Win7 64bit SP1 IE11 startet immer mit delta-homes

x-taucher · 15.07.2015, 11:28

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by Jürgen (ATTENTION: The logged in user is not administrator) on JÜRGEN-PC on 15-07-2015 12:18:04
Running from C:\Users\Jürgen\Downloads
Loaded Profiles: Jürgen (Available Profiles: Jürgen & Superuser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> AESTSr64.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> CreativeLicensing.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> XAudio64.exe
Failed to access process -> airprint.exe
Failed to access process -> sppsvc.exe
Failed to access process -> splwow64.exe
Failed to access process -> NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
Failed to access process -> iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Dropbox, Inc.) C:\Users\Jürgen\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> wmpnetwk.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\DVAG Online-System\smartclient\smartclient.exe
(Oracle Corporation) C:\Program Files (x86)\DVAG Online-System\jre\jre-1.8.0.40\bin\javaw.exe
Failed to access process -> TrustedInstaller.exe
Failed to access process -> taskhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-26] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe [425984 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-07] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\Run: [NetDrive2] => "C:\PROGRA~1\NETDRI~1\NetDrive2.exe" -tray
HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC)
HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\Run: [Dropbox Update] => C:\Users\Jürgen\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3699402403-153390249-1692070487-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3699402403-153390249-1692070487-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3699402403-153390249-1692070487-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1435226957&rver=6.4.6456.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox&lc=1031&id=64855&mkt=de-de&cbcxt=mai
HKU\S-1-5-21-3699402403-153390249-1692070487-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3699402403-153390249-1692070487-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1C0EC348-7DEA-438D-B193-D739C8E1824F}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ABA4EC7A-0D40-40A7-BCB2-9C1BD0988427}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{FDDF6DCF-CA19-436D-9487-2CC42EDB52EA}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\5d6oc908.default-1413796767901
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jürgen\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-04-13] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\5d6oc908.default-1413796767901\searchplugins\google-avast.xml [2014-12-10]
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\5d6oc908.default-1413796767901\searchplugins\xing---the-professional-network.xml [2015-06-02]
FF Extension: ProxTube - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\5d6oc908.default-1413796767901\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-11-03]
FF Extension: Adblock Plus - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\5d6oc908.default-1413796767901\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-15]
FF HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\2xs75hvh.default-1409132034935\extensions\cliqz@cliqz.com

