Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner snap.do (https://www.trojaner-board.de/151527-trojaner-snap-do.html)

Ani1 26.03.2014 11:46
Trojaner snap.do
 
Hallo,

ich habe mir den Trojaner snap.do eingefangen. Ich habe ihn zuerst aus der Systemsteuerung bei Software deinstalliert. Dort ist er seitdem auch nicht mehr zu finden. Jedes Mal wenn ich den Browser öffne, wird mir ein Fenster angezeigt: Seite wiederherstellen. Gehe darauf kommt snap.do. Klicke ich auf "nein" und lösche die Seite in den Chrome Einstellungen, ist sie trotzdem wieder da sobald ich einen neuen Tab öffne.
Ich habe im Forum bereits Beiträge dazu gelesen und die dort genannte Software runtergeladen. Trotzdem ist der Trojaner noch da.
Ich nutze Windows 8 und den Chrome Browser.
Den Browser hab ich auch schon deinstalliert und neu runter geladen. Der Trojaner war sofort wieder da.
Kann mir vielleicht jemand helfen den Trojaner von meinem Rechner zu bekommen? Ich danke Euch im vorraus. Ani

schrauber 26.03.2014 12:21
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Ani1 26.03.2014 13:36
Erstmal vielen Dank für Deine Antwort.

FRST.txt lautet:
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Ani (administrator) on LENOVO-PC on 26-03-2014 13:27:29
Running from C:\Users\Ani\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) C:\Users\Ani\Desktop\Disk Speedup\DSUDefragSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Spotify Ltd) C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UMonit64] - C:\WINDOWS\SysWOW64\UMonit64.exe [40960 2013-02-28] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-07-17] (Synaptics Incorporated)
HKLM\...\Run: [RtsFT] - C:\WINDOWS\RTFTrack.exe [6340312 2013-08-03] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15792112 2013-11-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] - C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [101360 2013-11-05] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-28] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\d84bbf2d-f51c-4963-9165-87aed1693e5c.exe /check [181136 2014-03-26] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] ( (Atheros Communications))
HKU\S-1-5-21-3821535056-3605009046-4233020135-1001\...\Run: [Spotify] - C:\Users\Ani\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-30] (Spotify Ltd)
HKU\S-1-5-21-3821535056-3605009046-4233020135-1001\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-3821535056-3605009046-4233020135-1001\...\Run: [Spotify Web Helper] - C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-30] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {EF90F642-B8E6-4E6C-A71A-C406192758C7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
BHO: MediaPlayerEnhance - {11111111-1111-1111-1111-110411411150} - C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho64.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF SearchPlugin: C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\searchplugins\buenosearch.xml
FF Extension: MediaPlayerEnhance - C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com [2014-02-13]
FF Extension: Savings Wizard - C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\Extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C} [2014-01-27]
FF Extension: DownloadHelper - C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-17]
FF Extension: Extension_Protected - C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-27]

Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=DE&userid=9486a3f2-f59b-4aad-0475-5f902fcf1f02&searchtype=hp&installDate={installDate}
CHR Extension: (Google Docs) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-28]
CHR Extension: (Google Drive) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-28]
CHR Extension: (YouTube) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-28]
CHR Extension: (Google-Suche) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-28]
CHR Extension: (avast! Online Security) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-28]
CHR Extension: (Google Wallet) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
CHR Extension: (Google Mail) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-28]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-28] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-26] (AVAST Software)
R2 DSUDiskOptimizer; C:\Users\Ani\Desktop\Disk Speedup\DSUDefragSrv64.exe [692008 2013-02-06] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free))
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-05] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [28184 2014-02-26] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [78648 2014-01-28] (AVAST Software)
R1 aswNdisFlt; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [440672 2014-02-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2014-01-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-28] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1038072 2014-01-28] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [421704 2014-01-28] (AVAST Software)
R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [80184 2014-01-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-28] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [79592 2013-02-22] (GenesysLogic)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-09] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8873688 2013-08-03] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-07-17] (Synaptics Incorporated)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-26 13:27 - 2014-03-26 13:27 - 00015400 _____ () C:\Users\Ani\Downloads\FRST.txt
2014-03-26 13:27 - 2014-03-26 13:27 - 00000000 ____D () C:\FRST
2014-03-26 13:25 - 2014-03-26 13:26 - 02157056 _____ (Farbar) C:\Users\Ani\Downloads\FRST64.exe
2014-03-26 13:23 - 2014-03-26 13:25 - 01145856 _____ (Farbar) C:\Users\Ani\Downloads\FRST.exe
2014-03-26 13:22 - 2014-03-26 13:22 - 00000000 ____D () C:\Users\Ani\AppData\Local\Intel_Corporation
2014-03-26 11:29 - 2014-03-26 11:30 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-14 18:05 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-03-14 18:05 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-03-14 17:03 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-14 17:03 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-14 17:03 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-03-14 17:03 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-03-14 17:03 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-14 17:03 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-14 17:03 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-14 17:03 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-03-14 17:03 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-14 17:03 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-14 17:03 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-14 17:03 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-03-14 17:03 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-03-14 17:03 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-03-14 17:03 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-03-14 17:03 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-03-14 17:03 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-14 17:03 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-14 17:03 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-03-14 17:03 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-14 17:03 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-14 17:03 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-14 17:03 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-14 17:03 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-03-14 17:03 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-14 17:03 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-03-14 17:03 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-03-14 17:03 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-03-14 17:03 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-03-14 17:03 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-03-14 17:03 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-03-14 17:03 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-03-14 17:03 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-03-14 17:03 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-14 17:03 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-14 17:03 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-14 17:02 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-14 17:02 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 08:00 - 2014-03-12 08:00 - 00987442 _____ () C:\Users\Ani\Downloads\SecurityCheck.exe
2014-03-12 07:59 - 2014-03-12 07:59 - 00165376 _____ () C:\Users\Ani\Downloads\SystemLook_x64.exe
2014-03-11 20:37 - 2014-03-11 20:37 - 02347384 _____ (ESET) C:\Users\Ani\Downloads\esetsmartinstaller_enu.exe
2014-03-11 20:37 - 2014-03-11 20:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-11 20:35 - 2014-03-11 20:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-11 20:34 - 2014-03-11 20:34 - 01037734 _____ (Thisisu) C:\Users\Ani\Downloads\JRT.exe
2014-03-11 20:27 - 2014-03-11 20:27 - 01949184 _____ () C:\Users\Ani\Downloads\adwcleaner (2).exe
2014-03-11 20:26 - 2014-03-11 20:27 - 01949184 _____ () C:\Users\Ani\Downloads\adwcleaner (1).exe
2014-03-11 18:58 - 2014-03-11 18:58 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-11 18:58 - 2014-03-11 18:58 - 00000000 ____D () C:\Users\Ani\AppData\Roaming\Malwarebytes
2014-03-11 18:57 - 2014-03-11 18:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 18:57 - 2014-03-11 18:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-11 18:57 - 2014-03-11 18:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 18:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-11 18:56 - 2014-03-11 18:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-08 15:31 - 2014-03-16 16:07 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-08 15:29 - 2014-03-08 15:30 - 00000000 ____D () C:\Users\Ani\AppData\Local\Deployment
2014-03-08 15:29 - 2014-03-08 15:29 - 00000000 ____D () C:\Users\Ani\AppData\Local\Apps\2.0
2014-03-08 12:09 - 2014-03-11 20:30 - 00000000 ____D () C:\AdwCleaner
2014-03-08 12:08 - 2014-03-08 12:08 - 01244192 _____ () C:\Users\Ani\Downloads\adwcleaner.exe
2014-03-07 16:57 - 2014-03-07 16:58 - 00000000 ____D () C:\Users\Ani\www.apowersoft.com
2014-03-06 19:17 - 2014-03-06 19:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-06 19:16 - 2014-03-06 19:16 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-03-06 19:16 - 2014-03-06 19:16 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-03-06 19:16 - 2014-03-06 19:16 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-03-06 19:16 - 2014-03-06 19:16 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-03-06 19:16 - 2014-03-06 19:16 - 00000000 ____D () C:\ProgramData\Sun
2014-03-06 19:16 - 2014-03-06 19:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-06 19:15 - 2014-03-06 19:15 - 00921000 _____ (Oracle Corporation) C:\Users\Ani\Downloads\chromeinstall-7u51.exe
2014-03-06 18:12 - 2014-03-26 11:32 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-06 18:12 - 2014-03-06 18:12 - 00000000 ____D () C:\ProgramData\Sony
2014-03-06 18:12 - 2014-03-06 18:12 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-26 17:54 - 2014-03-03 09:40 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-02-26 17:51 - 2014-02-26 17:51 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-26 16:23 - 2014-02-26 16:23 - 00440672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswndisflt.sys
2014-02-26 16:23 - 2014-02-26 16:23 - 00001983 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-02-26 16:22 - 2014-02-26 16:22 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-02-26 16:21 - 2014-02-26 16:21 - 00001651 _____ () C:\Users\Ani\Downloads\License.avastlic
2014-02-26 16:21 - 2014-02-26 16:21 - 00001651 _____ () C:\Users\Ani\Downloads\License (2).avastlic
2014-02-26 16:21 - 2014-02-26 16:21 - 00001651 _____ () C:\Users\Ani\Downloads\License (1).avastlic

