Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig (https://www.trojaner-board.de/156059-windows-7-virenscanner-laesst-installieren-firefox-strartet-selbststaendig.html)

CeDAT 04.07.2014 09:01
Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig
 
Hallo, ich habe hier einen Rechner auf dem sich kein gängiger Virenscanner installieren lässt. Des Weiteren startet auch Firefox selbstständig und ruft Spiele- und/oder Pornoseiten auf.

FRST.txt

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by Computer (administrator) on PCBECKER on 04-07-2014 09:24:55
Running from E:\Virenentfernung
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Valve Corporation) C:\Steam\Steam.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe
() C:\Users\Computer\AppData\Local\nfmffef.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WksCal.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.EXE
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-10-03] ()
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Steam] => C:\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Google+ Auto Backup] => C:\Users\Computer\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.EXE
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [GoogleChromeAutoLaunch_99AE18632314C5772DDF1A65D9BFB3A0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [nfmffef] => c:\users\computer\appdata\local\nfmffef.exe [3080192 2014-07-02] ()
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\MountPoints2: {77717763-0d4e-11e2-be69-806e6f6e6963} - "J:\autorun.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.3.0.12
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {63183CC4-C8CA-4276-BDF2-47706CC4EC60} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0ByCyDzy0DtA0EtBtCtN0D0Tzu0CyCyCtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z2Y1N2Y1H1B1Q&cr=691960370&ir=
SearchScopes: HKLM - {7EC40E7C-DA68-857B-84C7-3AD81B7A9077} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3320216&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3A298DD6-1F89-4B53-B768-CE94BDB5B920&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=&systemid=&v=-&apn_uid=&apn_dtid=BND&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: easYtosHop - {E569D2C5-82B3-56D7-CC4E-2E3DF6A278BD} - C:\ProgramData\easYtosHop\gOT8meg.x64.dll No File
BHO: CoonverrtMe - {E664A4CA-CBB5-9B01-D333-2B7AFB5CB4C2} - C:\ProgramData\CoonverrtMe\aKj_.x64.dll No File
BHO-x32: easYtosHop - {E569D2C5-82B3-56D7-CC4E-2E3DF6A278BD} - C:\ProgramData\easYtosHop\gOT8meg.dll No File
BHO-x32: CoonverrtMe - {E664A4CA-CBB5-9B01-D333-2B7AFB5CB4C2} - C:\ProgramData\CoonverrtMe\aKj_.dll No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default
FF Homepage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_99f740896c4e4f5db538310a9845c664_39_1006_20130731_DE_ff_sp_
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default\extensions\shortcutff@gmail.com

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=&systemid=&v=-&apn_uid=&apn_dtid=BND&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-18]
CHR Extension: (Google Drive) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-10]
CHR Extension: (YouTube) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-10]
CHR Extension: (Google-Suche) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-10]
CHR Extension: (Raven Internet Marketing Tools) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfnifaophpooekkminfbekpgmanjlcf [2014-06-09]
CHR Extension: (Google Wallet) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (No Name) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-06-13]
CHR Extension: (Google Mail) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-18]
CHR Extension: (Anti-Banner) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-06-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-11-25] (Acer Incorporated)
S4 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S4 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
S4 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-15] (WildTangent)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
S4 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S4 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21600 2013-03-29] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-12] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-03] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-02] (NetFilterSDK.com)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-06-23] ()
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
S2 SPDRIVER_1.0.0.21; \??\C:\Program Files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 ____D () C:\FRST
2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 _____ () C:\Users\Computer\defogger_reenable
2014-07-03 14:53 - 2014-07-03 14:54 - 04161050 _____ () C:\Users\Computer\Downloads\tdsskiller.zip
2014-07-03 14:22 - 2014-07-03 14:22 - 00380416 _____ () C:\Users\Computer\Downloads\rhstcvpu.exe
2014-07-03 11:21 - 2014-07-03 11:28 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-03 10:57 - 2014-07-03 11:02 - 281672840 ____N (Symantec Corporation) C:\Users\Computer\Downloads\NIS-ESD-21.3.0-GE.exe
2014-07-03 08:30 - 2014-07-03 08:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 08:29 - 2014-07-03 08:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 08:29 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-03 08:29 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-03 08:29 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-03 08:27 - 2014-07-03 08:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-07-02 11:34 - 2013-12-04 00:14 - 00601376 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll
2014-07-02 11:34 - 2013-12-04 00:14 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml160.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp160.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2014-07-02 11:34 - 2013-12-04 00:12 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja160.dll
2014-07-02 11:34 - 2013-12-04 00:11 - 00447264 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn160.dll
2014-07-02 11:34 - 2013-12-04 00:11 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2014-07-02 11:34 - 2013-12-04 00:07 - 00446240 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3160.dll
2014-07-02 11:34 - 2011-02-11 14:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll
2014-07-02 11:34 - 2011-02-11 14:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
2014-07-02 11:34 - 2009-02-25 16:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll
2014-07-02 11:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-02 11:07 - 2014-07-04 09:25 - 01041569 _____ () C:\Users\Computer\AppData\Local\nfmffef.gss
2014-07-02 11:07 - 2014-07-03 14:59 - 00555008 _____ () C:\Users\Computer\AppData\Local\nfmffef.gdb
2014-07-02 11:07 - 2014-07-02 11:07 - 03080192 _____ () C:\Users\Computer\AppData\Local\nfmffef.exe
2014-07-02 11:06 - 2014-07-02 11:12 - 00000000 ____D () C:\AdwCleaner
2014-07-02 11:06 - 2014-07-02 11:06 - 01346519 _____ () C:\Users\Computer\Downloads\adwcleaner_3.214.exe
2014-07-02 11:01 - 2014-07-03 09:16 - 00000795 _____ () C:\Windows\setupact.log
2014-07-02 11:01 - 2014-07-02 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-29 23:30 - 2014-06-29 23:30 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-06-28 13:55 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Desktop\diagnose.exe
2014-06-28 13:49 - 2014-06-28 13:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose (1).exe
2014-06-27 18:37 - 2014-06-27 18:37 - 00000863 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.zip
2014-06-27 17:49 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose.exe
2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Program Files (x86)\C1788BAC-0FCE-48F4-AF6A-AB180B237191
2014-06-25 16:17 - 2014-07-03 09:29 - 00001080 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.lnk
2014-06-24 22:57 - 2014-06-24 22:57 - 00287864 _____ () C:\Windows\Minidump\062414-18843-01.dmp
2014-06-22 21:47 - 2014-06-22 21:47 - 00287864 _____ () C:\Windows\Minidump\062214-19421-01.dmp
2014-06-22 21:46 - 2014-06-22 21:46 - 00000017 _____ () C:\Users\Computer\AppData\Local\resmon.resmoncfg
2014-06-20 22:20 - 2014-06-20 22:20 - 00007312 _____ () C:\Windows\system32\SettingsFile
2014-06-15 18:24 - 2014-06-15 18:24 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-09 22:11 - 2014-06-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\㩃啜敳獲䍜浯異整屲灁䑰瑡屡潒浡湩屧潍楺汬屡楆敲潦屸牐景汩獥浜歱渰牪⹹敤慦汵屴潣歯敩⹳煳楬整
2014-06-09 14:14 - 2014-06-09 14:14 - 03448360 _____ (Smart PC Solutions ) C:\Users\Computer\Downloads\PCSpeedMaximizer.exe
2014-06-09 14:00 - 2014-06-09 14:00 - 00287864 _____ () C:\Windows\Minidump\060914-14000-01.dmp
2014-06-09 12:08 - 2014-06-09 12:08 - 00256992 _____ () C:\Users\Computer\Downloads\DriverFinder_Setup.exe
2014-06-09 12:04 - 2014-06-09 12:04 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\DriverFinder
2014-06-09 11:54 - 2014-06-23 23:57 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-06-09 11:54 - 2014-06-09 11:54 - 00002469 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Computer\AppData\Local\SlimWare Utilities Inc
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-06-06 12:56 - 2014-06-06 13:00 - 00000000 ____D () C:\Users\Computer\AppData\Local\Adobe
2014-06-06 12:44 - 2014-06-06 12:44 - 00007552 ____N () C:\bootsqm.dat
2014-06-06 12:43 - 2014-06-06 12:43 - 00000000 __SHD () C:\found.000

==================== One Month Modified Files and Folders =======

2014-07-04 09:25 - 2014-07-02 11:07 - 01041569 _____ () C:\Users\Computer\AppData\Local\nfmffef.gss
2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 ____D () C:\FRST
2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 _____ () C:\Users\Computer\defogger_reenable
2014-07-04 09:24 - 2013-01-25 18:57 - 00000000 ____D () C:\Users\Computer
2014-07-04 09:23 - 2013-02-21 23:16 - 00000000 ____D () C:\Steam
2014-07-04 09:22 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-03 15:11 - 2013-01-25 19:07 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-424039607-3106668974-96046439-1001
2014-07-03 15:05 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-03 15:00 - 2012-08-02 17:04 - 01568942 _____ () C:\Windows\PFRO.log
2014-07-03 14:59 - 2014-07-02 11:07 - 00555008 _____ () C:\Users\Computer\AppData\Local\nfmffef.gdb
2014-07-03 14:57 - 2012-10-03 13:45 - 01374240 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 14:54 - 2014-07-03 14:53 - 04161050 _____ () C:\Users\Computer\Downloads\tdsskiller.zip
2014-07-03 14:47 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-03 14:32 - 2013-07-29 19:27 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 14:22 - 2014-07-03 14:22 - 00380416 _____ () C:\Users\Computer\Downloads\rhstcvpu.exe
2014-07-03 14:21 - 2013-07-31 23:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-03 14:21 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-03 14:21 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-03 14:18 - 2012-10-03 14:20 - 00000000 ____D () C:\ProgramData\Norton
2014-07-03 14:18 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-03 14:09 - 2014-02-12 23:26 - 00000000 ____D () C:\temp
2014-07-03 12:36 - 2014-04-16 18:45 - 00000000 ____D () C:\ProgramData\CoonverrtMe
2014-07-03 11:28 - 2014-07-03 11:21 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-03 11:02 - 2014-07-03 10:57 - 281672840 ____N (Symantec Corporation) C:\Users\Computer\Downloads\NIS-ESD-21.3.0-GE.exe
2014-07-03 10:51 - 2014-01-11 16:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-07-03 09:32 - 2014-01-11 17:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-03 09:31 - 2013-02-02 15:14 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-03 09:29 - 2014-06-25 16:17 - 00001080 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.lnk
2014-07-03 09:29 - 2013-02-02 20:29 - 00000000 ____D () C:\Users\Computer\AppData\Local\clear.fi
2014-07-03 09:17 - 2012-10-02 08:54 - 00752930 _____ () C:\Windows\system32\perfh007.dat
2014-07-03 09:17 - 2012-10-02 08:54 - 00156156 _____ () C:\Windows\system32\perfc007.dat
2014-07-03 09:17 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-03 09:16 - 2014-07-02 11:01 - 00000795 _____ () C:\Windows\setupact.log
2014-07-03 08:30 - 2014-07-03 08:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 08:29 - 2014-07-03 08:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 08:28 - 2014-07-03 08:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-03 08:08 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-07-02 11:12 - 2014-07-02 11:06 - 00000000 ____D () C:\AdwCleaner
2014-07-02 11:11 - 2014-06-01 18:41 - 00001079 _____ () C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-02 11:11 - 2013-07-29 19:27 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-02 11:11 - 2013-07-29 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-02 11:11 - 2013-02-03 12:44 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-02 11:11 - 2013-02-03 12:44 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-02 11:10 - 2013-07-31 23:19 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-07-02 11:07 - 2014-07-02 11:07 - 03080192 _____ () C:\Users\Computer\AppData\Local\nfmffef.exe
2014-07-02 11:06 - 2014-07-02 11:06 - 01346519 _____ () C:\Users\Computer\Downloads\adwcleaner_3.214.exe
2014-07-02 11:02 - 2012-08-02 17:19 - 00000000 ____D () C:\ProgramData\Temp
2014-07-02 11:01 - 2014-07-02 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-30 18:47 - 2014-01-11 15:01 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-06-29 23:30 - 2014-06-29 23:30 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-06-29 21:37 - 2013-01-25 19:16 - 00000000 ____D () C:\Users\Computer\AppData\Local\CrashDumps
2014-06-28 18:04 - 2014-02-13 00:49 - 00016896 ___SH () C:\Users\Computer\Documents\Thumbs.db
2014-06-28 13:49 - 2014-06-28 13:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose (1).exe
2014-06-27 18:37 - 2014-06-27 18:37 - 00000863 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.zip
2014-06-27 17:49 - 2014-06-28 13:55 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Desktop\diagnose.exe
2014-06-27 17:49 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose.exe
2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Program Files (x86)\C1788BAC-0FCE-48F4-AF6A-AB180B237191
2014-06-26 18:18 - 2013-05-18 14:37 - 00000000 ____D () C:\Users\Computer\Documents\kai zeug
2014-06-24 22:57 - 2014-06-24 22:57 - 00287864 _____ () C:\Windows\Minidump\062414-18843-01.dmp
2014-06-24 22:57 - 2014-04-03 21:44 - 1688198262 _____ () C:\Windows\MEMORY.DMP
2014-06-24 22:57 - 2014-02-21 23:01 - 00000000 ____D () C:\Windows\Minidump
2014-06-24 22:49 - 2013-02-03 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-24 21:56 - 2012-10-03 14:13 - 00002435 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2014-06-23 23:57 - 2014-06-09 11:54 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-06-22 21:54 - 2013-10-16 21:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 21:47 - 2014-06-22 21:47 - 00287864 _____ () C:\Windows\Minidump\062214-19421-01.dmp
2014-06-22 21:46 - 2014-06-22 21:46 - 00000017 _____ () C:\Users\Computer\AppData\Local\resmon.resmoncfg
2014-06-20 22:20 - 2014-06-20 22:20 - 00007312 _____ () C:\Windows\system32\SettingsFile
2014-06-18 18:20 - 2014-05-29 23:00 - 00000000 ____D () C:\rei
2014-06-18 18:20 - 2014-05-29 22:46 - 00000163 _____ () C:\Windows\Reimage.ini
2014-06-15 18:24 - 2014-06-15 18:24 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-15 18:24 - 2012-08-02 17:13 - 00002486 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
2014-06-15 18:24 - 2012-08-02 17:13 - 00002470 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-06-15 18:24 - 2012-08-02 17:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-15 18:24 - 2012-08-02 17:13 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-06-09 22:11 - 2014-06-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\㩃啜敳獲䍜浯異整屲灁䑰瑡屡潒浡湩屧潍楺汬屡楆敲潦屸牐景汩獥浜歱渰牪⹹敤慦汵屴潣歯敩⹳煳楬整
2014-06-09 19:03 - 2014-04-04 22:38 - 00000000 ____D () C:\ProgramData\a4b33b63d1694301
2014-06-09 14:14 - 2014-06-09 14:14 - 03448360 _____ (Smart PC Solutions ) C:\Users\Computer\Downloads\PCSpeedMaximizer.exe
2014-06-09 14:00 - 2014-06-09 14:00 - 00287864 _____ () C:\Windows\Minidump\060914-14000-01.dmp
2014-06-09 12:08 - 2014-06-09 12:08 - 00256992 _____ () C:\Users\Computer\Downloads\DriverFinder_Setup.exe
2014-06-09 12:04 - 2014-06-09 12:04 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\DriverFinder
2014-06-09 11:54 - 2014-06-09 11:54 - 00002469 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Computer\AppData\Local\SlimWare Utilities Inc
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-06-06 21:51 - 2013-12-11 18:43 - 00000000 ____D () C:\Users\Computer\AppData\Local\Runic Games
2014-06-06 13:00 - 2014-06-06 12:56 - 00000000 ____D () C:\Users\Computer\AppData\Local\Adobe
2014-06-06 12:44 - 2014-06-06 12:44 - 00007552 ____N () C:\bootsqm.dat
2014-06-06 12:43 - 2014-06-06 12:43 - 00000000 __SHD () C:\found.000

