Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   proxyserver reagiert nicht nach trojaner-befall (https://www.trojaner-board.de/154742-proxyserver-reagiert-trojaner-befall.html)

Breezels 03.06.2014 19:41
proxyserver reagiert nicht nach trojaner-befall
 
ich habe eine Datei runtergeladen. McAfee hat sofort trojanerbefall gemeldet und ein paar Dateien gelöscht. hier mein farber recovery scan tool Ergebnis:

schrauber 03.06.2014 19:47
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Breezels 03.06.2014 20:09
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by stefanie (administrator) on BETZNLÄPPI on 03-06-2014 19:57:09
Running from C:\Users\stefanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XCC4YUR
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\003\buuoujqmrk64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
() C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SecureAssist) C:\Program Files\suprasavings\SecureAssist.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
() C:\Users\stefanie\AppData\Local\fst_de_28\upfst_de_28.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\fst_de_28\fst_de_28.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(enter) C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-bg.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [242792 2012-12-03] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [fst_de_28] => C:\Program Files (x86)\fst_de_28\fst_de_28.exe [3983824 2014-05-28] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [upfst_de_28.exe] - C:\Users\stefanie\AppData\Local\fst_de_28\upfst_de_28.exe -runonce [3267536 2014-05-30] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2023974973-3132872521-635736642-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-2023974973-3132872521-635736642-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-2023974973-3132872521-635736642-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-05-08] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:54105;https=127.0.0.1:54105
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WebSearches
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401475495&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q1UBARR1UBARRX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WebSearches
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1401475495&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q1UBARR1UBARRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401475495&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q1UBARR1UBARRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = WebSearches
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1401475495&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q1UBARR1UBARRX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe WebSearches
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401475495&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q1UBARR1UBARRX&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401475495&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q1UBARR1UBARRX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401475495&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q1UBARR1UBARRX&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401475495&from=tugs&uid=HitachiXHTS545050A7E380_TE85113Q1UBARR1UBARRX&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Media_Play_AIR+ - {11111111-1111-1111-1111-110511841188} - C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-bho64.dll (enter)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130703194214.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: Media_Play_AIR+ - {11111111-1111-1111-1111-110511841188} - C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-bho.dll (enter)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130703194214.dll (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 buuoujqmrk64; C:\Program Files\003\buuoujqmrk64.exe [706560 2014-05-30] ()
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-30] (globalUpdate)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-30] (globalUpdate)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2013-07-03] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [206448 2012-12-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2013-07-03] (McAfee, Inc.)
R2 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-05-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SecureAssist; c:\Program Files\SupraSavings\SecureAssist.exe [1558032 2014-03-12] (SecureAssist)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [573344 2014-05-30] (Fuyu LIMITED)
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ServiceMain

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2013-07-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2013-07-03] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-07-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2013-07-03] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2013-07-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339392 2013-07-03] (McAfee, Inc.)
R2 SAWFP; C:\Windows\system32\Drivers\SAWFP64.sys [41768 2014-03-18] (SecureAssist)
U0 msahci;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 19:56 - 2014-06-03 19:57 - 00000000 ____D () C:\FRST
2014-06-01 12:09 - 2014-06-01 12:09 - 00010240 _____ () C:\Users\stefanie\Documents\sicherungcc.reg
2014-06-01 10:46 - 2014-05-31 16:17 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140601-104653.backup
2014-05-31 16:17 - 2014-05-31 10:11 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140531-161732.backup
