Trojaner-Board - Alle E-Mail Konten auf dem Pc gehackt

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Alle E-Mail Konten auf dem Pc gehackt (https://www.trojaner-board.de/165333-alle-e-mail-konten-pc-gehackt.html)

Alle E-Mail Konten auf dem Pc gehackt

Hallo, wie ich kürzlich erfahren habe werden von einigen meiner E-Mail Adressen jede menge Spam Mails versendet, dies möchte ich natürlich unterbinden. Ich schließe auf eine Infektion einer meiner Rechner , da ich von diesem auf alle infizierten Konten zugreifen kann und alle E-Mail Konten auf diesem Pc gehackt wurden.Ich bitte also um Hilfe, damit ich den Virus ausfindig machen kann, um meine Konten zu sichern.

PS: es hatt nicht geholfen das Passwort der Konten zu ändern.

Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Frst:
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015

Ran by K (administrator) on ASPIRE-E1-531 on 20-03-2015 14:39:18

Running from C:\Users\K\Downloads

Loaded Profiles: K (Available profiles: K)

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe

() C:\Program Files\GNU\GnuPG\dirmngr.exe

(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe

(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe

() C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Tobit.Software) C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe

(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

() C:\Program Files\GNU\GnuPG\bin\kleopatra.exe

() C:\Program Files\GNU\GnuPG\bin\dbus-daemon.exe

(g10 Code GmbH) C:\Program Files\GNU\GnuPG\gpg-agent.exe

(g10 Code GmbH) C:\Program Files\GNU\GnuPG\scdaemon.exe

(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)

HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2325776 2012-02-14] (Synaptics Incorporated)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-13] (AVAST Software)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2014-08-27] (Apple Computer, Inc.)

HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\...\Run: [RfxSrvTray] => C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)

HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\...\Run: [msdbecc21f9.exe] => C:\Users\K\AppData\Roaming\Microsoft\msdbecc21f9.exe [224377 2009-07-14] (Deutsche Welle)

IFEO\bitguard.exe: [Debugger] tasklist.exe

IFEO\bprotect.exe: [Debugger] tasklist.exe

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\browsemngr.exe: [Debugger] tasklist.exe

IFEO\browserdefender.exe: [Debugger] tasklist.exe

IFEO\browsermngr.exe: [Debugger] tasklist.exe

IFEO\browserprotect.exe: [Debugger] tasklist.exe

IFEO\browsersafeguard.exe: [Debugger] tasklist.exe

IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe

IFEO\cltmngsvc.exe: [Debugger] tasklist.exe

IFEO\delta babylon.exe: [Debugger] tasklist.exe

IFEO\delta tb.exe: [Debugger] tasklist.exe

IFEO\delta2.exe: [Debugger] tasklist.exe

IFEO\deltainstaller.exe: [Debugger] tasklist.exe

IFEO\deltasetup.exe: [Debugger] tasklist.exe

IFEO\deltatb.exe: [Debugger] tasklist.exe

IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\iminentsetup.exe: [Debugger] tasklist.exe

IFEO\jumpflip: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\rjatydimofu.exe: [Debugger] tasklist.exe

IFEO\searchinstaller.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\searchsettings.exe: [Debugger] tasklist.exe

IFEO\searchsettings64.exe: [Debugger] tasklist.exe

IFEO\snapdo.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\sweetimsetup.exe: [Debugger] tasklist.exe

IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe

IFEO\umbrella.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

IFEO\volaro: [Debugger] tasklist.exe

IFEO\vonteera: [Debugger] tasklist.exe

IFEO\websteroids.exe: [Debugger] tasklist.exe

IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk

ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (No File)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk

ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files\phase-6\phase-6\reminder\reminder.exe (phase-6)

Startup: C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk

ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.search.yahoo.com/?type=523482&fr=spigot-yhp-ie

HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=429&systemid=406&v=a12627-128&apn_uid=2763712377124745&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2168196151-1402668096-4282511163-1000 -> DefaultScope {E8140166-1B2B-4B2C-B9A4-4E7B5D7368B9} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2168196151-1402668096-4282511163-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=429&systemid=406&v=a12349-128&apn_uid=2763712377124745&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2168196151-1402668096-4282511163-1000 -> {E8140166-1B2B-4B2C-B9A4-4E7B5D7368B9} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll No File

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-15] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-15] (Oracle Corporation)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll No File

Toolbar: HKLM - No Name - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} -  No File

Toolbar: HKU\S-1-5-21-2168196151-1402668096-4282511163-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll No File

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zcqnozcl.default

FF SearchEngineOrder.1: Ask.com

FF SelectedSearchEngine: Yahoo!

FF Homepage: https://www.ixquick.de

FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()

FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)

FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)

FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)

FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-15] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-15] (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

FF Plugin: TorchVLC -> C:\Users\K\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN)

FF Plugin HKU\S-1-5-21-2168196151-1402668096-4282511163-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\K\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)

FF SearchPlugin: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zcqnozcl.default\searchplugins\ixquick-https---deutsch.xml [2015-03-19]

FF SearchPlugin: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zcqnozcl.default\searchplugins\yahoo_ff.xml [2015-02-07]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml [2014-05-06]
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)

S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2014-01-29] (Intel Corporation)

R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [216576 2014-11-25] () [File not signed]

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)

R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]

R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]

R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-01] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-01] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-01] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-01] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-01] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-01] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-01] ()

R3 b57xdbd; C:\Windows\System32\DRIVERS\b57xdbd.sys [60968 2011-11-04] (Broadcom Corporation)

R3 b57xdmp; C:\Windows\System32\DRIVERS\b57xdmp.sys [17960 2011-11-04] (Broadcom Corporation)

R3 bScsiMSx; C:\Windows\System32\DRIVERS\bScsiMSx.sys [43560 2011-09-02] (Broadcom Corporation)

R3 bScsiSDx; C:\Windows\System32\DRIVERS\bScsiSDx.sys [51240 2012-02-09] (Broadcom Corporation)

R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-07-03] (BlueStack Systems)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)

R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21520 2012-02-14] (Synaptics Incorporated)

R3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-20 14:39 - 2015-03-20 14:40 - 00016197 _____ () C:\Users\K\Downloads\FRST.txt

2015-03-20 14:39 - 2015-03-20 14:39 - 00000000 ____D () C:\FRST

2015-03-20 14:38 - 2015-03-20 14:38 - 01135104 _____ (Farbar) C:\Users\K\Downloads\FRST.exe

2015-03-16 17:00 - 2015-03-16 17:00 - 00003846 _____ () C:\Users\K\AppData\Local\recently-used.xbel

2015-03-13 07:41 - 2015-03-17 22:06 - 00000022 _____ () C:\Windows\S.dirmngr

2015-03-11 22:06 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-03-11 22:06 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-11 22:06 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-11 22:06 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-11 22:06 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-11 22:06 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-11 22:06 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-11 22:06 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-03-11 22:06 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-11 22:06 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-03-11 22:06 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-03-11 22:06 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-03-11 22:06 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-11 22:06 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-11 22:06 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-03-11 22:06 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-11 22:06 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-03-11 22:06 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-03-11 22:06 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-03-11 22:06 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-03-11 22:06 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-03-11 22:06 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-03-11 22:06 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-11 22:06 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-11 22:06 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-11 22:06 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-03-11 22:06 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-03-11 22:06 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-11 22:06 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-11 22:06 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-03-11 21:49 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-03-11 21:49 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-03-11 21:48 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-03-11 21:48 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-11 21:48 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-03-11 21:48 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-11 21:48 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-03-11 21:48 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-03-11 21:48 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-03-11 21:48 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2015-03-11 21:48 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2015-03-11 21:48 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-03-11 21:48 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-03-11 21:48 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2015-03-11 21:48 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-03-11 21:48 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-11 21:48 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-03-11 21:05 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-11 21:04 - 2015-01-31 04:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-03-11 21:04 - 2015-01-31 04:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-03-11 21:04 - 2015-01-31 01:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-03-11 21:03 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-11 21:01 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-11 21:01 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-11 20:52 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-11 20:51 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-03-11 20:51 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-03-11 20:51 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-03-11 20:51 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-03-11 20:51 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-03-11 20:51 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-03-11 20:51 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-03-11 20:51 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-03-11 20:48 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-11 20:48 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-11 20:48 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-11 20:48 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-11 20:48 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-11 20:47 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-05 10:06 - 2015-03-05 10:06 - 00002048 _____ () C:\Windows\PFRO.log

2015-03-01 16:21 - 2015-03-14 18:13 - 00000000 ____D () C:\Users\K\AppData\Roaming\.kde

2015-03-01 16:21 - 2015-03-01 16:21 - 00000000 ____D () C:\Users\K\AppData\Local\GNU

2015-02-28 14:49 - 2015-03-01 13:23 - 00000000 ____D () C:\Users\K\Desktop\Open HPI

2015-02-28 14:36 - 2015-03-20 14:05 - 00000000 ____D () C:\Users\K\AppData\Roaming\gnupg

2015-02-28 14:36 - 2015-02-28 14:36 - 00000000 ____D () C:\Users\K\AppData\Roaming\Thunderbird