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5488.dll


Some content of TEMP:
====================
C:\Users\Computer\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Computer\AppData\Local\Temp\fpiisrxg.dll
C:\Users\Computer\AppData\Local\Temp\gkc.exe
C:\Users\Computer\AppData\Local\Temp\Quarantine.exe
C:\Users\Computer\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Computer\AppData\Local\Temp\ShoppinHelper2new2.exe
C:\Users\Computer\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-14 16:16

==================== End Of Log ============================
Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by Computer at 2014-07-04 09:25:19
Running from E:\Virenentfernung
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.01.2002 - Acer Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
DriverUpdate (HKLM-x32\...\{6FF69967-0BFE-4F14-B6DF-E73783E52340}) (Version: 2.2.36428 - SlimWare Utilities, Inc.)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Genesis (HKCU\...\nfmffef) (Version:  - ) <==== ATTENTION
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Intel(R) Network Connections 17.2.153.0 (HKLM\...\PROSetDX) (Version: 17.2.153.0 - Intel)
Intel(R) Network Connections 17.2.153.0 (Version: 17.2.153.0 - Intel) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.6.6.0 - Reimage)
Save Sense (remove only) (HKCU\...\Save Sense) (Version: 6.4.1.0 - SaveSense) <==== ATTENTION
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shopping Helper Smartbar Engine (HKCU\...\{53a703b6-0f29-4121-b729-e34ec6da8302}) (Version: 11.49.63.16848 - ReSoft Ltd.) <==== ATTENTION
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.13 - WildTangent)

==================== Restore Points  =========================

03-07-2014 07:30:55 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05C4F9FB-8AB9-45DE-AA96-9F4D98259F35} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\SymErr.exe
Task: {1386C002-A2FD-4589-A17C-613A3FEB0B35} - \EPUpdater No Task File <==== ATTENTION
Task: {140B564E-0990-477D-A9E3-7AB847988AE1} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)
Task: {16256578-4D28-468C-B777-E3841CE81F59} - \Dealply No Task File <==== ATTENTION
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21B09A65-E8AF-4CDC-927F-B9C5161C08A9} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2920E379-24D9-4721-870B-2E7B9AE5DCDF} - \spmonitor No Task File <==== ATTENTION
Task: {4145606B-AE45-4C5D-ACBB-6C55CBBC3D07} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {4589006D-977D-481C-95DC-A30A291651B2} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {49D57BD2-7C2F-4531-862C-CB10274C4A5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
Task: {59E8B577-BF8F-416B-97D1-F8732C660C4B} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {61F454E3-38FB-4B6E-9CD9-43F34410EB79} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {63700C6F-EA33-4393-8289-B482449CE6A5} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {8EAB1039-F05C-4EBA-B900-B5AAC8FFDBDA} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {8FDBC6BE-67C7-4079-8BF3-7E72E4447982} - \LyricsContainer Update No Task File <==== ATTENTION
Task: {9222A835-D170-48F7-9619-930AEC32862C} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\SymErr.exe
Task: {9CE5E34F-A933-4C4E-8334-675AB420123F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
Task: {A067634F-DCF2-4E04-AAAB-50C22B95E3AD} - \RegClean Pro No Task File <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A76E1D53-5500-4305-A06A-5E07F02FF866} - \BrowserDefendert No Task File <==== ATTENTION
Task: {B2FBC000-49D3-4BA6-BE04-E39A6DF7686C} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {BAD90900-AB86-4AA7-9998-A25A3F8ED690} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {BEAB9A12-BAC2-43AC-BD35-72C6B6C8F7BA} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-24] ()
Task: {BF00D894-3E73-44FC-B72B-2B6491A09D6B} - \SpeedUpMyPC No Task File <==== ATTENTION
Task: {C4816D17-F227-4519-B558-FCC0AA2953B1} - \LaunchApp No Task File <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C778FE02-EFAB-4886-8A2F-53DA56D9458E} - \RegClean Pro_UPDATES No Task File <==== ATTENTION
Task: {E4813DB8-8F9A-4576-972A-6DEC66CFA0B5} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F6F330BB-9868-482D-9B97-80E97FB1A938} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf500a5f10f8ca.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2013-06-01 16:17 - 2013-06-01 16:18 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-03 14:03 - 2012-10-03 14:03 - 01193176 _____ () C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
2014-07-02 11:07 - 2014-07-02 11:07 - 03080192 _____ () C:\Users\Computer\AppData\Local\nfmffef.exe
2014-05-25 12:33 - 2014-04-30 02:08 - 01135104 _____ () C:\Steam\libavcodec-55.dll
2014-05-25 12:33 - 2014-04-30 02:08 - 00404992 _____ () C:\Steam\libavformat-55.dll
2014-01-08 13:05 - 2014-04-30 02:08 - 00340992 _____ () C:\Steam\libavresample-1.dll
2014-04-26 18:35 - 2014-04-30 02:08 - 00471552 _____ () C:\Steam\libavutil-53.dll
2013-03-25 15:23 - 2014-05-17 03:36 - 00756224 _____ () C:\Steam\SDL2.dll
2014-05-25 12:34 - 2014-05-29 19:37 - 02139840 _____ () C:\Steam\video.dll
2014-05-25 12:33 - 2014-04-29 02:37 - 00519168 _____ () C:\Steam\libswscale-2.dll
2013-02-15 14:08 - 2014-05-29 19:36 - 01116864 _____ () C:\Steam\bin\chromehtml.DLL
2013-01-22 05:22 - 2014-05-02 01:35 - 20628160 _____ () C:\Steam\bin\libcef.dll
2012-12-11 10:51 - 2013-06-15 01:49 - 01100800 _____ () C:\Steam\bin\avcodec-53.dll
2012-12-11 10:51 - 2013-06-15 01:49 - 00124416 _____ () C:\Steam\bin\avutil-51.dll
2012-12-11 10:51 - 2013-06-15 01:49 - 00192000 _____ () C:\Steam\bin\avformat-53.dll
2014-02-13 16:12 - 2014-02-13 16:12 - 00279296 _____ () C:\Program Files (x86)\Acer\Acer Portal\libcurl.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Computer:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\Computer\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Computer\Cookies:gs5sys
AlternateDataStreams: C:\Users\Computer\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\Computer\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Computer\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Computer\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Computer\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Computer\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Computer\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\Computer\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: CCDMonitorService => 2
MSCONFIG\Services: cjpcsc => 2
MSCONFIG\Services: DAUpdaterSvc => 3
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: ePowerSvc => 3
MSCONFIG\Services: ExpressCache => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) PROSet Monitoring Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: StarMoney 8.0 OnlineUpdate => 2
MSCONFIG\Services: StarMoney 9.0 OnlineUpdate => 2
MSCONFIG\Services: Steam Client Service => 3

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 09:25:18 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:25:18Z. Fehlercode: 0x80071A91.

Error: (07/04/2014 09:24:48 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:24:48Z. Fehlercode: 0x80071A91.

Error: (07/04/2014 09:24:15 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:24:15Z. Fehlercode: 0x80071A91.

Error: (07/04/2014 09:23:45 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:23:45Z. Fehlercode: 0x80071A91.

Error: (07/04/2014 09:23:15 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:23:15Z. Fehlercode: 0x80071A91.

Error: (07/04/2014 09:23:03 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.

Error: (07/04/2014 09:23:03 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.

Error: (07/04/2014 09:22:56 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.

Error: (07/04/2014 09:22:56 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.

Error: (07/04/2014 09:22:48 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung Fehler in der Wiederherstellungsphase. beendet.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Gatherer wird heruntergefahren.  (HRESULT : 0x80040d23) (0x80040d23)


System errors:
=============
Error: (07/04/2014 09:23:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 8 Mal passiert.

Error: (07/04/2014 09:23:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801

Error: (07/04/2014 09:22:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert.

Error: (07/04/2014 09:22:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801

Error: (07/04/2014 09:22:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (07/04/2014 09:22:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801

Error: (07/03/2014 03:08:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.

Error: (07/03/2014 03:08:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801

Error: (07/03/2014 03:08:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Windows Search" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062

Error: (07/03/2014 03:07:34 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056


Microsoft Office Sessions:
=========================
Error: (07/04/2014 09:25:18 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x80071A912114-06-10T07:25:18Z

Error: (07/04/2014 09:24:48 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x80071A912114-06-10T07:24:48Z

Error: (07/04/2014 09:24:15 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x80071A912114-06-10T07:24:15Z

Error: (07/04/2014 09:23:45 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x80071A912114-06-10T07:23:45Z

Error: (07/04/2014 09:23:15 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x80071A912114-06-10T07:23:15Z

Error: (07/04/2014 09:23:03 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (07/04/2014 09:23:03 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91

Error: (07/04/2014 09:22:56 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:

Error: (07/04/2014 09:22:56 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91

Error: (07/04/2014 09:22:48 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Gatherer wird heruntergefahren.  (HRESULT : 0x80040d23) (0x80040d23)
Fehler in der Wiederherstellungsphase.


