Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Vista 64bit - Mozilla Firefox stürzt ständig ab (https://www.trojaner-board.de/166037-vista-64bit-mozilla-firefox-stuerzt-staendig-ab.html)

Alas B. 12.04.2015 15:27
Vista 64bit - Mozilla Firefox stürzt ständig ab
 
Hallo!

Seit 2 Tagen stürzt Mozilla Firefox ständig ab. Meist beim Öffnen eines neuen Fensters.

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:42 on 12/04/2015 (David)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2015
Ran by David (administrator) on DAVID-PC on 12-04-2015 15:40:30
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
HKLM\...\Run: [SpywareTerminatorUpdater] => "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2918414357-155064948-848676807-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2918414357-155064948-848676807-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2918414357-155064948-848676807-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.uwz.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\25zoxg0b.default-1428832164326
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-29] ()
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-01] (Electronic Arts)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S1 Beep; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2000-01-01] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [377560 2000-01-01] (Realsil Semiconductor Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-03-06] (SlimWare Utilities, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_cdcecm; system32\DRIVERS\ew_cdcecm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 mv61xx; system32\DRIVERS\mv61xx.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 15:40 - 2015-04-12 15:40 - 00010469 _____ () C:\Users\David\Desktop\FRST.txt
2015-04-12 15:39 - 2015-04-12 15:40 - 02095616 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-04-12 15:38 - 2015-04-12 15:38 - 00000472 _____ () C:\Users\David\Desktop\defogger_disable.log
2015-04-12 15:37 - 2015-04-12 15:37 - 00050477 _____ () C:\Users\David\Desktop\Defogger.exe
2015-04-12 12:53 - 2015-04-12 12:53 - 00380416 _____ () C:\Users\David\Downloads\Gmer-19357(2).exe
2015-04-12 12:52 - 2015-04-12 12:52 - 00020883 _____ () C:\Users\David\Downloads\Addition.txt
2015-04-12 12:51 - 2015-04-12 12:52 - 00029433 _____ () C:\Users\David\Downloads\FRST.txt
2015-04-12 12:51 - 2015-04-12 12:51 - 02095616 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2015-04-12 12:49 - 2015-04-12 12:50 - 00000472 _____ () C:\Users\David\Downloads\defogger_disable.log
2015-04-12 12:49 - 2015-04-12 12:49 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe
2015-04-12 12:49 - 2015-04-12 12:49 - 00000000 _____ () C:\Users\David\defogger_reenable
2015-04-12 11:05 - 2015-04-12 11:05 - 00000000 _____ () C:\Users\David\Downloads\delfix_10.9(1).exedentifier
2015-04-11 23:55 - 2015-04-11 23:55 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAVID-PC-Windows-Vista-(TM)-Home-Premium-(64-bit).dat
2015-04-10 21:59 - 2015-04-10 21:59 - 00002504 _____ () C:\Users\David\Documents\mbam-log-2015-04-10 (21-47-54).xml
2015-04-08 19:45 - 2015-04-08 19:48 - 00000000 ____D () C:\Users\David\Desktop\Remission
2015-04-08 14:50 - 2015-04-08 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-08 09:17 - 2015-04-10 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-07 20:07 - 2015-04-08 20:41 - 00000000 ____D () C:\Users\David\Desktop\Shock Therapy Mix
2015-04-07 19:35 - 2015-04-07 20:22 - 00000000 ____D () C:\Users\David\Desktop\Burning From The Inside
2015-04-07 19:28 - 2015-04-07 20:22 - 00000000 ____D () C:\Users\David\Desktop\The Sky's Gone Out
2015-04-07 18:53 - 2015-04-07 20:22 - 00000000 ____D () C:\Users\David\Desktop\Mask
2015-04-02 21:46 - 2015-04-08 08:16 - 00018372 _____ () C:\Users\David\Desktop\planberlinfahrzeuge.ods
2015-04-02 14:18 - 2015-04-02 14:18 - 00000000 ____D () C:\Users\David\Desktop\Verbrannte Erde
2015-04-02 13:56 - 2015-04-02 15:10 - 00000000 ____D () C:\Users\David\Desktop\Amen 81 Stadtfeind fehlt 1 Song
2015-04-02 00:18 - 2015-04-02 00:18 - 00019952 _____ () C:\Users\David\Desktop\Abrechnung Edelweißpiraten Festival 2011 Postenbezogen.ods
2015-04-01 12:47 - 2015-04-01 12:47 - 00001005 _____ () C:\Users\David\Desktop\OpenOffice Writer.lnk
2015-03-29 16:59 - 2015-03-29 16:59 - 00000000 _____ () C:\Windows\system32\RENA25C.tmp
2015-03-29 15:14 - 2015-03-29 15:14 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-03-29 14:16 - 2015-04-12 11:23 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-03-29 14:14 - 2015-03-29 14:15 - 167779664 _____ (Emsisoft Ltd. ) C:\Users\David\Downloads\EmsisoftAntiMalwareSetup.exe
2015-03-29 14:08 - 2015-03-29 14:08 - 00000000 _____ () C:\Windows\SysWOW64\RENFC20.tmp
2015-03-29 14:07 - 2015-03-29 14:07 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-29 14:06 - 2015-03-29 14:06 - 00561064 _____ (Oracle Corporation) C:\Users\David\Downloads\jxpiinstall.exe
2015-03-29 14:02 - 2015-03-29 14:03 - 40824144 _____ () C:\Users\David\Downloads\FirefoxSetup36.0.1.exe
2015-03-29 13:54 - 2015-03-29 13:55 - 00000000 ___SD () C:\32788R22FWJFW
2015-03-28 12:18 - 2015-03-28 12:18 - 00000399 _____ () C:\Users\David\Desktop\Musik - Verknüpfung.lnk
2015-03-28 09:23 - 2015-03-29 14:05 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-28 09:23 - 2015-03-29 14:05 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-28 09:11 - 2015-03-29 16:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-26 10:42 - 2015-03-26 10:42 - 00002504 _____ () C:\Users\David\Documents\mbam-log-2015-03-26 (09-27-28).xml
2015-03-25 20:02 - 2015-03-26 11:30 - 00022183 _____ () C:\Users\David\Documents\drschultes.odt
2015-03-25 13:06 - 2015-03-26 10:50 - 00001208 _____ () C:\mbam.txt
2015-03-24 23:38 - 2015-03-24 23:38 - 00000969 _____ () C:\Users\David\Desktop\OpenOffice Calc.lnk
2015-03-24 16:30 - 2015-03-24 21:12 - 00000000 ____D () C:\Users\David\AppData\Roaming\jellylam
2015-03-24 16:30 - 2015-03-24 16:30 - 00003756 _____ () C:\Windows\System32\Tasks\keepup
2015-03-24 16:30 - 2015-03-24 16:30 - 00003232 _____ () C:\Windows\System32\Tasks\DriverMgr
2015-03-22 12:49 - 2015-03-22 12:49 - 00000000 ____D () C:\Users\David\AppData\Roaming\dlg
2015-03-22 12:48 - 2015-03-22 12:48 - 00001064 _____ () C:\Users\Public\Desktop\Free MP3 Cutter and Editor.lnk
2015-03-22 12:48 - 2015-03-22 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseTips
2015-03-22 12:48 - 2015-03-22 12:48 - 00000000 ____D () C:\Program Files (x86)\MuseTips
2015-03-22 12:47 - 2015-03-28 09:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\PDFConvert
2015-03-22 12:47 - 2015-03-22 12:47 - 00000991 _____ () C:\Users\David\Desktop\DocToPDFConverter.lnk
2015-03-22 12:47 - 2015-03-22 12:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DocToPDFConverter
2015-03-22 12:47 - 2015-03-22 12:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\DocToPDFConverter
2015-03-22 12:45 - 2015-03-12 12:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-03-22 12:45 - 2015-03-12 12:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-03-22 12:41 - 2015-03-22 12:41 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVG
2015-03-22 12:37 - 2015-03-22 12:37 - 00000000 ____D () C:\Users\David\AppData\Local\Avg
2015-03-22 12:36 - 2015-03-22 12:41 - 00000000 ____D () C:\ProgramData\AVG
2015-03-20 20:42 - 2009-10-01 04:01 - 00088064 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBGGE.DLL
2015-03-20 20:42 - 2007-04-10 02:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2015-03-20 20:41 - 2015-03-20 20:41 - 17837184 _____ () C:\Users\David\Desktop\epson377220eu.exe
2015-03-19 18:56 - 2015-03-19 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-19 18:53 - 2015-03-19 18:53 - 00000000 ____D () C:\ProgramData\Sun
2015-03-19 18:52 - 2015-03-29 14:08 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-19 18:51 - 2015-03-19 18:52 - 42925480 _____ (Oracle Corporation) C:\Users\David\Desktop\jre-8u40-windows-x64.exe
2015-03-19 17:51 - 2015-03-19 17:51 - 00000000 ____D () C:\Windows\de
2015-03-19 17:49 - 2015-03-19 17:49 - 00001241 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-03-19 17:49 - 2015-03-19 17:49 - 00001172 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-03-19 17:48 - 2015-03-19 17:48 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-03-19 17:48 - 2015-03-19 17:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-19 17:47 - 2015-03-19 17:48 - 00002039 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-03-19 17:46 - 2015-03-19 17:51 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-03-19 17:46 - 2015-03-19 17:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-03-19 17:46 - 2015-03-19 17:46 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-19 17:46 - 2012-03-08 19:40 - 00048488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2015-03-19 17:45 - 2015-03-19 17:46 - 00000000 ____D () C:\Program Files\Windows Live
2015-03-19 17:44 - 2009-09-04 18:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-03-19 17:44 - 2009-09-04 18:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-03-19 17:44 - 2009-09-04 18:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-03-19 17:44 - 2009-09-04 18:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-03-19 17:44 - 2006-11-29 14:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-03-19 17:44 - 2006-11-29 14:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-03-19 17:43 - 2015-03-19 17:43 - 00000000 ____D () C:\Users\David\AppData\Local\Windows Live
2015-03-19 17:43 - 2009-08-04 10:12 - 01103872 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-03-19 17:43 - 2009-08-04 10:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2015-03-19 17:30 - 2015-03-19 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-19 17:29 - 2015-03-19 17:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-16 20:48 - 2015-04-12 11:29 - 00001368 _____ () C:\DelFix.txt
2015-03-15 22:36 - 2015-03-15 22:36 - 05409016 _____ (Canneverbe Limited ) C:\Users\David\Desktop\cdbxp_setup_4.5.4.5306_minimal.exe
2015-03-15 22:36 - 2015-03-15 22:36 - 00000954 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-03-15 22:36 - 2015-03-15 22:36 - 00000904 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-03-14 00:30 - 2015-03-14 17:55 - 00000872 _____ () C:\Users\David\Desktop\Jodix Free WMA to MP3 Converter.lnk
2015-03-14 00:30 - 2015-03-14 17:55 - 00000000 ____D () C:\Program Files (x86)\Free WMA to MP3 Converter
2015-03-14 00:30 - 2015-03-14 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix
2015-03-13 14:20 - 2015-04-12 15:40 - 00000000 ____D () C:\FRST
2015-03-13 01:35 - 2015-03-13 01:40 - 12485140 _____ () C:\Users\David\Downloads\Topografische_Karte_Bayern.tif