2015-02-28 14:36 - 2015-02-28 14:36 - 00000000 ____D () C:\Users\K\AppData\Local\Thunderbird

2015-02-28 14:36 - 2015-02-28 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win

2015-02-28 14:36 - 2015-02-28 14:36 - 00000000 ____D () C:\ProgramData\GNU

2015-02-28 14:35 - 2015-02-28 14:35 - 00000000 ____D () C:\Program Files\GNU

2015-02-28 14:32 - 2015-02-28 14:32 - 00002008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

2015-02-28 14:32 - 2015-02-28 14:32 - 00001996 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk

2015-02-28 14:32 - 2015-02-28 14:32 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

2015-02-28 14:30 - 2015-02-28 14:30 - 28746736 _____ (Mozilla) C:\Users\K\Downloads\Thunderbird Setup 31.5.0.exe

2015-02-28 14:29 - 2015-02-28 14:29 - 30498712 _____ (g10 Code GmbH) C:\Users\K\Downloads\gpg4win-2.2.3.exe

2015-02-25 06:22 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-20 14:37 - 2013-10-07 10:05 - 00000000 ____D () C:\ProgramData\Wincert

2015-03-20 14:10 - 2012-12-03 20:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-20 13:56 - 2012-12-03 19:06 - 01420419 _____ () C:\Windows\WindowsUpdate.log

2015-03-20 12:32 - 2009-07-14 05:34 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-20 12:32 - 2009-07-14 05:34 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-19 15:01 - 2012-12-12 16:46 - 00000256 _____ () C:\Windows\Tasks\PC Performer_DEFAULT.job

2015-03-18 16:46 - 2012-12-12 16:46 - 00000264 _____ () C:\Windows\Tasks\PC Performer_UPDATES.job

2015-03-17 22:06 - 2015-02-15 18:43 - 00001747 _____ () C:\Windows\setupact.log

2015-03-17 22:06 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-16 17:00 - 2015-01-01 18:12 - 00000000 ____D () C:\Users\K\AppData\Local\gtk-2.0

2015-03-16 17:00 - 2015-01-01 17:55 - 00000000 ____D () C:\Users\K\.gimp-2.8

2015-03-13 07:42 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-03-13 07:20 - 2013-09-16 10:55 - 00000000 ____D () C:\ProgramData\Netzmanager

2015-03-13 07:10 - 2009-07-14 05:33 - 00437872 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-13 07:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE

2015-03-12 14:14 - 2012-12-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-10 15:01 - 2010-11-20 22:01 - 01627884 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-05 10:06 - 2012-12-05 12:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-02-24 15:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
 

==================== Files in the root of some directories =======
 

2014-02-11 08:14 - 2014-02-11 08:15 - 16786448 _____ (Tobit.Software) C:\Program Files\radio-fx.exe

2014-10-08 15:38 - 2014-10-08 15:38 - 0038415 _____ () C:\Users\K\AppData\Roaming\Microsoft Excel 97-2003.ADR

2012-12-12 12:57 - 2012-12-12 12:57 - 0004096 ____H () C:\Users\K\AppData\Local\keyfile3.drm

2015-03-16 17:00 - 2015-03-16 17:00 - 0003846 _____ () C:\Users\K\AppData\Local\recently-used.xbel
 

Some content of TEMP:

====================

C:\Users\K\AppData\Local\Temp\kff0fxt9.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-03-05 10:38
 

==================== End Of Log ============================

--- --- ---

Additional:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015

Ran by K at 2015-03-20 14:40:46

Running from C:\Users\K\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.03) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)

Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)

Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)

Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)

BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.6.2 - Broadcom Corporation)

BYOB (HKLM\...\BYOB) (Version:  - )

Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )

Canon MG5100 series Benutzerregistrierung (HKLM\...\Canon MG5100 series Benutzerregistrierung) (Version:  - )

Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )

Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

DIE SIEDLER - Das Erbe der Könige - Gold Edition (HKLM\...\{E08DE897-B6AF-4DFF-9E90-131E80C876B4}) (Version: 1.00.0000 - Blue Byte)

Empire: Total War (HKLM\...\Steam App 10500) (Version:  - The Creative Assembly)

English G 21 e-Workbook A2 (HKLM\...\{FDEF8A5E-3F97-4024-ADD1-1185635BA3D9}) (Version: 1.00.000 - Cornelsen)

Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

GeoGebra (HKLM\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

Gpg4win (2.2.3) (HKLM\...\GPG4Win) (Version: 2.2.3 - The Gpg4win Project)

Haushaltsbuch (HKLM\...\InstallShield_{05366AFB-7D27-49F1-B935-17FF2DBFA0BD}) (Version: 11.00.0000 - Lexware)

Haushaltsbuch (Version: 11.00.0000 - Lexware) Hidden

Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)

iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)

Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Launch Manager (HKLM\...\LManager) (Version: 5.1.15 - Acer Inc.)

LEGO Star Wars II (HKLM\...\InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}) (Version: 1.00.0000 - LucasArts)

LEGO Star Wars II (Version: 1.00.0000 - LucasArts) Hidden

Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Mount & Blade: With Fire and Sword (HKLM\...\Steam App 48720) (Version:  - TaleWorlds)

Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Movies Toolbar for Firefox (Dist. by Bandoo Media, Inc.) (HKLM\...\ilividmoviestoolbarhaFF) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION

Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM\...\ilividmoviestoolbarhaIE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION

Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)

Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)

MyFreeCodec (HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\...\MyFreeCodec) (Version:  - )

Netzmanager (HKLM\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)

Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden

OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)

Personal Backup 5.4 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)

phase-6 2.3.4 (HKLM\...\phase-6) (Version: 2.3.4 - phase-6)

Python 3.2 (HKLM\...\{b2042d5e-986d-44ec-aee3-afe4108ccc93}) (Version: 3.2.150 - Python Software Foundation)

QuickTime (HKLM\...\QuickTime) (Version:  - )

Radio.fx (HKLM\...\Tobit Radio.fx Server) (Version:  - Tobit.Software)

Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)

Samsung Kies (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)

Search Protection (HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\...\Search Protection) (Version: 10.8.0.1 - Spigot, Inc.) <==== ATTENTION

Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

SpaceEngine Version 0.9.7.1 (HKLM\...\{53E413B3-2417-4BD1-984D-8C92C81C231F}_is1) (Version: 0.9.7.1 - SpaceEngine)

Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated)

Torch (HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\...\Torch) (Version: 29.0.0.6292 - Torch Media, Inc) <==== ATTENTION

TrackMania² Stadium (HKLM\...\Steam App 232910) (Version:  - Nadeo)

UBitMenuDE (HKLM\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)

VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)

Vokabel- und Formentrainer VIA MEA 1 (HKLM\...\{A660E302-A392-4174-A82D-D48A8C28998C}) (Version: 1.00.0000 - Cornelsen Verlag)

Warcraft III (HKLM\...\Warcraft III) (Version:  - Blizzard Entertainment)

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-2168196151-1402668096-4282511163-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\K\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

CustomCLSID: HKU\S-1-5-21-2168196151-1402668096-4282511163-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\K\AppData\Local\Torch\Application\29.0.0.6292\delegate_execute.exe (The Chromium Authors)
 

==================== Restore Points  =========================
 

10-03-2015 18:50:41 Geplanter Prüfpunkt

12-03-2015 06:48:45 Windows Update

13-03-2015 07:23:34 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {10298794-C058-4CA7-B689-897F2EE89ABF} - System32\Tasks\PC Performer => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION

Task: {2A88B5AA-E598-4A3E-9822-F8332842C738} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)

Task: {32FBF6DE-5F63-443C-BCD6-991DD67178DA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-01] (AVAST Software)

Task: {553D02F7-B552-4B06-8ED7-50FA9B94D7B5} - System32\Tasks\{BC9F56C5-9289-4CB7-9A32-DC858F52C916} => pcalua.exe -a C:\Users\K\Downloads\vcredist_x64.exe -d C:\Users\K\Downloads

Task: {99F75F97-5EC2-4C92-93DA-8FE36768B254} - System32\Tasks\{DC0EFEE5-7C91-41FE-AAA1-7FE0F0ACD3B2} => Firefox.exe hxxp://ui.skype.com/ui/0/6.5.0.158/de/abandoninstall?page=tsProgressBar

Task: {9E83600E-C3FB-4EDB-8EBB-30DBEAB53B22} - System32\Tasks\PC Performer_DEFAULT => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION

Task: {CA55D0AE-95D9-496F-A2DE-15CDD2CD59CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)

Task: {D1A89178-339A-40B3-80B3-C9E619998350} - System32\Tasks\PC Performer_UPDATES => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION

Task: {D46E2D91-A069-4F7E-9DE5-952AC7A0BD61} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\PC Performer_DEFAULT.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION

Task: C:\Windows\Tasks\PC Performer_UPDATES.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
 

==================== Loaded Modules (whitelisted) ==============
 

2015-03-20 09:57 - 2015-03-20 09:57 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031901\algo.dll

2015-03-20 13:58 - 2015-03-20 13:58 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15032000\algo.dll

2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-11-25 20:25 - 2014-11-25 20:25 - 00216576 _____ () C:\Program Files\GNU\GnuPG\dirmngr.exe