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 8134.05 MB
Available physical RAM: 7072.57 MB
Total Pagefile: 16326.05 MB
Available Pagefile: 15141.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:453.1 GB) (Free:251.62 GB) NTFS
Drive d: (DATA) (Fixed) (Total:453.61 GB) (Free:453.46 GB) NTFS
Drive e: (XBOOT) (Removable) (Total:14.62 GB) (Free:14.32 GB) FAT32
Drive j: (kis 2014) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: E13DBE7D)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=15 GB) - (Type=73)

========================================================
Disk: 7 (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
GMER.log

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-04 09:28:53
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST1000DM003-9YN162 rev.CC4B 931,51GB
Running: rhstcvpu.exe; Driver: C:\Users\Computer\AppData\Local\Temp\pwdcapow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Windows\System32\spoolsv.exe[1328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                        000007fd9455177a 4 bytes [55, 94, FD, 07]
.text    C:\Windows\System32\spoolsv.exe[1328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                        000007fd94551782 4 bytes [55, 94, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                              000007fd8fac1b32 4 bytes [AC, 8F, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                              000007fd8fac1b3a 4 bytes [AC, 8F, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                          000007fd86d71532 4 bytes [D7, 86, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                          000007fd86d7153a 4 bytes [D7, 86, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                        000007fd86d7165a 4 bytes [D7, 86, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                000007fd9455177a 4 bytes [55, 94, FD, 07]
.text    C:\Windows\Explorer.EXE[2916] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                000007fd94551782 4 bytes [55, 94, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                  000007fd86d71532 4 bytes [D7, 86, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                  000007fd86d7153a 4 bytes [D7, 86, FD, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                000007fd86d7165a 4 bytes [D7, 86, FD, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [2336:4400]                                                                                                  fffff960009005e8
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:4288]                000007fd95b923a8
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:2188]                000007fd8b3977b0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:1796]                000007fd8b3977b0
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:3596]                000007fd947e8c44
Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:1828]                000007fd93b7c648
---- Processes - GMER 2.1 ----

Process  C:\Users\Computer\AppData\Local\nfmffef.exe (*** suspicious ***) @ C:\Users\Computer\AppData\Local\nfmffef.exe [736](2014-07-02 09:07:04)  0000000000400000

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 04.07.2014 09:28
hi,

Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

CeDAT 04.07.2014 10:33
Hallo und danke für die schnelle Antwort.

Revo Uninstaller hat nur 3 Programme gefunden und konnte diese nicht Deinstallieren. Ich habe dann Combofix ausgeführt.

Code:
ComboFix 14-07-03.01 - Computer 04.07.2014  11:19:34.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.8134.6840 [GMT 2:00]
ausgeführt von:: c:\users\Computer\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LIL7639.tmp
C:\LIL7648.tmp
C:\LIL7677.tmp
C:\LIL7696.tmp
C:\LIL76C5.tmp
c:\users\Computer\AppData\Local\nsd3B9A.tmp
c:\users\Computer\AppData\Local\nsl5C18.tmp
c:\users\Computer\AppData\Local\nsq9933.tmp
c:\users\Computer\AppData\Local\nsrA8C.tmp
c:\users\Public\AlexaNSISPlugin.5488.dll
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_acedrv11
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-06-04 bis 2014-07-04  ))))))))))))))))))))))))))))))
.
.
2014-07-04 09:23 . 2014-07-04 09:23        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-07-04 08:34 . 2014-07-04 08:34        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-07-04 07:24 . 2014-07-04 07:25        --------        d-----w-        C:\FRST
2014-07-03 06:30 . 2014-07-04 07:29        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-03 06:29 . 2014-07-03 06:29        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-03 06:29 . 2014-07-03 06:29        --------        d-----w-        c:\programdata\Malwarebytes
2014-07-03 06:29 . 2014-05-12 05:26        64216        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-07-03 06:29 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-07-03 06:29 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-07-03 06:16 . 2014-06-05 01:54        10779000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7F61AC4-0148-4E98-A4BB-3E78548652D2}\mpengine.dll
2014-07-02 09:08 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2014-07-02 09:06 . 2014-07-02 09:12        --------        d-----w-        C:\AdwCleaner
2014-06-29 21:30 . 2014-06-29 21:30        --------        d-----w-        c:\program files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-06-26 19:30 . 2014-06-26 19:30        --------        d-----w-        c:\program files (x86)\C1788BAC-0FCE-48F4-AF6A-AB180B237191
2014-06-15 16:24 . 2014-06-15 16:24        --------        d-----w-        c:\programdata\BlueStacks
2014-06-09 10:04 . 2014-06-09 10:04        --------        d-----w-        c:\users\Computer\AppData\Roaming\DriverFinder
2014-06-09 09:54 . 2014-06-23 21:57        16152        ----a-w-        c:\windows\system32\drivers\SWDUMon.sys
2014-06-09 09:54 . 2014-06-09 09:54        --------        d-----w-        c:\users\Computer\AppData\Local\SlimWare Utilities Inc
2014-06-09 09:54 . 2014-06-09 09:54        --------        d-----w-        c:\program files (x86)\DriverUpdate
2014-06-06 10:56 . 2014-06-06 11:00        --------        d-----w-        c:\users\Computer\AppData\Local\Adobe
2014-06-06 10:43 . 2014-06-06 10:43        --------        d-----w-        C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-03 13:11 . 2014-04-02 17:00        17536        ----a-w-        c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-07-03 07:31 . 2013-02-02 13:14        95414520        ----a-w-        c:\windows\system32\MRT.exe
2014-06-02 20:25 . 2014-06-02 20:25        46376        ----a-w-        c:\windows\system32\drivers\netfilter64.sys
2014-05-30 16:31 . 2014-05-30 16:31        12219608        ----a-w-        C:\TRANSLATE
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2012-10-03 1193176]
"Steam"="c:\steam\Steam.exe" [2014-05-29 1754816]
"AcerCloud"="c:\program files (x86)\Acer\Acer Portal\acpanel_win.exe" [2014-02-13 18247424]
"Google+ Auto Backup"="c:\users\Computer\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" [2014-01-06 3619096]
"GoogleChromeAutoLaunch_99AE18632314C5772DDF1A65D9BFB3A0"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-24 841032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2012-07-26 62976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Erinnerungen für Microsoft Works-Kalender.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-8-6 53317]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 SPDRIVER_1.0.0.21;SPDRIVER_1.0.0.21;c:\program files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.SYS;c:\program files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.SYS [x]
R3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\System32\drivers\amdkmafd.sys;c:\windows\SYSNATIVE\drivers\amdkmafd.sys [x]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys;c:\windows\SYSNATIVE\DRIVERS\cjusb.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Portal\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Portal\CCDMonitorService.exe [x]
R4 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe;c:\windows\SysWOW64\cjpcsc.exe [x]
R4 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R4 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
R4 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
R4 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [x]
R4 StarMoney 9.0 OnlineUpdate;StarMoney 9.0 OnlineUpdate;c:\program files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-12 12:08        1078088        ----a-w-        c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf500a5f10f8ca.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29 17:27]
.
2014-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29 17:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-02 12921488]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.3.0.12
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_99f740896c4e4f5db538310a9845c664_39_1006_20130731_DE_ff_sp_
FF - ExtSQL: !HIDDEN! 2013-07-10 21:28; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; c:\program files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF - ExtSQL: !HIDDEN! 2014-02-26 18:37; quick_start@gmail.com; c:\users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default\extensions\quick_start@gmail.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E569D2C5-82B3-56D7-CC4E-2E3DF6A278BD} - c:\programdata\easYtosHop\gOT8meg.dll
BHO-{E664A4CA-CBB5-9B01-D333-2B7AFB5CB4C2} - c:\programdata\CoonverrtMe\aKj_.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-SPDriver - c:\program files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.EXE
Wow6432Node-HKLM-Run-SPDriver - c:\program files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.EXE
BHO-{E569D2C5-82B3-56D7-CC4E-2E3DF6A278BD} - c:\programdata\easYtosHop\gOT8meg.x64.dll
BHO-{E664A4CA-CBB5-9B01-D333-2B7AFB5CB4C2} - c:\programdata\CoonverrtMe\aKj_.x64.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Save Sense - c:\users\Computer\AppData\Local\SaveSense\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\WksCal.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-04  11:29:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-07-04 09:29
.
Vor Suchlauf: 14 Verzeichnis(se), 269.624.549.376 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 270.206.504.960 Bytes frei
.
- - End Of File - - D688D48513656355BFB910035F76DE7E
5FB38429D5D77768867C76DCBDB35194

schrauber 05.07.2014 11:00
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

CeDAT 07.07.2014 08:32
Hallo,

habe alle Schritte durchgeführt, hier die gewünschten Logs.

MBAM

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 07.07.2014
Scan Time: 09:04:52
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.07.01
Rootkit Database: v2014.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Computer

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291286
Time Elapsed: 5 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
AdwCleaner

Code:
# AdwCleaner v3.214 - Bericht erstellt am 07/07/2014 um 09:18:34
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Computer - PCBECKER
# Gestartet von : C:\Users\Computer\Downloads\adwcleaner_3.214.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\genesis

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ Datei : C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [141222 octets] - [02/07/2014 11:06:51]
AdwCleaner[R1].txt - [1269 octets] - [07/07/2014 09:17:05]
AdwCleaner[S0].txt - [128288 octets] - [02/07/2014 11:09:47]
AdwCleaner[S1].txt - [1140 octets] - [07/07/2014 09:18:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1200 octets] ##########
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Computer on 07.07.2014 at  9:22:25,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\vafplayer
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-424039607-3106668974-96046439-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-424039607-3106668974-96046439-1001\Software\wajam