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 15:36 - 2008-01-21 03:53 - 01128029 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 15:32 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 15:32 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 15:32 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 15:32 - 2006-11-02 17:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-12 13:09 - 2006-11-02 17:42 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-12 13:02 - 2013-11-06 21:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 12:49 - 2008-01-01 15:24 - 00000000 ____D () C:\Users\David
2015-04-12 11:23 - 2008-01-21 05:26 - 00754936 _____ () C:\Windows\PFRO.log
2015-04-11 23:49 - 2014-05-04 12:21 - 00000000 ____D () C:\AdwCleaner
2015-04-11 23:46 - 2015-03-12 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-11 23:27 - 2014-07-15 11:16 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 23:26 - 2014-07-15 11:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-10 20:31 - 2008-01-21 13:10 - 01661594 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 20:31 - 2008-01-21 13:09 - 00695484 _____ () C:\Windows\system32\perfh007.dat
2015-04-10 20:31 - 2008-01-21 13:09 - 00156942 _____ () C:\Windows\system32\perfc007.dat
2015-04-09 00:43 - 2013-11-06 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 21:50 - 2015-02-24 20:29 - 00040654 _____ () C:\Users\David\Desktop\CDListe.ods
2015-04-08 09:00 - 2013-11-09 12:41 - 00001036 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-04-08 09:00 - 2013-11-09 12:41 - 00000000 ____D () C:\Users\David\AppData\Roaming\DVDVideoSoft
2015-04-08 09:00 - 2013-11-09 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-08 09:00 - 2013-11-09 12:41 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-04-08 08:55 - 2014-12-02 15:40 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-04-06 18:09 - 2014-01-02 15:21 - 00037635 _____ () C:\Users\David\Desktop\ÜFD.ods
2015-04-04 22:48 - 2013-12-09 21:16 - 00000000 ____D () C:\Users\David\AppData\Local\Paint.NET
2015-04-02 00:16 - 2013-10-30 14:06 - 00000000 ____D () C:\Users\David\Documents\Edelweissfestival
2015-03-29 14:11 - 2013-11-06 21:36 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-29 14:11 - 2013-11-06 21:36 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-29 14:11 - 2013-11-06 21:36 - 00003738 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-29 14:10 - 2014-06-24 12:28 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2015-03-29 13:55 - 2014-08-12 20:48 - 00000000 ____D () C:\Windows\erdnt
2015-03-28 23:04 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-28 09:42 - 2015-01-24 17:58 - 00000000 ____D () C:\ProgramData\DatacardService
2015-03-24 21:13 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\Speech
2015-03-24 16:29 - 2006-11-02 15:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-24 16:29 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-03-20 20:43 - 2013-11-08 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-03-20 20:42 - 2013-11-08 16:53 - 00000000 ____D () C:\ProgramData\EPSON
2015-03-19 18:12 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache
2015-03-19 17:56 - 2008-01-01 15:25 - 00105616 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-19 17:55 - 2006-11-02 17:21 - 00404208 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-19 17:46 - 2006-11-02 15:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-19 17:44 - 2014-05-07 12:49 - 00010355 _____ () C:\Windows\DirectX.log
2015-03-19 17:36 - 2013-11-06 21:32 - 01610780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-15 22:36 - 2015-03-10 01:45 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2015-03-13 14:52 - 2014-07-15 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-13 14:52 - 2014-07-15 11:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-13 14:52 - 2013-11-08 17:05 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-13 03:03 - 2014-05-07 12:13 - 00000000 ____D () C:\ProgramData\Origin
2015-03-13 02:31 - 2013-11-08 18:13 - 00116736 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-13 01:44 - 2015-03-10 21:58 - 00017946 _____ () C:\Users\David\Documents\MVUA3MANV.ods

==================== Files in the root of some directories =======

2014-01-04 18:23 - 2014-01-04 18:23 - 0000115 _____ () C:\Users\David\AppData\Roaming\WB.CFG
2014-01-04 18:23 - 2014-01-04 18:23 - 0000005 _____ () C:\Users\David\AppData\Roaming\WBPU-TTL.DAT
2014-08-14 10:45 - 2015-02-04 23:18 - 0000680 _____ () C:\Users\David\AppData\Local\d3d9caps.dat
2008-01-01 15:24 - 2014-08-14 10:45 - 0001460 _____ () C:\Users\David\AppData\Local\d3d9caps64.dat
2013-11-08 18:13 - 2015-03-13 02:31 - 0116736 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-06 17:29 - 2013-11-06 22:39 - 0268666 _____ () C:\Users\David\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2013-11-06 17:29 - 2013-11-06 17:29 - 0000002 _____ () C:\Users\David\AppData\Local\dd_dotnetfx35error.txt
2013-11-06 17:32 - 2013-11-06 17:32 - 0000002 _____ () C:\Users\David\AppData\Local\dd_dotnetfx35error_lp.txt
2013-11-06 17:29 - 2013-11-06 17:33 - 0228116 _____ () C:\Users\David\AppData\Local\dd_dotnetfx35install.txt
2013-11-06 17:32 - 2013-11-06 22:40 - 0154428 _____ () C:\Users\David\AppData\Local\dd_dotnetfx35install_lp.txt
2013-11-06 22:39 - 2013-11-06 22:40 - 1229320 _____ () C:\Users\David\AppData\Local\dd_NET_Framework35_LangPack_MSI18EF.txt
2013-11-06 17:32 - 2013-11-06 17:32 - 0614680 _____ () C:\Users\David\AppData\Local\dd_NET_Framework35_LangPack_MSI2DA9.txt
2013-11-06 17:31 - 2013-11-06 17:32 - 1880528 _____ () C:\Users\David\AppData\Local\dd_NET_Framework35_x64_MSI2D0C.txt
2013-11-08 16:03 - 2013-11-08 16:06 - 0441932 _____ () C:\Users\David\AppData\Local\dd_vcredistMSI061A.txt
2013-11-08 16:06 - 2013-11-08 16:09 - 0444780 _____ () C:\Users\David\AppData\Local\dd_vcredistMSI07ED.txt
2013-11-13 17:20 - 2013-11-13 17:21 - 0429134 _____ () C:\Users\David\AppData\Local\dd_vcredistMSI47AC.txt
2013-11-13 17:25 - 2013-11-13 17:26 - 0437880 _____ () C:\Users\David\AppData\Local\dd_vcredistMSI4B7D.txt
2013-11-08 16:03 - 2013-11-08 16:06 - 0199040 _____ () C:\Users\David\AppData\Local\dd_vcredistUI061A.txt
2013-11-08 16:06 - 2013-11-08 16:09 - 0199024 _____ () C:\Users\David\AppData\Local\dd_vcredistUI07ED.txt
2013-11-13 17:20 - 2013-11-13 17:21 - 0011398 _____ () C:\Users\David\AppData\Local\dd_vcredistUI47AC.txt
2013-11-13 17:25 - 2013-11-13 17:26 - 0011444 _____ () C:\Users\David\AppData\Local\dd_vcredistUI4B7D.txt
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\David\AppData\Local\setup.txt
2013-11-06 17:29 - 2013-11-06 22:40 - 0006524 _____ () C:\Users\David\AppData\Local\uxeventlog.txt
2015-03-04 17:29 - 2015-03-04 17:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\David\AppData\Local\temp\Quarantine.exe
C:\Users\David\AppData\Local\temp\sqlite3.dll
C:\Users\David\AppData\Local\temp\tmd_34011224.exe
C:\Users\David\AppData\Local\temp\tmd_34014760.exe
C:\Users\David\AppData\Local\temp\tmd_34018644.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-12 15:38

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2015
Ran by David at 2015-04-12 15:41:11
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{9248FA70-BD64-2FD1-CD23-448112E7ACE9}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DocToPDFConverter (HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\DocToPDFConverter) (Version: 01.00.00.00 - VolatoTech)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX125 Series Printer Uninstall (HKLM\...\EPSON SX125 Series) (Version:  - SEIKO EPSON Corporation)
Free MP3 Cutter and Editor 2.6 (HKLM-x32\...\Free MP3 Cutter and Editor_is1) (Version:  - musetips.com)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free Studio version 6.5.0.324 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.324 - DVDVideoSoft Ltd.)
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.0.0 - Electronic Arts)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) Network Connections 17.0.200.2 (HKLM\...\PROSetDX) (Version: 17.0.200.2 - Intel)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.11.77 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.70 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.14 - NCH Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 14:34 - 2015-03-25 14:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4FF6660E-9BB0-46F3-A828-7081D3CC74F4} - System32\Tasks\{A38A1D98-9D2A-4C3C-B23A-E4E2D94A053A} => pcalua.exe -a C:\Users\David\Downloads\wmp11-windowsxp-x86-DE-DE.exe -d C:\Users\David\Downloads
Task: {64E10ACF-28F7-4B5D-94F8-94A4FC7BCE76} - System32\Tasks\{41D8C10F-877F-4A51-A3D7-A92B57BB14A9} => pcalua.exe -a C:\Users\David\Downloads\RegCleaner.exe -d C:\Users\David\Downloads
Task: {6AAA9DC5-94AB-4292-ACCE-68A2F836DE18} - System32\Tasks\DriverMgr => C:\Users\David\AppData\Roaming\jellylam\rinti.exe
Task: {9F16D07D-44F1-4DB3-81F5-24E575F94CAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-29] (Adobe Systems Incorporated)
Task: {D084A4E9-BFF5-42D8-8BC7-AFC2707AEAAC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {ED5CFF9C-2651-4386-8403-B5985739F41B} - System32\Tasks\keepup => C:\Users\David\AppData\Roaming\jellylam\rinti.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2013-03-29 03:07 - 2013-12-06 22:18 - 00045056 _____ () C:\Windows\system32\atitmp64.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\David\Downloads\delfix_10.9(1).exedentifier:$DATA

