\ZombieInvasion, In Quarantäne, [00cb7182c5b689ad14ec48bd15ee50b0],
PUP.Optional.ZombieInvasion.A, C:\Users\viola\AppData\Local\ZombieInvasion, In Quarantäne, [b21918dba7d443f3b34dd72ed72c16ea],

Dateien: 79
PUP.Optional.ZombieInvasion.A, C:\ProgramData\IEtikvV\kPNWJrtEO.exe, Löschen bei Neustart, [4784f6fd9fdc063004806b4ba65b01ff],
PUP.Optional.ZombieInvasion.A, C:\ProgramData\IEtikvV\dat\raPzQoQqdG.exe, Löschen bei Neustart, [468582714a31aa8ce89c189ef40d50b0],
PUP.Optional.ZombieInvasion.A, C:\ProgramData\IEtikvV\dat\zLoKjXrOrz.exe, Löschen bei Neustart, [5f6c63907803ba7cbbc9d7df8879a15f],
PUP.Optional.WebSearchs.A, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, In Quarantäne, [9d2ec03393e81d191d1b29f225dea858],
PUP.Optional.WebSearchs.A, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, In Quarantäne, [4e7d25ce403b0a2c4fe931eac043cc34],
PUP.Optional.WebSearchs.A, C:\Users\viola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, Löschen bei Neustart, [fbd0b2418cef30066fc98e8df112d22e],
PUP.Optional.WebSearchs.A, C:\Users\viola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, Löschen bei Neustart, [3497f8fb2754fe38a59340db48bba15f],
PUP.Optional.Superfish.A, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, In Quarantäne, [7c4ff201433865d148b4da50c14260a0],
PUP.Optional.Superfish.A, C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [10bbfbf83447b77ff20a35f52ed52ed2],
PUP.Optional.Superfish.A, C:\Users\viola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [b714b340710a5adc33c9bc6ef310e917],
PUP.Optional.Superfish.A, C:\Users\viola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Löschen bei Neustart, [2d9e70832259e55122da0624f60d6799],
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [f3d8b73c007bfa3c94ea3df944bfe21e],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hoo k.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_hel per.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js , In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js , In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.FastStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [28a3658e7506152174e33db8748e32ce],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [b71432c1205bef47563ffef8db274bb5],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [b71432c1205bef47563ffef8db274bb5],
PUP.Optional.ZombieInvasion.A, C:\Users\TEMP\AppData\Local\ZombieInvasion\data2.dat, In Quarantäne, [00cb7182c5b689ad14ec48bd15ee50b0],
PUP.Optional.ZombieInvasion.A, C:\Users\viola\AppData\Local\ZombieInvasion\data2.dat, In Quarantäne, [b21918dba7d443f3b34dd72ed72c16ea],
PUP.Optional.QuickStart.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html"), Ersetzt,[24a7c82b6417ec4a95f53d077d88659b]
PUP.Optional.Spigot.A, C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "https://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ff"), Ersetzt,[d6f5b241e992989e4998ec58ca3b946c]

Physische Sektoren: 0
(No malicious items detected)


(end)

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 05/02/2015 um 22:26:45
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-05.2 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : viola - VIVI
# Gestartet von : C:\Users\viola\Downloads\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\Program Files (x86)\XTab
Ordner Gelöscht : C:\Users\viola\AppData\Local\webplayer
Ordner Gelöscht : C:\Users\viola\AppData\Local\CleanerPro
Ordner Gelöscht : C:\Users\viola\AppData\Roaming\IHlpr
Ordner Gelöscht : C:\Users\viola\Documents\CleanerPro
Ordner Gelöscht : C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}
Ordner Gelöscht : C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\Extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C}
Datei Gelöscht : C:\WINDOWS\Reimage.ini
Datei Gelöscht : C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\user.js
Datei Gelöscht : C:\Users\viola\AppData\Roaming\Mozilla\Firefox\Profiles\pgqev8qo.default\searchplugins\yahoo_ff.xml
Datei Gelöscht : C:\Users\viola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\viola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : CleanerPro_Start
Task Gelöscht : CleanerPro_Popup