2014-11-25 20:11 - 2014-11-25 20:11 - 00221184 _____ () C:\Program Files\GNU\GnuPG\libksba-8.dll

2014-11-25 20:05 - 2014-11-25 20:05 - 00038400 _____ () C:\Program Files\GNU\GnuPG\libgpg-error-0.dll

2014-11-25 19:57 - 2014-11-25 19:57 - 00050176 _____ () C:\Program Files\GNU\GnuPG\libw32pth-0.dll

2014-11-25 20:10 - 2014-11-25 20:10 - 00070144 _____ () C:\Program Files\GNU\GnuPG\libassuan-0.dll

2014-11-25 20:13 - 2014-11-25 20:13 - 00742912 _____ () C:\Program Files\GNU\GnuPG\libgcrypt-20.dll

2014-02-11 08:17 - 2013-06-03 13:06 - 03999512 _____ () C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe

2015-03-13 18:57 - 2015-03-13 18:57 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2012-10-10 05:32 - 2012-10-10 05:32 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll

2014-02-11 08:17 - 2013-06-03 13:06 - 09907712 _____ () C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll

2014-02-11 08:17 - 2013-05-16 14:28 - 00242688 _____ () C:\Program Files\Tobit Radio.fx\Client\rfx-client$.ger

2014-10-16 07:35 - 2014-10-16 07:35 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll

2012-12-04 14:42 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

2012-12-04 14:46 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

2014-11-25 12:03 - 2014-11-25 12:03 - 04099584 _____ () C:\Program Files\GNU\GnuPG\bin\kleopatra.exe

2014-11-25 12:03 - 2014-11-25 12:03 - 01955840 _____ () C:\Program Files\GNU\GnuPG\libkleo.dll

2014-11-25 12:03 - 2014-11-25 12:03 - 03361280 _____ () C:\Program Files\GNU\GnuPG\bin\libkdecore.dll

2014-11-25 12:02 - 2014-11-25 12:02 - 00039936 _____ () C:\Program Files\GNU\GnuPG\libkdewin.dll

2014-11-17 15:16 - 2014-11-17 15:16 - 00038912 _____ () C:\Program Files\GNU\GnuPG\libgcc_s_sjlj-1.dll

2013-04-17 14:09 - 2013-04-17 14:09 - 00507904 _____ () C:\Program Files\GNU\GnuPG\libdbus-1.dll

2014-11-25 12:03 - 2014-11-25 12:03 - 04033024 _____ () C:\Program Files\GNU\GnuPG\libkdeui.dll

2014-11-25 12:02 - 2014-11-25 12:02 - 00949760 _____ () C:\Program Files\GNU\GnuPG\libattica.dll

2014-11-25 12:02 - 2014-11-25 12:02 - 00258560 _____ () C:\Program Files\GNU\GnuPG\libdbusmenu-qt.dll

2014-11-25 12:03 - 2014-11-25 12:03 - 00857600 _____ () C:\Program Files\GNU\GnuPG\libgpgme++.dll

2014-11-25 20:49 - 2014-11-25 20:49 - 00258048 _____ () C:\Program Files\GNU\GnuPG\libgpgme-11.dll

2014-11-25 12:03 - 2014-11-25 12:03 - 00072704 _____ () C:\Program Files\GNU\GnuPG\libqgpgme.dll

2014-11-25 12:03 - 2014-11-25 12:03 - 00294400 _____ () C:\Program Files\GNU\GnuPG\libkcmutils.dll

2014-11-25 12:03 - 2014-11-25 12:03 - 00603136 _____ () C:\Program Files\GNU\GnuPG\libkmime.dll

2013-04-17 14:09 - 2013-04-17 14:09 - 00635392 _____ () C:\Program Files\GNU\GnuPG\bin\dbus-daemon.exe

2013-04-29 11:22 - 2013-04-29 11:22 - 00247747 _____ () C:\Program Files\GNU\GnuPG\libexpat.dll

2010-10-19 08:31 - 2010-10-19 08:31 - 00159744 _____ () C:\Program Files\Netzmanager\NMInfraIS2\driver\SoftplugLib.DLL
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\K\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.2.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Radio.fx.LNK => C:\Windows\pss\Radio.fx.LNK.CommonStartup

MSCONFIG\startupfolder: C:^Users^K^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\K\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe

MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

MSCONFIG\startupreg: iLivid => "C:\Users\K\AppData\Local\iLivid\iLivid.exe" -autorun

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup

MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload

MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

MSCONFIG\startupreg: rfxsrvtray => "C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe"

MSCONFIG\startupreg: Search Protection => "C:\Users\K\AppData\Roaming\Search Protection\SP.EXE" /autostart

MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: Steam => "D:\Hendriks speicherkarte\Steam\Steam.exe" -silent
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2168196151-1402668096-4282511163-500 - Administrator - Disabled)

Gast (S-1-5-21-2168196151-1402668096-4282511163-501 - Limited - Enabled)

HomeGroupUser$ (S-1-5-21-2168196151-1402668096-4282511163-1777 - Limited - Enabled)

K (S-1-5-21-2168196151-1402668096-4282511163-1000 - Administrator - Enabled) => C:\Users\K
 

==================== Faulty Device Manager Devices =============
 

Name: Broadcom NetLink (TM) Gigabit Ethernet

Description: Broadcom NetLink (TM) Gigabit Ethernet

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Broadcom

Service: k57nd60x

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (03/20/2015 02:05:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: gpgsm.exe, Version: 2.0.26.23341, Zeitstempel: 0x5474dcc0

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0003224d

ID des fehlerhaften Prozesses: 0x1e98

Startzeit der fehlerhaften Anwendung: 0xgpgsm.exe0

Pfad der fehlerhaften Anwendung: gpgsm.exe1

Pfad des fehlerhaften Moduls: gpgsm.exe2

Berichtskennung: gpgsm.exe3
 

Error: (03/20/2015 01:54:36 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: FDE9.tmp, Version: 1.0.0.546, Zeitstempel: 0x550c0c62

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0x001e3858

ID des fehlerhaften Prozesses: 0x8ac

Startzeit der fehlerhaften Anwendung: 0xFDE9.tmp0

Pfad der fehlerhaften Anwendung: FDE9.tmp1

Pfad des fehlerhaften Moduls: FDE9.tmp2

Berichtskennung: FDE9.tmp3
 

Error: (03/20/2015 01:54:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1441699
 

Error: (03/20/2015 01:54:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1441699
 

Error: (03/20/2015 01:54:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (03/20/2015 01:54:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1440514
 

Error: (03/20/2015 01:54:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1440514
 

Error: (03/20/2015 01:54:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (03/20/2015 01:54:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1439468
 

Error: (03/20/2015 01:54:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1439468
 
 

System errors:

=============

Error: (03/20/2015 09:57:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Netzmanager Infrastruktur Informationssystem Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (03/20/2015 09:57:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netzmanager Service erreicht.
 

Error: (03/20/2015 09:54:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netzmanager Service erreicht.
 

Error: (03/19/2015 10:32:43 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst RapiMgr erreicht.
 

Error: (03/18/2015 03:35:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.
 

Error: (03/18/2015 00:53:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Netzmanager Infrastruktur Informationssystem Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (03/17/2015 10:07:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 

%%1064
 

Error: (03/17/2015 10:06:31 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎17.‎03.‎2015 um 22:02:43 unerwartet heruntergefahren.
 

Error: (03/17/2015 02:01:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Netzmanager Infrastruktur Informationssystem Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (03/17/2015 06:47:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Netzmanager Infrastruktur Informationssystem Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
 
 

Microsoft Office Sessions:

=========================

Error: (03/11/2014 04:39:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1661 seconds with 1440 seconds of active time.  This session ended with a crash.
 

Error: (02/21/2014 03:34:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 289 seconds with 180 seconds of active time.  This session ended with a crash.
 

Error: (09/08/2013 08:15:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 63 seconds with 0 seconds of active time.  This session ended with a crash.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz

Percentage of memory in use: 42%

Total physical RAM: 2642.36 MB

Available physical RAM: 1518.13 MB

Total Pagefile: 5283.01 MB

Available Pagefile: 3803.22 MB

Total Virtual: 2047.88 MB

Available Virtual: 1885.27 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:270.35 GB) (Free:189.3 GB) NTFS

Drive d: () (Fixed) (Total:195.31 GB) (Free:103.21 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 11CD57C7)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Movies Toolbar for Firefox

Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM\...\ilividmoviestoolbarhaIE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION

Search Protection

Torch
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Code:

ComboFix 15-03-14.03 - K 21.03.2015  12:55:26.1.2 - x86

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2642.1611 [GMT 1:00]

ausgeführt von:: c:\users\K\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2015-02-21 bis 2015-03-21  ))))))))))))))))))))))))))))))

.

.

