Unerwünschte Startseite/Suchmaschine/Erweiterungen: 'fbdownloader'; PUA/DownloadSponsor.Gen; Win8.1 64-Bit

anchises · 13.04.2015, 20:19

Hallo,

leider ändert sich immer wieder aufs Neue (alle 1-2 Wochen) meine Suchmaschine zu 'search', die Startseite zu search.fbdownloader.com und es installieren sich bei Mozilla Firefox Erweiterungen wie FavGenius und OfferMosquito.

Vermutlich habe ich mir zwei Viren bei einem Download des VLC-Players bei CHIP eingefangen , da ich dementsprechende Hinweise von Antivir gemeldet bekommen habe, bzw. in den zwei Funden diese Stichwörter enthalten sind. Die Funde sind in der Quarantäne gelandet und haben beide die Bezeichnugn PUA/DownloadSponsor.Gen.
Ich würde ich mich freuen, wenn ihr mir helfen könntet, das Problem grundlegend zu lösen.

Ich nutze ein Asus Laptop mit Windows 8.1 (64-Bit), der Standardbrowser ist Mozilla Firefox.

Schöne Grüße und danke vorab!

cosinus · 13.04.2015, 20:26

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

anchises · 13.04.2015, 20:43

Hallo cosinus,

danke für die schnelle Antwort. Nein, Avira ist das einzige Programm das ausgeführt wurde. Hier die Logs:

Code:

ATTFilter


Typ:	Datei
Quelle:	C:\Users\****\Downloads\Thunderbird - CHIP-Installer.exe
Status:	Infiziert
Quarantäne-Objekt:	5061288a.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.30.10
Virendefinitionsdatei:	8.11.221.214
Gefunden:	PUA/DownloadSponsor.Gen
Datum/Uhrzeit:	07/04/2015, 13:05


Typ:	Datei
Quelle:	C:\Users\****\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
Status:	Infiziert
Quarantäne-Objekt:	486979e7.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.28.32
Virendefinitionsdatei:	8.11.215.32
Gefunden:	PUA/DownloadSponsor.Gen
Datum/Uhrzeit:	09/03/2015, 17:07


Typ:	Datei
Quelle:	C:\Program Files (x86)\MyPC Backup\DEL_UnRegisterExtensions.exe
Status:	Verdächtig
Quarantäne-Objekt:	50f74071.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	unknown
Virendefinitionsdatei:	unknown
Gefunden:	Verdächtige Datei
Datum/Uhrzeit:	09/03/2015, 17:07


Typ:	Datei
Quelle:	C:\Users\****\AppData\Roaming\Seventh\Seventh.exe
Status:	Infiziert
Quarantäne-Objekt:	51eecfd7.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.24.36
Virendefinitionsdatei:	8.11.178.06
Gefunden:	TR/Agent.83648
Datum/Uhrzeit:	14/10/2014, 20:34


Typ:	Datei
Quelle:	C:\Users\****\AppData\Roaming\SCheck\ntcrxinst.exe
Status:	Infiziert
Quarantäne-Objekt:	48900296.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.24.06
Virendefinitionsdatei:	8.11.166.208
Gefunden:	TR/Crypt.XPACK.Gen3
Datum/Uhrzeit:	12/08/2014, 23:58


Typ:	Datei
Quelle:	C:\Users\****\AppData\Roaming\SCheck\ntxpiinst.exe
Status:	Infiziert
Quarantäne-Objekt:	50282d31.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.24.06
Virendefinitionsdatei:	8.11.166.208
Gefunden:	TR/Crypt.XPACK.Gen3
Datum/Uhrzeit:	12/08/2014, 23:58


Typ:	Datei
Quelle:	C:\Users\****\AppData\Roaming\Snz\Snz.exe
Status:	Infiziert
Quarantäne-Objekt:	56e10ebf.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.24.06
Virendefinitionsdatei:	8.11.166.78
Gefunden:	TR/Crypt.XPACK.Gen3
Datum/Uhrzeit:	10/08/2014, 18:44


Typ:	Datei
Quelle:	C:\$Recycle.Bin\S-1-5-21-3718987256-3696895883-2711694715-1002\$R7NXLQL.exe
Status:	Infiziert
Quarantäne-Objekt:	50fbd973.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.22.12
Virendefinitionsdatei:	8.11.163.68
Gefunden:	ADWARE/InstallCore.Gen7
Datum/Uhrzeit:	21/07/2014, 19:22


Typ:	Datei
Quelle:	C:\Users\****\AppData\Local\Temp\ICReinstall_ImageEditorSetup.exe
Status:	Infiziert
Quarantäne-Objekt:	5107dae7.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.22.12
Virendefinitionsdatei:	8.11.163.68
Gefunden:	ADWARE/InstallCore.Gen7
Datum/Uhrzeit:	21/07/2014, 19:21