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\viola\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\viola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\viola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall\StormFall.lnk
Verknüpfung Desinfiziert : C:\Users\viola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\viola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\viola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\StormFall.lnk
Verknüpfung Desinfiziert : C:\Users\viola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v33.1 (x86 de)

[pgqev8qo.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[pgqev8qo.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[pgqev8qo.default\prefs.js] - Zeile gelöscht : user_pref("startpage.ntsearch_url", "hxxps://de.search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=937811&p={searchTerms}");

-\\ Google Chrome v40.0.2214.94


*************************

AdwCleaner[R0].txt - [16051 octets] - [25/06/2014 12:25:22]
AdwCleaner[R1].txt - [19882 octets] - [18/01/2015 20:24:26]
AdwCleaner[R2].txt - [1705 octets] - [18/01/2015 20:40:14]
AdwCleaner[R3].txt - [3640 octets] - [05/02/2015 22:09:54]
AdwCleaner[S0].txt - [12383 octets] - [25/06/2014 12:31:35]
AdwCleaner[S1].txt - [18728 octets] - [18/01/2015 20:34:28]
AdwCleaner[S2].txt - [4211 octets] - [05/02/2015 22:26:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4271 octets] ##########
         
--- --- ---JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by viola on 05.02.2015 at 22:34:23,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0025320D-4D37-4C73-9A5C-0C28F04068A3}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0025320D-4D37-4C73-9A5C-0C28F04068A3}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0025320D-4D37-4C73-9A5C-0C28F04068A3}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0025320D-4D37-4C73-9A5C-0C28F04068A3}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\viola\AppData\Roaming\mozilla\firefox\profiles\pgqev8qo.default\extensions\toolbar@web.de
Emptied folder: C:\Users\viola\AppData\Roaming\mozilla\firefox\profiles\pgqev8qo.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.02.2015 at 22:46:12,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


Alt 06.02.2015, 09:16   #6
schrauber
/// the machine
/// TB-Ausbilder
 

weiter leiten auf seektoexplore.com - Standard

weiter leiten auf seektoexplore.com




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> weiter leiten auf seektoexplore.com