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2918414357-155064948-848676807-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\Pictures\Sankt Pauli\141028_StPauli-BVB105.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2918414357-155064948-848676807-500 - Administrator - Disabled)
David (S-1-5-21-2918414357-155064948-848676807-1000 - Administrator - Enabled) => C:\Users\David
Gast (S-1-5-21-2918414357-155064948-848676807-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2015 00:43:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 37.0.1.5570, Zeitstempel 0x551e23ee, fehlerhaftes Modul mozalloc.dll, Version 37.0.1.5570, Zeitstempel 0x551e1536, Ausnahmecode 0x80000003, Fehleroffset 0x00001aa1,
Prozess-ID 0x414, Anwendungsstartzeit plugin-container.exe0.

Error: (04/12/2015 00:40:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 37.0.1.5570, Zeitstempel 0x551e23ee, fehlerhaftes Modul mozalloc.dll, Version 37.0.1.5570, Zeitstempel 0x551e1536, Ausnahmecode 0x80000003, Fehleroffset 0x00001aa1,
Prozess-ID 0x1030, Anwendungsstartzeit plugin-container.exe0.

Error: (04/12/2015 00:40:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 37.0.1.5570, Zeitstempel 0x551e23ee, fehlerhaftes Modul mozalloc.dll, Version 37.0.1.5570, Zeitstempel 0x551e1536, Ausnahmecode 0x80000003, Fehleroffset 0x00001aa1,
Prozess-ID 0xdfc, Anwendungsstartzeit plugin-container.exe0.

Error: (04/12/2015 11:48:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 37.0.1.5570, Zeitstempel 0x551e23ee, fehlerhaftes Modul mozalloc.dll, Version 37.0.1.5570, Zeitstempel 0x551e1536, Ausnahmecode 0x80000003, Fehleroffset 0x00001aa1,
Prozess-ID 0x11f8, Anwendungsstartzeit plugin-container.exe0.

Error: (04/12/2015 11:35:11 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\Y3Y6GHNS.DEFAULT-1427527994059\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (04/12/2015 11:05:54 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (04/12/2015 03:27:34 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x8000ffff).

Error: (04/12/2015 03:27:34 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Hr = 0x8000ffff).

Error: (04/12/2015 03:27:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057.


Vorgang:
  Sicherung abbrechen

Kontext:
  Ausführungskontext: Requestor
  Aktueller Status: SnapshotSetCreated

Error: (04/12/2015 03:27:34 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {faf53cc4-bd73-4e36-83f1-2b23f46e513e} und dem Namen "VSSEvent" kann nicht gestartet werden. [0x80070057]


Vorgang:
  Sicherung abbrechen

Kontext:
  Ausführungskontext: Requestor
  Aktueller Status: SnapshotSetCreated


System errors:
=============
Error: (04/12/2015 03:33:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt
mv61xx

Error: (04/12/2015 11:25:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt
mv61xx


Microsoft Office Sessions:
=========================
Error: (04/12/2015 00:43:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa141401d0750d8d8adbb7

Error: (04/12/2015 00:40:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa1103001d0750d1db3f5e4

Error: (04/12/2015 00:40:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa1dfc01d0750cf0af651f

Error: (04/12/2015 11:48:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa111f801d07505c9e91d97

Error: (04/12/2015 11:35:11 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\DAVID\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\Y3Y6GHNS.DEFAULT-1427527994059\SAFEBROWSING-TO_DELETE

Error: (04/12/2015 11:05:54 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\David\Downloads\esetsmartinstaller_deu.exe

Error: (04/12/2015 03:27:34 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: 0x8000ffff

Error: (04/12/2015 03:27:34 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x8000ffff

Error: (04/12/2015 03:27:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070057

Vorgang:
  Sicherung abbrechen

Kontext:
  Ausführungskontext: Requestor
  Aktueller Status: SnapshotSetCreated

Error: (04/12/2015 03:27:34 AM) (Source: VSS) (EventID: 13) (User: )
Description: {faf53cc4-bd73-4e36-83f1-2b23f46e513e}VSSEvent0x80070057

Vorgang:
  Sicherung abbrechen

Kontext:
  Ausführungskontext: Requestor
  Aktueller Status: SnapshotSetCreated


CodeIntegrity Errors:
===================================
  Date: 2015-04-12 15:40:58.305
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 15:40:58.135
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 15:40:57.966
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 15:40:57.783
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 12:52:24.294
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 12:52:24.132
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 12:52:23.972
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 12:52:23.785
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 11:01:24.522
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-12 11:01:24.366
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 41%
Total physical RAM: 4027.9 MB
Available physical RAM: 2352.33 MB
Total Pagefile: 8231.08 MB
Available Pagefile: 6281.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:581.52 GB) (Free:162.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 205A4912)
Partition 1: (Not Active) - (Size=14.7 GB) - (Type=27)
Partition 2: (Active) - (Size=581.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-12 16:18:38
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 ST3640623AS rev.SD43 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\David\AppData\Local\Temp\pgloapod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe                    suspicious modification
.text    C:\Windows\System32\win32k.sys!W32pServiceTable      fffff960000e1200 3 bytes [80, 7C, 02]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 4  fffff960000e1204 3 bytes [41, B6, FA]
INITKDBG  C:\Windows\system32\ntoskrnl.exe                    suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                    suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                    suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                    suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                    suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                    suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                    suspicious modification
INITKDBG  C:\Windows\system32\ntoskrnl.exe                    suspicious modification

---- EOF - GMER 2.1 ----
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 25.03.2015
Suchlauf-Zeit: 10:19:57
Logdatei:
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.25.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: David

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 357801
Verstrichene Zeit: 10 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Deaktiviert
Rootkits: Deaktiviert
Heuristik: Deaktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
lg

schrauber 12.04.2015 16:43
hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Alas B. 12.04.2015 18:08
AdwCleaner Logfile:
AdwCleaner Logfile:
Code:
# AdwCleaner v3.205 - Bericht erstellt am 04/05/2014 um 17:38:25
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : David - DAVID-PC
# Gestartet von : C:\Users\David\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\Program Files (x86)\Softonic
[!] Ordner Gelöscht : C:\Users\David\.android
[!] Ordner Gelöscht : C:\Users\David\AppData\Local\genienext
[!] Ordner Gelöscht : C:\Users\David\AppData\Local\Mobogenie
[!] Ordner Gelöscht : C:\Users\David\AppData\Local\Temp\apn
[!] Ordner Gelöscht : C:\Users\David\AppData\Local\Temp\mt_ffx
[!] Ordner Gelöscht : C:\Users\David\AppData\Local\Temp\OCS
[!] Ordner Gelöscht : C:\Users\David\AppData\LocalLow\Softonic
[!] Ordner Gelöscht : C:\Users\David\AppData\Roaming\DigitalSites
[!] Ordner Gelöscht : C:\Users\David\AppData\Roaming\dvdvideosoftiehelpers
[!] Ordner Gelöscht : C:\Users\David\AppData\Roaming\Windows Net Data
[!] Ordner Gelöscht : C:\Users\David\Documents\Mobogenie
[!] Ordner Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
[!] Ordner Gelöscht : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Datei Gelöscht : C:\Users\David\daemonprocess.txt
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job
Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites
Datei Gelöscht : C:\Windows\Tasks\FoxTab.job
Datei Gelöscht : C:\Windows\System32\Tasks\FoxTab

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DCDBBF03-BC10-457D-911F-EFB0321D22BE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-5.0
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VIS
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Iminent

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16545

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=d8d4504200000000000000270e02e5ef");
Zeile gelöscht : user_pref("extensions.Softonic.id", "d8d4504200000000000000270e02e5ef");
Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "16026");
Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00621");
Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=d8d4504200000000000000270e02e5ef");
Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=d8d4504200000000000000270e02e5ef&q=");
Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.1412:23:49");
Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1435dda705b770221e7c8d5f1085b06c");
Zeile gelöscht : user_pref("iminent.LayoutId", "28");
Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
Zeile gelöscht : user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1388853662156259200\"},\"facebook\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\"[...]
Zeile gelöscht : user_pref("iminent.enabledAds", "false");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent109", "1388853729855");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent111", "1388853729863");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent122", "1388853729870");
Zeile gelöscht : user_pref("iminent.version", "7.51.3.1");
Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.51.3.1\",\"InstallEventCTime\":1388853695512,\"InstallEvent\":\"True\"}");

-\\ Google Chrome v

[ Datei : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11358 octets] - [04/05/2014 12:21:32]
AdwCleaner[R1].txt - [11419 octets] - [04/05/2014 12:28:01]
AdwCleaner[R2].txt - [11480 octets] - [04/05/2014 17:37:57]
AdwCleaner[S0].txt - [9442 octets] - [04/05/2014 17:38:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9502 octets] ##########
[/CODE]
--- --- ---
--- --- ---
AdwCleaner Logfile:
AdwCleaner Logfile:
Code:
# AdwCleaner v3.305 - Bericht erstellt am 14/08/2014 um 17:39:13
# Aktualisiert 14/08/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : David - DAVID-PC
# Gestartet von : C:\Users\David\Downloads\adwcleaner_3.305.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\NCH Software
[!] Ordner Gelöscht : C:\Program Files (x86)\NCH Software
[!] Ordner Gelöscht : C:\Program Files (x86)\VideoConverter
[!] Ordner Gelöscht : C:\Users\David\AppData\Roaming\NCH Software
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\foxydeal.sqlite