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by **** (administrator) on **** on 13-04-2015 21:35:49
Running from C:\Users\****\Downloads
Loaded Profiles: **** (Available profiles: UpdatusUser & ****)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Windows Net) C:\Users\****\AppData\Roaming\Windows Net Data\net.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [AuditSHD] => C:\windows\system32\oobe\auditshd.exe [30208 2014-10-29] (Microsoft Corporation)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSPanel.exe [3411328 2012-07-24] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [SSync] => C:\Users\****\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [OMESupervisor] => C:\Users\****\AppData\Local\omesuperv.exe [939496 2015-04-02] ()
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Spotify Web Helper] => C:\Users\****\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Sixth] => C:\Users\****\AppData\Roaming\Sixth\Sixth.exe [74470 2014-11-24] ()
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Seventh] => C:\Users\****\AppData\Roaming\Seventh\Seventh.exe [98491 2015-02-22] ()
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Spotify] => C:\Users\****\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [SCheck] => C:\Users\****\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Snoozer] => C:\Users\****\AppData\Roaming\Snz\Snz.exe [1641160 2015-04-06] ()
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [DataMgr] => C:\Users\****\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-06-26] (HTTO Group, Ltd.)
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Intermediate] => C:\Users\****\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\MountPoints2: {053d9404-ddc4-11e3-be97-08606e055dfd} - "G:\LGAutoRun.exe" 
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\STANDA~1.SCR [232448 2012-06-08] ()
HKU\User-3\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [18856 2012-10-02] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\****\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=fpo
URLSearchHook: HKU\S-1-5-21-3718987256-3696895883-2711694715-1002 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
SearchScopes: HKU\S-1-5-21-3718987256-3696895883-2711694715-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=fpo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3718987256-3696895883-2711694715-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=fpo&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PiccShare BHO -> {553318DA-D010-469E-84B1-496563CAE1C0} -> C:\Users\****\AppData\Local\ext_piccshare\ext_piccshare.dll [2013-06-26] (HTTO Group, Ltd)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ca3qt68x.default-1415723533465
FF DefaultSearchEngine: Search
FF DefaultSearchUrl: hxxp://search.fbdownloader.com/search.php?channel=fpo&q=
FF SelectedSearchEngine: Search
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=fpo&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3718987256-3696895883-2711694715-1002: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\****\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll [2013-12-24] (Bebo Media Ltd)
FF Extension: FavGenius - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ca3qt68x.default-1415723533465\Extensions\fg@favgenius.com.xpi [2015-03-30]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ca3qt68x.default-1415723533465\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR StartupUrls: Default -> "http:\/\/search.fbdownloader.com\/?channel=fpo"
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-02]
CHR Extension: (FavGenius) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\llpnaddghmkpkmnghbdpahlgncpieofn [2015-03-02]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Simple New Tab) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga [2015-01-18]
CHR HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [docfnddcclkgokdfpnmngpiliiachclb] - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\ext_piccshare\ext_piccshare.crx [2013-06-26]
CHR HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\****\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-01-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-11-15] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-11-15] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-01-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-04] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 21:35 - 2015-04-13 21:36 - 00020875 _____ () C:\Users\****\Downloads\FRST.txt
2015-04-13 21:35 - 2015-04-13 21:35 - 00000000 ____D () C:\FRST
2015-04-13 21:34 - 2015-04-13 21:34 - 02096640 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2015-04-13 17:22 - 2015-04-13 17:22 - 00000000 ____D () C:\Users\****\Downloads\Grass__Gunter_Die_Blechtrommel_114c475ce06a3367cedf783811c32c32
2015-04-13 17:18 - 2015-04-13 17:22 - 497818663 _____ () C:\Users\****\Downloads\Grass__Gunter_Die_Blechtrommel_114c475ce06a3367cedf783811c32c32.zip
2015-04-13 14:46 - 2015-04-13 14:46 - 00000000 ____D () C:\Users\****\AppData\Roaming\Snz
2015-04-13 12:10 - 2015-04-13 12:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-07 21:55 - 2015-04-07 21:55 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-07 21:55 - 2015-04-07 21:55 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-02 20:01 - 2015-04-02 20:01 - 00939496 _____ () C:\Users\****\AppData\Local\omesuperv.exe
2015-03-22 18:31 - 2015-03-27 20:32 - 00021364 _____ () C:\Users\****\Desktop\Einkaufsliste.odt
2015-03-14 20:23 - 2015-03-04 23:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-14 20:23 - 2015-03-04 23:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 21:29 - 2014-11-04 19:17 - 01671108 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-13 21:22 - 2014-08-09 20:49 - 00000000 ____D () C:\Users\****\AppData\Roaming\Spotify
2015-04-13 21:07 - 2014-05-14 15:36 - 00000000 ____D () C:\Users\****\Desktop\****
2015-04-13 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-13 20:45 - 2013-05-04 23:56 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 19:57 - 2014-08-09 20:50 - 00000000 ____D () C:\Users\****\AppData\Local\Spotify
2015-04-13 16:10 - 2014-11-05 17:52 - 00300544 ___SH () C:\Users\****\Desktop\Thumbs.db
2015-04-13 15:42 - 2014-09-24 08:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-13 15:42 - 2014-09-24 07:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-13 15:42 - 2014-09-24 07:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-13 14:50 - 2013-05-04 23:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3718987256-3696895883-2711694715-1002
2015-04-13 14:47 - 2014-12-01 11:21 - 00000000 ____D () C:\Users\****\OneDrive
2015-04-13 14:47 - 2013-07-05 20:17 - 00000000 ____D () C:\Users\****\AppData\Roaming\Intermediate
2015-04-13 14:46 - 2014-08-24 15:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\Seventh
2015-04-13 14:46 - 2014-04-18 23:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-13 14:46 - 2013-07-05 20:17 - 00000000 ____D () C:\Users\****\AppData\Roaming\DataMgr
2015-04-13 14:45 - 2014-11-04 19:25 - 00000000 ____D () C:\Users\****
2015-04-13 14:45 - 2013-07-25 03:34 - 00000432 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-04-13 14:45 - 2013-05-04 23:56 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 14:45 - 2013-05-04 23:50 - 00000416 _____ () C:\Users\****\AppData\Roaming\sp_data.sys
2015-04-13 14:44 - 2013-08-22 16:46 - 00344013 _____ () C:\WINDOWS\setupact.log
2015-04-13 14:44 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-13 14:44 - 2013-03-27 10:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-13 14:43 - 2014-09-23 23:06 - 00227364 _____ () C:\WINDOWS\PFRO.log
2015-04-09 16:22 - 2014-08-05 14:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 16:21 - 2013-07-02 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 16:21 - 2013-07-02 16:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-07 23:42 - 2014-08-09 20:50 - 00001880 _____ () C:\Users\****\Desktop\Spotify.lnk
2015-04-07 23:42 - 2014-08-09 20:50 - 00001866 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-07 21:55 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-07 13:30 - 2014-11-04 23:42 - 23144960 ___SH () C:\Users\****\Downloads\Thumbs.db
2015-04-03 03:45 - 2013-05-04 23:57 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-01 15:13 - 2013-07-02 16:16 - 00000000 ____D () C:\Users\****\AppData\Roaming\Avira
2015-04-01 15:13 - 2013-07-02 16:10 - 00000000 ____D () C:\ProgramData\Avira
2015-03-27 20:35 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-23 19:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-15 20:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-14 20:22 - 2013-08-22 17:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-03-14 20:21 - 2013-08-22 16:44 - 00435512 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-14 20:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-14 20:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-14 20:09 - 2014-09-24 08:00 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-14 20:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-03-14 20:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-14 20:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-14 20:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-03-14 20:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-14 20:09 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-03-14 20:09 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-03-14 20:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-03-14 20:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-03-14 20:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-03-14 20:08 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-03-14 20:03 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-14 20:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-03-14 20:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-03-14 20:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-03-14 20:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-03-14 20:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\IME
2015-03-14 20:03 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-14 20:03 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-03-14 20:02 - 2014-09-24 09:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-14 20:02 - 2013-08-22 17:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-03-14 20:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-03-14 20:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-03-14 20:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-03-14 19:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-14 19:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-14 19:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-03-14 19:55 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell

==================== Files in the root of some directories =======

2013-07-02 16:31 - 2013-07-02 16:31 - 0000021 _____ () C:\Users\****\AppData\Roaming\my_intel.sys
2013-05-04 23:50 - 2015-04-13 14:45 - 0000416 _____ () C:\Users\****\AppData\Roaming\sp_data.sys
2013-06-26 08:53 - 2013-06-26 08:53 - 0044216 _____ () C:\Users\****\AppData\Local\ext_piccshare_uninst.exe
2015-04-02 20:01 - 2015-04-02 20:01 - 0939496 _____ () C:\Users\****\AppData\Local\omesuperv.exe

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5188.dll


Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-10 10:47

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by **** at 2015-04-13 21:37:57
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.6.112 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\{1F0342F5-8369-3CD1-99DD-E9BC44473708}) (Version: 65.107.16500 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{F13921D6-AE6D-41BF-807A-17BD99C0A4FD}) (Version: 15.5.5.0480 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{962E1735-D2E0-4813-AB9F-C6CBA09E759A}) (Version: 15.05.7000.1709 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mystery Places - Das Geheimnis der Geisterstadt (HKLM-x32\...\Mystery Places - Das Geheimnis der Geisterstadt) (Version:  - )
Mystery Places - Das Geheimnis der Geistervilla (HKLM-x32\...\Mystery Places - Das Geheimnis der Geistervilla) (Version:  - )
NVIDIA 3D Vision Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PiccShare (HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\PiccShare) (Version: 2.0 - HTTO Group Ltd)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Standard Time Version 1.1 (HKLM-x32\...\{46BF1117-D50B-4C2B-A19A-7ECD1A0EBA61}_is1) (Version: 1.1 - Datenstrudel GbR)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-03-2015 23:50:29 Geplanter Prüfpunkt
07-04-2015 21:54:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13C85C41-2A7D-428D-8B34-E8BA34324025} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1A33D94C-82A5-4294-B3B8-6A3484753CD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {35974AF2-E186-474E-A84B-49A92E28601F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {62DB4409-46A1-4995-8252-9E291939F45D} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {8FFF272F-61D1-4B85-9141-25DD3C854834} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {928DC4A9-DA8A-40B9-8F9F-9EC4ECE8C38A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {98397365-3B85-413F-A339-399470DB754A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A8F96243-C911-4916-8EAC-22084AD9255D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {B53CB93E-B21F-4562-9EB7-B842DD31AF06} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {BC001EE7-60C4-4800-90EA-79492342C8AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {DD371991-91F0-4D6C-8A02-88C41D19167E} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {DF600A1D-9DAE-411E-AED0-2D42E45644FD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {EEF1B76F-17DA-4689-A93C-954CE61875F0} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-11-04 19:18 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-08-24 19:17 - 2012-08-24 19:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2013-03-27 10:45 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-03-11 13:36 - 2015-04-07 23:42 - 40506936 _____ () C:\Users\****\AppData\Roaming\Spotify\libcef.dll
2015-03-11 13:36 - 2015-04-07 23:42 - 01365560 _____ () C:\Users\****\AppData\Roaming\Spotify\libglesv2.dll
2015-03-11 13:36 - 2015-04-07 23:42 - 00219192 _____ () C:\Users\****\AppData\Roaming\Spotify\libegl.dll
2015-03-11 13:36 - 2015-03-26 13:58 - 09305656 _____ () C:\Users\****\AppData\Roaming\Spotify\pdf.dll
2015-03-11 13:36 - 2015-04-07 23:42 - 00990776 _____ () C:\Users\****\AppData\Roaming\Spotify\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\Users\****\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\****\Desktop\****\****3.jpg
HKU\User-3\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1 - 192.168.0.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"

==================== Accounts: =============================

Administrator (S-1-5-21-3718987256-3696895883-2711694715-500 - Administrator - Disabled)
Gast (S-1-5-21-3718987256-3696895883-2711694715-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3718987256-3696895883-2711694715-1006 - Limited - Enabled)
**** (S-1-5-21-3718987256-3696895883-2711694715-1002 - Administrator - Enabled) => C:\Users\****
UpdatusUser (S-1-5-21-3718987256-3696895883-2711694715-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2015 05:56:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20498 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b1c

Startzeit: 01d076019f6bd852

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 96bb8662-e1f5-11e4-bec6-08606e055dfd

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/13/2015 02:51:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.1.5570, Zeitstempel: 0x551e23ee
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.1.5570, Zeitstempel: 0x551e1536
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xc54
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (04/13/2015 02:51:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 37.0.1.5570 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ac

Startzeit: 01d075e813a522d1

Endzeit: 20

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: d1ecf22b-e1db-11e4-bec6-08606e055dfd

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/13/2015 02:46:57 PM) (Source: MsiInstaller) (EventID: 11925) (User: ****)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederh****n Sie diese Installation.