==================== One Month Modified Files and Folders =======

2014-03-26 13:27 - 2014-03-26 13:27 - 00015400 _____ () C:\Users\Ani\Downloads\FRST.txt
2014-03-26 13:27 - 2014-03-26 13:27 - 00000000 ____D () C:\FRST
2014-03-26 13:26 - 2014-03-26 13:25 - 02157056 _____ (Farbar) C:\Users\Ani\Downloads\FRST64.exe
2014-03-26 13:25 - 2014-03-26 13:23 - 01145856 _____ (Farbar) C:\Users\Ani\Downloads\FRST.exe
2014-03-26 13:22 - 2014-03-26 13:22 - 00000000 ____D () C:\Users\Ani\AppData\Local\Intel_Corporation
2014-03-26 13:05 - 2014-01-28 14:48 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-26 13:02 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-26 11:32 - 2014-03-06 18:12 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-26 11:32 - 2013-11-05 13:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-26 11:32 - 2013-11-05 12:59 - 00229676 _____ () C:\WINDOWS\DPINST.LOG
2014-03-26 11:31 - 2014-01-30 16:25 - 00000000 ____D () C:\Users\Ani\AppData\Roaming\Spotify
2014-03-26 11:31 - 2014-01-28 14:49 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-03-26 11:31 - 2014-01-28 14:48 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-26 11:30 - 2014-03-26 11:29 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-26 11:30 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-26 11:26 - 2013-11-05 12:59 - 01867761 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-26 11:25 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-03-17 15:04 - 2014-01-14 05:45 - 00000000 ___RD () C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-17 15:04 - 2014-01-14 05:45 - 00000000 ___RD () C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-17 15:01 - 2013-11-05 14:01 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2014-03-17 15:01 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-16 16:07 - 2014-03-08 15:31 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-12 08:00 - 2014-03-12 08:00 - 00987442 _____ () C:\Users\Ani\Downloads\SecurityCheck.exe
2014-03-12 07:59 - 2014-03-12 07:59 - 00165376 _____ () C:\Users\Ani\Downloads\SystemLook_x64.exe
2014-03-12 02:06 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-12 01:51 - 2014-01-17 15:13 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3821535056-3605009046-4233020135-1001
2014-03-11 20:37 - 2014-03-11 20:37 - 02347384 _____ (ESET) C:\Users\Ani\Downloads\esetsmartinstaller_enu.exe
2014-03-11 20:37 - 2014-03-11 20:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-11 20:35 - 2014-03-11 20:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-11 20:34 - 2014-03-11 20:34 - 01037734 _____ (Thisisu) C:\Users\Ani\Downloads\JRT.exe
2014-03-11 20:30 - 2014-03-08 12:09 - 00000000 ____D () C:\AdwCleaner
2014-03-11 20:30 - 2014-01-14 05:45 - 00001002 _____ () C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-11 20:27 - 2014-03-11 20:27 - 01949184 _____ () C:\Users\Ani\Downloads\adwcleaner (2).exe
2014-03-11 20:27 - 2014-03-11 20:26 - 01949184 _____ () C:\Users\Ani\Downloads\adwcleaner (1).exe
2014-03-11 20:22 - 2013-03-25 22:02 - 00238338 _____ () C:\WINDOWS\PFRO.log
2014-03-11 18:58 - 2014-03-11 18:58 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-11 18:58 - 2014-03-11 18:58 - 00000000 ____D () C:\Users\Ani\AppData\Roaming\Malwarebytes
2014-03-11 18:58 - 2014-03-11 18:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 18:57 - 2014-03-11 18:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-11 18:57 - 2014-03-11 18:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 18:57 - 2014-03-11 18:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-11 18:49 - 2014-01-27 22:20 - 00000000 ____D () C:\Users\Ani\AppData\Local\CrashDumps
2014-03-10 21:35 - 2014-01-30 16:26 - 00000000 ____D () C:\Users\Ani\AppData\Local\Spotify
2014-03-08 15:30 - 2014-03-08 15:29 - 00000000 ____D () C:\Users\Ani\AppData\Local\Deployment
2014-03-08 15:30 - 2014-01-28 14:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-08 15:29 - 2014-03-08 15:29 - 00000000 ____D () C:\Users\Ani\AppData\Local\Apps\2.0
2014-03-08 15:26 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-08 12:08 - 2014-03-08 12:08 - 01244192 _____ () C:\Users\Ani\Downloads\adwcleaner.exe
2014-03-07 17:01 - 2013-11-05 21:40 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2014-03-07 17:01 - 2013-11-05 21:40 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2014-03-07 17:01 - 2012-07-26 08:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-07 16:59 - 2012-07-26 08:21 - 00029375 _____ () C:\WINDOWS\setupact.log
2014-03-07 16:58 - 2014-03-07 16:57 - 00000000 ____D () C:\Users\Ani\www.apowersoft.com
2014-03-07 16:57 - 2014-01-14 05:44 - 00000000 ____D () C:\Users\Ani
2014-03-06 19:17 - 2014-03-06 19:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-06 19:16 - 2014-03-06 19:16 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-03-06 19:16 - 2014-03-06 19:16 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-03-06 19:16 - 2014-03-06 19:16 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-03-06 19:16 - 2014-03-06 19:16 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-03-06 19:16 - 2014-03-06 19:16 - 00000000 ____D () C:\ProgramData\Sun
2014-03-06 19:16 - 2014-03-06 19:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-06 19:15 - 2014-03-06 19:15 - 00921000 _____ (Oracle Corporation) C:\Users\Ani\Downloads\chromeinstall-7u51.exe
2014-03-06 19:14 - 2014-01-28 15:16 - 00000000 ____D () C:\Users\Ani\AppData\Roaming\Free Download Manager
2014-03-06 18:12 - 2014-03-06 18:12 - 00000000 ____D () C:\ProgramData\Sony
2014-03-06 18:12 - 2014-03-06 18:12 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-03-04 23:52 - 2012-07-26 09:14 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:52 - 2012-07-26 09:14 - 00078304 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-03 09:40 - 2014-02-26 17:54 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-02-26 17:54 - 2014-02-13 15:20 - 00025983 _____ () C:\Users\Ani\Documents\Anatomie Herz.odt
2014-02-26 17:51 - 2014-02-26 17:51 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-26 16:23 - 2014-02-26 16:23 - 00440672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswndisflt.sys
2014-02-26 16:23 - 2014-02-26 16:23 - 00001983 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-02-26 16:22 - 2014-02-26 16:22 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-02-26 16:21 - 2014-02-26 16:21 - 00001651 _____ () C:\Users\Ani\Downloads\License.avastlic
2014-02-26 16:21 - 2014-02-26 16:21 - 00001651 _____ () C:\Users\Ani\Downloads\License (2).avastlic
2014-02-26 16:21 - 2014-02-26 16:21 - 00001651 _____ () C:\Users\Ani\Downloads\License (1).avastlic
2014-02-24 20:48 - 2014-02-21 15:33 - 00027966 _____ () C:\Users\Ani\Documents\Zeitstrahl.odt
2014-02-24 20:47 - 2014-02-08 15:39 - 00019029 _____ () C:\Users\Ani\Documents\Biografiearbeit.odt