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16563


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rr55d08t.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12963 octets] - [04/05/2014 12:21:32]
AdwCleaner[R1].txt - [11419 octets] - [04/05/2014 12:28:01]
AdwCleaner[R2].txt - [11480 octets] - [04/05/2014 17:37:57]
AdwCleaner[S0].txt - [11067 octets] - [04/05/2014 17:38:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11128 octets] ##########
[/CODE]
--- --- ---
--- --- ---
AdwCleaner Logfile:
AdwCleaner Logfile:
Code:
# AdwCleaner v4.112 - Bericht erstellt 13/03/2015 um 10:11:48
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Benutzername : David - DAVID-PC
# Gestarted von : C:\Users\David\Downloads\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
[!] Ordner Gelöscht : C:\Users\David\AppData\Local\globalUpdate
[!] Ordner Gelöscht : C:\Users\David\AppData\Roaming\RHEng
Datei Gelöscht : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
Datei Gelöscht : C:\Users\David\AppData\Local\Temp\Searchqu.ini
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qj6qiaax.default-1423695041531\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchquMediabarTb
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v36.0.1 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [17449 Bytes] - [04/05/2014 11:21:32]
AdwCleaner[R1].txt - [11419 Bytes] - [04/05/2014 11:28:01]
AdwCleaner[R2].txt - [11480 Bytes] - [04/05/2014 16:37:57]
AdwCleaner[S0].txt - [14893 Bytes] - [04/05/2014 16:38:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14953  Bytes] ##########
[/CODE]
--- --- ---
--- --- ---
AdwCleaner Logfile:
AdwCleaner Logfile:
Code:
# AdwCleaner v4.113 - Bericht erstellt 24/03/2015 um 19:02:43
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-23.1 [Server]
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Benutzername : David - DAVID-PC
# Gestarted von : C:\Users\David\Desktop\AdwCleaner_4.113.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\Program Files (x86)\Winsta
[!] Ordner Gelöscht : C:\Program Files (x86)\Convertor
[!] Ordner Gelöscht : C:\Users\David\AppData\Roaming\Winsta
[!] Ordner Gelöscht : C:\Users\David\AppData\Roaming\Convertor
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qj6qiaax.default-1423695041531\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : WinKit
Task Gelöscht : Winsta Update
Task Gelöscht : Convertor

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKCU\Software\NoVooITSet
Schlüssel Gelöscht : HKCU\Software\Vonteera Safe ads
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v36.0.4 (x86 de)


-\\ Google Chrome v

# AdwCleaner v4.113 - Bericht erstellt 26/03/2015 um 09:57:33
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-23.1 [Server]
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Benutzername : David - DAVID-PC
# Gestarted von : C:\Users\David\Desktop\AdwCleaner_4.113.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v36.0.4 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [22128 Bytes] - [04/05/2014 11:21:32]
AdwCleaner[R1].txt - [12644 Bytes] - [04/05/2014 11:28:01]
AdwCleaner[R2].txt - [11480 Bytes] - [04/05/2014 16:37:57]
AdwCleaner[S0].txt - [18098 Bytes] - [04/05/2014 16:38:25]
AdwCleaner[S1].txt - [1301 Bytes] - [24/03/2015 19:31:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18217  Bytes] ##########
[/CODE]
--- --- ---
--- --- ---
AdwCleaner Logfile:
AdwCleaner Logfile:
Code:
# AdwCleaner v4.201 - Bericht erstellt 11/04/2015 um 23:49:51
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Benutzername : David - DAVID-PC
# Gestarted von : C:\Users\David\Desktop\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v37.0.1 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [23196 Bytes] - [04/05/2014 12:21:32]
AdwCleaner[R1].txt - [12644 Bytes] - [04/05/2014 12:28:01]
AdwCleaner[R2].txt - [11480 Bytes] - [04/05/2014 17:37:57]
AdwCleaner[S0].txt - [19166 Bytes] - [04/05/2014 17:38:25]
AdwCleaner[S1].txt - [1301 Bytes] - [24/03/2015 20:31:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19285  Bytes] ##########
[/CODE]
--- --- ---
--- --- ---
AdwCleaner Logfile:
AdwCleaner Logfile:
Code:
# AdwCleaner v4.201 - Bericht erstellt 12/04/2015 um 18:54:19
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Benutzername : David - DAVID-PC
# Gestarted von : C:\Users\David\Desktop\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v37.0.1 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [24264 Bytes] - [04/05/2014 12:21:32]
AdwCleaner[R1].txt - [13712 Bytes] - [04/05/2014 12:28:01]
AdwCleaner[R2].txt - [12548 Bytes] - [04/05/2014 17:37:57]
AdwCleaner[S0].txt - [20234 Bytes] - [04/05/2014 17:38:25]
AdwCleaner[S1].txt - [1301 Bytes] - [24/03/2015 20:31:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20353  Bytes] ##########
[/CODE]
--- --- ---
--- --- ---


Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows (TM) Vista Home Premium x64
Ran by David on 12.04.2015 at 19:00:13,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.04.2015 at 19:03:43,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by David (administrator) on DAVID-PC on 12-04-2015 19:04:36
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
HKLM\...\Run: [SpywareTerminatorUpdater] => "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2918414357-155064948-848676807-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2918414357-155064948-848676807-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2918414357-155064948-848676807-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.uwz.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\25zoxg0b.default-1428832164326
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-29] ()
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-01] (Electronic Arts)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S1 Beep; No ImagePath
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2000-01-01] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [377560 2000-01-01] (Realsil Semiconductor Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-03-06] (SlimWare Utilities, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_cdcecm; system32\DRIVERS\ew_cdcecm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 mv61xx; system32\DRIVERS\mv61xx.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 19:04 - 2015-04-12 19:04 - 00000000 ____D () C:\Users\David\Desktop\FRST-OlderVersion
2015-04-12 19:03 - 2015-04-12 19:03 - 00000634 _____ () C:\Users\David\Desktop\JRT.txt
2015-04-12 18:58 - 2015-04-12 18:58 - 02686959 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2015-04-12 18:56 - 2015-04-12 18:56 - 00020434 _____ () C:\Users\David\Desktop\AdwCleaner[S0].txt
2015-04-12 18:44 - 2015-04-12 18:44 - 02217984 _____ () C:\Users\David\Desktop\AdwCleaner_4.201.exe
2015-04-12 16:19 - 2015-04-12 16:19 - 00013705 _____ () C:\Users\David\Desktop\gmer.odt
2015-04-12 15:42 - 2015-04-12 15:42 - 00380416 _____ () C:\Users\David\Desktop\Gmer-19357.exe
2015-04-12 15:41 - 2015-04-12 15:41 - 00021543 _____ () C:\Users\David\Desktop\Addition.txt
2015-04-12 15:40 - 2015-04-12 19:04 - 00009535 _____ () C:\Users\David\Desktop\FRST.txt
2015-04-12 15:39 - 2015-04-12 19:04 - 02096640 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-04-12 15:38 - 2015-04-12 15:42 - 00000472 _____ () C:\Users\David\Desktop\defogger_disable.log
2015-04-12 15:37 - 2015-04-12 15:37 - 00050477 _____ () C:\Users\David\Desktop\Defogger.exe
2015-04-12 12:53 - 2015-04-12 12:53 - 00380416 _____ () C:\Users\David\Downloads\Gmer-19357(2).exe
2015-04-12 12:51 - 2015-04-12 12:51 - 02095616 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2015-04-12 12:49 - 2015-04-12 12:50 - 00000472 _____ () C:\Users\David\Downloads\defogger_disable.log
2015-04-12 12:49 - 2015-04-12 12:49 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe
2015-04-12 11:05 - 2015-04-12 11:05 - 00000000 _____ () C:\Users\David\Downloads\delfix_10.9(1).exedentifier
2015-04-11 23:55 - 2015-04-11 23:55 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAVID-PC-Windows-Vista-(TM)-Home-Premium-(64-bit).dat
2015-04-10 21:59 - 2015-04-10 21:59 - 00002504 _____ () C:\Users\David\Documents\mbam-log-2015-04-10 (21-47-54).xml
2015-04-08 19:45 - 2015-04-08 19:48 - 00000000 ____D () C:\Users\David\Desktop\Remission
2015-04-08 14:50 - 2015-04-08 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-08 09:17 - 2015-04-10 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-07 20:07 - 2015-04-08 20:41 - 00000000 ____D () C:\Users\David\Desktop\Shock Therapy Mix
2015-04-07 19:35 - 2015-04-07 20:22 - 00000000 ____D () C:\Users\David\Desktop\Burning From The Inside
2015-04-07 19:28 - 2015-04-07 20:22 - 00000000 ____D () C:\Users\David\Desktop\The Sky's Gone Out
2015-04-07 18:53 - 2015-04-07 20:22 - 00000000 ____D () C:\Users\David\Desktop\Mask
2015-04-02 21:46 - 2015-04-12 17:33 - 00018642 _____ () C:\Users\David\Desktop\planberlinfahrzeuge.ods
2015-04-02 14:18 - 2015-04-02 14:18 - 00000000 ____D () C:\Users\David\Desktop\Verbrannte Erde
2015-04-02 13:56 - 2015-04-02 15:10 - 00000000 ____D () C:\Users\David\Desktop\Amen 81 Stadtfeind fehlt 1 Song
2015-04-02 00:18 - 2015-04-02 00:18 - 00019952 _____ () C:\Users\David\Desktop\Abrechnung Edelweißpiraten Festival 2011 Postenbezogen.ods
2015-04-01 12:47 - 2015-04-01 12:47 - 00001005 _____ () C:\Users\David\Desktop\OpenOffice Writer.lnk
2015-03-29 16:59 - 2015-03-29 16:59 - 00000000 _____ () C:\Windows\system32\RENA25C.tmp
2015-03-29 15:14 - 2015-03-29 15:14 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-03-29 14:16 - 2015-04-12 11:23 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-03-29 14:14 - 2015-03-29 14:15 - 167779664 _____ (Emsisoft Ltd. ) C:\Users\David\Downloads\EmsisoftAntiMalwareSetup.exe
2015-03-29 14:08 - 2015-03-29 14:08 - 00000000 _____ () C:\Windows\SysWOW64\RENFC20.tmp
2015-03-29 14:07 - 2015-03-29 14:07 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-29 14:06 - 2015-03-29 14:06 - 00561064 _____ (Oracle Corporation) C:\Users\David\Downloads\jxpiinstall.exe
2015-03-29 14:02 - 2015-03-29 14:03 - 40824144 _____ () C:\Users\David\Downloads\FirefoxSetup36.0.1.exe
2015-03-29 13:54 - 2015-03-29 13:55 - 00000000 ___SD () C:\32788R22FWJFW
2015-03-28 12:18 - 2015-03-28 12:18 - 00000399 _____ () C:\Users\David\Desktop\Musik - Verknüpfung.lnk
2015-03-28 09:23 - 2015-03-29 14:05 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-28 09:23 - 2015-03-29 14:05 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-28 09:11 - 2015-03-29 16:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-26 10:42 - 2015-03-26 10:42 - 00002504 _____ () C:\Users\David\Documents\mbam-log-2015-03-26 (09-27-28).xml
2015-03-25 20:02 - 2015-03-26 11:30 - 00022183 _____ () C:\Users\David\Documents\drschultes.odt
2015-03-25 13:06 - 2015-03-26 10:50 - 00001208 _____ () C:\mbam.txt
2015-03-24 23:38 - 2015-03-24 23:38 - 00000969 _____ () C:\Users\David\Desktop\OpenOffice Calc.lnk
2015-03-24 16:30 - 2015-03-24 21:12 - 00000000 ____D () C:\Users\David\AppData\Roaming\jellylam
2015-03-24 16:30 - 2015-03-24 16:30 - 00003756 _____ () C:\Windows\System32\Tasks\keepup
2015-03-24 16:30 - 2015-03-24 16:30 - 00003232 _____ () C:\Windows\System32\Tasks\DriverMgr
2015-03-22 12:49 - 2015-03-22 12:49 - 00000000 ____D () C:\Users\David\AppData\Roaming\dlg
2015-03-22 12:48 - 2015-03-22 12:48 - 00001064 _____ () C:\Users\Public\Desktop\Free MP3 Cutter and Editor.lnk
2015-03-22 12:48 - 2015-03-22 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseTips
2015-03-22 12:48 - 2015-03-22 12:48 - 00000000 ____D () C:\Program Files (x86)\MuseTips
2015-03-22 12:47 - 2015-03-28 09:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\PDFConvert
2015-03-22 12:47 - 2015-03-22 12:47 - 00000991 _____ () C:\Users\David\Desktop\DocToPDFConverter.lnk
2015-03-22 12:47 - 2015-03-22 12:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DocToPDFConverter
2015-03-22 12:47 - 2015-03-22 12:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\DocToPDFConverter
2015-03-22 12:45 - 2015-03-12 12:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-03-22 12:45 - 2015-03-12 12:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-03-22 12:41 - 2015-03-22 12:41 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVG
2015-03-22 12:37 - 2015-03-22 12:37 - 00000000 ____D () C:\Users\David\AppData\Local\Avg
2015-03-22 12:36 - 2015-03-22 12:41 - 00000000 ____D () C:\ProgramData\AVG
2015-03-20 20:42 - 2009-10-01 04:01 - 00088064 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBGGE.DLL
2015-03-20 20:42 - 2007-04-10 02:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2015-03-20 20:41 - 2015-03-20 20:41 - 17837184 _____ () C:\Users\David\Desktop\epson377220eu.exe
2015-03-19 18:56 - 2015-03-19 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-19 18:53 - 2015-03-19 18:53 - 00000000 ____D () C:\ProgramData\Sun
2015-03-19 18:52 - 2015-03-29 14:08 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-19 18:51 - 2015-03-19 18:52 - 42925480 _____ (Oracle Corporation) C:\Users\David\Desktop\jre-8u40-windows-x64.exe
2015-03-19 17:51 - 2015-03-19 17:51 - 00000000 ____D () C:\Windows\de
2015-03-19 17:49 - 2015-03-19 17:49 - 00001241 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-03-19 17:49 - 2015-03-19 17:49 - 00001172 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-03-19 17:48 - 2015-03-19 17:48 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-03-19 17:48 - 2015-03-19 17:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-19 17:47 - 2015-03-19 17:48 - 00002039 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-03-19 17:46 - 2015-03-19 17:51 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-03-19 17:46 - 2015-03-19 17:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-03-19 17:46 - 2015-03-19 17:46 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-19 17:46 - 2012-03-08 19:40 - 00048488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2015-03-19 17:45 - 2015-03-19 17:46 - 00000000 ____D () C:\Program Files\Windows Live
2015-03-19 17:44 - 2009-09-04 18:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-03-19 17:44 - 2009-09-04 18:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-03-19 17:44 - 2009-09-04 18:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-03-19 17:44 - 2009-09-04 18:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-03-19 17:44 - 2006-11-29 14:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-03-19 17:44 - 2006-11-29 14:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-03-19 17:43 - 2015-03-19 17:43 - 00000000 ____D () C:\Users\David\AppData\Local\Windows Live
2015-03-19 17:43 - 2009-08-04 10:12 - 01103872 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-03-19 17:43 - 2009-08-04 10:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2015-03-19 17:30 - 2015-03-19 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-19 17:29 - 2015-03-19 17:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-16 20:48 - 2015-04-12 11:29 - 00001368 _____ () C:\DelFix.txt
2015-03-15 22:36 - 2015-03-15 22:36 - 05409016 _____ (Canneverbe Limited ) C:\Users\David\Desktop\cdbxp_setup_4.5.4.5306_minimal.exe
2015-03-15 22:36 - 2015-03-15 22:36 - 00000954 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-03-15 22:36 - 2015-03-15 22:36 - 00000904 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-03-14 00:30 - 2015-03-14 17:55 - 00000872 _____ () C:\Users\David\Desktop\Jodix Free WMA to MP3 Converter.lnk
2015-03-14 00:30 - 2015-03-14 17:55 - 00000000 ____D () C:\Program Files (x86)\Free WMA to MP3 Converter
2015-03-14 00:30 - 2015-03-14 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix
2015-03-13 14:20 - 2015-04-12 19:04 - 00000000 ____D () C:\FRST
2015-03-13 01:35 - 2015-03-13 01:40 - 12485140 _____ () C:\Users\David\Downloads\Topografische_Karte_Bayern.tif

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 19:02 - 2013-11-06 21:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 19:02 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 19:02 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 19:00 - 2008-01-21 03:53 - 01148833 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 19:00 - 2006-11-02 17:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-12 18:56 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 18:54 - 2014-05-04 12:21 - 00000000 ____D () C:\AdwCleaner
2015-04-12 18:54 - 2006-11-02 17:42 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-12 16:26 - 2014-07-15 11:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-12 16:01 - 2008-01-01 15:24 - 00000000 ____D () C:\Users\David
2015-04-12 11:23 - 2008-01-21 05:26 - 00754936 _____ () C:\Windows\PFRO.log
2015-04-11 23:46 - 2015-03-12 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-11 23:26 - 2014-07-15 11:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-10 20:31 - 2008-01-21 13:10 - 01661594 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 20:31 - 2008-01-21 13:09 - 00695484 _____ () C:\Windows\system32\perfh007.dat
2015-04-10 20:31 - 2008-01-21 13:09 - 00156942 _____ () C:\Windows\system32\perfc007.dat
2015-04-09 00:43 - 2013-11-06 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 21:50 - 2015-02-24 20:29 - 00040654 _____ () C:\Users\David\Desktop\CDListe.ods
2015-04-08 09:00 - 2013-11-09 12:41 - 00000000 ____D () C:\Users\David\AppData\Roaming\DVDVideoSoft
2015-04-08 09:00 - 2013-11-09 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-08 09:00 - 2013-11-09 12:41 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-04-08 08:55 - 2014-12-02 15:40 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-04-06 18:09 - 2014-01-02 15:21 - 00037635 _____ () C:\Users\David\Desktop\ÜFD.ods
2015-04-04 22:48 - 2013-12-09 21:16 - 00000000 ____D () C:\Users\David\AppData\Local\Paint.NET
2015-04-02 00:16 - 2013-10-30 14:06 - 00000000 ____D () C:\Users\David\Documents\Edelweissfestival
2015-03-29 14:11 - 2013-11-06 21:36 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-29 14:11 - 2013-11-06 21:36 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-29 14:11 - 2013-11-06 21:36 - 00003738 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-29 14:10 - 2014-06-24 12:28 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2015-03-29 13:55 - 2014-08-12 20:48 - 00000000 ____D () C:\Windows\erdnt
2015-03-28 23:04 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-28 09:42 - 2015-01-24 17:58 - 00000000 ____D () C:\ProgramData\DatacardService
2015-03-24 21:13 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\Speech
2015-03-24 16:29 - 2006-11-02 15:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-24 16:29 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-03-20 20:43 - 2013-11-08 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-03-20 20:42 - 2013-11-08 16:53 - 00000000 ____D () C:\ProgramData\EPSON
2015-03-19 18:12 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache
2015-03-19 17:56 - 2008-01-01 15:25 - 00105616 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-19 17:55 - 2006-11-02 17:21 - 00404208 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-19 17:46 - 2006-11-02 15:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-19 17:44 - 2014-05-07 12:49 - 00010355 _____ () C:\Windows\DirectX.log
2015-03-19 17:36 - 2013-11-06 21:32 - 01610780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-15 22:36 - 2015-03-10 01:45 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2015-03-13 14:52 - 2014-07-15 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-13 14:52 - 2014-07-15 11:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-13 14:52 - 2013-11-08 17:05 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-13 03:03 - 2014-05-07 12:13 - 00000000 ____D () C:\ProgramData\Origin
2015-03-13 02:31 - 2013-11-08 18:13 - 00116736 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-13 01:44 - 2015-03-10 21:58 - 00017946 _____ () C:\Users\David\Documents\MVUA3MANV.ods