2015-03-21 12:04 . 2015-03-21 12:04        --------        d-----w-        c:\users\Default\AppData\Local\temp

2015-03-21 11:38 . 2015-03-21 11:38        --------        d-----w-        c:\program files\VS Revo Group

2015-03-20 13:39 . 2015-03-20 13:41        --------        d-----w-        C:\FRST

2015-03-11 20:49 . 2015-02-03 03:12        3209728        ----a-w-        c:\windows\system32\mf.dll

2015-03-11 20:05 . 2015-02-03 03:12        1230848        ----a-w-        c:\windows\system32\WindowsCodecs.dll

2015-03-11 20:04 . 2015-01-31 03:33        2744320        ----a-w-        c:\windows\system32\rdpcorets.dll

2015-03-11 20:04 . 2015-01-31 03:33        13824        ----a-w-        c:\windows\system32\RdpGroupPolicyExtension.dll

2015-03-11 20:04 . 2015-01-31 00:48        221184        ----a-w-        c:\windows\system32\rdpudd.dll

2015-03-11 20:03 . 2015-01-17 02:30        828928        ----a-w-        c:\windows\system32\msctf.dll

2015-03-11 20:01 . 2015-02-26 03:11        2381312        ----a-w-        c:\windows\system32\win32k.sys

2015-03-11 19:52 . 2015-02-03 03:12        171520        ----a-w-        c:\windows\system32\ubpm.dll

2015-03-11 19:48 . 2015-02-20 04:13        26624        ----a-w-        c:\windows\system32\lpk.dll

2015-03-11 19:48 . 2015-02-20 04:13        34304        ----a-w-        c:\windows\system32\atmlib.dll

2015-03-11 19:48 . 2015-02-20 03:09        299008        ----a-w-        c:\windows\system32\atmfd.dll

2015-03-11 19:48 . 2015-02-20 04:13        70656        ----a-w-        c:\windows\system32\fontsub.dll

2015-03-11 19:48 . 2015-02-20 04:13        10240        ----a-w-        c:\windows\system32\dciman32.dll

2015-03-11 19:47 . 2015-02-04 02:54        417792        ----a-w-        c:\windows\system32\WMPhoto.dll

2015-03-01 15:21 . 2015-03-01 15:21        --------        d-----w-        c:\users\K\AppData\Local\GNU

2015-03-01 15:21 . 2015-03-14 17:13        --------        d-----w-        c:\users\K\AppData\Roaming\.kde

2015-02-28 13:36 . 2015-03-20 19:05        --------        d-----w-        c:\users\K\AppData\Roaming\gnupg

2015-02-28 13:36 . 2015-02-28 13:36        --------        d-----w-        c:\programdata\GNU

2015-02-28 13:36 . 2015-02-28 13:36        --------        d-----w-        c:\users\K\AppData\Local\Thunderbird

2015-02-28 13:36 . 2015-02-28 13:36        --------        d-----w-        c:\users\K\AppData\Roaming\Thunderbird

2015-02-28 13:35 . 2015-02-28 13:35        --------        d-----w-        c:\program files\GNU

2015-02-28 13:32 . 2015-02-28 13:32        --------        d-----w-        c:\program files\Mozilla Thunderbird

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-02-17 15:04 . 2015-02-17 15:04        1202848        ----a-w-        c:\windows\system32\FM20.DLL

2015-02-15 14:58 . 2014-09-25 09:49        96680        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

2015-02-08 13:21 . 2012-12-03 19:06        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2015-02-08 13:21 . 2012-12-03 19:06        701616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2015-02-04 02:54 . 2015-02-11 05:46        482304        ----a-w-        c:\windows\system32\generaltel.dll

2015-02-04 02:53 . 2015-02-11 05:46        621056        ----a-w-        c:\windows\system32\invagent.dll

2015-02-04 02:53 . 2015-02-11 05:46        325632        ----a-w-        c:\windows\system32\devinv.dll

2015-02-04 02:53 . 2015-02-11 05:46        767488        ----a-w-        c:\windows\system32\appraiser.dll

2015-02-04 02:53 . 2015-02-11 05:46        202752        ----a-w-        c:\windows\system32\aepdu.dll

2015-02-04 02:53 . 2015-02-11 05:46        159744        ----a-w-        c:\windows\system32\aepic.dll

2015-02-04 02:49 . 2015-02-11 05:46        886784        ----a-w-        c:\windows\system32\aeinv.dll

2015-01-27 23:36 . 2015-02-11 05:46        1167520        ----a-w-        c:\windows\system32\aitstatic.exe

2015-01-09 02:48 . 2015-02-15 14:59        76800        ----a-w-        c:\windows\system32\wdi.dll

2015-01-09 02:48 . 2015-02-15 14:59        635904        ----a-w-        c:\windows\system32\perftrack.dll

2015-01-09 02:48 . 2015-02-15 14:59        27136        ----a-w-        c:\windows\system32\powertracker.dll

2014-02-11 07:15 . 2014-02-11 07:14        16786448        ----a-w-        c:\program files\radio-fx.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-12-01 05:44        723976        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RfxSrvTray"="c:\program files\Tobit Radio.fx\Client\rfx-tray.exe" [2013-02-07 1838872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2012-03-23 1105488]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-02-14 2325776]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-13 5227648]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2014-08-27 98304]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 145880]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 181208]

"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 189912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"removeiLividdatamngr"="RD" [X]

.

c:\users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe /Autostart [2014-1-24 14140416]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

phase-6 Reminder.lnk - c:\program files\phase-6\phase-6\reminder\reminder.exe [2014-1-7 724992]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Radio.fx.LNK]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Radio.fx.LNK

backup=c:\windows\pss\Radio.fx.LNK.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^K^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]

path=c:\users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2013-04-04 21:06        958576        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonMP3DownloaderHelper]

2013-05-22 18:50        400704        ----a-w-        c:\users\K\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2013-04-21 19:43        59720        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]

2014-07-03 20:09        831192        ----a-w-        c:\program files\BlueStacks\HD-Agent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2010-03-25 02:50        2516296        ----a-w-        c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]

2010-04-02 09:18        1185112        ----a-w-        c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2013-02-20 11:35        152392        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]

2013-12-11 17:52        1564528        ----a-w-        c:\program files\Samsung\Kies\Kies.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

2013-12-11 17:52        311152        ----a-w-        c:\program files\Samsung\Kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfxsrvtray]

2013-02-07 17:38        1838872        ----a-w-        c:\program files\Tobit Radio.fx\Client\rfx-tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2014-12-11 10:20        30877280        ----a-r-        c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2013-09-21 18:34        1814440        ----a-w-        d:\hendriks speicherkarte\Steam\Steam.exe

.

R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]

R2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [2014-11-25 216576]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-10-28 87064]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]

R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2012-01-19 370728]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-10-28 182680]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-12-01 787800]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-12-01 423784]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-12-01 24184]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-12-01 70384]

S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2014-07-03 112344]

S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2014-07-03 384728]

S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2014-07-03 773848]

S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2012-03-23 355920]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-18 165760]

S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2013-06-03 3999512]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-18 364416]

S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-11-04 60968]

S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-11-04 17960]

S3 bScsiMSx;bScsiMSx;c:\windows\system32\DRIVERS\bScsiMSx.sys [2011-09-02 43560]

S3 bScsiSDx;bScsiSDx;c:\windows\system32\DRIVERS\bScsiSDx.sys [2012-02-09 51240]

S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]

S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2012-02-14 21520]

S3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [2010-09-16 35040]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr

.

Inhalt des "geplante Tasks" Ordners

.

2015-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-03 13:21]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = https://de.search.yahoo.com/?type=523482&fr=spigot-yhp-ie

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zcqnozcl.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo!

FF - prefs.js: browser.startup.homepage - hxxps://www.ixquick.de

FF - prefs.js: keyword.URL - hxxps://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-10 - (no file)

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe /Startup

MSConfigStartUp-iLivid - c:\users\K\AppData\Local\iLivid\iLivid.exe

MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe

MSConfigStartUp-Search Protection - c:\users\K\AppData\Roaming\Search Protection\SP.EXE

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2168196151-1402668096-4282511163-1000\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,3b,1b,96,84,8e,

   6a,50,5e,fe,0f,a7,b8,09,1f,46,81,82,31

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,cc,

   07,92,ba,e5,09,b8,98,b9,17,8d,69,f8,dd

"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,3b,1b,bd,cc,96,

   28,c0,ed,90,0c,a2,55,e6,c7,c0,25,bb,c7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8b,07,

   69,cf,84,4a,0d,ab,e5,97,9a,f0,9e,68,5d

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,23,

   8f,3d,1e,d9,01,93,c2,12,24,77,4f,26,d8

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,db,

   c4,7a,f6,3d,08,a1,7a,df,65,c0,82,cd,b7

"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,3b,1b,80,6a,27,

   3e,7e,be,fc,04,95,89,5c,0a,ef,20,61,27

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,82,16,

   e0,65,9e,48,05,a2,35,d5,a9,28,91,10,1d

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c2,f9,

   a2,5a,90,b6,5a,a1,e3,43,e0,c8,4d,f0,11

"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,38,12,ab,c5,1e,

   a0,e2,37,c6,09,de,93,cc,b9,8c,f1,55,01

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2015-03-21  13:06:52

ComboFix-quarantined-files.txt  2015-03-21 12:06

.

Vor Suchlauf: 10 Verzeichnis(se), 204.942.938.112 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 213.635.387.392 Bytes frei

.