2014-05-31 10:11 - 2014-05-31 10:10 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140531-101135.backup
2014-05-31 10:10 - 2014-05-31 08:57 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140531-101014.backup
2014-05-31 10:08 - 2014-05-31 14:05 - 00009322 _____ () C:\Windows\wininit.ini
2014-05-31 08:57 - 2012-07-26 07:26 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140531-085702.backup
2014-05-31 08:51 - 2014-05-31 08:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-31 08:51 - 2014-05-31 08:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-31 08:51 - 2014-05-31 08:51 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-31 08:51 - 2014-05-31 08:51 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-31 08:51 - 2014-05-31 08:51 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-31 08:51 - 2014-05-31 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-31 08:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-05-30 21:05 - 2014-05-30 21:05 - 00050688 _____ () C:\Users\stefanie\Documents\cc_20140530_210552.reg
2014-05-30 20:57 - 2014-05-30 20:57 - 00000322 _____ () C:\Users\stefanie\AppData\Roaming\aps.uninstall.scan.results
2014-05-30 20:55 - 2014-05-30 20:55 - 00830792 _____ (Click Me In Limited) C:\Users\stefanie\AppData\Local\nstBFAC.tmp
2014-05-30 20:54 - 2014-05-30 20:54 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-30 20:54 - 2014-05-30 20:54 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-30 20:54 - 2014-05-30 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-30 20:54 - 2014-05-30 20:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-30 20:47 - 2014-05-30 20:47 - 00000000 ____D () C:\Users\stefanie\AppData\Local\com
2014-05-30 20:47 - 2014-03-18 15:12 - 00041768 _____ (SecureAssist) C:\Windows\system32\Drivers\SAWFP64.sys
2014-05-30 20:46 - 2014-06-03 19:26 - 00001616 _____ () C:\Windows\Tasks\Media_Play_AIR+-updater.job
2014-05-30 20:46 - 2014-06-03 19:26 - 00001468 _____ () C:\Windows\Tasks\Media_Play_AIR+-enabler.job
2014-05-30 20:46 - 2014-05-30 20:46 - 00004620 _____ () C:\Windows\System32\Tasks\Media_Play_AIR+-updater
2014-05-30 20:46 - 2014-05-30 20:46 - 00004472 _____ () C:\Windows\System32\Tasks\Media_Play_AIR+-enabler
2014-05-30 20:46 - 2014-05-30 20:46 - 00001115 _____ () C:\Users\Public\Desktop\NewPlayer.lnk
2014-05-30 20:46 - 2014-05-30 20:46 - 00000000 ____D () C:\Users\stefanie\AppData\Local\newplayer
2014-05-30 20:46 - 2014-05-30 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-05-30 20:46 - 2014-05-30 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
2014-05-30 20:46 - 2014-05-30 20:46 - 00000000 ____D () C:\Program Files (x86)\SupraSavings
2014-05-30 20:45 - 2014-06-03 19:26 - 00003472 _____ () C:\Windows\Tasks\Media_Play_AIR+-chromeinstaller.job
2014-05-30 20:45 - 2014-06-03 19:26 - 00002442 _____ () C:\Windows\Tasks\Media_Play_AIR+-firefoxinstaller.job
2014-05-30 20:45 - 2014-06-03 19:26 - 00001558 _____ () C:\Windows\Tasks\Media_Play_AIR+-codedownloader.job
2014-05-30 20:45 - 2014-06-03 19:26 - 00000926 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-30 20:45 - 2014-05-31 14:50 - 00000930 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-30 20:45 - 2014-05-30 21:06 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\Activeris
2014-05-30 20:45 - 2014-05-30 20:47 - 00000000 ____D () C:\temp
2014-05-30 20:45 - 2014-05-30 20:47 - 00000000 ____D () C:\Program Files\suprasavings
2014-05-30 20:45 - 2014-05-30 20:46 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-30 20:45 - 2014-05-30 20:46 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-05-30 20:45 - 2014-05-30 20:46 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-05-30 20:45 - 2014-05-30 20:46 - 00000000 ____D () C:\Program Files (x86)\Media_Play_AIR+
2014-05-30 20:45 - 2014-05-30 20:45 - 00004562 _____ () C:\Windows\System32\Tasks\Media_Play_AIR+-codedownloader
2014-05-30 20:45 - 2014-05-30 20:45 - 00003902 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-05-30 20:45 - 2014-05-30 20:45 - 00003666 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-05-30 20:45 - 2014-05-30 20:45 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\SupTab
2014-05-30 20:45 - 2014-05-30 20:45 - 00000000 ____D () C:\Users\stefanie\AppData\Local\globalUpdate
2014-05-30 20:45 - 2014-05-30 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-05-30 20:45 - 2014-05-30 20:45 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-05-30 20:45 - 2014-05-30 20:45 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-30 20:44 - 2014-06-03 19:29 - 00000000 ____D () C:\Users\stefanie\AppData\Local\fst_de_28
2014-05-30 20:44 - 2014-05-30 20:45 - 00000000 ____D () C:\Program Files\003
2014-05-30 20:44 - 2014-05-30 20:44 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-05-30 20:44 - 2014-05-30 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fst
2014-05-30 20:44 - 2014-05-30 20:44 - 00000000 ____D () C:\Program Files (x86)\fst_de_28
2014-05-30 20:43 - 2014-05-30 21:59 - 00000000 ____D () C:\QUARANTINE
2014-05-30 20:21 - 2014-05-30 20:45 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\vlc
2014-05-30 20:19 - 2014-05-30 20:19 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-30 20:19 - 2014-05-30 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-30 20:19 - 2014-05-30 20:19 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-25 20:13 - 2014-06-03 19:27 - 00002170 _____ () C:\Users\stefanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk

==================== One Month Modified Files and Folders =======

2014-06-03 19:59 - 2013-05-31 20:33 - 00000000 ____D () C:\Users\stefanie\AppData\Local\Temp
2014-06-03 19:57 - 2014-06-03 19:56 - 00000000 ____D () C:\FRST
2014-06-03 19:29 - 2014-05-30 20:44 - 00000000 ____D () C:\Users\stefanie\AppData\Local\fst_de_28
2014-06-03 19:27 - 2014-05-25 20:13 - 00002170 _____ () C:\Users\stefanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk
2014-06-03 19:26 - 2014-05-30 20:46 - 00001616 _____ () C:\Windows\Tasks\Media_Play_AIR+-updater.job
2014-06-03 19:26 - 2014-05-30 20:46 - 00001468 _____ () C:\Windows\Tasks\Media_Play_AIR+-enabler.job
2014-06-03 19:26 - 2014-05-30 20:45 - 00003472 _____ () C:\Windows\Tasks\Media_Play_AIR+-chromeinstaller.job
2014-06-03 19:26 - 2014-05-30 20:45 - 00002442 _____ () C:\Windows\Tasks\Media_Play_AIR+-firefoxinstaller.job
2014-06-03 19:26 - 2014-05-30 20:45 - 00001558 _____ () C:\Windows\Tasks\Media_Play_AIR+-codedownloader.job
2014-06-03 19:26 - 2014-05-30 20:45 - 00000926 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-06-03 19:26 - 2013-05-31 20:37 - 00000500 _____ () C:\Users\stefanie\AppData\Roaming\sp_data.sys
2014-06-03 19:25 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-01 12:47 - 2013-08-21 05:44 - 00000000 ____D () C:\Users\stefanie\Desktop\verkaufen
2014-06-01 12:10 - 2013-12-31 09:50 - 00000027 _____ () C:\Windows\Disney.ini
2014-06-01 12:09 - 2014-06-01 12:09 - 00010240 _____ () C:\Users\stefanie\Documents\sicherungcc.reg
2014-06-01 12:05 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-01 12:04 - 2013-01-15 11:38 - 01385106 ____N () C:\Windows\WindowsUpdate.log
2014-06-01 12:04 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-01 10:42 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-31 16:17 - 2014-06-01 10:46 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140601-104653.backup
2014-05-31 14:50 - 2014-05-30 20:45 - 00000930 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-31 14:05 - 2014-05-31 10:08 - 00009322 _____ () C:\Windows\wininit.ini
2014-05-31 10:11 - 2014-05-31 16:17 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140531-161732.backup
2014-05-31 10:10 - 2014-05-31 10:11 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140531-101135.backup
2014-05-31 10:08 - 2013-05-31 20:37 - 00000000 ___RD () C:\Users\stefanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 08:57 - 2014-05-31 10:10 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140531-101014.backup
2014-05-31 08:56 - 2014-05-31 08:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-31 08:53 - 2014-05-31 08:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-31 08:51 - 2014-05-31 08:51 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-31 08:51 - 2014-05-31 08:51 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-31 08:51 - 2014-05-31 08:51 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-31 08:51 - 2014-05-31 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-30 21:59 - 2014-05-30 20:43 - 00000000 ____D () C:\QUARANTINE
2014-05-30 21:06 - 2014-05-30 20:45 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\Activeris
2014-05-30 21:05 - 2014-05-30 21:05 - 00050688 _____ () C:\Users\stefanie\Documents\cc_20140530_210552.reg
2014-05-30 20:57 - 2014-05-30 20:57 - 00000322 _____ () C:\Users\stefanie\AppData\Roaming\aps.uninstall.scan.results
2014-05-30 20:55 - 2014-05-30 20:55 - 00830792 _____ (Click Me In Limited) C:\Users\stefanie\AppData\Local\nstBFAC.tmp
2014-05-30 20:55 - 2012-08-03 00:24 - 00000000 ____D () C:\Windows\Panther
2014-05-30 20:54 - 2014-05-30 20:54 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-30 20:54 - 2014-05-30 20:54 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-30 20:54 - 2014-05-30 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-30 20:54 - 2014-05-30 20:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-30 20:47 - 2014-05-30 20:47 - 00000000 ____D () C:\Users\stefanie\AppData\Local\com
2014-05-30 20:47 - 2014-05-30 20:45 - 00000000 ____D () C:\temp
2014-05-30 20:47 - 2014-05-30 20:45 - 00000000 ____D () C:\Program Files\suprasavings
2014-05-30 20:47 - 2014-03-21 12:27 - 00005584 _____ () C:\Windows\system32\SecureAssist.ini
2014-05-30 20:47 - 2014-03-21 12:27 - 00002536 _____ () C:\Windows\SysWOW64\SecureAssistOff.ini
2014-05-30 20:47 - 2014-03-21 12:27 - 00002536 _____ () C:\Windows\system32\SecureAssistOff.ini
2014-05-30 20:46 - 2014-05-30 20:46 - 00004620 _____ () C:\Windows\System32\Tasks\Media_Play_AIR+-updater
2014-05-30 20:46 - 2014-05-30 20:46 - 00004472 _____ () C:\Windows\System32\Tasks\Media_Play_AIR+-enabler
2014-05-30 20:46 - 2014-05-30 20:46 - 00001115 _____ () C:\Users\Public\Desktop\NewPlayer.lnk
2014-05-30 20:46 - 2014-05-30 20:46 - 00000000 ____D () C:\Users\stefanie\AppData\Local\newplayer
2014-05-30 20:46 - 2014-05-30 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-05-30 20:46 - 2014-05-30 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
2014-05-30 20:46 - 2014-05-30 20:46 - 00000000 ____D () C:\Program Files (x86)\SupraSavings
2014-05-30 20:46 - 2014-05-30 20:45 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-30 20:46 - 2014-05-30 20:45 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-05-30 20:46 - 2014-05-30 20:45 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-05-30 20:46 - 2014-05-30 20:45 - 00000000 ____D () C:\Program Files (x86)\Media_Play_AIR+
2014-05-30 20:45 - 2014-05-30 20:45 - 00004562 _____ () C:\Windows\System32\Tasks\Media_Play_AIR+-codedownloader
2014-05-30 20:45 - 2014-05-30 20:45 - 00003902 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-05-30 20:45 - 2014-05-30 20:45 - 00003666 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-05-30 20:45 - 2014-05-30 20:45 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\SupTab
2014-05-30 20:45 - 2014-05-30 20:45 - 00000000 ____D () C:\Users\stefanie\AppData\Local\globalUpdate
2014-05-30 20:45 - 2014-05-30 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-05-30 20:45 - 2014-05-30 20:45 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-05-30 20:45 - 2014-05-30 20:45 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-30 20:45 - 2014-05-30 20:44 - 00000000 ____D () C:\Program Files\003
2014-05-30 20:45 - 2014-05-30 20:21 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\vlc
2014-05-30 20:45 - 2013-05-31 20:36 - 00001680 _____ () C:\Users\stefanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-30 20:44 - 2014-05-30 20:44 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-05-30 20:44 - 2014-05-30 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fst
2014-05-30 20:44 - 2014-05-30 20:44 - 00000000 ____D () C:\Program Files (x86)\fst_de_28
2014-05-30 20:19 - 2014-05-30 20:19 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-30 20:19 - 2014-05-30 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-30 20:19 - 2014-05-30 20:19 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-25 20:14 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-25 19:29 - 2013-06-25 19:50 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-19 10:03 - 2012-08-03 01:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-05-19 10:03 - 2012-08-03 01:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-05-19 10:03 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 22:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\Users\stefanie\xobglu16.dll
C:\Users\stefanie\xobglu32.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 10:11

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by stefanie at 2014-06-03 19:59:48
Running from C:\Users\stefanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XCC4YUR
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.142.61628 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}) (Version: 3.6.7 - IvoSoft)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.3.20130522 - Landesfinanzdirektion Thüringen)
fst_de_28 (HKLM-x32\...\fst_de_28_is1) (Version:  - fst) <==== ATTENTION
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
McAfee Agent (HKLM-x32\...\{4AEFF024-F0D0-4AD6-8231-FF51949E91E0}) (Version: 4.6.0.3122 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.03000 - McAfee, Inc.)
Media_Play_AIR+ (HKLM-x32\...\Media_Play_AIR+) (Version: 1.34.5.29 - enter)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NewPlayer (HKLM-x32\...\NewPlayer) (Version: v2.1.1.9 - ) <==== ATTENTION
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
suprasavings (HKLM\...\suprasavings) (Version: 2.0.1 - suprasavings) <==== ATTENTION
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version:  - webssearches) <==== ATTENTION
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WindowsProtectManger20.0.0.339 (HKLM-x32\...\WindowsProtectManger) (Version: 20.0.0.339 - Fuyu LIMITED)