Some content of TEMP:
====================
C:\Users\Ani\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ani\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Ani\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Ani\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Ani\AppData\Local\Temp\MatroskaSplitter.exe
C:\Users\Ani\AppData\Local\Temp\mbagfrtqqjqcm.exe
C:\Users\Ani\AppData\Local\Temp\mMamStub.exe
C:\Users\Ani\AppData\Local\Temp\Quarantine.exe
C:\Users\Ani\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-08 15:15

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition.txt lautet:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Ani at 2014-03-26 13:28:12
Running from C:\Users\Ani\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 18414980.4759644.48.1997682504 - Audible, Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.24 - Lenovo)
Energy Manager (x32 Version: 1.0.0.24 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Free Download Manager 3.9.3 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.0 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - FreeCodecPack)
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel Experience Center - Configuration (x32 Version: 1.5.0.0 - Intel) Hidden
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel)
Intel(R) Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation)
Intel(R) Experience Center Driver (Version: 1.0.90.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.4241 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.228 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.31 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Restore Points  =========================

18-02-2014 17:17:50 Windows Update
26-02-2014 15:21:31 avast! antivirus system restore point
06-03-2014 17:12:54 Sony PC Companion
16-03-2014 16:51:13 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1D5E12F8-4417-45D1-BB5D-CB9F1AFC3883} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-28] (Google Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {6D840CE5-6F10-4A88-9FFF-42B0941E23B3} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\WINDOWS\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {87422567-F337-4942-AF1F-359E0CD6BAD1} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {8E5E5CEE-3789-4362-A943-59C7B8984ACC} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {A4525684-70A5-4065-B849-5CC285120A5D} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B8881010-1772-4DC2-BF36-DC522B873B46} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
Task: {BBC8AA81-F17C-4AD0-A7C8-6EA9505B70D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-28] (Google Inc.)
Task: {C36B92A8-2357-4D8A-983D-21506529C0D9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CAB829CE-27EB-406B-BE30-9F54C6E4E9AA} - \Advanced System Protector_startup No Task File
Task: {D6D39397-BDEC-4062-9B85-A3AB8C2F768F} - System32\Tasks\PowerBundle_UPDATES => C:\Users\Ani\Desktop\Power Bundle\powerbundle.exe
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F6D7D46C-660E-4106-96DA-3878194622A3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-28] (AVAST Software)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PowerBundle_UPDATES.job => C:\Users\Ani\Desktop\Power Bundle\powerbundle.exe

==================== Loaded Modules (whitelisted) =============

2011-06-22 06:48 - 2011-06-22 06:48 - 00034304 _____ () C:\WINDOWS\System32\ssp7ml6.dll
2013-11-05 14:01 - 2013-11-05 14:01 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-11-05 14:01 - 2013-11-05 14:01 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-05-31 01:23 - 2013-05-31 01:23 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-05-31 01:19 - 2013-05-31 01:19 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-05-31 01:53 - 2013-05-31 01:53 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-11-05 13:41 - 2013-02-28 00:26 - 00040960 _____ () C:\Windows\SysWOW64\UMonit64.exe
2014-03-06 18:12 - 2013-10-31 11:35 - 00070880 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-03-17 15:04 - 2014-03-17 10:20 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031700\algo.dll
2014-03-26 11:31 - 2014-03-26 10:30 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032601\algo.dll
2014-01-28 14:48 - 2014-01-28 14:48 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-08 15:31 - 2014-03-02 03:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-08 15:31 - 2014-03-02 03:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-08 15:31 - 2014-03-02 03:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-08 15:31 - 2014-03-02 03:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-08 15:31 - 2014-03-02 03:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-08 15:31 - 2014-03-02 03:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-03-06 18:12 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-03-06 18:12 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2013-11-05 13:24 - 2013-05-09 13:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2014 03:26:06 PM) (Source: ESENT) (User: )
Description: taskhostex (6884) Versuch, Datei "C:\Users\Ani\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (03/12/2014 03:01:13 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/12/2014 03:00:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/11/2014 08:37:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/11/2014 08:37:13 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/11/2014 08:37:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/11/2014 08:37:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/11/2014 06:44:31 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SpotifyHelper.exe, Version: 0.0.0.0, Zeitstempel: 0x52aad71c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000daa3c
ID des fehlerhaften Prozesses: 0x1490
Startzeit der fehlerhaften Anwendung: 0xSpotifyHelper.exe0
Pfad der fehlerhaften Anwendung: SpotifyHelper.exe1
Pfad des fehlerhaften Moduls: SpotifyHelper.exe2
Berichtskennung: SpotifyHelper.exe3
Vollständiger Name des fehlerhaften Pakets: SpotifyHelper.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SpotifyHelper.exe5