Error: (04/13/2015 02:46:31 PM) (Source: MsiInstaller) (EventID: 1041) (User: ****)
Description: Fehler beim Starten einer Windows Installer-Transaktion: C:\Users\****~1\AppData\Local\Temp\nsa56D2.tmp\vcredist.msi. Fehler 1618 beim Starten der Transaktion.

Error: (04/13/2015 02:38:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6164109

Error: (04/13/2015 02:38:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6164109

Error: (04/13/2015 02:38:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2015 00:55:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1062

Error: (04/13/2015 00:55:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1062


System errors:
=============
Error: (04/13/2015 04:02:46 PM) (Source: DCOM) (EventID: 10010) (User: ****)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (04/13/2015 02:47:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/13/2015 02:47:09 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Cons**** (MMC).

Error: (04/13/2015 02:44:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎13.‎04.‎2015 um 12:48:29 unerwartet heruntergefahren.

Error: (03/28/2015 09:31:48 AM) (Source: DCOM) (EventID: 10010) (User: ****)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (03/28/2015 09:31:48 AM) (Source: DCOM) (EventID: 10001) (User: ****)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaNicht verfügbarNicht verfügbar

Error: (03/27/2015 08:39:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/27/2015 08:39:15 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Cons**** (MMC).

Error: (03/17/2015 07:58:11 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "OS" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x3200000004222c. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (03/17/2015 10:32:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (04/13/2015 05:56:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.204981b1c01d076019f6bd8524294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe96bb8662-e1f5-11e4-bec6-08606e055dfdmicrosoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (04/13/2015 02:51:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa1c5401d075e828cc029eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld4d2ce69-e1db-11e4-bec6-08606e055dfd

Error: (04/13/2015 02:51:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe37.0.1.5570ac01d075e813a522d120C:\Program Files (x86)\Mozilla Firefox\firefox.exed1ecf22b-e1db-11e4-bec6-08606e055dfd

Error: (04/13/2015 02:46:57 PM) (Source: MsiInstaller) (EventID: 11925) (User: ****)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederholen Sie diese Installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/13/2015 02:46:31 PM) (Source: MsiInstaller) (EventID: 1041) (User: ****)
Description: C:\Users\****\AppData\Local\Temp\nsa56D2.tmp\vcredist.msi1618(NULL)(NULL)(NULL)(NULL)

Error: (04/13/2015 02:38:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6164109

Error: (04/13/2015 02:38:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6164109

Error: (04/13/2015 02:38:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2015 00:55:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1062

Error: (04/13/2015 00:55:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1062


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 45%
Total physical RAM: 6029.48 MB
Available physical RAM: 3311.49 MB
Total Pagefile: 6989.48 MB
Available Pagefile: 3504.51 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.86 GB) (Free:84.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:214.99 GB) NTFS
Drive e: (EN_110402) (CDROM) (Total:7.35 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 663C8AE8)

Partition: GPT Partition Type.

==================== End Of Log ============================

cosinus · 14.04.2015, 08:53

Zitat:

Quelle: C:\Users\****\Downloads\VLC media player 32 Bit - CHIP-Installer.exe

Downloads von chip.de zukünftig unterlassen! Lies unbedingt dazu => CHIP-Installer - was ist das? - Anleitungen

Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

anchises · 14.04.2015, 10:39

Danke für deine Antwort. Von chip.de wird nichts mehr heruntergeladen!

1. Logfile MBAM:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14/04/2015
Suchlauf-Zeit: 10:09:24
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.14.02
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: ****

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 404613
Verstrichene Zeit: 44 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 27
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{671F1846-80F2-4ED8-B183-A921E6A4D5D5}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{41DF0821-AF9A-4246-B01E-DB43C0E7A775}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{41DF0821-AF9A-4246-B01E-DB43C0E7A775}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{41DF0821-AF9A-4246-B01E-DB43C0E7A775}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{671F1846-80F2-4ED8-B183-A921E6A4D5D5}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{671F1846-80F2-4ED8-B183-A921E6A4D5D5}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\PiccShare.BHO.1, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\PiccShare.BHO, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PiccShare.BHO, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\PiccShare.BHO, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PiccShare.BHO.1, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\PiccShare.BHO.1, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.PiccShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{553318DA-D010-469E-84B1-496563CAE1C0}, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.OfferMosquito, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82B16A3D-F03E-4565-A532-666B219C9A53}, In Quarantäne, [532727454149ba7c2ac8c0823fc47e82], 
PUP.Optional.OfferMosquito.A, HKCU\SOFTWARE\CLASSES\TYPELIB\{B83C16AE-3C3D-5362-85D6-D19F9FB51262}, In Quarantäne, [16641557305a3bfbb3e330f0e11ff40c], 
PUP.Optional.OfferMosquito.A, HKCU\SOFTWARE\CLASSES\INTERFACE\{2C0830EC-8559-5E15-9DC7-5BB830020064}, In Quarantäne, [16641557305a3bfbb3e330f0e11ff40c], 
PUP.Optional.OfferMosquito.A, HKCU\SOFTWARE\CLASSES\INTERFACE\{A384AB73-46D8-570B-982A-776E7DED115A}, In Quarantäne, [16641557305a3bfbb3e330f0e11ff40c], 
PUP.Optional.OfferMosquito.A, HKCU\SOFTWARE\CLASSES\INTERFACE\{E4BC2DD7-8F3D-5254-8B4C-D2C3888D2A38}, In Quarantäne, [16641557305a3bfbb3e330f0e11ff40c], 
PUP.Optional.OfferMosquito.A, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\OfferMosquito, In Quarantäne, [661417554149e84ed57f0446e61f946c], 
PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\SimpleNewTab, In Quarantäne, [e5957eee8a00c17593928871976c4db3], 
PUP.Optional.AlexaTB.A, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\DISTROMATIC\Toolbars, In Quarantäne, [df9b6408e2a8e551d4f27bb09e674eb2], 
PUP.Optional.OfferMosquito.A, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gbmdkmlcnbapgegninelmjbfibaghdmk, In Quarantäne, [9bdfa4c8206a80b69a8d10e9ac57af51], 