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [86016 2007-09-20] (Andrea Electronics Corporation)
R2 AirPrint; C:\AirPrint\airprint.exe [234784 2014-08-05] (Apple Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 Creative Labs Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [69632 2014-12-16] (Creative Labs) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 notifierNetDrive2; C:\Program Files\NetDrive2\nd2sp.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcm44amd64; C:\Windows\System32\DRIVERS\b44amd64.sys [87552 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S1 vcdc; C:\Windows\System32\DRIVERS\vcdc.sys [153848 2010-01-26] (Siemens Enterprise Communications GmbH & Co. KG) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HWiNFO32; \??\C:\Users\JRGEN~1\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 12:12 - 2015-07-14 12:12 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Jürgen\Downloads\sc-cleaner.exe
2015-07-13 14:47 - 2015-07-13 14:47 - 00000000 ____D C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-13 10:21 - 2015-07-13 10:21 - 00000000 ____D C:\Users\Jürgen\AppData\Local\PDF24
2015-07-13 10:17 - 2015-07-13 10:17 - 00001079 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-07-13 10:17 - 2015-07-13 10:17 - 00001059 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-07-13 10:17 - 2015-07-13 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-07-13 10:17 - 2015-07-13 10:17 - 00000000 ____D C:\Program Files (x86)\PDF24
2015-07-13 10:13 - 2015-07-13 10:13 - 16381928 _____ (Geek Software GmbH ) C:\Users\Jürgen\Downloads\pdf24-creator-7.0.4.exe
2015-07-13 09:24 - 2015-07-13 09:24 - 00000250 _____ C:\Users\Jürgen\Downloads\Search.txt
2015-07-13 09:21 - 2015-07-13 09:21 - 00000000 ____D C:\Users\Jürgen\Downloads\FRST-OlderVersion
2015-07-10 15:27 - 2015-07-10 23:04 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2015-07-08 12:31 - 2015-07-08 12:31 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-08 12:31 - 2015-07-08 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-08 12:30 - 2015-07-08 12:31 - 00000000 ____D C:\Program Files\iTunes
2015-07-08 12:30 - 2015-07-08 12:30 - 00000000 ____D C:\Program Files\iPod
2015-07-08 12:30 - 2015-07-08 12:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-08 12:22 - 2015-07-08 12:22 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-08 12:22 - 2015-07-08 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-08 12:22 - 2015-07-08 12:22 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-08 11:51 - 2015-07-09 18:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-02 14:02 - 2015-07-02 14:03 - 00030234 _____ C:\Users\Jürgen\Downloads\Addition.txt
2015-06-30 17:18 - 2015-06-30 17:18 - 00012563 _____ C:\ComboFix.txt
2015-06-30 13:53 - 2015-06-30 13:53 - 02244096 _____ C:\Users\Jürgen\Downloads\AdwCleaner_4.207.exe
2015-06-30 13:45 - 2015-06-30 13:45 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JÜRGEN-PC-Windows-7-Professional-(64-bit).dat
2015-06-30 13:45 - 2015-06-30 13:45 - 00000000 ____D C:\RegBackup
2015-06-30 13:40 - 2015-06-30 13:40 - 00000000 ____D C:\b62b4c32494f7bdd89d7cef43a3bb5
2015-06-30 12:16 - 2015-06-30 12:17 - 02951929 _____ (Malwarebytes Corporation) C:\Users\Jürgen\Downloads\JRT.exe
2015-06-30 10:06 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-30 10:06 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-30 10:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-30 10:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-30 10:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-30 10:06 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-30 10:06 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-30 10:06 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-30 09:54 - 2015-06-30 17:18 - 00000000 ____D C:\Qoobox
2015-06-30 09:54 - 2015-06-30 10:22 - 00000000 ____D C:\Windows\erdnt
2015-06-30 09:49 - 2015-06-30 09:49 - 05630589 ____R (Swearware) C:\Users\Jürgen\Downloads\ComboFix.exe
2015-06-29 11:58 - 2015-07-15 12:18 - 00013929 _____ C:\Users\Jürgen\Downloads\FRST.txt
2015-06-29 11:58 - 2015-07-15 12:18 - 00000000 ____D C:\FRST
2015-06-29 11:57 - 2015-07-13 09:21 - 02133504 _____ (Farbar) C:\Users\Jürgen\Downloads\FRST64.exe