==================== Files in the root of some directories =======

2014-01-04 18:23 - 2014-01-04 18:23 - 0000115 _____ () C:\Users\David\AppData\Roaming\WB.CFG
2014-01-04 18:23 - 2014-01-04 18:23 - 0000005 _____ () C:\Users\David\AppData\Roaming\WBPU-TTL.DAT
2014-08-14 10:45 - 2015-02-04 23:18 - 0000680 _____ () C:\Users\David\AppData\Local\d3d9caps.dat
2008-01-01 15:24 - 2014-08-14 10:45 - 0001460 _____ () C:\Users\David\AppData\Local\d3d9caps64.dat
2013-11-08 18:13 - 2015-03-13 02:31 - 0116736 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-06 17:29 - 2013-11-06 22:39 - 0268666 _____ () C:\Users\David\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2013-11-06 17:29 - 2013-11-06 17:29 - 0000002 _____ () C:\Users\David\AppData\Local\dd_dotnetfx35error.txt
2013-11-06 17:32 - 2013-11-06 17:32 - 0000002 _____ () C:\Users\David\AppData\Local\dd_dotnetfx35error_lp.txt
2013-11-06 17:29 - 2013-11-06 17:33 - 0228116 _____ () C:\Users\David\AppData\Local\dd_dotnetfx35install.txt
2013-11-06 17:32 - 2013-11-06 22:40 - 0154428 _____ () C:\Users\David\AppData\Local\dd_dotnetfx35install_lp.txt
2013-11-06 22:39 - 2013-11-06 22:40 - 1229320 _____ () C:\Users\David\AppData\Local\dd_NET_Framework35_LangPack_MSI18EF.txt
2013-11-06 17:32 - 2013-11-06 17:32 - 0614680 _____ () C:\Users\David\AppData\Local\dd_NET_Framework35_LangPack_MSI2DA9.txt
2013-11-06 17:31 - 2013-11-06 17:32 - 1880528 _____ () C:\Users\David\AppData\Local\dd_NET_Framework35_x64_MSI2D0C.txt
2013-11-08 16:03 - 2013-11-08 16:06 - 0441932 _____ () C:\Users\David\AppData\Local\dd_vcredistMSI061A.txt
2013-11-08 16:06 - 2013-11-08 16:09 - 0444780 _____ () C:\Users\David\AppData\Local\dd_vcredistMSI07ED.txt
2013-11-13 17:20 - 2013-11-13 17:21 - 0429134 _____ () C:\Users\David\AppData\Local\dd_vcredistMSI47AC.txt
2013-11-13 17:25 - 2013-11-13 17:26 - 0437880 _____ () C:\Users\David\AppData\Local\dd_vcredistMSI4B7D.txt
2013-11-08 16:03 - 2013-11-08 16:06 - 0199040 _____ () C:\Users\David\AppData\Local\dd_vcredistUI061A.txt
2013-11-08 16:06 - 2013-11-08 16:09 - 0199024 _____ () C:\Users\David\AppData\Local\dd_vcredistUI07ED.txt
2013-11-13 17:20 - 2013-11-13 17:21 - 0011398 _____ () C:\Users\David\AppData\Local\dd_vcredistUI47AC.txt
2013-11-13 17:25 - 2013-11-13 17:26 - 0011444 _____ () C:\Users\David\AppData\Local\dd_vcredistUI4B7D.txt
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\David\AppData\Local\setup.txt
2013-11-06 17:29 - 2013-11-06 22:40 - 0006524 _____ () C:\Users\David\AppData\Local\uxeventlog.txt
2015-03-04 17:29 - 2015-03-04 17:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\David\AppData\Local\temp\Quarantine.exe
C:\Users\David\AppData\Local\temp\sqlite3.dll
C:\Users\David\AppData\Local\temp\tmd_34011224.exe
C:\Users\David\AppData\Local\temp\tmd_34014760.exe
C:\Users\David\AppData\Local\temp\tmd_34018644.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-12 19:02

==================== End Of Log ============================
--- --- ---

--- --- ---


Liebe Grüße

warum gibt das soviele Adw Fenster?!

schrauber 13.04.2015 09:07
keine Ahnung :)