Registrierungswerte: 3
PUP.Optional.DataMgr.A, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DataMgr, "C:\Users\****\AppData\Roaming\DataMgr\DataMgr.exe", In Quarantäne, [512970fc2466999d7fbd745342c17d83]
PUP.Optional.OfferMosquito, HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OMESupervisor, "C:\Users\****\AppData\Local\omesuperv.exe", In Quarantäne, [5e1cd09cc3c72214d3682717d4312fd1]
PUP.Optional.OfferMosquito, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OMESupervisor, "C:\Users\****\AppData\Local\omesuperv.exe", In Quarantäne, [5e1cd09cc3c72214d3682717d4312fd1]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 10
PUP.Optional.DataMgr.A, C:\Users\****\AppData\Roaming\DataMgr, In Quarantäne, [512970fc2466999d7fbd745342c17d83], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\_metadata, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\simple_new_tab, In Quarantäne, [21590f5d8406092d6cca9ff834cfd828], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\simple_new_tab\htmls, In Quarantäne, [21590f5d8406092d6cca9ff834cfd828], 
PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\ext_offermosquito, In Quarantäne, [e69493d998f275c1c474dcbb3ac92ed2], 
PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito, In Quarantäne, [3743076557333501ad8d277015ee55ab], 
PUP.Optional.PiccShare.A, C:\Users\****\AppData\Local\ext_piccshare, In Quarantäne, [26545c10d3b7a88e45e9435e4ab96f91], 
PUP.Optional.PicShare.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\ext_piccshare, In Quarantäne, [087227454743cd69318f8534fb08aa56], 

Dateien: 22
PUP.Optional.PiccShare.A, C:\Users\****\AppData\Local\ext_piccshare\ext_piccshare.dll, In Quarantäne, [88f2511bf694e55192d3e3599e65e61a], 
PUP.Optional.Softonic, C:\Users\****\Downloads\SoftonicDownloader_fuer_****.exe, In Quarantäne, [8ceeb3b92e5cba7c897bfa3b28d94bb5], 
PUP.Optional.RegCleanerPro, C:\Users\****\Downloads\rcpsetup_chip_de_chip_de.exe, In Quarantäne, [2e4c58144c3e81b5e95548f3db26c739], 
PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll, In Quarantäne, [16641557305a3bfbb3e330f0e11ff40c], 
PUP.Optional.DataMgr.A, C:\Users\****\AppData\Roaming\DataMgr\DataMgr.exe, In Quarantäne, [512970fc2466999d7fbd745342c17d83], 
PUP.Optional.DataMgr.A, C:\Users\****\AppData\Roaming\DataMgr\version.txt, In Quarantäne, [512970fc2466999d7fbd745342c17d83], 
PUP.Optional.OfferMosquito, C:\Users\****\AppData\Local\omesuperv.exe, In Quarantäne, [5e1cd09cc3c72214d3682717d4312fd1], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\manifest.json, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\newtab.js, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\options.html, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\options.js, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\snt.html, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\snt.js, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\_metadata\computed_hashes.json, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.1_0\_metadata\verified_contents.json, In Quarantäne, [b6c43b31602a51e5bc79d7c07a8947b9], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\simple_new_tab\simple_new_tab.dll, In Quarantäne, [21590f5d8406092d6cca9ff834cfd828], 
PUP.Optional.SimpleNewTab.A, C:\Users\****\AppData\Local\simple_new_tab\htmls\index.html, In Quarantäne, [21590f5d8406092d6cca9ff834cfd828], 
PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\ext_offermosquito\atl100.dll, In Quarantäne, [e69493d998f275c1c474dcbb3ac92ed2], 
PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\ext_offermosquito\msvcr100d.dll, In Quarantäne, [e69493d998f275c1c474dcbb3ac92ed2], 
PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll, In Quarantäne, [e69493d998f275c1c474dcbb3ac92ed2], 
PUP.Optional.OfferMosquito.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx, In Quarantäne, [3743076557333501ad8d277015ee55ab], 
PUP.Optional.PicShare.A, C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\ext_piccshare\ext_piccshare.crx, In Quarantäne, [087227454743cd69318f8534fb08aa56], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

2. Logdatei AdwCleaner:

Code:

ATTFilter

# AdwCleaner v4.201 - Bericht erstellt 14/04/2015 um 11:09:23
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : **** - ****
# Gestarted von : C:\Users\********\Downloads\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Users\********\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\********\AppData\Roaming\fbDownloader
Ordner Gelöscht : C:\Users\********\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\********\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\********\AppData\Roaming\Seventh
Ordner Gelöscht : C:\Users\********\AppData\Roaming\Sixth
Ordner Gelöscht : C:\Users\********\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\********\AppData\Roaming\SSync
Ordner Gelöscht : C:\Users\********\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\********\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\llpnaddghmkpkmnghbdpahlgncpieofn
Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gbmdkmlcnbapgegninelmjbfibaghdmk_0.localstorage
Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal
Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmgkeimkiojpjcoiiipekfjaopchhjga_0.localstorage
Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llpnaddghmkpkmnghbdpahlgncpieofn_0.localstorage
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\********\AppData\Local\ext_piccshare_uninst.exe
Datei Gelöscht : C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.fbdownloader.com_0.localstorage
Datei Gelöscht : C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.fbdownloader.com_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\docfnddcclkgokdfpnmngpiliiachclb
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Seventh]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Sixth]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Schlüssel Gelöscht : HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\httogroup
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\piccshare
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init
Schlüssel Gelöscht : HKCU\Software\DriverTuner
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\piccshare
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v37.0.1 (x86 de)

[ca3qt68x.default-1415723533465\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=fpo&q=");
[ca3qt68x.default-1415723533465\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=fpo&q=");
[ca3qt68x.default-1415723533465\prefs.js] - Zeile Gelöscht : user_pref("simplenewtab.url", "hxxp://search.fbdownloader.com/?channel=fpo_nt");

-\\ Google Chrome v41.0.2272.118

[C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.fbdownloader.com/search.php?channel=fpo&q={searchTerms}
[C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp:\/\/search.fbdownloader.com\/?channel=fpo
[C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp:\/\/search.fbdownloader.com\/?channel=fpo

*************************

AdwCleaner[R0].txt - [6873 Bytes] - [14/04/2015 11:07:24]
AdwCleaner[S0].txt - [6010 Bytes] - [14/04/2015 11:09:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6069  Bytes] ##########

3. Logfile JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.4 (04.13.2015:1)
OS: Windows 8.1 x64
Ran by Maxi Muster on 14/04/2015 at 11:17:09.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\behrv_000\AppData\Roaming\mozilla\firefox\profiles\ca3qt68x.default-1415723533465\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/04/2015 at 11:19:37.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4. Logdateien FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by *** (administrator) on *** on 14-04-2015 11:35:15
Running from C:\Users\***\Desktop
Loaded Profiles: *** (Available profiles: UpdatusUser & ***)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [AuditSHD] => C:\windows\system32\oobe\auditshd.exe [30208 2014-10-29] (Microsoft Corporation)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSPanel.exe [3411328 2012-07-24] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Spotify Web Helper] => C:\Users\***\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Run: [Spotify] => C:\Users\***\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\MountPoints2: {053d9404-ddc4-11e3-be97-08606e055dfd} - "G:\LGAutoRun.exe" 
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\STANDA~1.SCR [232448 2012-06-08] ()
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [18856 2012-10-02] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ca3qt68x.default-1415723533465
FF SelectedSearchEngine: Search
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-10-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ca3qt68x.default-1415723533465\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-02]
CHR Extension: (Google Wallet) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)
S2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-11-15] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-11-15] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-01-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-04] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 11:35 - 2015-04-14 11:35 - 00014269 _____ () C:\Users\***\Desktop\FRST.txt
2015-04-14 11:19 - 2015-04-14 11:19 - 00000769 _____ () C:\Users\***\Desktop\JRT.txt
2015-04-14 11:17 - 2015-04-14 11:17 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-***-Windows-8.1-(64-bit).dat
2015-04-14 11:17 - 2015-04-14 11:17 - 00000000 ____D () C:\RegBackup
2015-04-14 11:16 - 2015-04-14 11:16 - 02687136 _____ (Thisisu) C:\Users\***\Downloads\JRT.exe
2015-04-14 11:14 - 2015-04-14 11:15 - 00006112 _____ () C:\Users\***\Desktop\AdwCleaner[S0].txt
2015-04-14 11:07 - 2015-04-14 11:09 - 00000000 ____D () C:\AdwCleaner
2015-04-14 11:06 - 2015-04-14 11:07 - 02217984 _____ () C:\Users\***\Downloads\AdwCleaner_4.201.exe
2015-04-14 11:05 - 2015-04-14 11:15 - 00011302 _____ () C:\Users\***\Desktop\mbam.txt
2015-04-14 10:07 - 2015-04-14 11:12 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-14 10:07 - 2015-04-14 10:07 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-14 10:07 - 2015-04-14 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-14 10:07 - 2015-04-14 10:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-14 10:07 - 2015-04-14 10:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-14 10:07 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-14 10:07 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-14 10:07 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-14 10:05 - 2015-04-14 10:05 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-13 21:35 - 2015-04-14 11:35 - 00000000 ____D () C:\FRST
2015-04-13 21:34 - 2015-04-13 21:34 - 02096640 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2015-04-13 17:22 - 2015-04-13 17:22 - 00000000 ____D () C:\Users\***\Downloads\Grass__Gunter_Die_Blechtrommel_114c475ce06a3367cedf783811c32c32
2015-04-13 17:18 - 2015-04-13 17:22 - 497818663 _____ () C:\Users\***\Downloads\Grass__Gunter_Die_Blechtrommel_114c475ce06a3367cedf783811c32c32.zip
2015-04-13 12:10 - 2015-04-13 12:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-07 21:55 - 2015-04-07 21:55 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-07 21:55 - 2015-04-07 21:55 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-03-22 18:31 - 2015-03-27 20:32 - 00021364 _____ () C:\Users\***\Desktop\Einkaufsliste.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 11:34 - 2014-11-04 23:42 - 23915520 ___SH () C:\Users\***\Downloads\Thumbs.db
2015-04-14 11:32 - 2014-11-04 19:17 - 01939033 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-14 11:21 - 2014-12-01 11:21 - 00000000 ___RD () C:\Users\***\OneDrive
2015-04-14 11:16 - 2014-09-24 08:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-14 11:16 - 2014-09-24 07:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-14 11:16 - 2014-09-24 07:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-14 11:13 - 2014-08-09 20:50 - 00000000 ____D () C:\Users\***\AppData\Local\Spotify
2015-04-14 11:12 - 2013-07-25 03:34 - 00000432 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-04-14 11:12 - 2013-05-04 23:50 - 00000416 _____ () C:\Users\***\AppData\Roaming\sp_data.sys
2015-04-14 11:11 - 2013-05-04 23:56 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 11:10 - 2014-09-23 23:06 - 00238152 _____ () C:\WINDOWS\PFRO.log
2015-04-14 11:10 - 2013-08-22 16:46 - 00344244 _____ () C:\WINDOWS\setupact.log
2015-04-14 11:10 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-14 11:10 - 2013-03-27 10:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-14 11:09 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-14 11:09 - 2013-07-05 20:16 - 00000000 ____D () C:\Users\***\AppData\Roaming\Common
2015-04-14 11:06 - 2014-08-09 20:49 - 00000000 ____D () C:\Users\***\AppData\Roaming\Spotify
2015-04-14 10:59 - 2014-11-04 19:25 - 00000000 ____D () C:\Users\***
2015-04-14 10:59 - 2014-04-18 23:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-14 10:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Resources
2015-04-14 10:44 - 2013-05-04 23:56 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 10:13 - 2013-05-04 23:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3718987256-3696895883-2711694715-1002
2015-04-14 10:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-13 21:07 - 2014-05-14 15:36 - 00000000 ____D () C:\Users\***\Desktop\Ole
2015-04-13 16:10 - 2014-11-05 17:52 - 00300544 ___SH () C:\Users\***\Desktop\Thumbs.db
2015-04-09 16:22 - 2014-08-05 14:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 16:21 - 2013-07-02 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 16:21 - 2013-07-02 16:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-07 23:42 - 2014-08-09 20:50 - 00001880 _____ () C:\Users\***\Desktop\Spotify.lnk
2015-04-07 23:42 - 2014-08-09 20:50 - 00001866 _____ () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-07 21:55 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-03 03:45 - 2013-05-04 23:57 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-01 15:13 - 2013-07-02 16:16 - 00000000 ____D () C:\Users\***\AppData\Roaming\Avira
2015-04-01 15:13 - 2013-07-02 16:10 - 00000000 ____D () C:\ProgramData\Avira
2015-03-23 19:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-15 20:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2013-07-02 16:31 - 2013-07-02 16:31 - 0000021 _____ () C:\Users\***\AppData\Roaming\my_intel.sys
2013-05-04 23:50 - 2015-04-14 11:12 - 0000416 _____ () C:\Users\***\AppData\Roaming\sp_data.sys