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver genius"



~~~ FireFox

Successfully deleted the following from C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\mqk0njry.default\prefs.js

user_pref("extensions.defaulttab.installdate", 1395269132);
user_pref("extensions.defaulttab.useNewTabWhiteList", false);
Emptied folder: C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\mqk0njry.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.07.2014 at  9:25:51,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und der frische FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by Computer (administrator) on PCBECKER on 07-07-2014 09:27:12
Running from C:\Users\Computer\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WksCal.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-10-03] ()
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Steam] => C:\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Google+ Auto Backup] => C:\Users\Computer\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [GoogleChromeAutoLaunch_99AE18632314C5772DDF1A65D9BFB3A0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen für Microsoft Works-Kalender.lnk
ShortcutTarget: Erinnerungen für Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.3.0.12
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {63183CC4-C8CA-4276-BDF2-47706CC4EC60} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0ByCyDzy0DtA0EtBtCtN0D0Tzu0CyCyCtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z2Y1N2Y1H1B1Q&cr=691960370&ir=
SearchScopes: HKLM - {7EC40E7C-DA68-857B-84C7-3AD81B7A9077} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3320216&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3A298DD6-1F89-4B53-B768-CE94BDB5B920&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=&systemid=&v=-&apn_uid=&apn_dtid=BND&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO-x32: easYtosHop - {E569D2C5-82B3-56D7-CC4E-2E3DF6A278BD} - C:\ProgramData\easYtosHop\gOT8meg.dll No File
BHO-x32: CoonverrtMe - {E664A4CA-CBB5-9B01-D333-2B7AFB5CB4C2} - C:\ProgramData\CoonverrtMe\aKj_.dll No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default
FF Homepage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_99f740896c4e4f5db538310a9845c664_39_1006_20130731_DE_ff_sp_
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default\extensions\shortcutff@gmail.com

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=&systemid=&v=-&apn_uid=&apn_dtid=BND&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-18]
CHR Extension: (Google Drive) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-10]
CHR Extension: (YouTube) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-10]
CHR Extension: (Google-Suche) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-10]
CHR Extension: (Raven Internet Marketing Tools) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfnifaophpooekkminfbekpgmanjlcf [2014-06-09]
CHR Extension: (Google Wallet) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Google Mail) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-18]
CHR Extension: (Anti-Banner) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-06-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-11-25] (Acer Incorporated)
S4 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S4 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
S4 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-15] (WildTangent)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
S4 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S4 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21600 2013-03-29] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-12] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-02] (NetFilterSDK.com)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-06-23] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
S2 SPDRIVER_1.0.0.21; \??\C:\Program Files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-07 09:27 - 2014-07-07 09:27 - 00014232 _____ () C:\Users\Computer\Desktop\FRST.txt
2014-07-07 09:27 - 2014-07-04 09:19 - 02083840 _____ (Farbar) C:\Users\Computer\Desktop\FRST64.exe
2014-07-07 09:25 - 2014-07-07 09:25 - 00001872 _____ () C:\Users\Computer\Desktop\JRT.txt
2014-07-07 09:22 - 2014-07-07 09:22 - 00000000 ____D () C:\Windows\ERUNT
2014-07-07 09:21 - 2014-07-07 09:15 - 01016261 _____ (Thisisu) C:\Users\Computer\Desktop\JRT.exe
2014-07-04 11:29 - 2014-07-04 11:29 - 00015568 _____ () C:\ComboFix.txt
2014-07-04 11:18 - 2014-07-04 11:29 - 00000000 ____D () C:\Qoobox
2014-07-04 11:18 - 2014-07-04 11:29 - 00000000 ____D () C:\ComboFix
2014-07-04 11:18 - 2014-07-04 11:28 - 00000000 ____D () C:\Windows\erdnt
2014-07-04 11:18 - 2014-07-04 11:15 - 05213907 ____R (Swearware) C:\Users\Computer\Desktop\ComboFix.exe
2014-07-04 11:18 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-04 11:18 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-04 11:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-04 11:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-04 11:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-04 11:18 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-07-04 11:18 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-04 11:18 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-04 11:18 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-04 10:34 - 2014-07-04 10:34 - 00001264 _____ () C:\Users\Computer\Desktop\Revo Uninstaller.lnk
2014-07-04 10:34 - 2014-07-04 10:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-04 09:24 - 2014-07-07 09:27 - 00000000 ____D () C:\FRST
2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 _____ () C:\Users\Computer\defogger_reenable
2014-07-03 14:53 - 2014-07-03 14:54 - 04161050 _____ () C:\Users\Computer\Downloads\tdsskiller.zip
2014-07-03 14:22 - 2014-07-03 14:22 - 00380416 _____ () C:\Users\Computer\Downloads\rhstcvpu.exe
2014-07-03 11:21 - 2014-07-03 11:28 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-03 10:57 - 2014-07-03 11:02 - 281672840 ____N (Symantec Corporation) C:\Users\Computer\Downloads\NIS-ESD-21.3.0-GE.exe
2014-07-03 08:30 - 2014-07-07 09:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 08:29 - 2014-07-03 08:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 08:29 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-03 08:29 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-03 08:29 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-03 08:27 - 2014-07-03 08:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-07-02 11:34 - 2013-12-04 00:14 - 00601376 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll
2014-07-02 11:34 - 2013-12-04 00:14 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml160.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp160.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2014-07-02 11:34 - 2013-12-04 00:12 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja160.dll
2014-07-02 11:34 - 2013-12-04 00:11 - 00447264 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn160.dll
2014-07-02 11:34 - 2013-12-04 00:11 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2014-07-02 11:34 - 2013-12-04 00:07 - 00446240 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3160.dll
2014-07-02 11:34 - 2011-02-11 14:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll
2014-07-02 11:34 - 2011-02-11 14:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
2014-07-02 11:34 - 2009-02-25 16:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll
2014-07-02 11:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-02 11:06 - 2014-07-07 09:18 - 00000000 ____D () C:\AdwCleaner
2014-07-02 11:06 - 2014-07-02 11:06 - 01346519 _____ () C:\Users\Computer\Downloads\adwcleaner_3.214.exe
2014-07-02 11:01 - 2014-07-03 09:16 - 00000795 _____ () C:\Windows\setupact.log
2014-07-02 11:01 - 2014-07-02 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-29 23:30 - 2014-06-29 23:30 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-06-28 13:55 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Desktop\diagnose.exe
2014-06-28 13:49 - 2014-06-28 13:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose (1).exe
2014-06-27 18:37 - 2014-06-27 18:37 - 00000863 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.zip
2014-06-27 17:49 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose.exe
2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Program Files (x86)\C1788BAC-0FCE-48F4-AF6A-AB180B237191
2014-06-25 16:17 - 2014-07-03 09:29 - 00001080 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.lnk
2014-06-24 22:57 - 2014-06-24 22:57 - 00287864 _____ () C:\Windows\Minidump\062414-18843-01.dmp
2014-06-22 21:47 - 2014-06-22 21:47 - 00287864 _____ () C:\Windows\Minidump\062214-19421-01.dmp
2014-06-22 21:46 - 2014-06-22 21:46 - 00000017 _____ () C:\Users\Computer\AppData\Local\resmon.resmoncfg
2014-06-20 22:20 - 2014-06-20 22:20 - 00007312 _____ () C:\Windows\system32\SettingsFile
2014-06-15 18:24 - 2014-06-15 18:24 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-09 22:11 - 2014-06-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\㩃啜敳獲䍜浯異整屲灁䑰瑡屡潒浡湩屧潍楺汬屡楆敲潦屸牐景汩獥浜歱渰牪⹹敤慦汵屴潣歯敩⹳煳楬整
2014-06-09 14:14 - 2014-06-09 14:14 - 03448360 _____ (Smart PC Solutions ) C:\Users\Computer\Downloads\PCSpeedMaximizer.exe
2014-06-09 14:00 - 2014-06-09 14:00 - 00287864 _____ () C:\Windows\Minidump\060914-14000-01.dmp
2014-06-09 12:08 - 2014-06-09 12:08 - 00256992 _____ () C:\Users\Computer\Downloads\DriverFinder_Setup.exe
2014-06-09 12:04 - 2014-06-09 12:04 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\DriverFinder
2014-06-09 11:54 - 2014-06-23 23:57 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-06-09 11:54 - 2014-06-09 11:54 - 00002469 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Computer\AppData\Local\SlimWare Utilities Inc
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate

==================== One Month Modified Files and Folders =======

2014-07-07 09:27 - 2014-07-07 09:27 - 00014232 _____ () C:\Users\Computer\Desktop\FRST.txt
2014-07-07 09:27 - 2014-07-04 09:24 - 00000000 ____D () C:\FRST
2014-07-07 09:25 - 2014-07-07 09:25 - 00001872 _____ () C:\Users\Computer\Desktop\JRT.txt
2014-07-07 09:22 - 2014-07-07 09:22 - 00000000 ____D () C:\Windows\ERUNT
2014-07-07 09:21 - 2013-02-21 23:16 - 00000000 ____D () C:\Steam
2014-07-07 09:20 - 2012-10-03 13:45 - 01883456 _____ () C:\Windows\WindowsUpdate.log
2014-07-07 09:19 - 2012-08-02 17:04 - 01569794 _____ () C:\Windows\PFRO.log
2014-07-07 09:19 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-07 09:18 - 2014-07-02 11:06 - 00000000 ____D () C:\AdwCleaner
2014-07-07 09:18 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-07 09:15 - 2014-07-07 09:21 - 01016261 _____ (Thisisu) C:\Users\Computer\Desktop\JRT.exe
2014-07-07 09:06 - 2013-01-25 19:07 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-424039607-3106668974-96046439-1001
2014-07-07 09:04 - 2014-07-03 08:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 09:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-07 08:32 - 2013-07-29 19:27 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-04 11:29 - 2014-07-04 11:29 - 00015568 _____ () C:\ComboFix.txt
2014-07-04 11:29 - 2014-07-04 11:18 - 00000000 ____D () C:\Qoobox
2014-07-04 11:29 - 2014-07-04 11:18 - 00000000 ____D () C:\ComboFix
2014-07-04 11:29 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-07-04 11:28 - 2014-07-04 11:18 - 00000000 ____D () C:\Windows\erdnt
2014-07-04 11:27 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-04 11:26 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-07-04 11:23 - 2012-07-26 07:26 - 75235328 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-07-04 11:23 - 2012-07-26 07:26 - 15204352 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-07-04 11:23 - 2012-07-26 07:26 - 01310720 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-07-04 11:23 - 2012-07-26 07:26 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-07-04 11:23 - 2012-07-26 07:26 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-07-04 11:15 - 2014-07-04 11:18 - 05213907 ____R (Swearware) C:\Users\Computer\Desktop\ComboFix.exe
2014-07-04 10:34 - 2014-07-04 10:34 - 00001264 _____ () C:\Users\Computer\Desktop\Revo Uninstaller.lnk
2014-07-04 10:34 - 2014-07-04 10:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-04 10:34 - 2013-01-25 19:16 - 00000000 ____D () C:\Users\Computer\AppData\Local\CrashDumps
2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 _____ () C:\Users\Computer\defogger_reenable
2014-07-04 09:24 - 2013-01-25 18:57 - 00000000 ____D () C:\Users\Computer
2014-07-04 09:19 - 2014-07-07 09:27 - 02083840 _____ (Farbar) C:\Users\Computer\Desktop\FRST64.exe
2014-07-03 14:54 - 2014-07-03 14:53 - 04161050 _____ () C:\Users\Computer\Downloads\tdsskiller.zip
2014-07-03 14:22 - 2014-07-03 14:22 - 00380416 _____ () C:\Users\Computer\Downloads\rhstcvpu.exe
2014-07-03 14:21 - 2013-07-31 23:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-03 14:21 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-03 14:21 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-03 14:18 - 2012-10-03 14:20 - 00000000 ____D () C:\ProgramData\Norton