Error: (03/08/2014 03:10:37 PM) (Source: Application Hang) (User: )
Description: Programm adwcleaner.exe, Version 3.0.2.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5d4

Startzeit: 01cf3ad7d597828b

Endzeit: 16

Anwendungspfad: C:\Users\Ani\Downloads\adwcleaner.exe

Berichts-ID: 69d0596d-a6cb-11e3-be83-a4db30ce355c

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/08/2014 02:53:38 PM) (Source: Application Hang) (User: )
Description: Programm adwcleaner.exe, Version 3.0.2.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1ba4

Startzeit: 01cf3abfa7506fa3

Endzeit: 0

Anwendungspfad: C:\Users\Ani\Downloads\adwcleaner.exe

Berichts-ID: 0aa4a51c-a6c9-11e3-be82-a4db30ce355c

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (03/26/2014 11:29:48 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (03/26/2014 11:30:14 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎26.‎03.‎2014 um 11:25:26 unerwartet heruntergefahren.

Error: (03/17/2014 03:07:34 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (03/17/2014 03:02:17 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (03/17/2014 02:59:49 PM) (Source: DCOM) (User: Lenovo-PC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/17/2014 02:59:48 PM) (Source: DCOM) (User: Lenovo-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/17/2014 02:59:47 PM) (Source: DCOM) (User: Lenovo-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/17/2014 02:59:47 PM) (Source: DCOM) (User: Lenovo-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/17/2014 02:59:47 PM) (Source: DCOM) (User: Lenovo-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/17/2014 02:59:47 PM) (Source: DCOM) (User: Lenovo-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (03/16/2014 03:26:06 PM) (Source: ESENT)(User: )
Description: taskhostex6884C:\Users\Ani\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (03/12/2014 03:01:13 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (03/12/2014 03:00:35 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (03/11/2014 08:37:15 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Ani\Downloads\esetsmartinstaller_enu.exe

Error: (03/11/2014 08:37:13 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Ani\Downloads\esetsmartinstaller_enu.exe

Error: (03/11/2014 08:37:08 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Ani\Downloads\esetsmartinstaller_enu.exe

Error: (03/11/2014 08:37:08 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Ani\Downloads\esetsmartinstaller_enu.exe

Error: (03/11/2014 06:44:31 PM) (Source: Application Error)(User: )
Description: SpotifyHelper.exe0.0.0.052aad71cntdll.dll6.2.9200.16578515fac6ec0000374000daa3c149001cf3d518d621aa8C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyHelper.exeC:\WINDOWS\SYSTEM32\ntdll.dllccc7c2a8-a944-11e3-be84-a4db30ce355c

Error: (03/08/2014 03:10:37 PM) (Source: Application Hang)(User: )
Description: adwcleaner.exe3.0.2.05d401cf3ad7d597828b16C:\Users\Ani\Downloads\adwcleaner.exe69d0596d-a6cb-11e3-be83-a4db30ce355c

Error: (03/08/2014 02:53:38 PM) (Source: Application Hang)(User: )
Description: adwcleaner.exe3.0.2.01ba401cf3abfa7506fa30C:\Users\Ani\Downloads\adwcleaner.exe0aa4a51c-a6c9-11e3-be82-a4db30ce355c


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3816.27 MB
Available physical RAM: 2245.91 MB
Total Pagefile: 4456.27 MB
Available Pagefile: 2571.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:425.43 GB) (Free:385.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6194AD74)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

schrauber 27.03.2014 12:02
Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Ani1 01.04.2014 14:37
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 30.03.2014
Suchlauf-Zeit: 20:41:22
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.03.28.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Ani

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 237057
Verstrichene Zeit: 52 Std, 34 Min, 21 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 6
PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{39B931CF-F1E2-4D04-8129-9EE8159A91C5}, In Quarantäne, [8c74f40c6c94e11f26a66c9b0df535cb],
PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CEADAE6E-E08C-4950-BEBF-149EFD998248}, In Quarantäne, [c937f30d9a6612eeece09275dc26a35d],
PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\CLASSES\TypeLib\{39B931CF-F1E2-4D04-8129-9EE8159A91C5}, In Quarantäne, [f90710f04db33bc57f4d13f422e0da26],
PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerEnhance, In Quarantäne, [1be5c13f77890ef2e64fa5bbc042a060],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411411150}, In Quarantäne, [35cb53ad26da3ec2417bde2e18ec6b95],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110411411150}, In Quarantäne, [35cb53ad26da3ec2417bde2e18ec6b95],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[49b7ea16748c00001fcfb356fa0aaa56]

Ordner: 21
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults\preferences, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale\en-US, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\CanvasFramework, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\icons, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.Conduit.A, C:\Users\Ani\AppData\Local\Temp\mam-ct3316263, In Quarantäne, [7d832bd5e02058a82b1e7cd955ad2fd1],
PUP.Optional.Conduit.A, C:\Users\Ani\AppData\Local\Temp\mam-ct3319214, In Quarantäne, [c13fa759c23e758b7acf8cc9ed1523dd],