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5188.dll


Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\avgnt.exe
C:\Users\***\AppData\Local\Temp\Quarantine.exe
C:\Users\***\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-13 22:45

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by **** at 2015-04-14 11:35:37
Running from C:\Users\****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.6.112 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\{1F0342F5-8369-3CD1-99DD-E9BC44473708}) (Version: 65.107.16500 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{F13921D6-AE6D-41BF-807A-17BD99C0A4FD}) (Version: 15.5.5.0480 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{962E1735-D2E0-4813-AB9F-C6CBA09E759A}) (Version: 15.05.7000.1709 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mystery Places - Das Geheimnis der Geisterstadt (HKLM-x32\...\Mystery Places - Das Geheimnis der Geisterstadt) (Version:  - )
Mystery Places - Das Geheimnis der Geistervilla (HKLM-x32\...\Mystery Places - Das Geheimnis der Geistervilla) (Version:  - )
NVIDIA 3D Vision Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Standard Time Version 1.1 (HKLM-x32\...\{46BF1117-D50B-4C2B-A19A-7ECD1A0EBA61}_is1) (Version: 1.1 - Datenstrudel GbR)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
**** by Tangysoft (HKLM-x32\...\****by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-03-2015 23:50:29 Geplanter Prüfpunkt
07-04-2015 21:54:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13C85C41-2A7D-428D-8B34-E8BA34324025} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1A33D94C-82A5-4294-B3B8-6A3484753CD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {35974AF2-E186-474E-A84B-49A92E28601F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {62DB4409-46A1-4995-8252-9E291939F45D} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {8FFF272F-61D1-4B85-9141-25DD3C854834} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {928DC4A9-DA8A-40B9-8F9F-9EC4ECE8C38A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {98397365-3B85-413F-A339-399470DB754A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A8F96243-C911-4916-8EAC-22084AD9255D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {B53CB93E-B21F-4562-9EB7-B842DD31AF06} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {BC001EE7-60C4-4800-90EA-79492342C8AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {DD371991-91F0-4D6C-8A02-88C41D19167E} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {DF600A1D-9DAE-411E-AED0-2D42E45644FD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {EEF1B76F-17DA-4689-A93C-954CE61875F0} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:87A3A233
AlternateDataStreams: C:\Users\****\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3718987256-3696895883-2711694715-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\****\Desktop\Ole\****3.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"

==================== Accounts: =============================

Administrator (S-1-5-21-3718987256-3696895883-2711694715-500 - Administrator - Disabled)
Gast (S-1-5-21-3718987256-3696895883-2711694715-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3718987256-3696895883-2711694715-1006 - Limited - Enabled)
**** (S-1-5-21-3718987256-3696895883-2711694715-1002 - Administrator - Enabled) => C:\Users\****
UpdatusUser (S-1-5-21-3718987256-3696895883-2711694715-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 25%
Total physical RAM: 6029.48 MB
Available physical RAM: 4471.58 MB
Total Pagefile: 6989.48 MB
Available Pagefile: 5290.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.86 GB) (Free:84.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:214.99 GB) NTFS
Drive e: (EN_110402) (CDROM) (Total:7.35 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 663C8AE8)

Partition: GPT Partition Type.