Alt 09.02.2015, 18:40   #7
vivi12
 
weiter leiten auf seektoexplore.com - Standard

weiter leiten auf seektoexplore.com



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=12eec1b3f7541949b6150d1572d20850
# engine=22380
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-09 04:41:36
# local_time=2015-02-09 05:41:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 2332701 19820209 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 19192957 20731618 0 0
# scanned=335529
# found=41
# cleaned=39
# scan_time=5644
sh=9D65652EDE88DC363BA4BBD725559330F4CC710D ft=1 fh=e2de0436bbcbba94 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\IEtikvV\dat\nqjSkiWa.dll"
sh=3F988F227B007A6C86CA00BA3F73A35693DC828F ft=1 fh=e35215c110e4dda1 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\IEtikvV\dat\nrYjkjkcKj.dll"
sh=5B54E24892C8E7F424AF273E0F051B89858C89AE ft=1 fh=570f49fa3b076b35 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\fst_de_61\predm.exe.vir"
sh=88904B0859614D3B9C12566CCABC88BFD201C692 ft=1 fh=b43ac55179e7eac8 vn="Variante von Win32/Techsnab.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\GetPrivate\gpup.exe.vir"
sh=DFDEC9AE8AEB629172103E1FB20383A30F412518 ft=1 fh=98149d14b11dbfce vn="Variante von MSIL/MyPCBackup.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir"
sh=09975ED04166B761DC1CED0B15BAE6D37DCC0560 ft=1 fh=919d2464905062de vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=2FCA2173F2DD16DF8F1F990170FA4479FC5D5BFC ft=1 fh=c528dd1cda99a111 vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=4139F95644E13A650D4827C943BCC9F2F0F6AA93 ft=1 fh=3b96e1736604b8bc vn="Win32/Thinknice.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=0A23E11DA451DFDB55335C2F3EA1361B5319F38D ft=1 fh=f666ec2b745c4401 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe.vir"
sh=53D56362669EC3A7483148269A1059FD690A7033 ft=1 fh=c71c0011a6df79d7 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=80B26B7728206FA771A8414C551DF8F5B4C4A7B0 ft=1 fh=a71ae2fc23d92113 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\viola\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=88904B0859614D3B9C12566CCABC88BFD201C692 ft=1 fh=b43ac55179e7eac8 vn="Variante von Win32/Techsnab.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\viola\AppData\Roaming\GetPrivate\gp_upd.exe.vir"
sh=7607F3ED12F53621E5D675B4A09BBA44541ADB90 ft=1 fh=e1a28e514bb92109 vn="Variante von Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\viola\AppData\Roaming\Security Systems\uninstall.exe.vir"
sh=B1303F698D79AEB277C44EA24B6C19C1E94A2108 ft=1 fh=d36ab4e37c3f19bd vn="Win32/VOPackage.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\viola\AppData\Roaming\VOPackage\runasu.exe.vir"
sh=546A444E65CE4F261B0C5D19071DD5F1115C9D8D ft=1 fh=28cc8862ae823989 vn="Win32/VOPackage.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\viola\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=28A00BB2DB931D8BBF6A21866AB20364E9E47125 ft=1 fh=feec9bed22e8cfd6 vn="Variante von Win32/VOPackage.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\viola\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=99414731D83EBD1177112CFE7E3D849C4DC156F5 ft=1 fh=fbdf85939d27573c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=7D85A8A8F04013DFA9E895999CED80D31475C29E ft=1 fh=6ea06a1e9519710f vn="Variante von Win32/Packed.VMProtect.AAH Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Black Forest Games\Giana Sisters - Twisted Dreams\steam_api.dll"
sh=A898CB307186EC3EB926F562915825345681444A ft=1 fh=04d51d62ea8fa3d2 vn="Variante von Win32/Packed.VMProtect.AAA Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Microsoft Games\Fable III\paul.dll"
sh=9D65652EDE88DC363BA4BBD725559330F4CC710D ft=1 fh=e2de0436bbcbba94 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\IEtikvV\dat\nqjSkiWa.dll"
sh=3F988F227B007A6C86CA00BA3F73A35693DC828F ft=1 fh=e35215c110e4dda1 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\IEtikvV\dat\nrYjkjkcKj.dll"
sh=E1003B155B68C50F85A2AC49D2D50917DC78EE4D ft=1 fh=9e0b256b7b6b5f63 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\viola\AppData\Local\nsu4AA0.tmp"
sh=FEB127428950FEFC10918B7641CABAC65B5FCDB1 ft=1 fh=1868a8ccc789055c vn="Variante von Win32/ReImageRepair.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\viola\AppData\Local\Microsoft\Windows\INetCache\IE\B066JOBP\ReimagePackage1804x64[1].exe"
sh=EEA77BF29B4EC2B874A3B874EC609DE1898DC23F ft=1 fh=61b8a45243e86d6c vn="Win32/SearchPlugin.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\viola\AppData\Local\Microsoft\Windows\INetCache\IE\O0MNL6OO\ReimageExpress[1].exe"
sh=EEA77BF29B4EC2B874A3B874EC609DE1898DC23F ft=1 fh=61b8a45243e86d6c vn="Win32/SearchPlugin.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\viola\AppData\Local\Temp\ReimageExpressSetup.exe"
sh=2162A48DFC3B995D3448451652723D52A7DB5027 ft=1 fh=4b58aab715531f86 vn="Win32/Toolbar.Widgi.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\viola\AppData\Local\Temp\~spA219.tmp"
sh=F2B6B6225B524A9F778402E655882BA44880DE40 ft=1 fh=ed46ca0e1940df13 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\viola\Downloads\FLVPlayerSetup-N5HJitUif.exe"
sh=8739775F63171CE80F1FBA0477C6A1107686FA73 ft=1 fh=2d2c7d170b88cb32 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\viola\Downloads\FreeAudioConverterSetup-N6BvwTpl8.exe"
sh=F2B6B6225B524A9F778402E655882BA44880DE40 ft=1 fh=ed46ca0e1940df13 vn="Win32/Somoto.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\viola\Downloads\FreeAudioConverterSetup-NdPwWyuTr.exe"
sh=FD0425568BD001D57F10FB3B9F46CF6D2B7AB903 ft=1 fh=29e0fed5583d173b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\viola\Downloads\Hardcopy - CHIP-Installer.exe"
sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\viola\Downloads\ReimageRepair.exe"
sh=6D7B43A8A8C79E06C9BCDAE549ED79CA3A0C6A4A ft=1 fh=5101b4fda1416362 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\downloads\VLC media player 32 Bit - CHIP-Installer.exe"
sh=BA8A0420FADD58CDC1283F260DA1849B6156B666 ft=1 fh=463bd17bb2ef5772 vn="Variante von Win32/Packed.VMProtect.AAH Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\games\Disney Interactive Studios\Disney Universe\rld.dll"
sh=A5DA039EBCF1EACF5C36F0A2D0B33B86B01F81B5 ft=1 fh=61d14b00f2477e93 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\spiele\FastAgain PC Booster\PCBooster.exe"
         