2014-07-03 14:09 - 2014-02-12 23:26 - 00000000 ____D () C:\temp
2014-07-03 12:36 - 2014-04-16 18:45 - 00000000 ____D () C:\ProgramData\CoonverrtMe
2014-07-03 11:28 - 2014-07-03 11:21 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-03 11:02 - 2014-07-03 10:57 - 281672840 ____N (Symantec Corporation) C:\Users\Computer\Downloads\NIS-ESD-21.3.0-GE.exe
2014-07-03 10:51 - 2014-01-11 16:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-07-03 09:32 - 2014-01-11 17:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-03 09:31 - 2013-02-02 15:14 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-03 09:29 - 2014-06-25 16:17 - 00001080 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.lnk
2014-07-03 09:29 - 2013-02-02 20:29 - 00000000 ____D () C:\Users\Computer\AppData\Local\clear.fi
2014-07-03 09:17 - 2012-10-02 08:54 - 00752930 _____ () C:\Windows\system32\perfh007.dat
2014-07-03 09:17 - 2012-10-02 08:54 - 00156156 _____ () C:\Windows\system32\perfc007.dat
2014-07-03 09:17 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-03 09:16 - 2014-07-02 11:01 - 00000795 _____ () C:\Windows\setupact.log
2014-07-03 08:29 - 2014-07-03 08:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 08:28 - 2014-07-03 08:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-03 08:08 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-07-02 11:11 - 2014-06-01 18:41 - 00001079 _____ () C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-02 11:11 - 2013-07-29 19:27 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-02 11:11 - 2013-07-29 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-02 11:11 - 2013-02-03 12:44 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-02 11:11 - 2013-02-03 12:44 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-02 11:10 - 2013-07-31 23:19 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-07-02 11:06 - 2014-07-02 11:06 - 01346519 _____ () C:\Users\Computer\Downloads\adwcleaner_3.214.exe
2014-07-02 11:02 - 2012-08-02 17:19 - 00000000 ____D () C:\ProgramData\Temp
2014-07-02 11:01 - 2014-07-02 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-30 18:47 - 2014-01-11 15:01 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-06-29 23:30 - 2014-06-29 23:30 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-06-28 18:04 - 2014-02-13 00:49 - 00016896 ___SH () C:\Users\Computer\Documents\Thumbs.db
2014-06-28 13:49 - 2014-06-28 13:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose (1).exe
2014-06-27 18:37 - 2014-06-27 18:37 - 00000863 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.zip
2014-06-27 17:49 - 2014-06-28 13:55 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Desktop\diagnose.exe
2014-06-27 17:49 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose.exe
2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Program Files (x86)\C1788BAC-0FCE-48F4-AF6A-AB180B237191
2014-06-26 18:18 - 2013-05-18 14:37 - 00000000 ____D () C:\Users\Computer\Documents\kai zeug
2014-06-24 22:57 - 2014-06-24 22:57 - 00287864 _____ () C:\Windows\Minidump\062414-18843-01.dmp
2014-06-24 22:57 - 2014-04-03 21:44 - 1688198262 _____ () C:\Windows\MEMORY.DMP
2014-06-24 22:57 - 2014-02-21 23:01 - 00000000 ____D () C:\Windows\Minidump
2014-06-24 22:49 - 2013-02-03 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-24 21:56 - 2012-10-03 14:13 - 00002435 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2014-06-23 23:57 - 2014-06-09 11:54 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-06-22 21:54 - 2013-10-16 21:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 21:47 - 2014-06-22 21:47 - 00287864 _____ () C:\Windows\Minidump\062214-19421-01.dmp
2014-06-22 21:46 - 2014-06-22 21:46 - 00000017 _____ () C:\Users\Computer\AppData\Local\resmon.resmoncfg
2014-06-20 22:20 - 2014-06-20 22:20 - 00007312 _____ () C:\Windows\system32\SettingsFile
2014-06-18 18:20 - 2014-05-29 23:00 - 00000000 ____D () C:\rei
2014-06-18 18:20 - 2014-05-29 22:46 - 00000163 _____ () C:\Windows\Reimage.ini
2014-06-15 18:24 - 2014-06-15 18:24 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-15 18:24 - 2012-08-02 17:13 - 00002486 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
2014-06-15 18:24 - 2012-08-02 17:13 - 00002470 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-06-15 18:24 - 2012-08-02 17:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-15 18:24 - 2012-08-02 17:13 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-06-09 22:11 - 2014-06-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\㩃啜敳獲䍜浯異整屲灁䑰瑡屡潒浡湩屧潍楺汬屡楆敲潦屸牐景汩獥浜歱渰牪⹹敤慦汵屴潣歯敩⹳煳楬整
2014-06-09 19:03 - 2014-04-04 22:38 - 00000000 ____D () C:\ProgramData\a4b33b63d1694301
2014-06-09 14:14 - 2014-06-09 14:14 - 03448360 _____ (Smart PC Solutions ) C:\Users\Computer\Downloads\PCSpeedMaximizer.exe
2014-06-09 14:00 - 2014-06-09 14:00 - 00287864 _____ () C:\Windows\Minidump\060914-14000-01.dmp
2014-06-09 12:08 - 2014-06-09 12:08 - 00256992 _____ () C:\Users\Computer\Downloads\DriverFinder_Setup.exe
2014-06-09 12:04 - 2014-06-09 12:04 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\DriverFinder
2014-06-09 11:54 - 2014-06-09 11:54 - 00002469 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Computer\AppData\Local\SlimWare Utilities Inc
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate

Some content of TEMP:
====================
C:\Users\Computer\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-07 08:27

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 08.07.2014 06:14

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

CeDAT 08.07.2014 08:54
Hallo Schrauber,

danke für die Antwort.

Hier die Logfiles.

ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=254f6f333428aa48ab35e830dcf4ed68
# engine=19070
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-08 07:39:37
# local_time=2014-07-08 09:39:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 425944 45394276 0 0
# scanned=299262
# found=184
# cleaned=0
# scan_time=4756
sh=297AB44B22D59DC00DA6E7138A6F57CAAA379D74 ft=1 fh=a263ea30718c1c6d vn="Variante von Win64/Adware.Adpeak.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\003\buuoujqmrk64.exe.vir.VIRUS"
sh=B98C851D46F6F34607DEC601FF82469DA350D9EC ft=1 fh=95a049650cc65f75 vn="Variante von Win64/Adware.Adpeak.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\004\rqpbhevlkc64.exe.vir.VIRUS"
sh=741518CA17409E0C108EA202464829E6C664ED1E ft=1 fh=52477f93f91d8732 vn="Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir"
sh=5A3BF792E02A8EF89D0F14E344DDF6AD9D6503CA ft=1 fh=d8a8aa49ce4e751c vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.vir"
sh=6333DA667A1DB6B690F322886EF8B4DACECD7FE3 ft=1 fh=b02a9a0fb9ff7cbb vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AspManager.exe.vir"
sh=93DC7D6BB28C238630D65A2766577262C43D17E9 ft=1 fh=f75d7f7c3c1fd884 vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\filetypehelper.exe.vir"
sh=E32ECB71CAA5BA1F62D7E28F6E7D76D226677B01 ft=1 fh=fc7b40d4e32d8af5 vn="Win32/Distromatic.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Amazon Browser Bar\search_protect.exe.vir"
sh=83E5B1198954A3971D9E6A1AFE08644EF16BDE2F ft=1 fh=a38179720b1e6f70 vn="Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe.vir"
sh=A4315160808D4D754BC09AB562B98557BEBE0BF6 ft=1 fh=c71c0011aa3af91f vn="Variante von Win32/AdWare.AddLyrics.AO Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Buzz-it-soft\Buzz-itE.exe.vir.VIRUS"
sh=D3B56855F6F2E8211D380277478905A2FAF003E9 ft=1 fh=c71c00113eb799cc vn="Variante von Win32/AdWare.AddLyrics.AS Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Buzz-it-soft\Buzz-itf86.exe.vir.VIRUS"
sh=8AA24D5D57CA10037F9428EEBBA5D481B0F3BF69 ft=1 fh=c71c00115b6aba1a vn="Variante von Win32/AdWare.AddLyrics.AN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Buzz-it-soft\Buzz-itOn171.exe.vir.VIRUS"
sh=9B42F14B63DE9342A63E5AAB6905624EA86BF1D1 ft=1 fh=ad35e6e7bb8b1a62 vn="Variante von Win32/AdWare.AddLyrics.AS Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Buzz-it-soft\Uninstall.exe.vir.VIRUS"
sh=6D00C85C60CAF98D39E5CD07AACE53C757A99C49 ft=1 fh=ed4a7cab0d6835d6 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll.vir"
sh=7489D541CA03F640A02B20A33A88C70691D689D5 ft=1 fh=5216003ac57facf4 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir"
sh=0652CF8AA5ACCADDDD31EE32521742F0CF6A62B0 ft=1 fh=6730b7aa2ee36939 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll.vir"
sh=1409EBB3A3E32D47579100DF86DC75C2C3251B1D ft=1 fh=1bb22fea6c29b3c4 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltaApp.dll.vir"
sh=D698B030B32596B463C472026A960115CF8BA08D ft=1 fh=757d60309ad51e46 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltaEng.dll.vir"
sh=FF2381AE65749BA610DF97FAF88952CF15FEF138 ft=1 fh=d64f7ddedf260d1b vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltasrv.exe.vir"
sh=074AD2C240AB3B311E098DA70E99C4C89063B7C8 ft=1 fh=6104037dd21597ba vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll.vir"
sh=3400046C996E0D40BFDA36663BE83C5AF213497E ft=1 fh=ee0b8dcbe432084b vn="Win32/Toolbar.Montiera.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\escortShld.dll.vir"
sh=C9B1C1D6B536D17E425934058F0D49A0876B8C14 ft=1 fh=0271089e341685c4 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\uninstall.exe.vir"
sh=B268732563F607687B0B5E63991763FEBF315D46 ft=1 fh=a9a8061b52917652 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll.vir"
sh=1A44373C7D9083D4E83D4C7E63E84EC1B7DF4DDD ft=1 fh=7b1f17aaf5ac4c39 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.22.0\deltaApp.dll.vir"
sh=1039767B6CA8B147053BD89B771B6A1A98B4D15C ft=1 fh=a640223e2df9bd9b vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.22.0\deltaEng.dll.vir"
sh=2716D2D21C1DB1BA71010D57CF048657ACA2A98F ft=1 fh=7c8ed813e1e6936b vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.22.0\deltasrv.exe.vir.VIRUS"
sh=6FA24D6B224C7ABA9882E29822A9671FA732895B ft=1 fh=58b846ad6f97dcfd vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.22.0\uninstall.exe.vir"
sh=1098A866901B7BF47609156BDED0356E468E7DFB ft=1 fh=df33ed2a9d79ec7b vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll.vir.VIRUS"
sh=34622C0C9B0F72AB2F67AE3BD7CF94EF76B2B54D ft=1 fh=422f90d5b5335443 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaApp.dll.vir"
sh=80C8F13A1918FAEEAB9673C1CCF96E52325EE695 ft=1 fh=0aefb751d92be997 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaEng.dll.vir"
sh=610CDC3A03DA21A83EB90193BACF1347AAA39A0F ft=1 fh=6544723ffe1f3f66 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll.vir.VIRUS"
sh=AFD5B25F86CFD3045CCFF940A249A1DA89DEDE5D ft=1 fh=c55a3c08e5709f9a vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\uninstall.exe.vir"
sh=1EC0A3F220F026513E421FA17DF90936C8EBAD48 ft=1 fh=d7325a4bb0bb2d0a vn="Variante von Win32/ELEX.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Desk 365\deskplusdl.exe.vir.VIRUS"
sh=1A537BB9AD766C0F45DBE7CC9B0BDD7A8CD6F02C ft=1 fh=3dde6c4cfc19bf44 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Desk 365\deskSvc.exe.vir"
sh=D7B2AAB31AB9D8D61B6223A622655418CA4D3E6D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\38532.crx.vir.VIRUS"
sh=FA7C0E26AA5D77AAF2974A0240DD673D0D152A5E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\38532.xpi.vir.VIRUS"
sh=6F2BD9D97570A45DED11A0DB2AD1D55D7E409913 ft=1 fh=229ecbcd301e067c vn="Win32/Toolbar.CrossRider.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-bg.exe.vir"
sh=A01D6E1C83F592A7F5EDEB8903EF1C64AADA57A1 ft=1 fh=73fb969b74063804 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-bho64.dll.vir"
sh=886FDE6E49AB6F3385BD2CE74F0DBF4947274EB0 ft=1 fh=548b6b486ef32a84 vn="Win32/Toolbar.CrossRider.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-buttonutil.dll.vir"
sh=9BAE5D8FB43FF67BF9AE5F36A84C7EE570675117 ft=1 fh=3ad31b5f6f79af2e vn="Win32/Toolbar.CrossRider.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-buttonutil.exe.vir"
sh=447337AB14F363A030066E0AEEE749D470A13C1E ft=1 fh=00db2348504f4fe9 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-buttonutil64.dll.vir"
sh=3FA3F0761EBAFF9A147AEE2A406ACEF1D1144C1B ft=1 fh=da74f39cee092855 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-buttonutil64.exe.vir"
sh=07C8D9860F6F6FC5F93AAD97AC02141C8ED25B68 ft=1 fh=4aa8e8f62111304b vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-codedownloader.exe.vir.VIRUS"
sh=65F597B9E4D0FCD4D50010C3A55CF5DBBACB3579 ft=1 fh=b1e5946ee2312e18 vn="Win32/Toolbar.CrossRider.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-helper.exe.vir"
sh=7F57F2FC51409AE519610CCC5BC8076665C653AC ft=1 fh=3df0e3987fad1a15 vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\Feven 1.5-updater.exe.vir"
sh=E04ABB727567AB7DD22159CF8C2AA75EBCA18144 ft=1 fh=edd75c9e8dccf5e8 vn="Win32/Packed.VMDetector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 1.5\utils.exe.vir"
sh=F0E5DFC9F5903A66E3D2BF8511539955D7E17200 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\54246.crx.vir"
sh=089BB7E56A87C74508E8848076D05281BD3DA473 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\54246.xpi.vir"