Sollte/kann/darf ich die CHIP-Installer.exe löschen?

cosinus · 14.04.2015, 11:19

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Public\AlexaNSISPlugin.5188.dll
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

anchises · 14.04.2015, 11:28

Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015
Ran by **** at 2015-04-14 12:23:02 Run:1
Running from C:\Users\****\Desktop
Loaded Profiles: **** (Available profiles: UpdatusUser & ****)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Public\AlexaNSISPlugin.5188.dll
AlternateDataStreams: C:\ProgramData\Temp:87A3A233
EmptyTemp:
       
*****************

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Public\AlexaNSISPlugin.5188.dll => Moved successfully.
C:\ProgramData\Temp => ":87A3A233" ADS removed successfully.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 12:23:38 ====

cosinus · 14.04.2015, 11:38

Okay, dann einen Kontrollscan mit ESET bitte:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

anchises · 14.04.2015, 13:32

Leider war während des Scans Antivir nicht geschlossen, weil ich den Laptop neu gestartet hatte und nicht genau genug gelesen hatte. Bei ca. 30% hab ich's dann gemerkt, weil Antivir einen neuen Fund gemeldet hat. Ich poste erst den ESET-Logfile (hat noch einiges entdeckt) und darunter den neuen Antivir-Fund.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c5d7812a2b6fd244a542035f632eb261
# engine=23375
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-14 12:15:34
# local_time=2015-04-14 02:15:34 (+0100, Mitteleuropäische Sommerzeit)
# country="United Kingdom"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2660650 53895027 0 0
# scanned=232592
# found=6
# cleaned=0
# scan_time=5428
sh=F1F71F4FB27EF71FEABC3D4239E8CF113DFE6116 ft=1 fh=348e76a2e111cc49 vn="Win32/AdWare.Snoozer.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\****\AppData\Roaming\Snz\Snz.exe.vir"
sh=2F016F395DA134CB240A375BD4AFE67BC4F4AACE ft=1 fh=d29baf39a786373a vn="Win32/Adware.Synatix Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\****\AppData\Roaming\Windows Net Data\net.exe.vir"
sh=2F016F395DA134CB240A375BD4AFE67BC4F4AACE ft=1 fh=d29baf39a786373a vn="Win32/Adware.Synatix Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\****\AppData\Roaming\Windows Net Data\uninstaller.exe.vir"
sh=0A7B0B42E890761457162FF5B6AFA4CACD03ADA7 ft=1 fh=f3588219254e4f42 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=F5FD2B23CA64E22AF866E32BC204BBF26D4ECFF4 ft=1 fh=9d90928b0b27c805 vn="Win32/WinloadSDA.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\****\Downloads\UseNeXT-Setup (1).exe"
sh=51AC04EE1DEB42E212E9F412F7C641877F907FBF ft=1 fh=94199f46daa71a3b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\****\Downloads\Windows Media Player - CHIP-Installer.exe"

Code:

ATTFilter

Exportierte Ereignisse:

14/04/2015 13:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\****\AppData\Local\Google\Chrome Frame\User 
      Data\IEXPLORE\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\1.2_0\offermos
      quito.js'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/OfferMosq.U' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

cosinus · 14.04.2015, 13:36

Zitat:

C:\Users\****\Downloads\UseNeXT-Setup (1).exe
C:\Users\****\Downloads\Windows Media Player - CHIP-Installer.exe

Downloadordner aufräumen. Schon wieder Müll von Chip dabei!

Dein Google Chrome Profil ist sehr wahrscheinlich voll mit Adware durchsetzt, viel zu oft hilft nur ein Zurücksetzen: Chrome => https://support.google.com/chrome/answer/3296214?hl=de

anchises · 14.04.2015, 13:45

Chrome ist entsprechend zurückgesetzt, die Dateien sind gelöscht.
Bei den Chrome-Erweiterungen hatte sich ebenfalls FavGenius eingerichtet, dass habe ich gerade wieder gelöscht.

cosinus · 14.04.2015, 14:09

Ggf musst du Chrome deinstallieren, manuell den möglicherweise noch verbliebenen Installationsordner löschen und anschließend Chrome aus einem offiziellen Setup neu installieren.

anchises · 14.04.2015, 14:19

Okay, auch das ist erledigt.

cosinus · 14.04.2015, 15:26

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

anchises · 14.04.2015, 16:01

Hier der Inhalt der Fixlog.txt-Datei:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015
Ran by **** at 2015-04-14 16:52:10 Run:2
Running from C:\Users\****\Desktop
Loaded Profiles: **** (Available profiles: UpdatusUser & ****)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
EmptyTemp:
*****************

EmptyTemp: => Removed 127.7 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 16:52:28 ====

14.04.2015, 14:09	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Unerwünschte Startseite/Suchmaschine/Erweiterungen: 'fbdownloader'; PUA/DownloadSponsor.Gen; Win8.1 64-Bit [gelöst] Ggf musst du Chrome deinstallieren, manuell den möglicherweise noch verbliebenen Installationsordner löschen und anschließend Chrome aus einem offiziellen Setup neu installieren. __________________ Logfiles bitte immer in CODE-Tags posten

Unerwünschte Startseite/Suchmaschine/Erweiterungen: 'fbdownloader'; PUA/DownloadSponsor.Gen; Win8.1 64-Bit

Alles rund um Windows: Unerwünschte Startseite/Suchmaschine/Erweiterungen: 'fbdownloader'; PUA/DownloadSponsor.Gen; Win8.1 64-Bit

Problem: Unerwünschte Startseite/Suchmaschine/Erweiterungen: 'fbdownloader'; PUA/DownloadSponsor.Gen; Win8.1 64-Bit