==================== Restore Points  =========================

02-05-2014 10:11:40 Geplanter Prüfpunkt
18-05-2014 10:58:49 Geplanter Prüfpunkt
30-05-2014 20:33:39 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 07:26 - 2014-06-01 10:46 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        Gadgets And More
127.0.0.1        1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {07C4BF29-BFEF-4F97-AB70-184FE4E4DB90} - System32\Tasks\Media_Play_AIR+-enabler => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-enabler.exe [2014-05-30] (enter)
Task: {0CCB7F47-CE4D-43C9-9903-2A5D7F86DFB0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {17381436-4937-4FEC-8ED0-55D8FF2A3967} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2010DC11-BAAB-4ED0-BCC5-89E1E543CB85} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3C4E4D59-CEA1-46B0-A2DA-F1987B544AC9} - System32\Tasks\Media_Play_AIR+-updater => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-updater.exe [2014-05-30] (enter)
Task: {49494C40-E52E-4670-B902-7BC47F44F655} - System32\Tasks\Media_Play_AIR+-codedownloader => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-codedownloader.exe [2014-05-30] (enter)
Task: {51AC3F8D-676F-4167-9FA7-D0133772AEC2} - System32\Tasks\Media_Play_AIR+-chromeinstaller => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-chromeinstaller.exe [2014-05-30] (enter)
Task: {651B3F76-D9C9-4A4F-A8B4-EB15DAA0C8B8} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {69481DA1-89DA-40DD-9841-8E14F99C8BE7} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: {6F59A6FC-2B18-4A95-9FCA-2EAE6C919AF7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-30] (globalUpdate) <==== ATTENTION
Task: {7517F58D-C1D2-4CD6-911A-21BFACBDC3F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8131957E-B143-4E4D-B66F-56DC7AFF767B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {8EBD6A48-0EAD-4DCC-8882-5885CDC1F25D} - System32\Tasks\Media_Play_AIR+-firefoxinstaller => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-firefoxinstaller.exe [2014-05-30] (enter)
Task: {9F32ADA1-E9CE-4757-AADC-7C2FF2AD21A3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AA0E0ADF-0515-4BA5-9E79-9D629CA52A58} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-30] (globalUpdate) <==== ATTENTION
Task: {ACEF4E42-7BB8-464E-9899-F2BF84389B71} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {C26196AC-4AE0-40F3-86F1-5524F81AB2C1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CAFC5594-9D26-44D4-99B5-ED2B3B9D81BD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-25] (Microsoft Corporation)
Task: {E349BF04-0308-4FC7-A199-2FDE29A5F416} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {E53D1AED-39BD-47A2-A420-7507D8F91E41} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [2012-11-07] (ASUSTek Computer INC.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F49D81B8-B0C2-49E1-9CC9-FB6EA4813AE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Media_Play_AIR+-chromeinstaller.job => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-chromeinstaller.exe
Task: C:\Windows\Tasks\Media_Play_AIR+-codedownloader.job => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-codedownloader.exe
Task: C:\Windows\Tasks\Media_Play_AIR+-enabler.job => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-enabler.exe
Task: C:\Windows\Tasks\Media_Play_AIR+-firefoxinstaller.job => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-firefoxinstaller.exe
Task: C:\Windows\Tasks\Media_Play_AIR+-updater.job => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-updater.exe

==================== Loaded Modules (whitelisted) =============

2014-05-30 20:45 - 2014-05-30 20:45 - 00706560 _____ () C:\Program Files\003\buuoujqmrk64.exe
2014-03-30 08:25 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-06-25 19:50 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-05-05 14:07 - 2014-05-05 14:07 - 00011776 _____ () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
2014-03-21 12:55 - 2014-03-21 12:55 - 00162816 _____ () c:\program files\suprasavings\pcproxydll64.dll
2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-05-30 20:44 - 2014-05-30 18:52 - 03267536 _____ () C:\Users\stefanie\AppData\Local\fst_de_28\upfst_de_28.exe
2012-07-26 11:48 - 2012-07-26 11:46 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-01-15 11:28 - 2012-10-25 11:26 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-01-15 11:28 - 2012-10-25 11:26 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-11-20 12:00 - 2012-08-15 19:52 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-05-30 20:44 - 2014-05-28 15:45 - 03983824 _____ () C:\Program Files (x86)\fst_de_28\fst_de_28.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2014-05-31 08:51 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-31 08:51 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-31 08:51 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-31 08:51 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-31 08:51 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-01-15 11:26 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-09-11 16:01 - 2012-09-11 16:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2014 07:54:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16660, Zeitstempel: 0x51f1c5f3
Name des fehlerhaften Moduls: Media_Play_AIR+-bho.dll, Version: 1.0.0.1, Zeitstempel: 0x537c9035
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00004c5a
ID des fehlerhaften Prozesses: 0x1e74
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (06/03/2014 07:53:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16660, Zeitstempel: 0x51f1c5f3
Name des fehlerhaften Moduls: Media_Play_AIR+-bho.dll, Version: 1.0.0.1, Zeitstempel: 0x537c9035
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00004c35
ID des fehlerhaften Prozesses: 0x1d18
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (06/03/2014 07:50:46 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Internet Explorer wurde wegen dieses Fehlers geschlossen.

Programm: Internet Explorer
Datei:

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
        - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0

Error: (06/03/2014 07:50:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16660, Zeitstempel: 0x51f1c5f3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000001d
Fehleroffset: 0x03b90f80
ID des fehlerhaften Prozesses: 0x1660
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (06/03/2014 07:46:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16660, Zeitstempel: 0x51f1c5f3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x03421001
ID des fehlerhaften Prozesses: 0xeb0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (06/01/2014 01:17:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16660, Zeitstempel: 0x51f1c5f3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x02e21001
ID des fehlerhaften Prozesses: 0x1b30
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (06/01/2014 01:17:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16660, Zeitstempel: 0x51f1c5f3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02e21001
ID des fehlerhaften Prozesses: 0x1b30
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (06/01/2014 00:47:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Internet Explorer wurde wegen dieses Fehlers geschlossen.