2015-06-26 14:16 - 2015-06-26 14:17 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jürgen\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-25 13:37 - 2015-06-25 13:37 - 02870984 _____ (ESET) C:\Users\Jürgen\Downloads\esetsmartinstaller_deu.exe
2015-06-25 12:57 - 2015-06-25 12:57 - 00000000 ____D C:\Users\Jürgen\Downloads\RevoUninstallerPortable
2015-06-25 12:56 - 2015-06-25 12:56 - 02785665 _____ (PortableApps.com) C:\Users\Jürgen\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-06-25 12:27 - 2015-07-01 08:31 - 00000000 ____D C:\AdwCleaner
2015-06-18 10:30 - 2015-06-18 10:30 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-18 10:27 - 2015-06-18 10:27 - 00562784 _____ (Oracle Corporation) C:\Users\Jürgen\Downloads\jre-8u45-windows-i586-iftw.exe
2015-06-17 09:16 - 2015-06-17 09:16 - 00000000 ____D C:\Users\Jürgen\AppData\Local\Dropbox
2015-06-17 09:16 - 2015-06-17 09:16 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 12:10 - 2014-07-31 14:47 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2015-07-15 12:10 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-15 12:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-15 12:10 - 2009-07-14 06:51 - 00062950 _____ C:\Windows\setupact.log
2015-07-14 20:58 - 2014-07-31 16:03 - 00000000 ____D C:\Users\Jürgen\AppData\Roaming\vlc
2015-07-14 20:58 - 2014-07-30 14:38 - 01444246 _____ C:\Windows\WindowsUpdate.log
2015-07-14 19:59 - 2014-07-31 13:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 19:58 - 2011-04-12 09:43 - 00699666 _____ C:\Windows\system32\perfh007.dat
2015-07-14 19:58 - 2011-04-12 09:43 - 00149774 _____ C:\Windows\system32\perfc007.dat
2015-07-14 19:58 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 19:58 - 2009-07-14 06:45 - 00032576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 19:58 - 2009-07-14 06:45 - 00032576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 18:35 - 2015-04-07 16:51 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-13 18:35 - 2015-04-07 16:51 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-13 14:48 - 2014-08-05 15:16 - 00000000 ____D C:\Users\Jürgen\AppData\Roaming\Dropbox
2015-07-10 23:09 - 2014-07-30 16:31 - 00109296 _____ C:\Users\Jürgen\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-10 23:09 - 2009-07-14 06:45 - 00408976 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-10 23:05 - 2014-07-31 14:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-10 12:14 - 2014-08-05 15:29 - 00000883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sphinx.lnk
2015-07-10 12:14 - 2014-08-05 15:29 - 00000871 _____ C:\Users\Jürgen\Desktop\Sphinx.lnk
2015-07-09 18:06 - 2014-07-30 15:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-09 18:06 - 2010-11-21 05:47 - 00427722 _____ C:\Windows\PFRO.log
2015-07-09 13:35 - 2014-07-31 14:54 - 00000000 ____D C:\Users\Jürgen\Bilder
2015-07-09 11:59 - 2014-07-31 13:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 11:59 - 2014-07-31 13:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 10:55 - 2014-07-30 16:52 - 00001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\V-Planner.lnk
2015-07-09 10:55 - 2014-07-30 16:52 - 00001112 _____ C:\Users\Public\Desktop\V-Planner.lnk
2015-07-08 12:30 - 2014-08-05 14:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-08 12:29 - 2015-04-17 10:46 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 12:29 - 2014-07-30 16:19 - 00000000 ____D C:\Download
2015-06-30 17:14 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-30 10:25 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-30 10:16 - 2015-01-15 12:01 - 00000000 ____D C:\ProgramData\TEMP
2015-06-30 09:40 - 2014-08-05 15:31 - 00000000 ___RD C:\Users\Jürgen\Dropbox
2015-06-25 13:32 - 2015-01-15 12:01 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-06-24 14:14 - 2014-08-07 09:23 - 00000000 __SHD C:\Users\Jürgen\AppData\Local\EmieUserList
2015-06-24 14:14 - 2014-08-07 09:23 - 00000000 __SHD C:\Users\Jürgen\AppData\Local\EmieSiteList
2015-06-22 12:56 - 2014-11-06 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ekahau
2015-06-18 10:31 - 2014-07-31 14:41 - 00000000 ____D C:\Program Files\Java
2015-06-18 10:31 - 2014-07-31 14:36 - 00000000 ____D C:\ProgramData\Oracle
2015-06-18 10:29 - 2014-08-08 10:39 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-17 13:42 - 2014-08-19 14:59 - 00000000 ____D C:\Users\Jürgen\AppData\Local\Adobe