sh=677D86005EBDFB5E1F760AD807409DB08536BCDB ft=1 fh=d3c83b4567ac8997 vn="Variante von Win32/Toolbar.CrossRider.AL evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bg.exe.vir.VIRUS"
sh=03968227D47D277355EF6E7A63678E157969140F ft=1 fh=d8accb8698cd2780 vn="Variante von Win64/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll.vir"
sh=80984286766388010D80EF1854A03C840F95F493 ft=1 fh=c1190a78ba67e05f vn="Variante von Win32/Packed.VMDetector.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\utils.exe.vir"
sh=E4860D5FC736021C218C5ECEABB00C268D5C49D0 ft=1 fh=8a90c8250dbc4ece vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll.vir"
sh=42385CEA71F1A33CB8A6BF1EA70AED988180AB53 ft=1 fh=d94392d828f8b4a9 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\Datamngr.dll.vir"
sh=7B2E4742DF2E101B0860FCEAC9B0AFDE13F17E42 ft=1 fh=6df01fe619fc4bbc vn="Variante von Win32/AdWare.Bandoo.AE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrChrome.dll.vir"
sh=9D33FC49D0C492282AB70BC4831E6810826D0B3F ft=1 fh=f842e13d90d4f4ca vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe.vir"
sh=044C759F1A8FDFD14719DA0AA53B6F865C3B1A70 ft=1 fh=466a7ffde640807b vn="Variante von Win32/Toolbar.SearchSuite.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe.vir"
sh=5A724A2BDA20A82667C1FFE9AEEA485930D28F32 ft=1 fh=32a0c8e70bf18ee5 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\del_DM_LL_nsl810E.dll.vir"
sh=0FB316273932836910AE3FB8D5F297493DE7A5C9 ft=1 fh=9d7118e3ef68c63b vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\Helper.dll.vir"
sh=FC83D5580E69DC05681CBD088BD215B53A87CF89 ft=1 fh=f2920accee387938 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\IEBHO.dll.vir"
sh=1C8E83A0261402A094162D68BAF04415DF49947B ft=1 fh=bd4eb1c921dbcb01 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\Internet Explorer Settings.exe.vir"
sh=6EA281BE968AC3B70366E6DB6F0E1DAC4EE6B1F0 ft=1 fh=5531c7981d991a32 vn="Variante von Win32/Toolbar.SearchSuite.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll.vir"
sh=79747E1A2E2ECD59391DF30AD547C69F2915B35B ft=1 fh=231df5506c90bf35 vn="Win32/AdWare.Bandoo.AD Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\setmgrc1.cfg.vir"
sh=06C7EAE98354E9FA66916B9567988ABE3B97DA8F ft=1 fh=71851554da6e4830 vn="Variante von Win32/Toolbar.SearchSuite.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\Uninstall.exe.vir"
sh=DDCD6F1275B9C4C760FAA8C9C9B8FF117D29EB26 ft=1 fh=a224e389a79b5bad vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe.vir"
sh=A7399A72B41503ACF603E78989691E112DB51867 ft=1 fh=3ddbf4c13d9f090d vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\__searchresultsDx.dll.vir"
sh=1AB1729A3F5BFD236DE138D12B8E0F3FFA78C2A6 ft=1 fh=48ad535d7a1ce207 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\__searchresultstb.dll.vir"
sh=DDCD6F1275B9C4C760FAA8C9C9B8FF117D29EB26 ft=1 fh=a224e389a79b5bad vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~2\IE\dtuser.exe.vir"
sh=A7399A72B41503ACF603E78989691E112DB51867 ft=1 fh=3ddbf4c13d9f090d vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~2\IE\__searchresultsDx.dll.vir"
sh=1AB1729A3F5BFD236DE138D12B8E0F3FFA78C2A6 ft=1 fh=48ad535d7a1ce207 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~2\IE\__searchresultstb.dll.vir"
sh=DDCD6F1275B9C4C760FAA8C9C9B8FF117D29EB26 ft=1 fh=a224e389a79b5bad vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~3\IE\dtuser.exe.vir"
sh=A7399A72B41503ACF603E78989691E112DB51867 ft=1 fh=3ddbf4c13d9f090d vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~3\IE\__searchresultsDx.dll.vir"
sh=1AB1729A3F5BFD236DE138D12B8E0F3FFA78C2A6 ft=1 fh=48ad535d7a1ce207 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~3\IE\__searchresultstb.dll.vir"
sh=6603A489746EEC452EE2F8265891F9D35D493C2F ft=1 fh=a206e96e62ff4c0a vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll.vir"
sh=8E7F262E2456FFDDD6ABF12DB970A0A6746B4CBD ft=1 fh=402e4816eeda7e36 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\Datamngr.dll.vir"
sh=5BE2F4F47197D45AA186314394A8C61DE29D3520 ft=1 fh=3461c23255d24773 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\del_DM_LL_nsl810E.dll.vir"
sh=5751717FDAC627C6A0F4713238393C5840978E00 ft=1 fh=c5422d7692c4916b vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\IEBHO.dll.vir"
sh=FF33DAFC2B9BBDF0C7381641A02151BEAF6602A3 ft=1 fh=3873eb98d7f7b95a vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\Internet Explorer Settings.exe.vir"
sh=A613BDDC4F5943F9697C7F75AD67D9B579AF00F1 ft=1 fh=07469553cf3324c4 vn="Variante von Win64/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll.vir"
sh=86F449EEBC3AC33E506DDEA3E24B72D977438DF8 ft=1 fh=46605f0b8adcee1c vn="Win64/Adware.Bandoo.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg.vir"
sh=8F070D36BA757747527BDF3736EFCBBE1D051B0A ft=1 fh=92aee2bc5570ebe1 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\mysearchdialApp.dll.vir"
sh=B67DF0C86BF6403B0AC8E1DC26A078C678EFC74C ft=1 fh=b945d4e158c45c12 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\mysearchdialEng.dll.vir.VIRUS"
sh=E869D3646D89D4514F947304703F0483029F6CAF ft=1 fh=9691cee157383ff8 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\mysearchdialsrv.exe.vir"
sh=3246C5908CCDBA82B39C3A0E05285299C4B2CADA ft=1 fh=f7922527b1859756 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\mysearchdialTlbr.dll.vir.VIRUS"
sh=31D0B125962639ACC9DF9F39782A3207099DD924 ft=1 fh=ca95fc211bc2fbc3 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir.VIRUS"
sh=6857BD88EA938B705EFC3FD46D5C91D2C1B3EDE9 ft=1 fh=a2f65d85debd6839 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir.VIRUS"
sh=7ABB587B2A0D80E1EC4B2F1E8BB0E2C194FBB4A0 ft=1 fh=9074270edfd38722 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir.VIRUS"
sh=3407FB00757C71D9CB28AEC2EC7855FF5D3A6609 ft=1 fh=67364266c19decdd vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll.vir.VIRUS"
sh=89DC63472DE94DF3F12DBAE15B7EBE6C04263369 ft=1 fh=7fb9e45e0079471d vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir.VIRUS"
sh=8F6145BD8F0880546E45BA03E013B958F7C5B7EC ft=1 fh=ec51ffcf586b9fa0 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\bh\mysearchdial.dll.vir.VIRUS"
sh=2FB6E17B5B1771AF9BBE670D80BC29672A764471 ft=1 fh=45f0ba0365790147 vn="Variante von Win32/SProtector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir.VIRUS"
sh=1375A8FFF1D262AD65AB09311A91AA9B96E83049 ft=1 fh=72898e0453db9d6a vn="Variante von Win32/SProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll.vir"
sh=9F8E488CB68193DABA2E820964EB6BB5B0053BA0 ft=1 fh=5c179f4fc04177a8 vn="Variante von Win64/SProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll.vir"
sh=2F367F244D08950211E4C05FB8EF8E0959BB773A ft=1 fh=20d3e0bbdedcd685 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir"
sh=E5DB01AF8C7541396D4C619A55B7B664281A5375 ft=1 fh=97edb4dad52fbf6e vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir"
sh=B0620B454574191BFA28A172BA2769D49B744D4F ft=1 fh=da2cbaa9ae7ff67b vn="Variante von Win32/SpeedingUpMyPC.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe.vir"
sh=54C7E75A5B413CCE4DD0AE31E535207EF3BE1159 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\32002.crx.vir"
sh=0BC1A3D8C105537DA301626C539E23B0E6C957AA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\32002.xpi.vir.VIRUS"
sh=AEDEBD241B2D4F6386D33D0D96BB1662819C26C9 ft=1 fh=198c49bf5680ed49 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll.vir"
sh=8F89DC8BC736E8F2A29C992AF0A2F83826C7669E ft=1 fh=54abba1c672239f8 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.dll.vir"
sh=1F08C4166547F9A95C6B36C5D2E2E10579BD1366 ft=1 fh=e4f100e9489a4ea9 vn="Win32/Packed.VMDetector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\utils.exe.vir"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe.vir.VIRUS"
sh=10903598F769E2AC5F1E2372E90F6722A3A860B7 ft=1 fh=89560075533c3d40 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir.VIRUS"
sh=88482528CE4F67A1004B50BA93282CEACCEDE534 ft=1 fh=e40b702402e604d5 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\psmachine.dll.vir"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe.vir.VIRUS"
sh=70D49B9ABA391E6976DAB5C4BEA63733459B3F1C ft=1 fh=0b76a05977e7722a vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe.vir"
sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe.vir.VIRUS"
sh=F09B9B9B1D16D1539D23CC6ACDE0DC7BC983DF59 ft=1 fh=2dbadf99ca2df2d7 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe.vir"
sh=BFB609ED6CFC882F193F64E0C4B30D106106B64D ft=1 fh=bd431ef42f430194 vn="Win32/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.dll.vir"
sh=07AE4D6DDA1459689E1D5389F0E6826BC69AC82D ft=1 fh=14f16cf84965c313 vn="Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.exe.vir"
sh=561EC2822E18343DAA736197901F3B4D487D9E86 ft=1 fh=0cea4f6b79b2b8af vn="Win64/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro64.dll.vir"
sh=D5C6D1E35285D8AD3BFD28C5663597DB70419722 ft=1 fh=82327c63794ba811 vn="Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\Updater.exe.vir"
sh=B992ED7A1B4DF30F6AF8A911FBFDE92ED9F77519 ft=1 fh=5dac4dde3cd39976 vn="Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir"
sh=A252FEDCEEDCA1655D593982040CCEED07812DEF ft=1 fh=975aa770e795194d vn="Win32/Wajam.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\WajamUpdater.exe.vir"
sh=28B51176D6A6087C267C15AE8D32F98701F1E080 ft=1 fh=ee5922ade32ec373 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir"
sh=54A8802E779AE281FF1B259B5559145E5F781968 ft=1 fh=c71c001102f2b850 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\easytoshop\gOT8meg.dll.vir.VIRUS"
sh=2648349A062066B2B4D9F44854780414B69D59DB ft=1 fh=c71c00110fd81f90 vn="Variante von Win64/Adware.MultiPlug.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\easytoshop\gOT8meg.x64.dll.vir.VIRUS"
sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir.VIRUS"
sh=6F7DA0B999F2A216A65FC4F4740D1E37BF8D3DAD ft=1 fh=c71c0011adf2139a vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\KKinGCoupon\fnN.dll.vir.VIRUS"
sh=0BFE90FAB6F10C0104F69A06184B63F7FBDBFD93 ft=1 fh=c71c0011f25c11fd vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\KKinGCoupon\fnN.exe.vir.VIRUS"
sh=17B24E567626BE32B4ED4541A957BA3EC1E8DA41 ft=1 fh=c71c0011b9dd8ce9 vn="Variante von Win64/Adware.MultiPlug.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\KKinGCoupon\fnN.x64.dll.vir.VIRUS"
sh=BFB609ED6CFC882F193F64E0C4B30D106106B64D ft=1 fh=bd431ef42f430194 vn="Win32/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro.dll.vir"
sh=561EC2822E18343DAA736197901F3B4D487D9E86 ft=1 fh=0cea4f6b79b2b8af vn="Win64/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro64.dll.vir"
sh=91403A26D23237F6F93273B244B2FD558ACCF3F7 ft=1 fh=2db2a806fbb0a318 vn="möglicherweise Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir"
sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\del_64DLL_nsf2D6E.dll.vir"
sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir"
sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir"
sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir"
sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir"
sh=9BA6DC699104472080E202066F9A6194C861BBC4 ft=1 fh=644180d9ce5cd441 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=C7438D942F5D66F71822D807D890EA30B68DEA5E ft=1 fh=cea6bc5b719b3fa1 vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\SaveSense\SaveSenseUpdateVer.exe.vir"
sh=45A00CBBE698665BCC1D163926EBA65E7BD32AC3 ft=1 fh=d540c0af311fbf80 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=20E69E37AC8C04AE910C1D292770CD68163C4409 ft=1 fh=3155f889dd0dbf9a vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=1E5DB8057720A153D3E851B8FC37F8EC980EE8E7 ft=1 fh=a65556fe5bee8b10 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=506CF74F58DEE1A450C9840FDB8F93490FA23BFD ft=1 fh=47e454377749b8d6 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.dll.vir"
sh=04F888260E1E0DF879B2C63693EA9C746D6F938E ft=1 fh=c0789a66bf16a7a5 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir"
sh=4B298F597E719B98DBEAE306E363719AFA1CD074 ft=1 fh=1a0789ee68cbf649 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=C4229E29B0D547CCA2EC493C9359F7FCE27CB5E2 ft=1 fh=353735db63e62932 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=4651567B6F6C117C61B452373FA19E9C0FE0E814 ft=1 fh=9d26a6a798748e85 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=A430BD4F7C79FB7C27DC0DC7ADEA629BB707F96A ft=1 fh=01b69ef96ed28c0c vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=5DA338E36AC330751F6F83F83590D7F0DCEEA546 ft=1 fh=8e8a24b10317c97e vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\torch\Helper.dll.vir"
sh=4AFB1A8A9B6234518266E5EC2312F6F5FF90B499 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\torch\User Data\Default\Cache\f_000635.vir"
sh=7C05A460CED51E5C586D5651A9D4822B41BD3D80 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\torch\User Data\Default\Cache\f_00069c.vir"
sh=3972109B1974BEA7EAA2CFCAF92269548E9C2E72 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\torch\User Data\Default\Cache\f_0006d5.vir"