Programm: Internet Explorer
Datei:

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
        - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0

Error: (06/01/2014 00:47:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16660, Zeitstempel: 0x51f1c5f3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000096
Fehleroffset: 0x04530ff5
ID des fehlerhaften Prozesses: 0x19ac
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (06/01/2014 00:45:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16660, Zeitstempel: 0x51f1c5f3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x025c1001
ID des fehlerhaften Prozesses: 0x163c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5


System errors:
=============
Error: (06/01/2014 00:06:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wajam Internet Enhancer Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/01/2014 00:06:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Service Component of VO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/01/2014 00:05:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (05/31/2014 02:58:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Wajam Internet Enhancer Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/31/2014 02:58:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Service Component of VO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/31/2014 02:58:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (05/31/2014 02:56:35 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (05/31/2014 10:08:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Wajam Internet Enhancer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/31/2014 10:08:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service Component of VO" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/30/2014 09:28:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (06/03/2014 07:54:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3Media_Play_AIR+-bho.dll1.0.0.1537c9035c000000500004c5a1e7401cf7f53f75ae855C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-bho.dll2b8fce6a-eb48-11e3-be99-08606e17f979

Error: (06/03/2014 07:53:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3Media_Play_AIR+-bho.dll1.0.0.1537c9035c000000500004c351d1801cf7f54680bca30C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-bho.dll0118e0ce-eb48-11e3-be99-08606e17f979

Error: (06/03/2014 07:50:46 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Internet Explorer000000000

Error: (06/03/2014 07:50:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3unknown0.0.0.000000000c000001d03b90f80166001cf7f53df0c9fcaC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown969c80e0-eb47-11e3-be99-08606e17f979

Error: (06/03/2014 07:46:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3unknown0.0.0.000000000c000000503421001eb001cf7f52766a5a76C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown08a933e8-eb47-11e3-be99-08606e17f979

Error: (06/01/2014 01:17:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3unknown0.0.0.000000000c000041d02e210011b3001cf7d8a697bfd50C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown5b8a2e4a-e97e-11e3-be99-08606e17f979

Error: (06/01/2014 01:17:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3unknown0.0.0.000000000c000000502e210011b3001cf7d8a697bfd50C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown59c064ad-e97e-11e3-be99-08606e17f979

Error: (06/01/2014 00:47:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Internet Explorer000000000

Error: (06/01/2014 00:47:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3unknown0.0.0.000000000c000009604530ff519ac01cf7d86c0ec89bdC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown23d4f2d3-e97a-11e3-be99-08606e17f979

Error: (06/01/2014 00:45:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1666051f1c5f3unknown0.0.0.000000000c000041d025c1001163c01cf7d869d07c3abC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownddce494f-e979-11e3-be99-08606e17f979


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 3979.68 MB
Available physical RAM: 2529.53 MB
Total Pagefile: 4683.68 MB
Available Pagefile: 2521.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:125.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.15 GB) (Free:257.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: C2B20764)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

hi, vielen dank für deine schnelle antwort. meinst du so?

schrauber 04.06.2014 18:33
Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Breezels 06.06.2014 21:46
AdwCleaner Logfile:
Code:
# AdwCleaner v3.212 - Bericht erstellt am 06/06/2014 um 21:30:58
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : stefanie - BETZNLÄPPI
# Gestartet von : C:\Users\stefanie\Downloads\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : 70e6ca8c
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\WindowsProtectManger
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Users\stefanie\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\stefanie\AppData\Roaming\Activeris
Ordner Gelöscht : C:\Users\stefanie\AppData\Roaming\SupTab
Datei Gelöscht : C:\Users\stefanie\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\stefanie\Desktop\Continue VuuPC Installation.lnk
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\stefanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\stefanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\stefanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\FreeSoftToday
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\blockAndSurf
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\stdelywe.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\stefanie\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6046 octets] - [06/06/2014 21:28:57]
AdwCleaner[S0].txt - [5158 octets] - [06/06/2014 21:30:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5218 octets] ##########
--- --- ---


Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software


Update, 06.06.2014 20:53:24, SYSTEM, BETZNLÃ?PPI, Manual, Malware Database, 2014.6.3.6, 2014.6.6.7,
Protection, 06.06.2014 20:53:50, SYSTEM, BETZNLÃ?PPI, Protection, Refresh, Starting,
Protection, 06.06.2014 20:53:50, SYSTEM, BETZNLÃ?PPI, Protection, Malicious Website Protection, Stopping,
Protection, 06.06.2014 20:53:50, SYSTEM, BETZNLÃ?PPI, Protection, Malicious Website Protection, Stopped,
Protection, 06.06.2014 20:54:16, SYSTEM, BETZNLÃ?PPI, Protection, Refresh, Success,
Protection, 06.06.2014 20:54:16, SYSTEM, BETZNLÃ?PPI, Protection, Malicious Website Protection, Starting,
Protection, 06.06.2014 20:54:17, SYSTEM, BETZNLÃ?PPI, Protection, Malicious Website Protection, Started,
Update, 06.06.2014 21:18:34, SYSTEM, BETZNLÃ?PPI, Scheduler, Malware Database, 2014.6.6.7, 2014.6.6.8,
Protection, 06.06.2014 21:18:53, SYSTEM, BETZNLÃ?PPI, Protection, Refresh, Starting,
Protection, 06.06.2014 21:18:53, SYSTEM, BETZNLÃ?PPI, Protection, Malicious Website Protection, Stopping,
Protection, 06.06.2014 21:18:54, SYSTEM, BETZNLÃ?PPI, Protection, Malicious Website Protection, Stopped,
Protection, 06.06.2014 21:19:08, SYSTEM, BETZNLÃ?PPI, Protection, Refresh, Success,
Protection, 06.06.2014 21:19:08, SYSTEM, BETZNLÃ?PPI, Protection, Malicious Website Protection, Starting,
Protection, 06.06.2014 21:19:09, SYSTEM, BETZNLÃ?PPI, Protection, Malicious Website Protection, Started,
Protection, 06.06.2014 21:34:02, SYSTEM, BETZNLÃ?PPI, Protection, Malware Protection, Starting,
Protection, 06.06.2014 21:34:03, SYSTEM, BETZNLÃ?PPI, Protection, Malware Protection, Started,
Protection, 06.06.2014 21:34:03, SYSTEM, BETZNLÃ?PPI, Protection, Malicious Website Protection, Starting,
Protection, 06.06.2014 21:34:04, SYSTEM, BETZNLÃ?PPI, Protection, Malicious Website Protection, Started,