Dateien: 154
PUP.Optional.BuenoSearch.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\searchplugins\buenosearch.xml, In Quarantäne, [09f743bd3ec2c63a6e84075201011de3],
PUP.Optional.Lightning.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi, In Quarantäne, [3ac68a7605fbc23e5a061e3ce121c23e],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome.manifest, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\install.rdf, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\background.html, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\baseObject.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\browser.xul, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\dialog.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\main.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\options.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\options.xul, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\platformVersion.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\search_dialog.xul, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\asyncDB.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\background.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\browserAction.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\contextMenu.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\dbManager.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\dom_bg.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\fileManager.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\firefox.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\firefoxNotifications.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\firefoxOmnibox.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\message.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\pageAction.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\request.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\tabs.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\webRequest.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\windowsMessagingHandler.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\addressBarChangeObserver.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\console.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\consts.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\delegate.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\extensionDataStore.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\folderIOWrapper.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\httpObserver.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\IDBWrapper.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\installer.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\logFile.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\prefs.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\progressListenerObserver.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\registry.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\reloadObserver.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\reports.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\requestObject.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\searchSettings.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\uninstallObserver.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\updateManager.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\utils.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\xhr.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults\preferences\prefs.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\manifest.xml, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins.json, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\102_dealply_m.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\103_intext_5_m.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\104_jollywallet_m.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\13_CrossriderAppUtils.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\14_CrossriderUtils.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\155_ibario_pops_m.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\16_FFAppAPIWrapper.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\177_crossriderDashboard.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\17_jQuery.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\182_openUrl.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\183_tabsWrapper.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\184_noproblemppc_m.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\190_pops_5_m.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\191_ciuvo_m.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\1_base.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\207_dbWrapper.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\21_debug.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\22_resources.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\28_initializer.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\47_resources_background.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\4_jquery_1_7_1.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\64_appApiMessage.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\72_appApiValidation.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\78_CrossriderInfo.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91_monetizationLoader.js.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\93_superfish_no_coupons_m.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\98_omniCommands.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode\background.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode\extension.js, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale\en-US\translations.dtd, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button1.png, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button2.png, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button3.png, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button4.png, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button5.png, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\crossrider_statusbar.png, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon128.png, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon16.png, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon24.png, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon48.png, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\panelarrow-up.png, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\popup.html, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\skin.css, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.CrossRider.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\update.css, In Quarantäne, [e51b38c849b7ab551d5e3222f80a22de],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\background.html, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\bootstrap.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\chrome.manifest, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\extension_info.json, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\install.rdf, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\appAPI_bg.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\appAPI_browseraction.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\appAPI_common.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\appAPI_content.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\appAPI_settings.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\appAPI_webrequest.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\AppFramework\jquery.min.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\CanvasFramework\canvasscript_engine.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\CanvasFramework\canvas_bg.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\CanvasFramework\md5.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\CanvasFramework\registry.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\CanvasFramework\webrequest.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\backgroundscript_engine.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\base.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\browser.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\chrome_windows.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\console.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\content_proxy.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\framework.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\i18n.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\invoke_async.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\io.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\lang.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\legacy.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\message_target.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\messaging.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\storage.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\timer.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\uninstall.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\userscript_client.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\userscript_engine.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\utils.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework\xhr.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\browser_button.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\contentNotification.tmpl, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\contentNotificationStyle.tmpl, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\content_notifications.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\context_menu.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\framework_api.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\notifications.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\options.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\framework-ui\ui_base.js, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\icons\button.png, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\icons\icon100.png, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\icons\icon128.png, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\icons\icon32.png, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.SavingsWizard.A, C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\extensions\{090AF4A1-CDA6-D91F-096A-378C214EE20C}\icons\icon48.png, In Quarantäne, [9d6301ff1ee2916ffccbbb9953af38c8],
PUP.Optional.Conduit.A, C:\Users\Ani\AppData\Local\Temp\mam-ct3319214\mam_ch.exe, In Quarantäne, [c13fa759c23e758b7acf8cc9ed1523dd],

Physische Sektoren: 0
(No malicious items detected)


(end)

AdwCleaner Logfile:
Code:
# AdwCleaner v3.023 - Bericht erstellt am 01/04/2014 um 15:15:31
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Ani - LENOVO-PC
# Gestartet von : C:\Users\Ani\Downloads\adwcleaner (4).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Datei Gelöscht : C:\Users\Public\Desktop\RegClean Pro.lnk

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Mozilla Firefox v

[ Datei : C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [17812 octets] - [08/03/2014 13:09:22]
AdwCleaner[R1].txt - [17812 octets] - [08/03/2014 13:15:11]
AdwCleaner[R2].txt - [17934 octets] - [08/03/2014 16:09:41]
AdwCleaner[R3].txt - [9108 octets] - [11/03/2014 21:27:53]
AdwCleaner[R4].txt - [1360 octets] - [01/04/2014 15:14:33]
AdwCleaner[S0].txt - [7616 octets] - [11/03/2014 21:30:06]
AdwCleaner[S1].txt - [1283 octets] - [01/04/2014 15:15:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1343 octets] ##########
--- --- ---JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8 x64
Ran by Ani on 01.04.2014 at 15:21:36,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.04.2014 at 15:33:06,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Ani (administrator) on LENOVO-PC on 01-04-2014 15:35:36
Running from C:\Users\Ani\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) C:\Users\Ani\Desktop\Disk Speedup\DSUDefragSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Spotify Ltd) C:\Users\Ani\AppData\Roaming\Spotify\spotify.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Spotify Ltd) C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UMonit64] - C:\WINDOWS\SysWOW64\UMonit64.exe [40960 2013-02-28] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-07-17] (Synaptics Incorporated)
HKLM\...\Run: [RtsFT] - C:\WINDOWS\RTFTrack.exe [6340312 2013-08-03] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15792112 2013-11-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] - C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [101360 2013-11-05] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-28] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] ( (Atheros Communications))
HKU\S-1-5-21-3821535056-3605009046-4233020135-1001\...\Run: [Spotify] - C:\Users\Ani\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-30] (Spotify Ltd)
HKU\S-1-5-21-3821535056-3605009046-4233020135-1001\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-3821535056-3605009046-4233020135-1001\...\Run: [Spotify Web Helper] - C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-30] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {EF90F642-B8E6-4E6C-A71A-C406192758C7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Extension: DownloadHelper - C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-17]

Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=DE&userid=9486a3f2-f59b-4aad-0475-5f902fcf1f02&searchtype=hp&installDate={installDate}
CHR Extension: (Google Docs) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-28]
CHR Extension: (Google Drive) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-28]
CHR Extension: (YouTube) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-28]
CHR Extension: (Google-Suche) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-28]
CHR Extension: (avast! Online Security) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-28]
CHR Extension: (Google Wallet) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
CHR Extension: (Google Mail) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-28]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-28] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-26] (AVAST Software)
R2 DSUDiskOptimizer; C:\Users\Ani\Desktop\Disk Speedup\DSUDefragSrv64.exe [692008 2013-02-06] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free))
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-09] (Intel Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-05] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [28184 2014-02-26] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [78648 2014-01-28] (AVAST Software)
R1 aswNdisFlt; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [440672 2014-02-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2014-01-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-28] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1038072 2014-01-28] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [421704 2014-01-28] (AVAST Software)
S3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [80184 2014-01-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-28] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [79592 2013-02-22] (GenesysLogic)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-09] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8873688 2013-08-03] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-07-17] (Synaptics Incorporated)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-01 15:33 - 2014-04-01 15:33 - 00000728 _____ () C:\Users\Ani\Desktop\JRT.txt
2014-04-01 15:32 - 2014-04-01 15:32 - 00000000 _____ () C:\Users\Ani\Downloads\Nicht bestätigt 783938.crdownload
2014-04-01 15:21 - 2014-04-01 15:21 - 01038974 _____ (Thisisu) C:\Users\Ani\Downloads\JRT (1).exe
2014-04-01 15:13 - 2014-04-01 15:13 - 01426178 _____ () C:\Users\Ani\Downloads\adwcleaner (4).exe
2014-04-01 15:12 - 2014-04-01 15:12 - 01426178 _____ () C:\Users\Ani\Downloads\adwcleaner (3).exe
2014-04-01 15:11 - 2014-04-01 15:11 - 00046808 _____ () C:\Users\Ani\Desktop\mbam.txt
2014-03-28 16:45 - 2014-04-01 15:09 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 16:45 - 2014-03-28 16:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-28 16:45 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-28 16:45 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-28 16:44 - 2014-03-28 16:44 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 16:42 - 2014-03-28 16:42 - 00001279 _____ () C:\Users\Ani\Desktop\Revo Uninstaller.lnk
2014-03-28 16:42 - 2014-03-28 16:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-28 16:41 - 2014-03-28 16:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ani\Downloads\revosetup95.exe
2014-03-26 23:34 - 2014-03-26 23:34 - 00000314 _____ () C:\Users\Ani\Downloads\BK_HOER_000950DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:34 - 2014-03-26 23:34 - 00000308 _____ () C:\Users\Ani\Downloads\BK_RHDE_001662DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:33 - 2014-03-26 23:33 - 00000314 _____ () C:\Users\Ani\Downloads\BK_HOER_001223DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:33 - 2014-03-26 23:33 - 00000294 _____ () C:\Users\Ani\Downloads\BK_LUEB_000979DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:23 - 2014-03-26 23:23 - 00000292 _____ () C:\Users\Ani\Downloads\BK_HOER_001263DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:21 - 2014-03-26 23:21 - 00000289 _____ () C:\Users\Ani\Downloads\BK_HAMB_000650DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 15:11 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-26 15:11 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-26 14:28 - 2014-03-26 14:28 - 00028298 _____ () C:\Users\Ani\Downloads\Addition.txt
2014-03-26 14:27 - 2014-04-01 15:35 - 00013840 _____ () C:\Users\Ani\Downloads\FRST.txt
2014-03-26 14:27 - 2014-04-01 15:35 - 00000000 ____D () C:\FRST
2014-03-26 14:25 - 2014-03-26 14:26 - 02157056 _____ (Farbar) C:\Users\Ani\Downloads\FRST64.exe
2014-03-26 14:23 - 2014-03-26 14:25 - 01145856 _____ (Farbar) C:\Users\Ani\Downloads\FRST.exe
2014-03-26 14:22 - 2014-03-26 14:22 - 00000000 ____D () C:\Users\Ani\AppData\Local\Intel_Corporation
2014-03-26 12:29 - 2014-03-26 12:30 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-14 19:05 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-03-14 19:05 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-03-14 18:03 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-14 18:03 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-14 18:03 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-03-14 18:03 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-03-14 18:03 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-14 18:03 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-14 18:03 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-14 18:03 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-03-14 18:03 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-14 18:03 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-14 18:03 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-03-14 18:03 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-03-14 18:03 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-03-14 18:03 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-03-14 18:03 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-14 18:03 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-14 18:03 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-14 18:02 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-14 18:02 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 09:00 - 2014-03-12 09:00 - 00987442 _____ () C:\Users\Ani\Downloads\SecurityCheck.exe
2014-03-12 08:59 - 2014-03-12 08:59 - 00165376 _____ () C:\Users\Ani\Downloads\SystemLook_x64.exe
2014-03-11 21:37 - 2014-03-11 21:37 - 02347384 _____ (ESET) C:\Users\Ani\Downloads\esetsmartinstaller_enu.exe
2014-03-11 21:37 - 2014-03-11 21:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-11 21:35 - 2014-03-11 21:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-11 21:34 - 2014-03-11 21:34 - 01037734 _____ (Thisisu) C:\Users\Ani\Downloads\JRT.exe
2014-03-11 21:27 - 2014-03-11 21:27 - 01949184 _____ () C:\Users\Ani\Downloads\adwcleaner (2).exe
2014-03-11 21:26 - 2014-03-11 21:27 - 01949184 _____ () C:\Users\Ani\Downloads\adwcleaner (1).exe
2014-03-11 19:58 - 2014-03-28 16:45 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-11 19:58 - 2014-03-28 16:45 - 00000000 ____D () C:\Users\Ani\AppData\Roaming\Malwarebytes
2014-03-11 19:57 - 2014-03-28 16:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 19:57 - 2014-03-11 19:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-11 19:57 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-11 19:56 - 2014-03-11 19:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-08 16:31 - 2014-03-16 17:07 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-08 16:29 - 2014-03-08 16:30 - 00000000 ____D () C:\Users\Ani\AppData\Local\Deployment
2014-03-08 16:29 - 2014-03-08 16:29 - 00000000 ____D () C:\Users\Ani\AppData\Local\Apps\2.0
2014-03-08 13:09 - 2014-04-01 15:15 - 00000000 ____D () C:\AdwCleaner
2014-03-08 13:08 - 2014-03-08 13:08 - 01244192 _____ () C:\Users\Ani\Downloads\adwcleaner.exe
2014-03-07 17:57 - 2014-03-07 17:58 - 00000000 ____D () C:\Users\Ani\Apowersoft - Multimedia Solutions for Business and Daily Needs
2014-03-06 20:17 - 2014-03-06 20:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-06 20:16 - 2014-03-06 20:16 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-03-06 20:16 - 2014-03-06 20:16 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-03-06 20:16 - 2014-03-06 20:16 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-03-06 20:16 - 2014-03-06 20:16 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-03-06 20:16 - 2014-03-06 20:16 - 00000000 ____D () C:\ProgramData\Sun
2014-03-06 20:16 - 2014-03-06 20:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-06 20:15 - 2014-03-06 20:15 - 00921000 _____ (Oracle Corporation) C:\Users\Ani\Downloads\chromeinstall-7u51.exe
2014-03-06 19:12 - 2014-03-26 12:32 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-06 19:12 - 2014-03-06 19:12 - 00000000 ____D () C:\ProgramData\Sony
2014-03-06 19:12 - 2014-03-06 19:12 - 00000000 ____D () C:\Program Files (x86)\Sony