sh=4F1C38F649CC3DF6B317972621DE7C6317D076AE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\torch\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\91.js.vir"
sh=4A6A0F4255AF0736D186189E46ED9D164FA2FB3F ft=1 fh=18fb82cd25e5988e vn="Variante von Win32/DomaIQ.BK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\torch\User Data\Default\File System\000\t\00\00000001.vir.VIRUS"
sh=85A199E2D11AF93BEFA2086BDA319E52621ECD6D ft=1 fh=e5029e0356f39201 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\torch\User Data\Default\File System\001\t\00\00000000.vir.VIRUS"
sh=CCFF8FD6CCA3EFBF708B608F0795E4797DAD5BA2 ft=1 fh=6884fd3f20959c4c vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Local\torch\User Data\Default\File System\002\t\00\00000000.vir.VIRUS"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Roaming\0C1I1L1R1J0M1P0I1G\VuuPC Packages\uninstaller.exe.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=BE3A5951F9D566E9C0B10B41781E42A3A8562B12 ft=1 fh=bfe637157b287a9d vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir"
sh=6BEC571BC3DA3DD5D2A35422FBD1CD5CEC49B964 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default\Extensions\130\chrome\content\main.js.vir"
sh=8E84B3369C409B88BFF2F167495B5BDA08485065 ft=1 fh=cea6bc5b1fc91d53 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe.vir"
sh=464FD963183897BB987030A2097E759ED613A79C ft=1 fh=d1e1cc77b7d23939 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Roaming\SupTab\SupTab.dll.vir.VIRUS"
sh=3D4C9A423D5D33794A3B29AD3ED5602500098CE8 ft=0 fh=0000000000000000 vn="Variante von MSIL/DomaIQ.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Roaming\Systweak\Advanced System Protector\Quarantine\adware.domaiq._qt_.vir.VIRUS"
sh=E8E6BB9ACD4A31B6BBCC4A80E31154E0E9DF8180 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Roaming\Systweak\Advanced System Protector\Quarantine\malware.agent._qt_.vir"
sh=BC422B3C4B4DD016270A01F3ADF504366BE55C7F ft=0 fh=0000000000000000 vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Roaming\Systweak\Advanced System Protector\Quarantine\malware.ie._qt_.vir"
sh=01AD3B6BC8B1A242197047F7B08F013BE3D0C4D1 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Roaming\Systweak\Advanced System Protector\Quarantine\pup.bundleinstaller._qt_.vir.VIRUS"
sh=C515632A51A22678894193AEF1AAD442491B335C ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Roaming\Systweak\Advanced System Protector\Quarantine\pup.defaulttab._qt_.vir"
sh=56D188403CB0E4C98773134494093652AA0857C2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Roaming\Systweak\Advanced System Protector\Quarantine\pup.optional._qt_.vir.VIRUS"
sh=ED998D4627E3006D0A1423F1F8650BD502ABB799 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Computer\AppData\Roaming\Systweak\Advanced System Protector\Quarantine\trojan.agent._qt_.vir"
sh=2C494B60F6B3BDD93F7B64FAA5545C3F24A9CDA1 ft=1 fh=59764e4444c293a9 vn="Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Computer\AppData\Local\nsd3B9A.tmp.vir"
sh=013B7891099C149B922352B68797D0EE3F7A094A ft=1 fh=c71c0011eb26300d vn="Win32/VOPackage.C evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Computer\AppData\Local\nsl5C18.tmp.vir"
sh=3E80573FD1D1BC15315B1B3BB94A4E91AD429048 ft=1 fh=abbd31e3f6e7905e vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Computer\AppData\Local\nsq9933.tmp.vir"
sh=013B7891099C149B922352B68797D0EE3F7A094A ft=1 fh=c71c0011eb26300d vn="Win32/VOPackage.C evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Computer\AppData\Local\nsrA8C.tmp.vir"
sh=C6B44F78F2397DE2F60970B4F8BE825CC5D2CD23 ft=1 fh=221cbc7fa0bb8f1b vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Computer\AppData\Local\Installer\Install_15766\ytdownloader_ww_setup_20140203.exe"
sh=C6B44F78F2397DE2F60970B4F8BE825CC5D2CD23 ft=1 fh=221cbc7fa0bb8f1b vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Computer\AppData\Local\Installer\Install_26274\ytdownloader_ww_setup_20140203.exe"
sh=BCEB518F8911E047E9DC5B0798B2C38B4260BFA3 ft=1 fh=28814f77d171d827 vn="MSIL/AdvancedSystemProtector.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Computer\Downloads\advancedfileoptimizersetup_PDF.exe"
sh=512A07BB856E1D1884204FD86722744B6393E18B ft=1 fh=8839b1d98d2facde vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Computer\Downloads\aspsetup.exe"
sh=3AAC9BE2B82F5FFBFEE8B7A66D77271DC9305781 ft=1 fh=8fb93d435df59318 vn="Variante von Win32/SpeedingUpMyPC.F Anwendung" ac=I fn="C:\Users\Computer\Downloads\PCSpeedMaximizer.exe"
sh=58636D9D54C7B4B38A6D7198D05F62CFF860E600 ft=1 fh=854234364ad5f832 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Computer\Downloads\PCSpeedMaximizer_AQDE_EM_adhoc.exe"
sh=3947DC53990D4C0F5E5F655818233800CF9F601B ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\76414.msi"
sh=E1FD38D19BAF8784FF0BBC7C0C02500ED2766433 ft=1 fh=d5332291bae29db0 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI8947.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=292EDFC66D493DE4016AEC0CA33BBC6DE34E1A27 ft=1 fh=5c16a016d6377857 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI8947.tmp-\Smartbar.Resources.SetBrowsersSettings.dll"
sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]"
sh=E4333469F3070D049E4FDA053756B96B9F59569B ft=1 fh=5e9b3d881266bb41 vn="Win32/Distromatic evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[1].VIRUS"
sh=63981687FFC14608CDAE65C7EFEA1B24ACAF1DF4 ft=1 fh=c82ffca9f6717ccb vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[1]"
sh=29E421AB9476F9D2E23DAC7CFDE8DD9EE9D0768A ft=1 fh=d53e88ba43d6b8ab vn="Win32/Distromatic.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]"
sh=0FB316273932836910AE3FB8D5F297493DE7A5C9 ft=1 fh=9d7118e3ef68c63b vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsz715A.tmp\Helper.dll"
sh=319246C2064010418D1CC5718E835DD302F990BC ft=1 fh=6d631669bca3599f vn="Variante von Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsz715A.tmp\Starter.exe"
sh=3DAE542BD4F0368B19B4047C0838D3F4FC4DA090 ft=1 fh=9b1350829aeb80db vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]"
sh=E4333469F3070D049E4FDA053756B96B9F59569B ft=1 fh=5e9b3d881266bb41 vn="Win32/Distromatic evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[1].VIRUS"
sh=63981687FFC14608CDAE65C7EFEA1B24ACAF1DF4 ft=1 fh=c82ffca9f6717ccb vn="Variante von Win32/Distromatic.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[1]"
sh=29E421AB9476F9D2E23DAC7CFDE8DD9EE9D0768A ft=1 fh=d53e88ba43d6b8ab vn="Win32/Distromatic.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]"
sh=0FB316273932836910AE3FB8D5F297493DE7A5C9 ft=1 fh=9d7118e3ef68c63b vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsz715A.tmp\Helper.dll"
sh=319246C2064010418D1CC5718E835DD302F990BC ft=1 fh=6d631669bca3599f vn="Variante von Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsz715A.tmp\Starter.exe"
Securitycheck

Code:
Results of screen317's Security Check version 0.99.85 
  x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player        11.9.900.170 Flash Player out of Date! 
 Mozilla Firefox (30.0)
 Google Chrome 33.0.1750.154 
 Google Chrome 34.0.1847.131 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
aktuelle FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Computer (administrator) on PCBECKER on 08-07-2014 09:49:54
Running from C:\Users\Computer\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WksCal.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-10-03] ()
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Steam] => C:\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Google+ Auto Backup] => C:\Users\Computer\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [GoogleChromeAutoLaunch_99AE18632314C5772DDF1A65D9BFB3A0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen für Microsoft Works-Kalender.lnk
ShortcutTarget: Erinnerungen für Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.3.0.12
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {63183CC4-C8CA-4276-BDF2-47706CC4EC60} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0ByCyDzy0DtA0EtBtCtN0D0Tzu0CyCyCtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z2Y1N2Y1H1B1Q&cr=691960370&ir=
SearchScopes: HKLM - {7EC40E7C-DA68-857B-84C7-3AD81B7A9077} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3320216&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3A298DD6-1F89-4B53-B768-CE94BDB5B920&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=&systemid=&v=-&apn_uid=&apn_dtid=BND&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO-x32: easYtosHop - {E569D2C5-82B3-56D7-CC4E-2E3DF6A278BD} - C:\ProgramData\easYtosHop\gOT8meg.dll No File
BHO-x32: CoonverrtMe - {E664A4CA-CBB5-9B01-D333-2B7AFB5CB4C2} - C:\ProgramData\CoonverrtMe\aKj_.dll No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default
FF Homepage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_99f740896c4e4f5db538310a9845c664_39_1006_20130731_DE_ff_sp_
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default\extensions\shortcutff@gmail.com

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=&systemid=&v=-&apn_uid=&apn_dtid=BND&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-18]
CHR Extension: (Google Drive) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-10]
CHR Extension: (YouTube) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-10]
CHR Extension: (Google-Suche) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-10]
CHR Extension: (Raven Internet Marketing Tools) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfnifaophpooekkminfbekpgmanjlcf [2014-06-09]
CHR Extension: (Google Wallet) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Google Mail) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-18]
CHR Extension: (Anti-Banner) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-06-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-11-25] (Acer Incorporated)
S4 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
S4 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
S4 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-15] (WildTangent)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
S4 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S4 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21600 2013-03-29] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-12] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-02] (NetFilterSDK.com)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-06-23] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
S2 SPDRIVER_1.0.0.21; \??\C:\Program Files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-08 09:49 - 2014-07-08 09:49 - 00000000 ____D () C:\Users\Computer\Desktop\FRST-OlderVersion
2014-07-08 08:09 - 2014-07-08 08:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-07 09:27 - 2014-07-08 09:49 - 02084352 _____ (Farbar) C:\Users\Computer\Desktop\FRST64.exe
2014-07-07 09:27 - 2014-07-08 09:49 - 00014305 _____ () C:\Users\Computer\Desktop\FRST.txt
2014-07-07 09:25 - 2014-07-07 09:25 - 00001872 _____ () C:\Users\Computer\Desktop\JRT.txt
2014-07-07 09:22 - 2014-07-07 09:22 - 00000000 ____D () C:\Windows\ERUNT
2014-07-07 09:21 - 2014-07-07 09:15 - 01016261 _____ (Thisisu) C:\Users\Computer\Desktop\JRT.exe
2014-07-04 11:29 - 2014-07-04 11:29 - 00015568 _____ () C:\ComboFix.txt
2014-07-04 11:18 - 2014-07-04 11:29 - 00000000 ____D () C:\Qoobox
2014-07-04 11:18 - 2014-07-04 11:29 - 00000000 ____D () C:\ComboFix
2014-07-04 11:18 - 2014-07-04 11:28 - 00000000 ____D () C:\Windows\erdnt
2014-07-04 11:18 - 2014-07-04 11:15 - 05213907 ____R (Swearware) C:\Users\Computer\Desktop\ComboFix.exe
2014-07-04 11:18 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-04 11:18 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-04 11:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-04 11:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-04 11:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-04 11:18 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-07-04 11:18 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-04 11:18 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-04 11:18 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-04 10:34 - 2014-07-04 10:34 - 00001264 _____ () C:\Users\Computer\Desktop\Revo Uninstaller.lnk
2014-07-04 10:34 - 2014-07-04 10:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-04 09:24 - 2014-07-08 09:49 - 00000000 ____D () C:\FRST
2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 _____ () C:\Users\Computer\defogger_reenable
2014-07-03 14:53 - 2014-07-03 14:54 - 04161050 _____ () C:\Users\Computer\Downloads\tdsskiller.zip
2014-07-03 14:22 - 2014-07-03 14:22 - 00380416 _____ () C:\Users\Computer\Downloads\rhstcvpu.exe
2014-07-03 11:21 - 2014-07-03 11:28 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-03 10:57 - 2014-07-03 11:02 - 281672840 ____N (Symantec Corporation) C:\Users\Computer\Downloads\NIS-ESD-21.3.0-GE.exe
2014-07-03 08:30 - 2014-07-07 09:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 08:29 - 2014-07-03 08:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 08:29 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-03 08:29 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-03 08:29 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-03 08:27 - 2014-07-03 08:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-07-02 11:34 - 2013-12-04 00:14 - 00601376 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll
2014-07-02 11:34 - 2013-12-04 00:14 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml160.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp160.dll
2014-07-02 11:34 - 2013-12-04 00:13 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2014-07-02 11:34 - 2013-12-04 00:12 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja160.dll
2014-07-02 11:34 - 2013-12-04 00:11 - 00447264 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn160.dll
2014-07-02 11:34 - 2013-12-04 00:11 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2014-07-02 11:34 - 2013-12-04 00:07 - 00446240 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3160.dll
2014-07-02 11:34 - 2011-02-11 14:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll
2014-07-02 11:34 - 2011-02-11 14:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll
2014-07-02 11:34 - 2009-02-25 16:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll
2014-07-02 11:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-02 11:06 - 2014-07-07 09:18 - 00000000 ____D () C:\AdwCleaner
2014-07-02 11:06 - 2014-07-02 11:06 - 01346519 _____ () C:\Users\Computer\Downloads\adwcleaner_3.214.exe
2014-07-02 11:01 - 2014-07-03 09:16 - 00000795 _____ () C:\Windows\setupact.log
2014-07-02 11:01 - 2014-07-02 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-29 23:30 - 2014-06-29 23:30 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-06-28 13:55 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Desktop\diagnose.exe
2014-06-28 13:49 - 2014-06-28 13:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose (1).exe
2014-06-27 18:37 - 2014-06-27 18:37 - 00000863 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.zip
2014-06-27 17:49 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose.exe
2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Program Files (x86)\C1788BAC-0FCE-48F4-AF6A-AB180B237191
2014-06-25 16:17 - 2014-07-03 09:29 - 00001080 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.lnk
2014-06-24 22:57 - 2014-06-24 22:57 - 00287864 _____ () C:\Windows\Minidump\062414-18843-01.dmp
2014-06-22 21:47 - 2014-06-22 21:47 - 00287864 _____ () C:\Windows\Minidump\062214-19421-01.dmp
2014-06-22 21:46 - 2014-06-22 21:46 - 00000017 _____ () C:\Users\Computer\AppData\Local\resmon.resmoncfg
2014-06-20 22:20 - 2014-06-20 22:20 - 00007312 _____ () C:\Windows\system32\SettingsFile
2014-06-15 18:24 - 2014-06-15 18:24 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-09 22:11 - 2014-06-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\㩃啜敳獲䍜浯異整屲灁䑰瑡屡潒浡湩屧潍楺汬屡楆敲潦屸牐景汩獥浜歱渰牪⹹敤慦汵屴潣歯敩⹳煳楬整
2014-06-09 14:14 - 2014-06-09 14:14 - 03448360 _____ (Smart PC Solutions ) C:\Users\Computer\Downloads\PCSpeedMaximizer.exe
2014-06-09 14:00 - 2014-06-09 14:00 - 00287864 _____ () C:\Windows\Minidump\060914-14000-01.dmp
2014-06-09 12:08 - 2014-06-09 12:08 - 00256992 _____ () C:\Users\Computer\Downloads\DriverFinder_Setup.exe
2014-06-09 12:04 - 2014-06-09 12:04 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\DriverFinder
2014-06-09 11:54 - 2014-06-23 23:57 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-06-09 11:54 - 2014-06-09 11:54 - 00002469 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Computer\AppData\Local\SlimWare Utilities Inc
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate

==================== One Month Modified Files and Folders =======

2014-07-08 09:50 - 2014-07-07 09:27 - 00014305 _____ () C:\Users\Computer\Desktop\FRST.txt
2014-07-08 09:49 - 2014-07-08 09:49 - 00000000 ____D () C:\Users\Computer\Desktop\FRST-OlderVersion
2014-07-08 09:49 - 2014-07-07 09:27 - 02084352 _____ (Farbar) C:\Users\Computer\Desktop\FRST64.exe
2014-07-08 09:49 - 2014-07-04 09:24 - 00000000 ____D () C:\FRST
2014-07-08 09:32 - 2013-07-29 19:27 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 09:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-08 08:14 - 2013-01-25 19:07 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-424039607-3106668974-96046439-1001
2014-07-08 08:09 - 2014-07-08 08:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-08 08:09 - 2013-02-21 23:16 - 00000000 ____D () C:\Steam
2014-07-07 09:40 - 2012-10-03 13:45 - 01884646 _____ () C:\Windows\WindowsUpdate.log
2014-07-07 09:25 - 2014-07-07 09:25 - 00001872 _____ () C:\Users\Computer\Desktop\JRT.txt
2014-07-07 09:22 - 2014-07-07 09:22 - 00000000 ____D () C:\Windows\ERUNT
2014-07-07 09:19 - 2012-08-02 17:04 - 01569794 _____ () C:\Windows\PFRO.log
2014-07-07 09:19 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-07 09:18 - 2014-07-02 11:06 - 00000000 ____D () C:\AdwCleaner
2014-07-07 09:18 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-07 09:15 - 2014-07-07 09:21 - 01016261 _____ (Thisisu) C:\Users\Computer\Desktop\JRT.exe
2014-07-07 09:04 - 2014-07-03 08:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 11:29 - 2014-07-04 11:29 - 00015568 _____ () C:\ComboFix.txt
2014-07-04 11:29 - 2014-07-04 11:18 - 00000000 ____D () C:\Qoobox
2014-07-04 11:29 - 2014-07-04 11:18 - 00000000 ____D () C:\ComboFix
2014-07-04 11:29 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-07-04 11:28 - 2014-07-04 11:18 - 00000000 ____D () C:\Windows\erdnt
2014-07-04 11:27 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-04 11:26 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-07-04 11:23 - 2012-07-26 07:26 - 75235328 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-07-04 11:23 - 2012-07-26 07:26 - 15204352 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-07-04 11:23 - 2012-07-26 07:26 - 01310720 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-07-04 11:23 - 2012-07-26 07:26 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-07-04 11:23 - 2012-07-26 07:26 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-07-04 11:15 - 2014-07-04 11:18 - 05213907 ____R (Swearware) C:\Users\Computer\Desktop\ComboFix.exe
2014-07-04 10:34 - 2014-07-04 10:34 - 00001264 _____ () C:\Users\Computer\Desktop\Revo Uninstaller.lnk
2014-07-04 10:34 - 2014-07-04 10:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-04 10:34 - 2013-01-25 19:16 - 00000000 ____D () C:\Users\Computer\AppData\Local\CrashDumps
2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 _____ () C:\Users\Computer\defogger_reenable
2014-07-04 09:24 - 2013-01-25 18:57 - 00000000 ____D () C:\Users\Computer
2014-07-03 14:54 - 2014-07-03 14:53 - 04161050 _____ () C:\Users\Computer\Downloads\tdsskiller.zip
2014-07-03 14:22 - 2014-07-03 14:22 - 00380416 _____ () C:\Users\Computer\Downloads\rhstcvpu.exe
2014-07-03 14:21 - 2013-07-31 23:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-03 14:21 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-03 14:21 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-03 14:18 - 2012-10-03 14:20 - 00000000 ____D () C:\ProgramData\Norton
2014-07-03 14:09 - 2014-02-12 23:26 - 00000000 ____D () C:\temp
2014-07-03 12:36 - 2014-04-16 18:45 - 00000000 ____D () C:\ProgramData\CoonverrtMe
2014-07-03 11:28 - 2014-07-03 11:21 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-07-03 11:02 - 2014-07-03 10:57 - 281672840 ____N (Symantec Corporation) C:\Users\Computer\Downloads\NIS-ESD-21.3.0-GE.exe
2014-07-03 10:51 - 2014-01-11 16:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-07-03 09:32 - 2014-01-11 17:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-03 09:31 - 2013-02-02 15:14 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-03 09:29 - 2014-06-25 16:17 - 00001080 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.lnk
2014-07-03 09:29 - 2013-02-02 20:29 - 00000000 ____D () C:\Users\Computer\AppData\Local\clear.fi
2014-07-03 09:17 - 2012-10-02 08:54 - 00752930 _____ () C:\Windows\system32\perfh007.dat
2014-07-03 09:17 - 2012-10-02 08:54 - 00156156 _____ () C:\Windows\system32\perfc007.dat
2014-07-03 09:17 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-03 09:16 - 2014-07-02 11:01 - 00000795 _____ () C:\Windows\setupact.log
2014-07-03 08:29 - 2014-07-03 08:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 08:28 - 2014-07-03 08:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-03 08:08 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-07-02 11:11 - 2014-06-01 18:41 - 00001079 _____ () C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-02 11:11 - 2013-07-29 19:27 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-02 11:11 - 2013-07-29 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-02 11:11 - 2013-02-03 12:44 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-02 11:11 - 2013-02-03 12:44 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-02 11:10 - 2013-07-31 23:19 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-07-02 11:06 - 2014-07-02 11:06 - 01346519 _____ () C:\Users\Computer\Downloads\adwcleaner_3.214.exe
2014-07-02 11:02 - 2012-08-02 17:19 - 00000000 ____D () C:\ProgramData\Temp
2014-07-02 11:01 - 2014-07-02 11:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-30 18:47 - 2014-01-11 15:01 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-06-29 23:30 - 2014-06-29 23:30 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E
2014-06-28 18:04 - 2014-02-13 00:49 - 00016896 ___SH () C:\Users\Computer\Documents\Thumbs.db
2014-06-28 13:49 - 2014-06-28 13:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose (1).exe
2014-06-27 18:37 - 2014-06-27 18:37 - 00000863 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.zip
2014-06-27 17:49 - 2014-06-28 13:55 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Desktop\diagnose.exe
2014-06-27 17:49 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose.exe
2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Program Files (x86)\C1788BAC-0FCE-48F4-AF6A-AB180B237191
2014-06-26 18:18 - 2013-05-18 14:37 - 00000000 ____D () C:\Users\Computer\Documents\kai zeug
2014-06-24 22:57 - 2014-06-24 22:57 - 00287864 _____ () C:\Windows\Minidump\062414-18843-01.dmp
2014-06-24 22:57 - 2014-04-03 21:44 - 1688198262 _____ () C:\Windows\MEMORY.DMP
2014-06-24 22:57 - 2014-02-21 23:01 - 00000000 ____D () C:\Windows\Minidump
2014-06-24 22:49 - 2013-02-03 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-24 21:56 - 2012-10-03 14:13 - 00002435 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2014-06-23 23:57 - 2014-06-09 11:54 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-06-22 21:54 - 2013-10-16 21:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 21:47 - 2014-06-22 21:47 - 00287864 _____ () C:\Windows\Minidump\062214-19421-01.dmp
2014-06-22 21:46 - 2014-06-22 21:46 - 00000017 _____ () C:\Users\Computer\AppData\Local\resmon.resmoncfg
2014-06-20 22:20 - 2014-06-20 22:20 - 00007312 _____ () C:\Windows\system32\SettingsFile
2014-06-18 18:20 - 2014-05-29 23:00 - 00000000 ____D () C:\rei
2014-06-18 18:20 - 2014-05-29 22:46 - 00000163 _____ () C:\Windows\Reimage.ini
2014-06-15 18:24 - 2014-06-15 18:24 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-15 18:24 - 2012-08-02 17:13 - 00002486 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
2014-06-15 18:24 - 2012-08-02 17:13 - 00002470 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-06-15 18:24 - 2012-08-02 17:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-15 18:24 - 2012-08-02 17:13 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-06-09 22:11 - 2014-06-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\㩃啜敳獲䍜浯異整屲灁䑰瑡屡潒浡湩屧潍楺汬屡楆敲潦屸牐景汩獥浜歱渰牪⹹敤慦汵屴潣歯敩⹳煳楬整
2014-06-09 19:03 - 2014-04-04 22:38 - 00000000 ____D () C:\ProgramData\a4b33b63d1694301
2014-06-09 14:14 - 2014-06-09 14:14 - 03448360 _____ (Smart PC Solutions ) C:\Users\Computer\Downloads\PCSpeedMaximizer.exe
2014-06-09 14:00 - 2014-06-09 14:00 - 00287864 _____ () C:\Windows\Minidump\060914-14000-01.dmp
2014-06-09 12:08 - 2014-06-09 12:08 - 00256992 _____ () C:\Users\Computer\Downloads\DriverFinder_Setup.exe
2014-06-09 12:04 - 2014-06-09 12:04 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\DriverFinder
2014-06-09 11:54 - 2014-06-09 11:54 - 00002469 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Computer\AppData\Local\SlimWare Utilities Inc
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate

Some content of TEMP:
====================
C:\Users\Computer\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-07 08:27

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 09.07.2014 08:05
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Temps bereinigen mit Ccleaner oder so.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

CeDAT 10.07.2014 09:34
Hallo Schrauber,

vielen Dank für die umfassende Hilfe. Auf dem Rechner läuft jetzt alles wieder normal.

Hier noch der Fixlog.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by Computer at 2014-07-09 09:38:22 Run:1
Running from C:\Users\Computer\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.

==== End of Fixlog ====
Ansonsten kann ich nur nochmal sagen "Danke". :dankeschoen:

schrauber 11.07.2014 08:22
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131