- - End Of File - - 2D809D8CEA500BED0CA3D6669A34DF1C

A36C5E4F47E84449FF07ED3517B43A31

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Malware:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 22.03.2015

Suchlauf-Zeit: 12:10:27

Logdatei: malware anti log.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2015.03.22.03

Rootkit Datenbank: v2015.02.25.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x86

Dateisystem: NTFS

Benutzer: K
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 341585

Verstrichene Zeit: 18 Min, 9 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 7

PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}, , [3a51c2862268ad892d135709c1421ce4], 

PUP.Optional.MoviesToolBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3d86a75b-cb6b-4764-885d-ca6336f04ba2}, , [9bf052f6aedcc96d85c30621996a3ec2], 

PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard, , [7f0c88c0f397b185003fb6aaf90a7f81], 

PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard.1, , [5239d474a2e885b1211e4b153ec57a86], 

PUP.Optional.PCPerformer.A, HKLM\SOFTWARE\PERFORMERSOFT\PC Performer, , [95f6e662d9b1320433a11603798c7f81], 

PUP.Optional.DataMngr.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, , [1972ac9cfe8c6fc75c630b0dd62fc63a], 

PUP.Optional.PCPerformer.A, HKU\S-1-5-21-2168196151-1402668096-4282511163-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PERFORMERSOFT\PC Performer, , [f794ef59a5e572c421b420f9e3220000], 
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 1

PUP.Optional.Spigot.A, HKU\S-1-5-21-2168196151-1402668096-4282511163-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://de.search.yahoo.com/?type=523482&fr=spigot-yhp-ie, Gut: (www.google.com), Schlecht: (https://de.search.yahoo.com/?type=523482&fr=spigot-yhp-ie),,[6d1ed96fdcaeec4a3c45eff8fe074cb4]
 

Ordner: 4

PUP.Optional.PCPerformer.A, C:\Users\K\AppData\Roaming\PerformerSoft\PC Performer, , [9eed0741305a54e2196a56c4858012ee], 

PUP.Optional.Datamngr.A, C:\ProgramData\Wincert, , [4249a0a87d0dd85e6b3e3e07d13450b0], 

PUP.Optional.Datamngr.A, C:\Users\K\AppData\LocalLow\DataMngr, , [b3d81632246644f2378a4930659ea858], 

PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService, , [b5d6d375f991a29432a53a547f841ce4], 
 

Dateien: 15

PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot.exe, , [a3e814340486e254e58173ae2cd4f50b], 

Adware.InstallBrain, C:\Users\K\Downloads\VideoPerformerSetup.exe, , [39520543b8d2d462e33edb59b9482ad6], 

PUP.Optional.Spigot.A, C:\Users\K\Downloads\YTD396Setup.exe, , [2863b49402888caa21eef4332fd144bc], 

PUP.Optional.Bandoo, C:\Users\K\Downloads\iLividSetup-r341-n-bu.exe, , [741785c3800a7db9c3441620d22f38c8], 

PUP.Optional.Spigot.A, C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zcqnozcl.default\searchplugins\yahoo_ff.xml, , [b4d75aee701a2511e15e1ca3867df50b], 

PUP.Optional.PCPerformer, C:\Windows\System32\Tasks\PC Performer, , [3952f0586921d363590305d3ec177d83], 

PUP.Optional.PCPerformer.A, C:\Users\K\AppData\Roaming\PerformerSoft\PC Performer\log_12-12-2012.log, , [9eed0741305a54e2196a56c4858012ee], 

PUP.Optional.PCPerformer.A, C:\Users\K\AppData\Roaming\PerformerSoft\PC Performer\ExcludeList.rcp, , [9eed0741305a54e2196a56c4858012ee], 

PUP.Optional.PCPerformer.A, C:\Users\K\AppData\Roaming\PerformerSoft\PC Performer\results.rcp, , [9eed0741305a54e2196a56c4858012ee], 

PUP.Optional.PCPerformer.A, C:\Users\K\AppData\Roaming\PerformerSoft\PC Performer\TempHLList.rcp, , [9eed0741305a54e2196a56c4858012ee], 

PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win32cert.dll, , [4249a0a87d0dd85e6b3e3e07d13450b0], 

PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win64cert.dll, , [4249a0a87d0dd85e6b3e3e07d13450b0], 

PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win64prop.dll, , [4249a0a87d0dd85e6b3e3e07d13450b0], 

PUP.Optional.Datamngr.A, C:\Users\K\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}64, , [b3d81632246644f2378a4930659ea858], 

PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService\repository.xml, , [b5d6d375f991a29432a53a547f841ce4], 
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

Adwcleaner:

Code:

# AdwCleaner v4.112 - Bericht erstellt 22/03/2015 um 12:49:08

# Aktualisiert 09/03/2015 von Xplode

# Datenbank : 2015-03-22.1 [Server]

# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)

# Benutzername : K - ASPIRE-E1-531

# Gestarted von : C:\Users\K\Downloads\adwcleaner_4.112.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\BitGuard

Ordner Gelöscht : C:\ProgramData\Browser Manager

Ordner Gelöscht : C:\ProgramData\BrowserProtect

Ordner Gelöscht : C:\Program Files\file scout

Ordner Gelöscht : C:\Program Files\Common Files\Tobit

Ordner Gelöscht : C:\Users\K\AppData\Local\PackageAware

Ordner Gelöscht : C:\Users\K\AppData\Roaming\PerformerSoft

Ordner Gelöscht : C:\Users\K\AppData\Roaming\Tobit

Datei Gelöscht : C:\Users\K\Favorites\Startfenster.lnk

Datei Gelöscht : C:\Users\K\Favorites\Links\Startfenster.lnk

Datei Gelöscht : C:\Users\K\AppData\Roaming\Microsoft\Internet Explorer\QuicK Launch\Startfenster.lnk

Datei Gelöscht : C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk

Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\Ask.xml
 

***** [ Geplante Tasks ] *****
 

Task Gelöscht : PC Performer
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\Classes\iLivid.torrent

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLivid.torrent

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Schlüssel Gelöscht : HKCU\Software\filescout

Schlüssel Gelöscht : HKCU\Software\ilivid

Schlüssel Gelöscht : HKCU\Software\Myfree Codec

Schlüssel Gelöscht : HKCU\Software\PerformerSoft

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec

Schlüssel Gelöscht : HKLM\SOFTWARE\PerformerSoft

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17689
 
 

-\\ Mozilla Firefox v35.0.1 (x86 de)
 

[zcqnozcl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");

[zcqnozcl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxps://www.ixquick.de");
 

-\\ Google Chrome v
 
 

*************************
 

AdwCleaner[R0].txt - [3300 Bytes] - [22/03/2015 12:39:12]

AdwCleaner[S0].txt - [3122 Bytes] - [22/03/2015 12:49:08]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3181  Bytes] ##########

JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.5 (03.17.2015:1)

OS: Windows 7 Professional x86

Ran by K on 22.03.2015 at 12:53:50,23

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\Program Files\myfree codec"
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\K\AppData\Roaming\mozilla\firefox\profiles\zcqnozcl.default\minidumps [312 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 22.03.2015 at 12:57:56,32

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015

Ran by K (administrator) on ASPIRE-E1-531 on 22-03-2015 13:04:20

Running from C:\Users\K\Downloads

Loaded Profiles: K (Available profiles: K)

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Tobit.Software) C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe

() C:\Program Files\GNU\GnuPG\dirmngr.exe

(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe

(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe

(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe

() C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)

HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2325776 2012-02-14] (Synaptics Incorporated)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-13] (AVAST Software)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2014-08-27] (Apple Computer, Inc.)

HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\...\Run: [RfxSrvTray] => C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk

ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files\phase-6\phase-6\reminder\reminder.exe (phase-6)

Startup: C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk

ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2168196151-1402668096-4282511163-1000 -> {E8140166-1B2B-4B2C-B9A4-4E7B5D7368B9} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll No File

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-15] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-15] (Oracle Corporation)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll No File

Toolbar: HKU\S-1-5-21-2168196151-1402668096-4282511163-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll No File

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zcqnozcl.default

FF SelectedSearchEngine: Yahoo!

FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()

FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)

FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)

FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)

FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-15] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-15] (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2168196151-1402668096-4282511163-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\K\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)

FF SearchPlugin: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zcqnozcl.default\searchplugins\ixquick-https---deutsch.xml [2015-03-19]

FF Extension: Adblock Plus - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zcqnozcl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-20]
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)

S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2014-01-29] (Intel Corporation)

R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [216576 2014-11-25] () [File not signed]

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]

R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]

R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-01] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-01] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-01] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-01] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-01] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-01] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-01] ()

R3 b57xdbd; C:\Windows\System32\DRIVERS\b57xdbd.sys [60968 2011-11-04] (Broadcom Corporation)

R3 b57xdmp; C:\Windows\System32\DRIVERS\b57xdmp.sys [17960 2011-11-04] (Broadcom Corporation)

R3 bScsiMSx; C:\Windows\System32\DRIVERS\bScsiMSx.sys [43560 2011-09-02] (Broadcom Corporation)

R3 bScsiSDx; C:\Windows\System32\DRIVERS\bScsiSDx.sys [51240 2012-02-09] (Broadcom Corporation)

R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-07-03] (BlueStack Systems)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-22] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)

R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21520 2012-02-14] (Synaptics Incorporated)

R3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

S3 catchme; \??\C:\Users\K\AppData\Local\Temp\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-22 12:57 - 2015-03-22 12:58 - 00000816 _____ () C:\Users\K\Desktop\JRT.txt

2015-03-22 12:53 - 2015-03-22 12:53 - 01388672 _____ (Thisisu) C:\Users\K\Downloads\JRT_6.4.5.exe

2015-03-22 12:52 - 2015-03-22 12:52 - 00003261 _____ () C:\Users\K\Desktop\AdwCleaner[S0].txt

2015-03-22 12:51 - 2015-03-22 12:51 - 00000022 _____ () C:\Windows\S.dirmngr

2015-03-22 12:39 - 2015-03-22 12:49 - 00000000 ____D () C:\AdwCleaner

2015-03-22 12:38 - 2015-03-22 12:38 - 02171392 _____ () C:\Users\K\Downloads\adwcleaner_4.112.exe

2015-03-22 12:09 - 2015-03-22 12:52 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-22 12:08 - 2015-03-22 12:10 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-22 12:08 - 2015-03-22 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-22 12:08 - 2015-03-22 12:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-03-22 12:08 - 2015-03-22 12:08 - 00000000 ____D () C:\Users\K\AppData\Roaming\dlg

2015-03-22 12:08 - 2015-03-22 12:08 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-22 12:08 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-22 12:08 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-22 12:08 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-22 12:06 - 2015-03-22 12:06 - 00373944 _____ () C:\Users\K\Downloads\malwarebytes-anti-malware.exe

2015-03-22 12:02 - 2015-03-22 12:02 - 00149128 _____ () C:\Windows\Minidump\032215-23836-01.dmp

2015-03-22 12:01 - 2015-03-22 12:01 - 407470729 _____ () C:\Windows\MEMORY.DMP

2015-03-21 13:06 - 2015-03-21 13:06 - 00017674 _____ () C:\ComboFix.txt

2015-03-21 12:53 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-03-21 12:53 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-03-21 12:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-03-21 12:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-03-21 12:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-03-21 12:53 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-03-21 12:53 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-03-21 12:53 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-03-21 12:52 - 2015-03-21 13:06 - 00000000 ____D () C:\Qoobox

2015-03-21 12:52 - 2015-03-21 13:05 - 00000000 ____D () C:\Windows\erdnt

2015-03-21 12:51 - 2015-03-21 12:51 - 05615380 ____R (Swearware) C:\Users\K\Desktop\ComboFix.exe

2015-03-21 12:38 - 2015-03-21 12:38 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\K\Downloads\revosetup95.exe

2015-03-21 12:38 - 2015-03-21 12:38 - 00001186 _____ () C:\Users\K\Desktop\Revo Uninstaller.lnk

2015-03-21 12:38 - 2015-03-21 12:38 - 00000000 ____D () C:\Program Files\VS Revo Group

2015-03-20 14:40 - 2015-03-20 14:41 - 00028702 _____ () C:\Users\K\Downloads\Addition.txt

2015-03-20 14:39 - 2015-03-22 13:04 - 00014091 _____ () C:\Users\K\Downloads\FRST.txt

2015-03-20 14:39 - 2015-03-22 13:04 - 00000000 ____D () C:\FRST

2015-03-20 14:38 - 2015-03-20 14:38 - 01135104 _____ (Farbar) C:\Users\K\Downloads\FRST.exe

2015-03-16 17:00 - 2015-03-16 17:00 - 00003846 _____ () C:\Users\K\AppData\Local\recently-used.xbel

2015-03-11 22:06 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-03-11 22:06 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-11 22:06 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-11 22:06 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-11 22:06 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-11 22:06 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-11 22:06 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-11 22:06 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-03-11 22:06 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-11 22:06 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-03-11 22:06 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-03-11 22:06 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-03-11 22:06 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-11 22:06 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-11 22:06 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-03-11 22:06 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-11 22:06 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-03-11 22:06 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-03-11 22:06 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-03-11 22:06 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-03-11 22:06 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-03-11 22:06 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-03-11 22:06 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-11 22:06 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-11 22:06 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-11 22:06 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-03-11 22:06 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-03-11 22:06 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-11 22:06 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-11 22:06 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-03-11 21:49 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-03-11 21:49 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-03-11 21:48 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-03-11 21:48 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-11 21:48 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-03-11 21:48 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-11 21:48 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-03-11 21:48 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-03-11 21:48 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-03-11 21:48 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2015-03-11 21:48 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2015-03-11 21:48 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-03-11 21:48 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-03-11 21:48 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2015-03-11 21:48 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-03-11 21:48 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-11 21:48 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-03-11 21:05 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-11 21:04 - 2015-01-31 04:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-03-11 21:04 - 2015-01-31 04:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-03-11 21:04 - 2015-01-31 01:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-03-11 21:03 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-11 21:01 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-11 21:01 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-11 20:52 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-11 20:51 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-03-11 20:51 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-03-11 20:51 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-03-11 20:51 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-03-11 20:51 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-03-11 20:51 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-03-11 20:51 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-03-11 20:51 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-03-11 20:48 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-11 20:48 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-11 20:48 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-11 20:48 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-11 20:48 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-11 20:47 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-05 10:06 - 2015-03-22 12:50 - 00013778 _____ () C:\Windows\PFRO.log

2015-03-01 16:21 - 2015-03-14 18:13 - 00000000 ____D () C:\Users\K\AppData\Roaming\.kde

2015-03-01 16:21 - 2015-03-01 16:21 - 00000000 ____D () C:\Users\K\AppData\Local\GNU

2015-02-28 14:49 - 2015-03-01 13:23 - 00000000 ____D () C:\Users\K\Desktop\Open HPI

2015-02-28 14:36 - 2015-03-21 17:39 - 00000000 ____D () C:\Users\K\AppData\Roaming\gnupg

2015-02-28 14:36 - 2015-02-28 14:36 - 00000000 ____D () C:\Users\K\AppData\Roaming\Thunderbird

2015-02-28 14:36 - 2015-02-28 14:36 - 00000000 ____D () C:\Users\K\AppData\Local\Thunderbird

2015-02-28 14:36 - 2015-02-28 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win

2015-02-28 14:36 - 2015-02-28 14:36 - 00000000 ____D () C:\ProgramData\GNU

2015-02-28 14:35 - 2015-02-28 14:35 - 00000000 ____D () C:\Program Files\GNU

2015-02-28 14:32 - 2015-02-28 14:32 - 00002008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

2015-02-28 14:32 - 2015-02-28 14:32 - 00001996 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk

2015-02-28 14:32 - 2015-02-28 14:32 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

2015-02-28 14:30 - 2015-02-28 14:30 - 28746736 _____ (Mozilla) C:\Users\K\Downloads\Thunderbird Setup 31.5.0.exe

2015-02-28 14:29 - 2015-02-28 14:29 - 30498712 _____ (g10 Code GmbH) C:\Users\K\Downloads\gpg4win-2.2.3.exe

2015-02-25 06:22 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-22 12:59 - 2009-07-14 05:34 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-22 12:59 - 2009-07-14 05:34 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-22 12:54 - 2012-12-03 19:06 - 01494350 _____ () C:\Windows\WindowsUpdate.log

2015-03-22 12:50 - 2015-02-15 18:43 - 00002027 _____ () C:\Windows\setupact.log

2015-03-22 12:50 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-22 12:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration

2015-03-22 12:10 - 2012-12-03 20:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-22 12:02 - 2014-08-13 13:12 - 00000000 ____D () C:\Windows\Minidump

2015-03-21 13:06 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default

2015-03-21 13:06 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public

2015-03-21 13:04 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini

2015-03-16 17:00 - 2015-01-01 18:12 - 00000000 ____D () C:\Users\K\AppData\Local\gtk-2.0

2015-03-16 17:00 - 2015-01-01 17:55 - 00000000 ____D () C:\Users\K\.gimp-2.8

2015-03-13 07:42 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-03-13 07:20 - 2013-09-16 10:55 - 00000000 ____D () C:\ProgramData\Netzmanager

2015-03-13 07:10 - 2009-07-14 05:33 - 00437872 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-13 07:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE

2015-03-12 14:14 - 2012-12-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-10 15:01 - 2010-11-20 22:01 - 01627884 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-05 10:06 - 2012-12-05 12:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-02-24 15:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
 

==================== Files in the root of some directories =======
 

2014-02-11 08:14 - 2014-02-11 08:15 - 16786448 _____ (Tobit.Software) C:\Program Files\radio-fx.exe

2014-10-08 15:38 - 2014-10-08 15:38 - 0038415 _____ () C:\Users\K\AppData\Roaming\Microsoft Excel 97-2003.ADR

2012-12-12 12:57 - 2012-12-12 12:57 - 0004096 ____H () C:\Users\K\AppData\Local\keyfile3.drm