==================== Files in the root of some directories =======

2014-10-27 15:36 - 2015-03-13 19:12 - 0006144 _____ () C:\Users\Jürgen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-11 16:09 - 2014-08-11 16:09 - 0007605 _____ () C:\Users\Jürgen\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

--- --- ---

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by Jürgen at 2015-07-15 12:26:31
Running from C:\Users\Jürgen\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3699402403-153390249-1692070487-500 - Administrator - Disabled)
Gast (S-1-5-21-3699402403-153390249-1692070487-501 - Limited - Disabled)
Jürgen (S-1-5-21-3699402403-153390249-1692070487-1000 - Limited - Enabled) => C:\Users\Jürgen
Superuser (S-1-5-21-3699402403-153390249-1692070487-1003 - Administrator - Enabled) => C:\Users\Superuser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Advanced PDF Password Recovery (HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\Advanced PDF Password Recovery) (Version: 5.0 - ElcomSoft Co. Ltd.)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4954 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Cisco WebEx Meetings (HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Dell System Detect - 1  (HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell System Detect (HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.2 - Synaptics Incorporated)
Dropbox (HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
DVAG Online-System (HKLM-x32\...\DVAG Online System) (Version: 1.2 - Deutsche Vermögensberatung AG)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.16151 - Landesfinanzdirektion Thüringen)
ESTOS ProCall One (HKLM-x32\...\{85CA6889-AB15-424A-B6D6-FF67A9EA25EA}) (Version: 3.0.3.952 - ESTOS)
FinePrint (HKLM\...\FinePrint) (Version: 6.25 - FinePrint Software, LLC)
Free Audio Converter version 5.0.59.525 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.59.525 - DVDVideoSoft Ltd.)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.10.923 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.58.505 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.58.505 - DVDVideoSoft Ltd.)
GAP - Gas Absorption Program (HKLM-x32\...\GAP - Gas Absorption Program) (Version:  - )
HWiNFO64 Version 4.50 (HKLM\...\HWiNFO64_is1) (Version: 4.50 - Martin Malík - REALiX)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
ImageJ 1.46r (HKLM\...\ImageJ_is1) (Version:  - NIH)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mischgas VDST 2.1 (HKLM-x32\...\Mischgas VDST) (Version: 2.1 - Dr. Martin Steiner)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF24 Creator 7.0.4 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Personal Backup 5.6 (HKLM\...\Personal Backup 5_is1) (Version: 5.6.8.2 - Dr. J. Rathlev)
PicPick (HKLM-x32\...\PicPick) (Version: 4.0.2 - NTeWORKS)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.10 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RICOH R5C83x/84x Media Driver Ver.3.53.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.53.02 - )
SigmaTel Audio (HKLM-x32\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
U232 P9/P25 13.2.98 (HKLM-x32\...\{DA7113AA-E3D0-48C6-BE31-E1F11BB9D18E}) (Version: 13.2.98 - MCT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
V-Planner 3.93 (HKLM-x32\...\V-Planner_de_is1) (Version: 3.93.1.125 - HHS Software Corp)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-07-08 16:20 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => 
Task: C:\Windows\Tasks\AutoKMS.job => 

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-30 15:38 - 2014-10-27 09:54 - 00469532 _____ () C:\Program Files (x86)\DVAG Online-System\smartclient\smartclient.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\sparkasse-freiburg.de -> hxxps://bankingportal.sparkasse-freiburg.de

IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3699402403-153390249-1692070487-1000\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3699402403-153390249-1692070487-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{E1FBF5F7-D38B-467E-B0F6-91BBC43EC349}C:\program files (x86)\estos\procall one\ecticlientone.exe] => (Allow) C:\program files (x86)\estos\procall one\ecticlientone.exe
FirewallRules: [UDP Query User{5A7A4DFA-6A3D-4A6E-BCEE-49A72B0BCFB4}C:\program files (x86)\estos\procall one\ecticlientone.exe] => (Allow) C:\program files (x86)\estos\procall one\ecticlientone.exe
FirewallRules: [TCP Query User{905C26E0-90A2-43B7-9B36-F832DA4F10B1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{A523F439-D5A1-4B45-A6EF-5B684DB3F83A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{1CF93DE8-1265-436E-9808-CDFB55C250E6}C:\program files\imagej\jre\bin\javaw.exe] => (Allow) C:\program files\imagej\jre\bin\javaw.exe
FirewallRules: [UDP Query User{10AB3E4D-BBCB-47ED-8F3A-EFAE979875C5}C:\program files\imagej\jre\bin\javaw.exe] => (Allow) C:\program files\imagej\jre\bin\javaw.exe
FirewallRules: [{4CE808C9-4EF4-4A35-891B-4EA9990B2B75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{67518114-3A9B-408C-9D2E-BC466A7D462B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{626E10E9-8B86-4108-9DB8-351C7191B03D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7B292BD0-4622-4AB1-B323-59D69FA187E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F54442CF-26A4-4740-9865-7D0599F456AA}] => (Allow) C:\Program Files\NetDrive\ndsvc.exe
FirewallRules: [{51537E60-1AC1-43FA-A20F-6BBD4B16BD34}] => (Allow) C:\Program Files\NetDrive\ndsvc.exe
FirewallRules: [{87058C1C-32B0-47E9-979E-52BBBA5CEC1F}] => (Allow) C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B2929596-73CD-451E-BDB1-46B1F2B62772}] => (Allow) C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{143368D1-A089-49BF-8EF5-ED8D1F5C1DD1}] => (Allow) C:\Program Files\NetDrive\ndsvc.exe
FirewallRules: [{F5C6AA75-2443-433A-A076-43531827F107}] => (Allow) C:\Program Files\NetDrive\ndsvc.exe
FirewallRules: [TCP Query User{7221C880-6B75-4C89-8C3A-15700B020919}C:\users\jürgen\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jürgen\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{32C9B359-2B53-4C42-BEC5-6DCB80C128FA}C:\users\jürgen\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jürgen\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{87DA14DC-63CF-4AF1-A43F-3B9D3FF72DFA}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{095392E0-C1E4-4112-9A1D-3BCED9D4DC8F}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{B8E2D639-719B-43FD-9135-2CD5215EFCE5}C:\program files (x86)\estos\procall one\ecticlientone.exe] => (Allow) C:\program files (x86)\estos\procall one\ecticlientone.exe
FirewallRules: [UDP Query User{11C261A9-0E41-43A0-BD2F-0C4611D5D060}C:\program files (x86)\estos\procall one\ecticlientone.exe] => (Allow) C:\program files (x86)\estos\procall one\ecticlientone.exe
FirewallRules: [{FC4E851D-86CD-4660-99F2-48E22B1EC2F3}] => (Allow) C:\Windows\System32\CMDService.exe
FirewallRules: [{21D326AF-DA00-4E61-9C59-D2B94CF08CCF}] => (Allow) C:\Windows\System32\CMDService.exe
FirewallRules: [{BE37B8D7-729B-4AA9-A169-F54BCCBFCD10}] => (Allow) C:\Windows\System32\CMDService.exe
FirewallRules: [{C9473154-5EEC-45FD-B167-E83343CF689C}] => (Allow) C:\Windows\System32\CMDService.exe
FirewallRules: [{4FEF612E-55E8-4E8E-A030-B5B54270208F}] => (Allow) C:\Download\Telefon\TAPI120-64Bit-64Bit\Setup_X64\System64\CMDService.exe
FirewallRules: [{99F0A338-8EC8-47DE-8051-B1BA844CF6BA}] => (Allow) C:\Download\Telefon\TAPI120-64Bit-64Bit\Setup_X64\System64\CMDService.exe
FirewallRules: [{A67F2045-885F-4525-B981-39A9F22EEDCD}] => (Allow) C:\Download\Telefon\TAPI120-64Bit-64Bit\Setup_X64\System64\CMDService.exe
FirewallRules: [{207AA921-154E-497B-8830-4CA88BB6B753}] => (Allow) C:\Download\Telefon\TAPI120-64Bit-64Bit\Setup_X64\System64\CMDService.exe
FirewallRules: [{BABD1CD1-E353-440C-8B79-E738171C1B77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{59DF34D9-2A2A-46FA-B6A8-64C94320D7C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2BDEA087-91AD-429E-84B4-FFB58310A054}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{85E260D3-23BF-4FBB-BC67-D6900EA7E2B0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{4BAEC0D5-954C-4C15-817A-E469636E7196}C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe
FirewallRules: [UDP Query User{376C72F0-2D20-47F0-8569-2E2F844ADA86}C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\jp2launcher.exe
FirewallRules: [{56886643-5BA2-4920-8F26-EBE11D9FAE82}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2015 12:11:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2015 07:45:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2015 04:22:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2015 03:36:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2015 09:36:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2015 11:49:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2015 07:08:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2015 09:37:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2015 09:15:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2015 01:33:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/15/2015 12:10:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vcdc

Error: (07/15/2015 12:10:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetDrive2 Notifier" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/14/2015 07:53:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/14/2015 07:53:35 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/14/2015 07:43:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vcdc