(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by stefanie on 06.06.2014 at 21:46:54,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.06.2014 at 22:09:04,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by stefanie (administrator) on BETZNLÄPPI on 06-06-2014 22:42:13
Running from C:\Users\stefanie\Downloads
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [242792 2012-12-03] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2023974973-3132872521-635736642-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-2023974973-3132872521-635736642-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-2023974973-3132872521-635736642-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130703194214.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130703194214.dll (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\stdelywe.default
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\stefanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-03]
CHR Extension: (Google Wallet) - C:\Users\stefanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-03]

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2013-07-03] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [206448 2012-12-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2013-07-03] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2013-07-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2013-07-03] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-07-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2013-07-03] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2013-07-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339392 2013-07-03] (McAfee, Inc.)
U0 msahci;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-06 22:42 - 2014-06-06 22:42 - 00016620 _____ () C:\Users\stefanie\Downloads\FRST.txt
2014-06-06 22:41 - 2014-06-06 22:41 - 02072576 _____ (Farbar) C:\Users\stefanie\Downloads\FRST64.exe
2014-06-06 22:09 - 2014-06-06 22:09 - 00000615 _____ () C:\Users\stefanie\Desktop\JRT.txt
2014-06-06 21:45 - 2014-06-06 21:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 21:44 - 2014-06-06 21:44 - 01016261 _____ (Thisisu) C:\Users\stefanie\Downloads\JRT.exe
2014-06-06 21:41 - 2014-06-06 21:41 - 00001883 _____ () C:\Users\stefanie\Desktop\mbam.txt
2014-06-06 21:33 - 2014-06-06 21:33 - 00000556 _____ () C:\Windows\PFRO.log
2014-06-06 21:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-06 21:00 - 2014-06-06 21:31 - 00000000 ____D () C:\AdwCleaner
2014-06-06 20:57 - 2014-06-06 20:57 - 01333465 _____ () C:\Users\stefanie\Downloads\adwcleaner_3.212.exe
2014-06-06 20:41 - 2014-06-06 20:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\stefanie\Downloads\revosetup95(2).exe
2014-06-06 20:41 - 2014-06-06 20:41 - 00001266 _____ () C:\Users\stefanie\Desktop\Revo Uninstaller.lnk
2014-06-06 20:41 - 2014-06-06 20:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-06 20:40 - 2014-06-06 20:40 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\stefanie\Downloads\revosetup95(1).exe
2014-06-06 20:39 - 2014-06-06 20:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\stefanie\Downloads\revosetup95.exe
2014-06-03 23:44 - 2014-06-03 23:44 - 00000000 ____D () C:\Users\stefanie\Desktop\Bildersammlung
2014-06-03 23:39 - 2014-06-03 23:39 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\Mozilla
2014-06-03 23:39 - 2014-06-03 23:39 - 00000000 ____D () C:\Users\stefanie\AppData\Local\Mozilla
2014-06-03 23:37 - 2014-06-03 23:38 - 00009558 _____ () C:\Users\stefanie\Documents\cc_20140603_233744.reg
2014-06-03 23:35 - 2014-06-03 23:35 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-03 23:35 - 2014-06-03 23:35 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-03 23:35 - 2014-06-03 23:35 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-03 23:35 - 2014-06-03 23:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-03 23:35 - 2014-06-03 23:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 23:18 - 2014-06-03 23:18 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\LavasoftStatistics
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-03 23:16 - 2014-06-03 23:16 - 01727624 _____ () C:\Users\stefanie\Downloads\Adaware_Installer_11.1.5354.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 01727624 _____ () C:\Users\stefanie\Downloads\Adaware_Installer_11.1.5354 (1).exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-03 23:13 - 2014-06-03 23:13 - 00003188 _____ () C:\Windows\System32\Tasks\{9FBD011A-9614-4994-BF2C-791CCA8C1041}
2014-06-03 23:11 - 2014-06-06 22:16 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 23:11 - 2014-06-06 21:34 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 23:11 - 2014-06-03 23:11 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-03 23:11 - 2014-06-03 23:11 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-03 23:11 - 2014-06-03 23:11 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-03 23:11 - 2014-06-03 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-03 23:11 - 2014-06-03 23:11 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-03 23:10 - 2014-06-03 23:11 - 00000000 ____D () C:\Users\stefanie\AppData\Local\Google
2014-06-03 23:04 - 2014-06-06 21:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 23:04 - 2014-06-03 23:04 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 23:04 - 2014-06-03 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 23:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 23:03 - 2014-06-03 23:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 23:03 - 2014-06-03 23:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 23:03 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 23:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 22:54 - 2014-06-03 22:54 - 00003188 _____ () C:\Windows\System32\Tasks\{2E75F29C-6E71-48EE-AB73-6FA7D904980B}
2014-06-03 22:46 - 2014-06-03 22:46 - 00000430 _____ () C:\Users\stefanie\Documents\cc_20140603_224628.reg
2014-06-03 22:41 - 2014-06-03 22:41 - 00000900 _____ () C:\Users\stefanie\Documents\cc_20140603_224106.reg
2014-06-03 22:00 - 2014-06-03 22:00 - 00830792 _____ (Click Me In Limited) C:\Users\stefanie\AppData\Local\nsf9D4C.tmp
2014-06-03 21:41 - 2014-06-03 22:59 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-03 21:37 - 2014-06-01 10:46 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140603-213715.backup
2014-06-03 20:37 - 2014-06-06 20:44 - 00033374 _____ () C:\Users\stefanie\Desktop\Addition.txt
2014-06-03 20:37 - 2014-06-03 20:37 - 00036259 _____ () C:\Users\stefanie\Desktop\FRST.txt
2014-06-03 19:56 - 2014-06-06 22:42 - 00000000 ____D () C:\FRST
2014-06-01 12:09 - 2014-06-01 12:09 - 00010240 _____ () C:\Users\stefanie\Documents\sicherungcc.reg
2014-06-01 10:46 - 2014-05-31 16:17 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140601-104653.backup
2014-05-31 16:17 - 2014-05-31 10:11 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140531-161732.backup
2014-05-31 10:11 - 2014-05-31 10:10 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140531-101135.backup
2014-05-31 10:10 - 2014-05-31 08:57 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140531-101014.backup
2014-05-31 10:08 - 2014-05-31 14:05 - 00009322 _____ () C:\Windows\wininit.ini
2014-05-31 08:57 - 2012-07-26 07:26 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140531-085702.backup
2014-05-31 08:51 - 2014-05-31 08:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-31 08:51 - 2014-05-31 08:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-31 08:51 - 2014-05-31 08:51 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-31 08:51 - 2014-05-31 08:51 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-31 08:51 - 2014-05-31 08:51 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-31 08:51 - 2014-05-31 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-31 08:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-05-30 21:05 - 2014-05-30 21:05 - 00050688 _____ () C:\Users\stefanie\Documents\cc_20140530_210552.reg
2014-05-30 20:55 - 2014-05-30 20:55 - 00830792 _____ (Click Me In Limited) C:\Users\stefanie\AppData\Local\nstBFAC.tmp
2014-05-30 20:54 - 2014-05-30 20:54 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-30 20:54 - 2014-05-30 20:54 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-30 20:54 - 2014-05-30 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-30 20:54 - 2014-05-30 20:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-30 20:47 - 2014-05-30 20:47 - 00000000 ____D () C:\Users\stefanie\AppData\Local\com
2014-05-30 20:45 - 2014-06-03 23:27 - 00000000 ____D () C:\temp
2014-05-30 20:43 - 2014-06-03 21:41 - 00000000 ____D () C:\QUARANTINE
2014-05-30 20:21 - 2014-05-30 20:45 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\vlc
2014-05-30 20:19 - 2014-05-30 20:19 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-30 20:19 - 2014-05-30 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-30 20:19 - 2014-05-30 20:19 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-25 20:13 - 2014-06-06 21:35 - 00002170 _____ () C:\Users\stefanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk

==================== One Month Modified Files and Folders =======

2014-06-06 22:42 - 2014-06-06 22:42 - 00016620 _____ () C:\Users\stefanie\Downloads\FRST.txt
2014-06-06 22:42 - 2014-06-03 19:56 - 00000000 ____D () C:\FRST
2014-06-06 22:42 - 2013-05-31 20:33 - 00000000 ____D () C:\Users\stefanie\AppData\Local\Temp
2014-06-06 22:41 - 2014-06-06 22:41 - 02072576 _____ (Farbar) C:\Users\stefanie\Downloads\FRST64.exe
2014-06-06 22:16 - 2014-06-03 23:11 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 22:09 - 2014-06-06 22:09 - 00000615 _____ () C:\Users\stefanie\Desktop\JRT.txt
2014-06-06 22:09 - 2013-05-31 20:44 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2023974973-3132872521-635736642-1001
2014-06-06 22:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-06 21:45 - 2014-06-06 21:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 21:44 - 2014-06-06 21:44 - 01016261 _____ (Thisisu) C:\Users\stefanie\Downloads\JRT.exe
2014-06-06 21:41 - 2014-06-06 21:41 - 00001883 _____ () C:\Users\stefanie\Desktop\mbam.txt
2014-06-06 21:35 - 2014-05-25 20:13 - 00002170 _____ () C:\Users\stefanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk
2014-06-06 21:34 - 2014-06-03 23:11 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 21:34 - 2014-06-03 23:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-06 21:34 - 2013-05-31 20:37 - 00000500 _____ () C:\Users\stefanie\AppData\Roaming\sp_data.sys
2014-06-06 21:33 - 2014-06-06 21:33 - 00000556 _____ () C:\Windows\PFRO.log
2014-06-06 21:33 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-06 21:33 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-06 21:32 - 2013-01-15 11:38 - 01447707 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 21:31 - 2014-06-06 21:00 - 00000000 ____D () C:\AdwCleaner
2014-06-06 21:31 - 2013-05-31 20:36 - 00001003 _____ () C:\Users\stefanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-06 20:57 - 2014-06-06 20:57 - 01333465 _____ () C:\Users\stefanie\Downloads\adwcleaner_3.212.exe
2014-06-06 20:44 - 2014-06-03 20:37 - 00033374 _____ () C:\Users\stefanie\Desktop\Addition.txt
2014-06-06 20:41 - 2014-06-06 20:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\stefanie\Downloads\revosetup95(2).exe
2014-06-06 20:41 - 2014-06-06 20:41 - 00001266 _____ () C:\Users\stefanie\Desktop\Revo Uninstaller.lnk
2014-06-06 20:41 - 2014-06-06 20:41 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-06 20:40 - 2014-06-06 20:40 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\stefanie\Downloads\revosetup95(1).exe
2014-06-06 20:39 - 2014-06-06 20:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\stefanie\Downloads\revosetup95.exe
2014-06-03 23:44 - 2014-06-03 23:44 - 00000000 ____D () C:\Users\stefanie\Desktop\Bildersammlung
2014-06-03 23:39 - 2014-06-03 23:39 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\Mozilla
2014-06-03 23:39 - 2014-06-03 23:39 - 00000000 ____D () C:\Users\stefanie\AppData\Local\Mozilla
2014-06-03 23:38 - 2014-06-03 23:37 - 00009558 _____ () C:\Users\stefanie\Documents\cc_20140603_233744.reg
2014-06-03 23:35 - 2014-06-03 23:35 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-03 23:35 - 2014-06-03 23:35 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-03 23:35 - 2014-06-03 23:35 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-03 23:35 - 2014-06-03 23:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-03 23:35 - 2014-06-03 23:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 23:31 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-06-03 23:29 - 2012-07-26 10:12 - 00000000 __RSD () C:\Windows\Media
2014-06-03 23:27 - 2014-05-30 20:45 - 00000000 ____D () C:\temp
2014-06-03 23:18 - 2014-06-03 23:18 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\LavasoftStatistics
2014-06-03 23:17 - 2014-06-03 23:17 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-03 23:16 - 2014-06-03 23:16 - 01727624 _____ () C:\Users\stefanie\Downloads\Adaware_Installer_11.1.5354.exe
2014-06-03 23:16 - 2014-06-03 23:16 - 01727624 _____ () C:\Users\stefanie\Downloads\Adaware_Installer_11.1.5354 (1).exe
2014-06-03 23:16 - 2014-06-03 23:16 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-03 23:13 - 2014-06-03 23:13 - 00003188 _____ () C:\Windows\System32\Tasks\{9FBD011A-9614-4994-BF2C-791CCA8C1041}
2014-06-03 23:11 - 2014-06-03 23:11 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-03 23:11 - 2014-06-03 23:11 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-03 23:11 - 2014-06-03 23:11 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-03 23:11 - 2014-06-03 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-03 23:11 - 2014-06-03 23:11 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-03 23:11 - 2014-06-03 23:10 - 00000000 ____D () C:\Users\stefanie\AppData\Local\Google