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Alas B. 13.04.2015 12:34
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=743aee4c1ebeb04091f449e1b126a5a8
# engine=23352
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-13 11:05:17
# local_time=2015-04-13 01:05:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5270480 70229233 0 0
# scanned=224729
# found=21
# cleaned=21
# scan_time=6503
sh=09E369F9EA069BC141F0D34DC18AEC3ABBA77F6B ft=1 fh=241f3ea108f7cde2 vn="Variante von Win32/Adware.Vonteera.L Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Convertor\Convertor.exe.vir"
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoConverter\VideoConverter.exe.vir"
sh=09E369F9EA069BC141F0D34DC18AEC3ABBA77F6B ft=1 fh=241f3ea108f7cde2 vn="Variante von Win32/Adware.Vonteera.L Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Winsta\bin\Winsta.exe.vir"
sh=12A81C015E84CAB1346754690B8683E3D0F5C542 ft=1 fh=2038865bafb4f80a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\David\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=CC52EE1298EA7A344B1C0CD7D03D1A059C77FD39 ft=1 fh=d235b59034f549ec vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\David\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=930F6C24088B7CB47481D4EDD64A873A817E73FC ft=1 fh=44fb5a4b02bb1a4e vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\David\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\David\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=A5273D1822B1661B65305EB7B8AC383A6F1A903B ft=1 fh=6817fad5ae4a527e vn="Variante von Win32/Adware.Synatix.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\David\AppData\Roaming\Windows Net Data\uninstaller.exe.vir"
sh=7B67B98084BAAE0455ED8DB0CD493615FA3C803A ft=0 fh=0000000000000000 vn="Win32/Adware.Vonteera.L Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\David\AppData\Local\Mozilla\Firefox\Profiles\qj6qiaax.default-1423695041531\cache2\entries\A664990E0538D15DBEBE18657BB24484E14D378E.xBAD"
sh=576AF25E81ACD8C4AB68B6BB4333EB2A66E48E3C ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qj6qiaax.default-1423695041531\extensions\veggy@veggyAddon.com\chrome\content\main.js.xBAD"
sh=09E369F9EA069BC141F0D34DC18AEC3ABBA77F6B ft=1 fh=241f3ea108f7cde2 vn="Variante von Win32/Adware.Vonteera.L Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\David\AppData\Roaming\PDFConvert\SWUpdate.exe.xBAD"
sh=A2A621BC4263312E6E9268DE177F0D69D08611DC ft=1 fh=31688d33b9a64798 vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\David\Desktop\MP3CutterSetup.exe.xBAD"
sh=8B4ACCE3B5EAD6793F00E36A2C922B7EF0DF078C ft=1 fh=4b66cfac9d022a83 vn="Win32/DownloadGuide.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\David\Desktop\MP3CutterSetup_CB-DL-Manager.exe.xBAD"
sh=F7260CE69E39008609AC6570C2013A39315C46F5 ft=1 fh=c8129b0266621a88 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\E\System Volume Information\_restore{5A5BC448-F71D-4EAA-8945-6E7545CD1B15}\RP177\A0093489.exe.xBAD"
sh=F7C72C5EC5334C58465B8A4257978531B19C4098 ft=1 fh=0ab1d01b6bb0271d vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\E\System Volume Information\_restore{5A5BC448-F71D-4EAA-8945-6E7545CD1B15}\RP177\A0093490.exe.xBAD"
sh=457335C7D7CF3B76BDA5156BDFC9D2E55F5EB26E ft=1 fh=733834ea60493ef0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\E\System Volume Information\_restore{5A5BC448-F71D-4EAA-8945-6E7545CD1B15}\RP177\A0093506.exe.xBAD"
sh=B4D23D013B9AEE43AA21003D985D5DFA63F1EDE1 ft=1 fh=a62db2a7c5ecec2e vn="Variante von Win32/FusionCore.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\David\AppData\Local\temp\tmd_34011224.exe"
sh=B4D23D013B9AEE43AA21003D985D5DFA63F1EDE1 ft=1 fh=a62db2a7c5ecec2e vn="Variante von Win32/FusionCore.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\David\AppData\Local\temp\tmd_34014760.exe"
sh=4A690F859CC190ECBBE9A6F5C5ED2C76BBE50F67 ft=1 fh=67ac1c50662980be vn="Variante von Win32/FusionCore.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\David\AppData\Local\temp\tmd_34018644.exe"
sh=A81AAC78A7D7C160D53595409AD56E822587E49A ft=1 fh=7f70e4f4aadfa75c vn="Variante von Win32/FusionCore.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\David\AppData\Local\temp\is-Q4Q67.tmp\Fusion.dll"
sh=A81AAC78A7D7C160D53595409AD56E822587E49A ft=1 fh=7f70e4f4aadfa75c vn="Variante von Win32/FusionCore.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\David\AppData\Local\temp\is-RDVMM.tmp\Fusion.dll"
Code:
Results of screen317's Security Check version 1.00 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.9016) 
 Java 8 Update 40 
 Adobe Flash Player        17.0.0.134 
 Adobe Reader 10.1.13 Adobe Reader out of Date! 
 Mozilla Firefox (37.0.1)
 Mozilla Thunderbird (31.6.0)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 WinPatrol winpatrol.exe
 Ruiware WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by David (administrator) on DAVID-PC on 13-04-2015 13:31:29
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
HKLM\...\Run: [SpywareTerminatorUpdater] => "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2918414357-155064948-848676807-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2918414357-155064948-848676807-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2918414357-155064948-848676807-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2918414357-155064948-848676807-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.uwz.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\25zoxg0b.default-1428832164326
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-29] ()
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-01] (Electronic Arts)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S1 Beep; No ImagePath
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2000-01-01] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [377560 2000-01-01] (Realsil Semiconductor Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-03-06] (SlimWare Utilities, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_cdcecm; system32\DRIVERS\ew_cdcecm.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 mv61xx; system32\DRIVERS\mv61xx.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 13:28 - 2015-04-13 13:28 - 00852616 _____ () C:\Users\David\Desktop\SecurityCheck.exe
2015-04-13 11:14 - 2015-04-13 11:14 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-13 11:13 - 2015-04-13 11:13 - 02347384 _____ (ESET) C:\Users\David\Desktop\esetsmartinstaller_deu.exe
2015-04-12 19:05 - 2015-04-12 19:05 - 00029400 _____ () C:\Users\David\Desktop\FRST2.txt
2015-04-12 19:04 - 2015-04-12 19:04 - 00000000 ____D () C:\Users\David\Desktop\FRST-OlderVersion
2015-04-12 19:03 - 2015-04-12 19:03 - 00000634 _____ () C:\Users\David\Desktop\JRT.txt
2015-04-12 18:58 - 2015-04-12 18:58 - 02686959 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2015-04-12 18:56 - 2015-04-12 18:56 - 00020434 _____ () C:\Users\David\Desktop\AdwCleaner[S0].txt
2015-04-12 18:44 - 2015-04-12 18:44 - 02217984 _____ () C:\Users\David\Desktop\AdwCleaner_4.201.exe
2015-04-12 16:19 - 2015-04-12 16:19 - 00013705 _____ () C:\Users\David\Desktop\gmer.odt
2015-04-12 15:42 - 2015-04-12 15:42 - 00380416 _____ () C:\Users\David\Desktop\Gmer-19357.exe
2015-04-12 15:41 - 2015-04-12 15:41 - 00021543 _____ () C:\Users\David\Desktop\Addition.txt
2015-04-12 15:40 - 2015-04-13 13:31 - 00010640 _____ () C:\Users\David\Desktop\FRST.txt
2015-04-12 15:39 - 2015-04-12 19:04 - 02096640 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-04-12 15:38 - 2015-04-12 15:42 - 00000472 _____ () C:\Users\David\Desktop\defogger_disable.log
2015-04-12 15:37 - 2015-04-12 15:37 - 00050477 _____ () C:\Users\David\Desktop\Defogger.exe
2015-04-12 12:53 - 2015-04-12 12:53 - 00380416 _____ () C:\Users\David\Downloads\Gmer-19357(2).exe
2015-04-12 12:51 - 2015-04-12 12:51 - 02095616 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2015-04-12 12:49 - 2015-04-12 12:50 - 00000472 _____ () C:\Users\David\Downloads\defogger_disable.log
2015-04-12 12:49 - 2015-04-12 12:49 - 00050477 _____ () C:\Users\David\Downloads\Defogger.exe
2015-04-12 11:05 - 2015-04-12 11:05 - 00000000 _____ () C:\Users\David\Downloads\delfix_10.9(1).exedentifier
2015-04-11 23:55 - 2015-04-11 23:55 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAVID-PC-Windows-Vista-(TM)-Home-Premium-(64-bit).dat
2015-04-10 21:59 - 2015-04-10 21:59 - 00002504 _____ () C:\Users\David\Documents\mbam-log-2015-04-10 (21-47-54).xml
2015-04-08 19:45 - 2015-04-08 19:48 - 00000000 ____D () C:\Users\David\Desktop\Remission
2015-04-08 14:50 - 2015-04-08 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-08 09:17 - 2015-04-10 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-07 20:07 - 2015-04-08 20:41 - 00000000 ____D () C:\Users\David\Desktop\Shock Therapy Mix
2015-04-07 19:35 - 2015-04-07 20:22 - 00000000 ____D () C:\Users\David\Desktop\Burning From The Inside
2015-04-07 19:28 - 2015-04-07 20:22 - 00000000 ____D () C:\Users\David\Desktop\The Sky's Gone Out
2015-04-07 18:53 - 2015-04-07 20:22 - 00000000 ____D () C:\Users\David\Desktop\Mask
2015-04-02 21:46 - 2015-04-12 20:14 - 00018719 _____ () C:\Users\David\Desktop\planberlinfahrzeuge.ods
2015-04-02 14:18 - 2015-04-02 14:18 - 00000000 ____D () C:\Users\David\Desktop\Verbrannte Erde
2015-04-02 13:56 - 2015-04-02 15:10 - 00000000 ____D () C:\Users\David\Desktop\Amen 81 Stadtfeind fehlt 1 Song
2015-04-02 00:18 - 2015-04-02 00:18 - 00019952 _____ () C:\Users\David\Desktop\Abrechnung Edelweißpiraten Festival 2011 Postenbezogen.ods
2015-04-01 12:47 - 2015-04-01 12:47 - 00001005 _____ () C:\Users\David\Desktop\OpenOffice Writer.lnk
2015-03-29 16:59 - 2015-03-29 16:59 - 00000000 _____ () C:\Windows\system32\RENA25C.tmp
2015-03-29 15:14 - 2015-03-29 15:14 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-03-29 14:16 - 2015-04-12 11:23 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-03-29 14:14 - 2015-03-29 14:15 - 167779664 _____ (Emsisoft Ltd. ) C:\Users\David\Downloads\EmsisoftAntiMalwareSetup.exe
2015-03-29 14:08 - 2015-03-29 14:08 - 00000000 _____ () C:\Windows\SysWOW64\RENFC20.tmp
2015-03-29 14:07 - 2015-03-29 14:07 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-29 14:06 - 2015-03-29 14:06 - 00561064 _____ (Oracle Corporation) C:\Users\David\Downloads\jxpiinstall.exe
2015-03-29 14:02 - 2015-03-29 14:03 - 40824144 _____ () C:\Users\David\Downloads\FirefoxSetup36.0.1.exe
2015-03-29 13:54 - 2015-03-29 13:55 - 00000000 ___SD () C:\32788R22FWJFW
2015-03-28 12:18 - 2015-03-28 12:18 - 00000399 _____ () C:\Users\David\Desktop\Musik - Verknüpfung.lnk
2015-03-28 09:23 - 2015-03-29 14:05 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-28 09:23 - 2015-03-29 14:05 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-28 09:11 - 2015-03-29 16:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-26 10:42 - 2015-03-26 10:42 - 00002504 _____ () C:\Users\David\Documents\mbam-log-2015-03-26 (09-27-28).xml
2015-03-25 20:02 - 2015-03-26 11:30 - 00022183 _____ () C:\Users\David\Documents\drschultes.odt
2015-03-25 13:06 - 2015-03-26 10:50 - 00001208 _____ () C:\mbam.txt
2015-03-24 23:38 - 2015-03-24 23:38 - 00000969 _____ () C:\Users\David\Desktop\OpenOffice Calc.lnk
2015-03-24 16:30 - 2015-03-24 21:12 - 00000000 ____D () C:\Users\David\AppData\Roaming\jellylam
2015-03-24 16:30 - 2015-03-24 16:30 - 00003756 _____ () C:\Windows\System32\Tasks\keepup
2015-03-24 16:30 - 2015-03-24 16:30 - 00003232 _____ () C:\Windows\System32\Tasks\DriverMgr
2015-03-22 12:49 - 2015-03-22 12:49 - 00000000 ____D () C:\Users\David\AppData\Roaming\dlg
2015-03-22 12:48 - 2015-03-22 12:48 - 00001064 _____ () C:\Users\Public\Desktop\Free MP3 Cutter and Editor.lnk
2015-03-22 12:48 - 2015-03-22 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseTips
2015-03-22 12:48 - 2015-03-22 12:48 - 00000000 ____D () C:\Program Files (x86)\MuseTips
2015-03-22 12:47 - 2015-03-28 09:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\PDFConvert
2015-03-22 12:47 - 2015-03-22 12:47 - 00000991 _____ () C:\Users\David\Desktop\DocToPDFConverter.lnk
2015-03-22 12:47 - 2015-03-22 12:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DocToPDFConverter
2015-03-22 12:47 - 2015-03-22 12:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\DocToPDFConverter
2015-03-22 12:45 - 2015-03-12 12:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-03-22 12:45 - 2015-03-12 12:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-03-22 12:41 - 2015-03-22 12:41 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVG
2015-03-22 12:37 - 2015-03-22 12:37 - 00000000 ____D () C:\Users\David\AppData\Local\Avg
2015-03-22 12:36 - 2015-03-22 12:41 - 00000000 ____D () C:\ProgramData\AVG
2015-03-20 20:42 - 2009-10-01 04:01 - 00088064 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBGGE.DLL
2015-03-20 20:42 - 2007-04-10 02:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2015-03-20 20:41 - 2015-03-20 20:41 - 17837184 _____ () C:\Users\David\Desktop\epson377220eu.exe
2015-03-19 18:56 - 2015-03-19 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-19 18:53 - 2015-03-19 18:53 - 00000000 ____D () C:\ProgramData\Sun
2015-03-19 18:52 - 2015-03-29 14:08 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-19 18:51 - 2015-03-19 18:52 - 42925480 _____ (Oracle Corporation) C:\Users\David\Desktop\jre-8u40-windows-x64.exe
2015-03-19 17:51 - 2015-03-19 17:51 - 00000000 ____D () C:\Windows\de
2015-03-19 17:49 - 2015-03-19 17:49 - 00001241 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-03-19 17:49 - 2015-03-19 17:49 - 00001172 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-03-19 17:48 - 2015-03-19 17:48 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-03-19 17:48 - 2015-03-19 17:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-19 17:47 - 2015-03-19 17:48 - 00002039 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-03-19 17:46 - 2015-03-19 17:51 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-03-19 17:46 - 2015-03-19 17:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-03-19 17:46 - 2015-03-19 17:46 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-19 17:46 - 2012-03-08 19:40 - 00048488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2015-03-19 17:45 - 2015-03-19 17:46 - 00000000 ____D () C:\Program Files\Windows Live
2015-03-19 17:44 - 2009-09-04 18:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-03-19 17:44 - 2009-09-04 18:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-03-19 17:44 - 2009-09-04 18:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-03-19 17:44 - 2009-09-04 18:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-03-19 17:44 - 2006-11-29 14:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-03-19 17:44 - 2006-11-29 14:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-03-19 17:43 - 2015-03-19 17:43 - 00000000 ____D () C:\Users\David\AppData\Local\Windows Live
2015-03-19 17:43 - 2009-08-04 10:12 - 01103872 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-03-19 17:43 - 2009-08-04 10:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2015-03-19 17:30 - 2015-03-19 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-19 17:29 - 2015-03-19 17:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-16 20:48 - 2015-04-12 11:29 - 00001368 _____ () C:\DelFix.txt
2015-03-15 22:36 - 2015-03-15 22:36 - 05409016 _____ (Canneverbe Limited ) C:\Users\David\Desktop\cdbxp_setup_4.5.4.5306_minimal.exe
2015-03-15 22:36 - 2015-03-15 22:36 - 00000954 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-03-15 22:36 - 2015-03-15 22:36 - 00000904 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-03-14 00:30 - 2015-03-14 17:55 - 00000872 _____ () C:\Users\David\Desktop\Jodix Free WMA to MP3 Converter.lnk
2015-03-14 00:30 - 2015-03-14 17:55 - 00000000 ____D () C:\Program Files (x86)\Free WMA to MP3 Converter
2015-03-14 00:30 - 2015-03-14 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 13:31 - 2015-03-13 14:20 - 00000000 ____D () C:\FRST
2015-04-13 13:02 - 2013-11-06 21:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 12:40 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 12:40 - 2006-11-02 17:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 12:23 - 2008-01-21 03:53 - 01192418 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 11:13 - 2008-01-21 13:10 - 01661594 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-13 11:13 - 2008-01-21 13:09 - 00695484 _____ () C:\Windows\system32\perfh007.dat
2015-04-13 11:13 - 2008-01-21 13:09 - 00156942 _____ () C:\Windows\system32\perfc007.dat
2015-04-13 10:40 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 10:40 - 2006-11-02 17:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-12 21:50 - 2006-11-02 17:42 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-12 18:54 - 2014-05-04 12:21 - 00000000 ____D () C:\AdwCleaner
2015-04-12 16:26 - 2014-07-15 11:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-12 16:01 - 2008-01-01 15:24 - 00000000 ____D () C:\Users\David
2015-04-12 11:23 - 2008-01-21 05:26 - 00754936 _____ () C:\Windows\PFRO.log
2015-04-11 23:46 - 2015-03-12 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-11 23:26 - 2014-07-15 11:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-09 00:43 - 2013-11-06 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 21:50 - 2015-02-24 20:29 - 00040654 _____ () C:\Users\David\Desktop\CDListe.ods
2015-04-08 09:00 - 2013-11-09 12:41 - 00000000 ____D () C:\Users\David\AppData\Roaming\DVDVideoSoft
2015-04-08 09:00 - 2013-11-09 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-08 09:00 - 2013-11-09 12:41 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-04-08 08:55 - 2014-12-02 15:40 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-04-06 18:09 - 2014-01-02 15:21 - 00037635 _____ () C:\Users\David\Desktop\ÜFD.ods
2015-04-04 22:48 - 2013-12-09 21:16 - 00000000 ____D () C:\Users\David\AppData\Local\Paint.NET
2015-04-02 00:16 - 2013-10-30 14:06 - 00000000 ____D () C:\Users\David\Documents\Edelweissfestival
2015-03-29 14:11 - 2013-11-06 21:36 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-29 14:11 - 2013-11-06 21:36 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-29 14:11 - 2013-11-06 21:36 - 00003738 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-29 14:10 - 2014-06-24 12:28 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2015-03-29 13:55 - 2014-08-12 20:48 - 00000000 ____D () C:\Windows\erdnt
2015-03-28 23:04 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-28 09:42 - 2015-01-24 17:58 - 00000000 ____D () C:\ProgramData\DatacardService
2015-03-24 21:13 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\Speech
2015-03-24 16:29 - 2006-11-02 15:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-24 16:29 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-03-20 20:43 - 2013-11-08 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-03-20 20:42 - 2013-11-08 16:53 - 00000000 ____D () C:\ProgramData\EPSON
2015-03-19 18:12 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache
2015-03-19 17:56 - 2008-01-01 15:25 - 00105616 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-19 17:55 - 2006-11-02 17:21 - 00404208 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-19 17:46 - 2006-11-02 15:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-19 17:44 - 2014-05-07 12:49 - 00010355 _____ () C:\Windows\DirectX.log
2015-03-19 17:36 - 2013-11-06 21:32 - 01610780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-15 22:36 - 2015-03-10 01:45 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP

==================== Files in the root of some directories =======

2014-01-04 18:23 - 2014-01-04 18:23 - 0000115 _____ () C:\Users\David\AppData\Roaming\WB.CFG
2014-01-04 18:23 - 2014-01-04 18:23 - 0000005 _____ () C:\Users\David\AppData\Roaming\WBPU-TTL.DAT
2014-08-14 10:45 - 2015-02-04 23:18 - 0000680 _____ () C:\Users\David\AppData\Local\d3d9caps.dat
2008-01-01 15:24 - 2014-08-14 10:45 - 0001460 _____ () C:\Users\David\AppData\Local\d3d9caps64.dat
2013-11-08 18:13 - 2015-03-13 02:31 - 0116736 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-06 17:29 - 2013-11-06 22:39 - 0268666 _____ () C:\Users\David\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2013-11-06 17:29 - 2013-11-06 17:29 - 0000002 _____ () C:\Users\David\AppData\Local\dd_dotnetfx35error.txt
2013-11-06 17:32 - 2013-11-06 17:32 - 0000002 _____ () C:\Users\David\AppData\Local\dd_dotnetfx35error_lp.txt
2013-11-06 17:29 - 2013-11-06 17:33 - 0228116 _____ () C:\Users\David\AppData\Local\dd_dotnetfx35install.txt
2013-11-06 17:32 - 2013-11-06 22:40 - 0154428 _____ () C:\Users\David\AppData\Local\dd_dotnetfx35install_lp.txt
2013-11-06 22:39 - 2013-11-06 22:40 - 1229320 _____ () C:\Users\David\AppData\Local\dd_NET_Framework35_LangPack_MSI18EF.txt
2013-11-06 17:32 - 2013-11-06 17:32 - 0614680 _____ () C:\Users\David\AppData\Local\dd_NET_Framework35_LangPack_MSI2DA9.txt
2013-11-06 17:31 - 2013-11-06 17:32 - 1880528 _____ () C:\Users\David\AppData\Local\dd_NET_Framework35_x64_MSI2D0C.txt
2013-11-08 16:03 - 2013-11-08 16:06 - 0441932 _____ () C:\Users\David\AppData\Local\dd_vcredistMSI061A.txt
2013-11-08 16:06 - 2013-11-08 16:09 - 0444780 _____ () C:\Users\David\AppData\Local\dd_vcredistMSI07ED.txt
2013-11-13 17:20 - 2013-11-13 17:21 - 0429134 _____ () C:\Users\David\AppData\Local\dd_vcredistMSI47AC.txt
2013-11-13 17:25 - 2013-11-13 17:26 - 0437880 _____ () C:\Users\David\AppData\Local\dd_vcredistMSI4B7D.txt
2013-11-08 16:03 - 2013-11-08 16:06 - 0199040 _____ () C:\Users\David\AppData\Local\dd_vcredistUI061A.txt
2013-11-08 16:06 - 2013-11-08 16:09 - 0199024 _____ () C:\Users\David\AppData\Local\dd_vcredistUI07ED.txt
2013-11-13 17:20 - 2013-11-13 17:21 - 0011398 _____ () C:\Users\David\AppData\Local\dd_vcredistUI47AC.txt
2013-11-13 17:25 - 2013-11-13 17:26 - 0011444 _____ () C:\Users\David\AppData\Local\dd_vcredistUI4B7D.txt
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\David\AppData\Local\setup.txt
2013-11-06 17:29 - 2013-11-06 22:40 - 0006524 _____ () C:\Users\David\AppData\Local\uxeventlog.txt
2015-03-04 17:29 - 2015-03-04 17:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\David\AppData\Local\temp\Quarantine.exe
C:\Users\David\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-13 10:46

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

ja Mozilla stürzt weiter ab. :-(

schrauber 13.04.2015 15:58
Adobe updaten.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\FRST\Quarantine\E\System Volume Information\_restore{5A5BC448-F71D-4EAA-8945-6E7545CD1B15}\RP177\A0093506.exe.xBAD

C:\Users\David\AppData\Local\temp\tmd_34011224.exe

C:\Users\David\AppData\Local\temp\tmd_34014760.exe

C:\Users\David\AppData\Local\temp\tmd_34018644.exe

C:\Users\David\AppData\Local\temp\is-Q4Q67.tmp\Fusion.dll

C:\Users\David\AppData\Local\temp\is-RDVMM.tmp\Fusion.dll
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Alas B. 13.04.2015 16:56
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015
Ran by David at 2015-04-13 17:52:10 Run:4
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\FRST\Quarantine\E\System Volume Information\_restore{5A5BC448-F71D-4EAA-8945-6E7545CD1B15}\RP177\A0093506.exe.xBAD

C:\Users\David\AppData\Local\temp\tmd_34011224.exe

C:\Users\David\AppData\Local\temp\tmd_34014760.exe

C:\Users\David\AppData\Local\temp\tmd_34018644.exe

C:\Users\David\AppData\Local\temp\is-Q4Q67.tmp\Fusion.dll

C:\Users\David\AppData\Local\temp\is-RDVMM.tmp\Fusion.dll
Emptytemp:
       
*****************

"C:\FRST\Quarantine\E\System Volume Information\_restore{5A5BC448-F71D-4EAA-8945-6E7545CD1B15}\RP177\A0093506.exe.xBAD" => File/Directory not found.
"C:\Users\David\AppData\Local\temp\tmd_34011224.exe" => File/Directory not found.
"C:\Users\David\AppData\Local\temp\tmd_34014760.exe" => File/Directory not found.
"C:\Users\David\AppData\Local\temp\tmd_34018644.exe" => File/Directory not found.
"C:\Users\David\AppData\Local\temp\is-Q4Q67.tmp\Fusion.dll" => File/Directory not found.
"C:\Users\David\AppData\Local\temp\is-RDVMM.tmp\Fusion.dll" => File/Directory not found.
EmptyTemp: => Removed 1.4 GB temporary data.


The system needed a reboot.

==== End of Fixlog 17:52:32 ====

schrauber 14.04.2015 06:59
Noch Probleme?

Alas B. 14.04.2015 14:57
Nein. :)

schrauber 15.04.2015 05:58
http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131