wie macht man nochmal ein FRST log?

Results of screen317's Security Check version 0.99.96
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 25
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Mozilla Firefox 33.1 Firefox out of Date!
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Vielen Dank... es funktioniert alles wieder

Hätte da noch eine andere Frage... gibt es auf dem Pc einen Ordner wo Cookies gespeichert sind ? Oder ist das nur beim Browser da??

Geändert von schrauber (09.02.2015 um 20:18 Uhr)

Alt 09.02.2015, 20:19   #8
schrauber
/// the machine
/// TB-Ausbilder
 

weiter leiten auf seektoexplore.com - Standard

weiter leiten auf seektoexplore.com



Das Programm FRST öffnen, welches wir am Anfang geladen haben, Button Scan drücken und Log posten

Cookies werden von Browser zu Browser unterschiedlich gespeichert.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu weiter leiten auf seektoexplore.com
64 bit, ahnung, confused, geleitet, google, keine ahnung, leiten, neu, problem, seite, seiten, thema, wieder weg, windows, windows 8.1




Ähnliche Themen: weiter leiten auf seektoexplore.com


  1. Firefox/Chrome leiten auf andere Seiten weiter
    Log-Analyse und Auswertung - 16.03.2013 (11)
  2. Google-Ergebnisse leiten auf andere Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (26)
  3. Suchmaschinen leiten auf falsche Seite weiter
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (10)
  4. Suchmaschinenanfragen leiten auf andere Seiten weiter
    Log-Analyse und Auswertung - 23.10.2012 (5)
  5. Alle Browser leiten oft ungefragt auf verschiedene Webseiten weiter.
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (2)
  6. Googlelinks leiten auf Werbeseiten weiter (Rocketnews,etc.) Avira findet nichts!
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (11)
  7. Google Suchergebnisse leiten falsch weiter
    Log-Analyse und Auswertung - 11.10.2011 (10)
  8. Google Suchergebnisse leiten falsch weiter
    Mülltonne - 05.10.2011 (2)
  9. Sämtliche Suchmaschinen leiten auf 100ksearches.com weiter...
    Plagegeister aller Art und deren Bekämpfung - 30.07.2011 (1)
  10. Google und Bing leiten auf falsche Seiten weiter
    Log-Analyse und Auswertung - 23.05.2011 (1)
  11. google suchfragen leiten weiter (gomeo)
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (25)
  12. Browser leiten falsch weiter, Wörter enthalten falsche Buchstaben
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (10)
  13. Google Suchergebnisse (Firefox) leiten manchmal über search.pro falsche Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (17)
  14. Google Links leiten des öfteren falsch weiter
    Log-Analyse und Auswertung - 17.08.2010 (12)
  15. Browser leiten bei google auf falsche Seiten weiter Quelle: http://board.protecus.de
    Plagegeister aller Art und deren Bekämpfung - 16.12.2009 (7)
  16. Google Links leiten mich üebr Firefox zunächst auf ebay weiter
    Log-Analyse und Auswertung - 16.12.2008 (20)
  17. Suchmaschinen leiten mich falsch weiter!
    Log-Analyse und Auswertung - 30.04.2007 (8)

Zum Thema weiter leiten auf seektoexplore.com - Hallo, ich bin neu hier und wenn es das Thema schon gibt dann tut es mir leid.... Nun zu mein Problem ich werde bei einigen seiten auf diese Seite geleitet - weiter leiten auf seektoexplore.com...
Archiv
Du betrachtest: weiter leiten auf seektoexplore.com auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.