==================== One Month Modified Files and Folders =======

2014-04-01 15:35 - 2014-03-26 14:27 - 00013840 _____ () C:\Users\Ani\Downloads\FRST.txt
2014-04-01 15:35 - 2014-03-26 14:27 - 00000000 ____D () C:\FRST
2014-04-01 15:33 - 2014-04-01 15:33 - 00000728 _____ () C:\Users\Ani\Desktop\JRT.txt
2014-04-01 15:32 - 2014-04-01 15:32 - 00000000 _____ () C:\Users\Ani\Downloads\Nicht bestätigt 783938.crdownload
2014-04-01 15:32 - 2014-01-30 17:25 - 00000000 ____D () C:\Users\Ani\AppData\Roaming\Spotify
2014-04-01 15:29 - 2014-01-17 16:13 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3821535056-3605009046-4233020135-1001
2014-04-01 15:21 - 2014-04-01 15:21 - 01038974 _____ (Thisisu) C:\Users\Ani\Downloads\JRT (1).exe
2014-04-01 15:21 - 2013-11-05 22:40 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-01 15:21 - 2013-11-05 22:40 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-01 15:21 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-01 15:17 - 2014-01-28 15:48 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-01 15:17 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-01 15:16 - 2013-11-05 15:01 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2014-04-01 15:16 - 2013-11-05 13:59 - 01141780 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-01 15:16 - 2013-03-25 23:02 - 00284526 _____ () C:\WINDOWS\PFRO.log
2014-04-01 15:16 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-04-01 15:15 - 2014-03-08 13:09 - 00000000 ____D () C:\AdwCleaner
2014-04-01 15:13 - 2014-04-01 15:13 - 01426178 _____ () C:\Users\Ani\Downloads\adwcleaner (4).exe
2014-04-01 15:12 - 2014-04-01 15:12 - 01426178 _____ () C:\Users\Ani\Downloads\adwcleaner (3).exe
2014-04-01 15:11 - 2014-04-01 15:11 - 00046808 _____ () C:\Users\Ani\Desktop\mbam.txt
2014-04-01 15:09 - 2014-03-28 16:45 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 15:07 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-28 18:05 - 2014-01-28 15:48 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 16:45 - 2014-03-28 16:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-28 16:45 - 2014-03-11 19:58 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-28 16:45 - 2014-03-11 19:58 - 00000000 ____D () C:\Users\Ani\AppData\Roaming\Malwarebytes
2014-03-28 16:45 - 2014-03-11 19:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 16:44 - 2014-03-28 16:44 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 16:42 - 2014-03-28 16:42 - 00001279 _____ () C:\Users\Ani\Desktop\Revo Uninstaller.lnk
2014-03-28 16:42 - 2014-03-28 16:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-28 16:41 - 2014-03-28 16:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ani\Downloads\revosetup95.exe
2014-03-27 12:42 - 2014-02-13 20:43 - 00000000 ____D () C:\Users\Ani\AppData\Local\Audible
2014-03-26 23:34 - 2014-03-26 23:34 - 00000314 _____ () C:\Users\Ani\Downloads\BK_HOER_000950DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:34 - 2014-03-26 23:34 - 00000308 _____ () C:\Users\Ani\Downloads\BK_RHDE_001662DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:33 - 2014-03-26 23:33 - 00000314 _____ () C:\Users\Ani\Downloads\BK_HOER_001223DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:33 - 2014-03-26 23:33 - 00000294 _____ () C:\Users\Ani\Downloads\BK_LUEB_000979DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:23 - 2014-03-26 23:23 - 00000292 _____ () C:\Users\Ani\Downloads\BK_HOER_001263DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:21 - 2014-03-26 23:21 - 00000289 _____ () C:\Users\Ani\Downloads\BK_HAMB_000650DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 21:33 - 2014-01-30 17:26 - 00000000 ____D () C:\Users\Ani\AppData\Local\Spotify
2014-03-26 21:31 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-26 21:31 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-26 21:31 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-26 21:31 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-26 21:31 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-26 20:50 - 2014-01-21 17:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-26 20:49 - 2014-01-21 17:00 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-26 20:49 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-26 14:28 - 2014-03-26 14:28 - 00028298 _____ () C:\Users\Ani\Downloads\Addition.txt
2014-03-26 14:26 - 2014-03-26 14:25 - 02157056 _____ (Farbar) C:\Users\Ani\Downloads\FRST64.exe
2014-03-26 14:25 - 2014-03-26 14:23 - 01145856 _____ (Farbar) C:\Users\Ani\Downloads\FRST.exe
2014-03-26 14:22 - 2014-03-26 14:22 - 00000000 ____D () C:\Users\Ani\AppData\Local\Intel_Corporation
2014-03-26 12:32 - 2014-03-06 19:12 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-26 12:32 - 2013-11-05 14:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-26 12:32 - 2013-11-05 13:59 - 00229676 _____ () C:\WINDOWS\DPINST.LOG
2014-03-26 12:31 - 2014-01-28 15:49 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-03-26 12:30 - 2014-03-26 12:29 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-17 16:04 - 2014-01-14 06:45 - 00000000 ___RD () C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-17 16:04 - 2014-01-14 06:45 - 00000000 ___RD () C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-17 16:01 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-16 17:07 - 2014-03-08 16:31 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-12 09:00 - 2014-03-12 09:00 - 00987442 _____ () C:\Users\Ani\Downloads\SecurityCheck.exe
2014-03-12 08:59 - 2014-03-12 08:59 - 00165376 _____ () C:\Users\Ani\Downloads\SystemLook_x64.exe
2014-03-12 03:06 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-11 21:37 - 2014-03-11 21:37 - 02347384 _____ (ESET) C:\Users\Ani\Downloads\esetsmartinstaller_enu.exe
2014-03-11 21:37 - 2014-03-11 21:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-11 21:35 - 2014-03-11 21:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-11 21:34 - 2014-03-11 21:34 - 01037734 _____ (Thisisu) C:\Users\Ani\Downloads\JRT.exe
2014-03-11 21:30 - 2014-01-14 06:45 - 00001002 _____ () C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-11 21:27 - 2014-03-11 21:27 - 01949184 _____ () C:\Users\Ani\Downloads\adwcleaner (2).exe
2014-03-11 21:27 - 2014-03-11 21:26 - 01949184 _____ () C:\Users\Ani\Downloads\adwcleaner (1).exe
2014-03-11 19:57 - 2014-03-11 19:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-11 19:57 - 2014-03-11 19:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-11 19:49 - 2014-01-27 23:20 - 00000000 ____D () C:\Users\Ani\AppData\Local\CrashDumps
2014-03-08 16:30 - 2014-03-08 16:29 - 00000000 ____D () C:\Users\Ani\AppData\Local\Deployment
2014-03-08 16:30 - 2014-01-28 15:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-08 16:29 - 2014-03-08 16:29 - 00000000 ____D () C:\Users\Ani\AppData\Local\Apps\2.0
2014-03-08 13:08 - 2014-03-08 13:08 - 01244192 _____ () C:\Users\Ani\Downloads\adwcleaner.exe
2014-03-07 17:59 - 2012-07-26 09:21 - 00029375 _____ () C:\WINDOWS\setupact.log
2014-03-07 17:58 - 2014-03-07 17:57 - 00000000 ____D () C:\Users\Ani\Apowersoft - Multimedia Solutions for Business and Daily Needs
2014-03-07 17:57 - 2014-01-14 06:44 - 00000000 ____D () C:\Users\Ani
2014-03-06 20:17 - 2014-03-06 20:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-06 20:16 - 2014-03-06 20:16 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-03-06 20:16 - 2014-03-06 20:16 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-03-06 20:16 - 2014-03-06 20:16 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-03-06 20:16 - 2014-03-06 20:16 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-03-06 20:16 - 2014-03-06 20:16 - 00000000 ____D () C:\ProgramData\Sun
2014-03-06 20:16 - 2014-03-06 20:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-06 20:15 - 2014-03-06 20:15 - 00921000 _____ (Oracle Corporation) C:\Users\Ani\Downloads\chromeinstall-7u51.exe
2014-03-06 20:14 - 2014-01-28 16:16 - 00000000 ____D () C:\Users\Ani\AppData\Roaming\Free Download Manager
2014-03-06 19:12 - 2014-03-06 19:12 - 00000000 ____D () C:\ProgramData\Sony
2014-03-06 19:12 - 2014-03-06 19:12 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-03-05 10:26 - 2014-03-28 16:45 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-28 16:45 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-11 19:57 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-05 00:52 - 2012-07-26 10:14 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:52 - 2012-07-26 10:14 - 00078304 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-03 10:40 - 2014-02-26 18:54 - 00000072 _____ () C:\Users\Public\LMDebug.log