2014-06-03 23:04 - 2014-06-03 23:04 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-03 23:04 - 2014-06-03 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-03 23:04 - 2014-06-03 23:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-03 23:03 - 2014-06-03 23:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 22:59 - 2014-06-03 21:41 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-03 22:54 - 2014-06-03 22:54 - 00003188 _____ () C:\Windows\System32\Tasks\{2E75F29C-6E71-48EE-AB73-6FA7D904980B}
2014-06-03 22:46 - 2014-06-03 22:46 - 00000430 _____ () C:\Users\stefanie\Documents\cc_20140603_224628.reg
2014-06-03 22:41 - 2014-06-03 22:41 - 00000900 _____ () C:\Users\stefanie\Documents\cc_20140603_224106.reg
2014-06-03 22:00 - 2014-06-03 22:00 - 00830792 _____ (Click Me In Limited) C:\Users\stefanie\AppData\Local\nsf9D4C.tmp
2014-06-03 21:41 - 2014-05-30 20:43 - 00000000 ____D () C:\QUARANTINE
2014-06-03 21:41 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-03 21:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-03 20:37 - 2014-06-03 20:37 - 00036259 _____ () C:\Users\stefanie\Desktop\FRST.txt
2014-06-01 12:10 - 2013-12-31 09:50 - 00000027 _____ () C:\Windows\Disney.ini
2014-06-01 12:09 - 2014-06-01 12:09 - 00010240 _____ () C:\Users\stefanie\Documents\sicherungcc.reg
2014-06-01 10:46 - 2014-06-03 21:37 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140603-213715.backup
2014-06-01 10:42 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-31 16:17 - 2014-06-01 10:46 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140601-104653.backup
2014-05-31 14:05 - 2014-05-31 10:08 - 00009322 _____ () C:\Windows\wininit.ini
2014-05-31 10:11 - 2014-05-31 16:17 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140531-161732.backup
2014-05-31 10:10 - 2014-05-31 10:11 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140531-101135.backup
2014-05-31 10:08 - 2013-05-31 20:37 - 00000000 ___RD () C:\Users\stefanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 08:57 - 2014-05-31 10:10 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140531-101014.backup
2014-05-31 08:56 - 2014-05-31 08:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-31 08:53 - 2014-05-31 08:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-31 08:51 - 2014-05-31 08:51 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-31 08:51 - 2014-05-31 08:51 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-31 08:51 - 2014-05-31 08:51 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-31 08:51 - 2014-05-31 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-30 21:05 - 2014-05-30 21:05 - 00050688 _____ () C:\Users\stefanie\Documents\cc_20140530_210552.reg
2014-05-30 20:55 - 2014-05-30 20:55 - 00830792 _____ (Click Me In Limited) C:\Users\stefanie\AppData\Local\nstBFAC.tmp
2014-05-30 20:55 - 2012-08-03 00:24 - 00000000 ____D () C:\Windows\Panther
2014-05-30 20:54 - 2014-05-30 20:54 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-30 20:54 - 2014-05-30 20:54 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-30 20:54 - 2014-05-30 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-30 20:54 - 2014-05-30 20:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-30 20:47 - 2014-05-30 20:47 - 00000000 ____D () C:\Users\stefanie\AppData\Local\com
2014-05-30 20:45 - 2014-05-30 20:21 - 00000000 ____D () C:\Users\stefanie\AppData\Roaming\vlc
2014-05-30 20:19 - 2014-05-30 20:19 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-30 20:19 - 2014-05-30 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-30 20:19 - 2014-05-30 20:19 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-25 19:29 - 2013-06-25 19:50 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-19 10:03 - 2012-08-03 01:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-05-19 10:03 - 2012-08-03 01:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-05-19 10:03 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 07:26 - 2014-06-03 23:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-03 23:03 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-03 23:03 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\Users\stefanie\xobglu16.dll
C:\Users\stefanie\xobglu32.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 10:11

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

ich habe fertig :)
herzlichen dank für die bisherige Hilfestellung.

schrauber 07.06.2014 17:19

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131