2015-03-16 17:00 - 2015-03-16 17:00 - 0003846 _____ () C:\Users\K\AppData\Local\recently-used.xbel
 

Some content of TEMP:

====================

C:\Users\K\AppData\Local\Temp\Quarantine.exe

C:\Users\K\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-03-20 15:32
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Eset:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=c3f3268cb88a0e44838ceee730253f47

# engine=23037

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-03-23 03:16:33

# local_time=2015-03-23 04:16:33 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='avast! Internet Security'

# compatibility_mode=779 16777213 85 60 501011 191544283 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 53565196 178754984 0 0

# scanned=224728

# found=30

# cleaned=30

# scan_time=4752

sh=DC6886FD957E8208621841AF0C14225AE3B7A67A ft=1 fh=81451a9cc5e92289 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF14.dll"

sh=1FC403554888A70990DB671F35DA726B58DA76ED ft=1 fh=9a017a40af54086a vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF19.dll"

sh=F6E593F866CCD6ADE8AECB52336A9BAC7FFA5762 ft=1 fh=4b9ec2ec56673034 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF2.dll"

sh=EA2ADB7B2E92E6A0B6112120E688548FE1154C6A ft=1 fh=93f03ca277d01c47 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF20.dll"

sh=2F8A26BD926EEF26CC3682D64142A62705BE1D0F ft=1 fh=36cd9c17fa4297ae vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF21.dll"

sh=6465047FBB1ED1B00341191AAB323EABC22C09CC ft=1 fh=02d31136da1bf9a7 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF22.dll"

sh=AECCC6ACD081DFDD5BCF6FEC14450450C0AD1DB0 ft=1 fh=4fab8459292a13e9 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF23.dll"

sh=8EDD8F5012A4EEC53A3DC8FC8A14B31837307FCA ft=1 fh=7b4f4128c04f2160 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF24.dll"

sh=46E537FD88ECE415A570B4FA055B2D071BB43C3D ft=1 fh=6e7b1b9401bf24ab vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF25.dll"

sh=838E69B604AF97B8CB93110A154EFBB305B7AEE9 ft=1 fh=ac5a482d790ab97e vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF26.dll"

sh=D810290FDC3F613968F4E77A6548AB501BA7A1E2 ft=1 fh=ba1eabd2db068b31 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF27.dll"

sh=E03DA7A86CD5ACD1A6FB8CCA8FDABE188037D4EC ft=1 fh=716b6a028c497ca2 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF29.dll"

sh=1403189B75E760521AFF34B38502A79BFF692D65 ft=1 fh=cc4a2a26a86027ba vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF4.dll"

sh=E818447028855157EE73D7980454A84F80983BDA ft=1 fh=9376cbbfd841a78f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF5.dll"

sh=3559441023D3D9579F4859BBD2BC022F7A54E842 ft=1 fh=cc68df8ebdc6610e vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF6.dll"

sh=AFCC778B4F083FF18661023CD59BA8D5CD0FA43A ft=1 fh=9e27e7efd0dd32db vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF7.dll"

sh=F2213F7EE0E4CD1C66239EA8FA59F5B8343590A6 ft=1 fh=e866cf12594a20e6 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\DatamngrHlpFF8.dll"

sh=994985F69378BB10E02E7AE51BE43D6B4F190025 ft=1 fh=950d1666e33f6710 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\trz9118.tmp"

sh=6758EAF1EDF38D38B179BB9BDF146D90390C9DF8 ft=1 fh=60329568bf210e52 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\trz9212.tmp"

sh=CD4DB513DB44B2143ECB6A76DDD6D8E1F5BE7DAC ft=1 fh=f345dabfb57b928b vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\trz933C.tmp"

sh=17FEB957C9608C6302D2F95F23CE57DA0DC3287B ft=1 fh=8efd9527f5513724 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\trz93E8.tmp"

sh=38DA6FBA3C4ACC5B92DC090270BDA718C25BED6B ft=1 fh=63e0a71852560a02 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\trz9512.tmp"

sh=8E80E7833C82790B9E643E2BF9D9D728EB0D82CA ft=1 fh=f49c00ad6299b224 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\trz9570.tmp"

sh=666A6FB1BF2FBBB0067CEB0260085B3056C4EE21 ft=1 fh=8046273479e2b99f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\trz96C9.tmp"

sh=F3684D5C19A9109B785E77F494359FA5AEEE5A69 ft=1 fh=d28f03ffde20b759 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\trz9737.tmp"

sh=136A47B07306FD4B7474957DF3D14487E0C88B05 ft=1 fh=713351dde68d32ba vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\trz9AA1.tmp"

sh=D23D10E673A631C87F98178D00F33C69721C607C ft=1 fh=4c9f101b871f68c1 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\extensions\{5DA5447B-825F-4A3B-A517-2DFDE19EB13A}\components\trz9DED.tmp"

sh=10E3CAC9B1C6BBD74C09960398DBC875E1821102 ft=1 fh=a63c74001b836f6d vn="Win32/DownloadGuide.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\K\Downloads\malwarebytes-anti-malware.exe"

sh=922B5AA31DE145700506599EBB1C2E2BF39B2AD9 ft=1 fh=fa392c03f421cb9d vn="NSIS/StartPage.CC Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\K\Downloads\vlc-2.0.7-win32.exe"

sh=B192C2A296B953CEC3F3531D39089A0AB0E7C4EA ft=1 fh=b399c7b2b3285f37 vn="Variante von Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsx4A19.tmp\Starter.exe"

Security:

Code:

 Results of screen317's Security Check version 0.99.97  

 Windows 7 Service Pack 1 x86 (UAC is disabled!)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

avast! Antivirus   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 CCleaner     

 Java 8 Update 31  

 Java version 32-bit out of Date! 

  Java 64-bit 8 Update 31  

 Adobe Flash Player         16.0.0.305  

 Adobe Reader XI  

 Mozilla Firefox (36.0.4) 

 Mozilla Thunderbird (31.5.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast avastui.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST:
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015

Ran by K (administrator) on ASPIRE-E1-531 on 23-03-2015 16:45:31

Running from C:\Users\K\Downloads

Loaded Profiles: K (Available profiles: K)

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Tobit.Software) C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe

(Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe

() C:\Program Files\GNU\GnuPG\dirmngr.exe

(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe

(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe

(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe

() C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)

HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2325776 2012-02-14] (Synaptics Incorporated)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-13] (AVAST Software)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2014-08-27] (Apple Computer, Inc.)

HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\...\Run: [RfxSrvTray] => C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk

ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files\phase-6\phase-6\reminder\reminder.exe (phase-6)

Startup: C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk

ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2168196151-1402668096-4282511163-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2168196151-1402668096-4282511163-1000 -> {E8140166-1B2B-4B2C-B9A4-4E7B5D7368B9} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll No File

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-15] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-15] (Oracle Corporation)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll No File

Toolbar: HKU\S-1-5-21-2168196151-1402668096-4282511163-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll No File

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zcqnozcl.default

FF SelectedSearchEngine: Yahoo!

FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()

FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)

FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)

FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)

FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-15] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-15] (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2168196151-1402668096-4282511163-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\K\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)

FF SearchPlugin: C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zcqnozcl.default\searchplugins\ixquick-https---deutsch.xml [2015-03-23]

FF Extension: Adblock Plus - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zcqnozcl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-20]
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)

S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2014-01-29] (Intel Corporation)

R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [216576 2014-11-25] () [File not signed]

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]

R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]

R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-01] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-01] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-01] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-01] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-01] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-01] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-01] ()

R3 b57xdbd; C:\Windows\System32\DRIVERS\b57xdbd.sys [60968 2011-11-04] (Broadcom Corporation)

R3 b57xdmp; C:\Windows\System32\DRIVERS\b57xdmp.sys [17960 2011-11-04] (Broadcom Corporation)

R3 bScsiMSx; C:\Windows\System32\DRIVERS\bScsiMSx.sys [43560 2011-09-02] (Broadcom Corporation)

R3 bScsiSDx; C:\Windows\System32\DRIVERS\bScsiSDx.sys [51240 2012-02-09] (Broadcom Corporation)

R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-07-03] (BlueStack Systems)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-23] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)

R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21520 2012-02-14] (Synaptics Incorporated)

R3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

S3 catchme; \??\C:\Users\K\AppData\Local\Temp\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-23 16:31 - 2015-03-23 16:31 - 00852604 _____ () C:\Users\K\Downloads\SecurityCheck.exe

2015-03-23 16:24 - 2015-03-23 16:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-03-23 14:55 - 2015-03-23 14:55 - 00000000 ____D () C:\Program Files\ESET

2015-03-23 14:54 - 2015-03-23 14:54 - 02347384 _____ (ESET) C:\Users\K\Downloads\esetsmartinstaller_deu.exe

2015-03-23 14:51 - 2015-03-23 14:51 - 00000022 _____ () C:\Windows\S.dirmngr

2015-03-22 12:57 - 2015-03-22 12:58 - 00000816 _____ () C:\Users\K\Desktop\JRT.txt

2015-03-22 12:53 - 2015-03-22 12:53 - 01388672 _____ (Thisisu) C:\Users\K\Downloads\JRT_6.4.5.exe