Error: (07/14/2015 07:43:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetDrive2 Notifier" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/14/2015 04:21:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vcdc

Error: (07/14/2015 04:21:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetDrive2 Notifier" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/14/2015 03:34:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
vcdc

Error: (07/14/2015 03:34:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetDrive2 Notifier" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-06-30 17:14:13.349
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-06-30 17:14:13.286
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 87%
Total physical RAM: 4086.04 MB
Available physical RAM: 528.62 MB
Total Virtual: 8170.29 MB
Available Virtual: 4344.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:229.58 GB) (Free:25.01 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End of log ============================

--- --- ---

schrauber · 16.07.2015, 07:35

Fix im normalen Konto machen, mit Rechtsklick als Admin.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-3699402403-153390249-1692070487-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3699402403-153390249-1692070487-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1435226957&rver=6.4.6456.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox&lc=1031&id=64855&mkt=de-de&cbcxt=mai
Tcpip\..\Interfaces\{1C0EC348-7DEA-438D-B193-D739C8E1824F}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ABA4EC7A-0D40-40A7-BCB2-9C1BD0988427}: [DhcpNameServer] 172.20.10.1
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Internet Explorer vom Desktop aus testen.
Internet Explorer vom Programme Ordner aus direkt starten und nochmal testen.

x-taucher · 16.07.2015, 09:01

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by Superuser at 2015-07-16 09:47:50 Run:4
Running from C:\Users\Jürgen\Downloads
Loaded Profiles: Jürgen & Superuser (Available Profiles: Jürgen & Superuser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-3699402403-153390249-1692070487-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3699402403-153390249-1692070487-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=12&ct=1435226957&rver=6.4.6456.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx%3Frru%3Dinbox&lc=1031&id=64855&mkt=de-de&cbcxt=mai
Tcpip\..\Interfaces\{1C0EC348-7DEA-438D-B193-D739C8E1824F}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ABA4EC7A-0D40-40A7-BCB2-9C1BD0988427}: [DhcpNameServer] 172.20.10.1
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
Emptytemp:
         
*****************

HKU\S-1-5-21-3699402403-153390249-1692070487-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3699402403-153390249-1692070487-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C0EC348-7DEA-438D-B193-D739C8E1824F}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ABA4EC7A-0D40-40A7-BCB2-9C1BD0988427}\\DhcpNameServer => value removed successfully
Firefox DefaultSearchUrl removed successfully
EmptyTemp: => 259.7 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 09:49:11 ====

IE aus Programm-Ordner ist ok
wenn ich den IE über Start/IE direkt öffne dann habe ich noch delta-homes
wenn ich den IE über Start/IE/Auswahlmenue (das kleine Dreieck rechts davon) öffne, dann ist alles gut

schrauber · 16.07.2015, 10:12

Start/IE rauslöschen aus dem Sartmenü. Da ist die Verknüpfung verseucht. Ich verstehe nur nicht warum der ShortCut Cleaner das nicht findet.

Oder noch besser:
Auf Start/IE nen Rechtsklick, Eigenschaften, davon Screenshot bitte.

x-taucher · 16.07.2015, 11:16

Zieltyp: Anwendung
Zielort: Internet Explorer
Ziel: "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://www.delta-homes.com/?type=sc&ts=1418208685&from=wpm12103&uid=TOSHIBAXMK2546GSX_Z75ET5J3TXXZ75ET5J3T

Ausführen in: %HOMEDRIVE%%HOMEPATH%

In dem Ziellink mit delta homes steht etwas mit Toshiba.... kann es sein, dass das etwas mit USB-Stick oder externer Festplatte zu tun hat??

Hab IE einfach mal aus der Liste gelöscht und über c:/programme/.... wieder hineinkopiert
jetzt ist alles gut!

und danke!

schrauber · 17.07.2015, 07:15

Hättest auch in den Eigenschaften den delta homes Pfad löschen können

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Win7 64bit SP1 IE11 startet immer mit delta-homes

Plagegeister aller Art und deren Bekämpfung: Win7 64bit SP1 IE11 startet immer mit delta-homes