2015-03-22 12:52 - 2015-03-22 12:52 - 00003261 _____ () C:\Users\K\Desktop\AdwCleaner[S0].txt

2015-03-22 12:39 - 2015-03-22 12:49 - 00000000 ____D () C:\AdwCleaner

2015-03-22 12:38 - 2015-03-22 12:38 - 02171392 _____ () C:\Users\K\Downloads\adwcleaner_4.112.exe

2015-03-22 12:09 - 2015-03-23 15:05 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-22 12:08 - 2015-03-22 12:10 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-22 12:08 - 2015-03-22 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-22 12:08 - 2015-03-22 12:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-03-22 12:08 - 2015-03-22 12:08 - 00000000 ____D () C:\Users\K\AppData\Roaming\dlg

2015-03-22 12:08 - 2015-03-22 12:08 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-22 12:08 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-22 12:08 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-22 12:08 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-22 12:02 - 2015-03-22 12:02 - 00149128 _____ () C:\Windows\Minidump\032215-23836-01.dmp

2015-03-22 12:01 - 2015-03-22 12:01 - 407470729 _____ () C:\Windows\MEMORY.DMP

2015-03-21 13:06 - 2015-03-21 13:06 - 00017674 _____ () C:\ComboFix.txt

2015-03-21 12:53 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-03-21 12:53 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-03-21 12:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-03-21 12:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-03-21 12:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-03-21 12:53 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-03-21 12:53 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-03-21 12:53 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-03-21 12:52 - 2015-03-21 13:06 - 00000000 ____D () C:\Qoobox

2015-03-21 12:52 - 2015-03-21 13:05 - 00000000 ____D () C:\Windows\erdnt

2015-03-21 12:51 - 2015-03-21 12:51 - 05615380 ____R (Swearware) C:\Users\K\Desktop\ComboFix.exe

2015-03-21 12:38 - 2015-03-21 12:38 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\K\Downloads\revosetup95.exe

2015-03-21 12:38 - 2015-03-21 12:38 - 00001186 _____ () C:\Users\K\Desktop\Revo Uninstaller.lnk

2015-03-21 12:38 - 2015-03-21 12:38 - 00000000 ____D () C:\Program Files\VS Revo Group

2015-03-20 14:40 - 2015-03-20 14:41 - 00028702 _____ () C:\Users\K\Downloads\Addition.txt

2015-03-20 14:39 - 2015-03-23 16:45 - 00014216 _____ () C:\Users\K\Downloads\FRST.txt

2015-03-20 14:39 - 2015-03-23 16:45 - 00000000 ____D () C:\FRST

2015-03-20 14:38 - 2015-03-20 14:38 - 01135104 _____ (Farbar) C:\Users\K\Downloads\FRST.exe

2015-03-16 17:00 - 2015-03-16 17:00 - 00003846 _____ () C:\Users\K\AppData\Local\recently-used.xbel

2015-03-11 22:06 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-03-11 22:06 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-11 22:06 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-11 22:06 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-11 22:06 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-11 22:06 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-11 22:06 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-11 22:06 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-03-11 22:06 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-11 22:06 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-03-11 22:06 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-03-11 22:06 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-03-11 22:06 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-11 22:06 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-11 22:06 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-03-11 22:06 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-11 22:06 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-03-11 22:06 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-03-11 22:06 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-03-11 22:06 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-03-11 22:06 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-03-11 22:06 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-03-11 22:06 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-11 22:06 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-11 22:06 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-11 22:06 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-03-11 22:06 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-03-11 22:06 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-11 22:06 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-11 22:06 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-03-11 21:49 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-03-11 21:49 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-03-11 21:48 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-03-11 21:48 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-11 21:48 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-03-11 21:48 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-11 21:48 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-03-11 21:48 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-03-11 21:48 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-03-11 21:48 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-03-11 21:48 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2015-03-11 21:48 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2015-03-11 21:48 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2015-03-11 21:48 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-03-11 21:48 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-03-11 21:48 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2015-03-11 21:48 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-03-11 21:48 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-11 21:48 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-03-11 21:05 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-11 21:04 - 2015-01-31 04:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-03-11 21:04 - 2015-01-31 04:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-03-11 21:04 - 2015-01-31 01:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-03-11 21:03 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-11 21:01 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-11 21:01 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-11 20:52 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-11 20:51 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-03-11 20:51 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-03-11 20:51 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-03-11 20:51 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-03-11 20:51 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-03-11 20:51 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-03-11 20:51 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-03-11 20:51 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-03-11 20:51 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-03-11 20:48 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-11 20:48 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-11 20:48 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-11 20:48 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-11 20:48 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-11 20:47 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-05 10:06 - 2015-03-22 12:50 - 00013778 _____ () C:\Windows\PFRO.log

2015-03-01 16:21 - 2015-03-14 18:13 - 00000000 ____D () C:\Users\K\AppData\Roaming\.kde

2015-03-01 16:21 - 2015-03-01 16:21 - 00000000 ____D () C:\Users\K\AppData\Local\GNU

2015-02-28 14:49 - 2015-03-01 13:23 - 00000000 ____D () C:\Users\K\Desktop\Open HPI

2015-02-28 14:36 - 2015-03-23 16:46 - 00000000 ____D () C:\Users\K\AppData\Roaming\gnupg

2015-02-28 14:36 - 2015-02-28 14:36 - 00000000 ____D () C:\Users\K\AppData\Roaming\Thunderbird

2015-02-28 14:36 - 2015-02-28 14:36 - 00000000 ____D () C:\Users\K\AppData\Local\Thunderbird

2015-02-28 14:36 - 2015-02-28 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win

2015-02-28 14:36 - 2015-02-28 14:36 - 00000000 ____D () C:\ProgramData\GNU

2015-02-28 14:35 - 2015-02-28 14:35 - 00000000 ____D () C:\Program Files\GNU

2015-02-28 14:32 - 2015-02-28 14:32 - 00002008 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

2015-02-28 14:32 - 2015-02-28 14:32 - 00001996 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk

2015-02-28 14:32 - 2015-02-28 14:32 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

2015-02-28 14:30 - 2015-02-28 14:30 - 28746736 _____ (Mozilla) C:\Users\K\Downloads\Thunderbird Setup 31.5.0.exe

2015-02-28 14:29 - 2015-02-28 14:29 - 30498712 _____ (g10 Code GmbH) C:\Users\K\Downloads\gpg4win-2.2.3.exe

2015-02-25 06:22 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-23 16:26 - 2012-12-05 12:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-03-23 16:10 - 2012-12-03 20:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-23 15:00 - 2009-07-14 05:34 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-23 15:00 - 2009-07-14 05:34 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-23 14:57 - 2012-12-03 19:06 - 01516332 _____ () C:\Windows\WindowsUpdate.log

2015-03-23 14:51 - 2015-02-15 18:43 - 00002083 _____ () C:\Windows\setupact.log

2015-03-23 14:51 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-22 13:38 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache

2015-03-22 12:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration

2015-03-22 12:02 - 2014-08-13 13:12 - 00000000 ____D () C:\Windows\Minidump

2015-03-21 13:06 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default

2015-03-21 13:06 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public

2015-03-21 13:04 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini

2015-03-16 17:00 - 2015-01-01 18:12 - 00000000 ____D () C:\Users\K\AppData\Local\gtk-2.0

2015-03-16 17:00 - 2015-01-01 17:55 - 00000000 ____D () C:\Users\K\.gimp-2.8

2015-03-13 07:42 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-03-13 07:20 - 2013-09-16 10:55 - 00000000 ____D () C:\ProgramData\Netzmanager

2015-03-13 07:10 - 2009-07-14 05:33 - 00437872 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-13 07:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE

2015-03-12 14:14 - 2012-12-03 19:50 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-10 15:01 - 2010-11-20 22:01 - 01627884 _____ () C:\Windows\system32\PerfStringBackup.INI
 

==================== Files in the root of some directories =======
 

2014-02-11 08:14 - 2014-02-11 08:15 - 16786448 _____ (Tobit.Software) C:\Program Files\radio-fx.exe

2014-10-08 15:38 - 2014-10-08 15:38 - 0038415 _____ () C:\Users\K\AppData\Roaming\Microsoft Excel 97-2003.ADR

2012-12-12 12:57 - 2012-12-12 12:57 - 0004096 ____H () C:\Users\K\AppData\Local\keyfile3.drm

2015-03-16 17:00 - 2015-03-16 17:00 - 0003846 _____ () C:\Users\K\AppData\Local\recently-used.xbel
 

Some content of TEMP:

====================

C:\Users\K\AppData\Local\Temp\Quarantine.exe

C:\Users\K\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-03-20 15:32
 

==================== End Of Log ============================

--- --- ---

Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\extensions

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Fixlog:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015

Ran by K at 2015-03-24 18:29:27 Run:2

Running from C:\Users\K\Desktop

Loaded Profiles: K &  (Available profiles: K)

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************
 

C:\extensions

Emptytemp:
 

*****************
 

"C:\extensions" => File/Directory not found.

EmptyTemp: => Removed 96.1 MB temporary data.
 
 

The system needed a reboot. 
 

==== End of Fixlog 18:30:36 ====