Some content of TEMP:
====================
C:\Users\Ani\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ani\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Ani\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Ani\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Ani\AppData\Local\Temp\MatroskaSplitter.exe
C:\Users\Ani\AppData\Local\Temp\mbagfrtqqjqcm.exe
C:\Users\Ani\AppData\Local\Temp\mMamStub.exe
C:\Users\Ani\AppData\Local\Temp\Quarantine.exe
C:\Users\Ani\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-08 16:15

==================== End Of Log ============================
--- --- ---

--- --- ---

Ani1 01.04.2014 14:39

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Ani (administrator) on LENOVO-PC on 01-04-2014 15:35:36
Running from C:\Users\Ani\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) C:\Users\Ani\Desktop\Disk Speedup\DSUDefragSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Spotify Ltd) C:\Users\Ani\AppData\Roaming\Spotify\spotify.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Spotify Ltd) C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UMonit64] - C:\WINDOWS\SysWOW64\UMonit64.exe [40960 2013-02-28] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-07-17] (Synaptics Incorporated)
HKLM\...\Run: [RtsFT] - C:\WINDOWS\RTFTrack.exe [6340312 2013-08-03] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15792112 2013-11-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] - C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [101360 2013-11-05] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-28] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] ( (Atheros Communications))
HKU\S-1-5-21-3821535056-3605009046-4233020135-1001\...\Run: [Spotify] - C:\Users\Ani\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-30] (Spotify Ltd)
HKU\S-1-5-21-3821535056-3605009046-4233020135-1001\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-3821535056-3605009046-4233020135-1001\...\Run: [Spotify Web Helper] - C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-30] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {EF90F642-B8E6-4E6C-A71A-C406192758C7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Extension: DownloadHelper - C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-17]

Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=DE&userid=9486a3f2-f59b-4aad-0475-5f902fcf1f02&searchtype=hp&installDate={installDate}
CHR Extension: (Google Docs) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-28]
CHR Extension: (Google Drive) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-28]
CHR Extension: (YouTube) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-28]
CHR Extension: (Google-Suche) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-28]
CHR Extension: (avast! Online Security) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-28]
CHR Extension: (Google Wallet) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-28]
CHR Extension: (Google Mail) - C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-28]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-28] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-26] (AVAST Software)
R2 DSUDiskOptimizer; C:\Users\Ani\Desktop\Disk Speedup\DSUDefragSrv64.exe [692008 2013-02-06] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free))
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-09] (Intel Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-05] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [28184 2014-02-26] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [78648 2014-01-28] (AVAST Software)
R1 aswNdisFlt; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [440672 2014-02-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2014-01-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-28] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1038072 2014-01-28] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [421704 2014-01-28] (AVAST Software)
S3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [80184 2014-01-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-28] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [79592 2013-02-22] (GenesysLogic)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-09] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8873688 2013-08-03] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-07-17] (Synaptics Incorporated)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-01 15:33 - 2014-04-01 15:33 - 00000728 _____ () C:\Users\Ani\Desktop\JRT.txt
2014-04-01 15:32 - 2014-04-01 15:32 - 00000000 _____ () C:\Users\Ani\Downloads\Nicht bestätigt 783938.crdownload
2014-04-01 15:21 - 2014-04-01 15:21 - 01038974 _____ (Thisisu) C:\Users\Ani\Downloads\JRT (1).exe
2014-04-01 15:13 - 2014-04-01 15:13 - 01426178 _____ () C:\Users\Ani\Downloads\adwcleaner (4).exe
2014-04-01 15:12 - 2014-04-01 15:12 - 01426178 _____ () C:\Users\Ani\Downloads\adwcleaner (3).exe
2014-04-01 15:11 - 2014-04-01 15:11 - 00046808 _____ () C:\Users\Ani\Desktop\mbam.txt
2014-03-28 16:45 - 2014-04-01 15:09 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 16:45 - 2014-03-28 16:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-28 16:45 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-28 16:45 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-28 16:44 - 2014-03-28 16:44 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 16:42 - 2014-03-28 16:42 - 00001279 _____ () C:\Users\Ani\Desktop\Revo Uninstaller.lnk
2014-03-28 16:42 - 2014-03-28 16:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-28 16:41 - 2014-03-28 16:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ani\Downloads\revosetup95.exe
2014-03-26 23:34 - 2014-03-26 23:34 - 00000314 _____ () C:\Users\Ani\Downloads\BK_HOER_000950DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:34 - 2014-03-26 23:34 - 00000308 _____ () C:\Users\Ani\Downloads\BK_RHDE_001662DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:33 - 2014-03-26 23:33 - 00000314 _____ () C:\Users\Ani\Downloads\BK_HOER_001223DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:33 - 2014-03-26 23:33 - 00000294 _____ () C:\Users\Ani\Downloads\BK_LUEB_000979DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:23 - 2014-03-26 23:23 - 00000292 _____ () C:\Users\Ani\Downloads\BK_HOER_001263DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:21 - 2014-03-26 23:21 - 00000289 _____ () C:\Users\Ani\Downloads\BK_HAMB_000650DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 15:11 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-26 15:11 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-26 14:28 - 2014-03-26 14:28 - 00028298 _____ () C:\Users\Ani\Downloads\Addition.txt
2014-03-26 14:27 - 2014-04-01 15:35 - 00013840 _____ () C:\Users\Ani\Downloads\FRST.txt
2014-03-26 14:27 - 2014-04-01 15:35 - 00000000 ____D () C:\FRST
2014-03-26 14:25 - 2014-03-26 14:26 - 02157056 _____ (Farbar) C:\Users\Ani\Downloads\FRST64.exe
2014-03-26 14:23 - 2014-03-26 14:25 - 01145856 _____ (Farbar) C:\Users\Ani\Downloads\FRST.exe
2014-03-26 14:22 - 2014-03-26 14:22 - 00000000 ____D () C:\Users\Ani\AppData\Local\Intel_Corporation
2014-03-26 12:29 - 2014-03-26 12:30 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-14 19:05 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-03-14 19:05 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-03-14 18:03 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-14 18:03 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-14 18:03 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-03-14 18:03 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-03-14 18:03 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-14 18:03 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-14 18:03 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-14 18:03 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-03-14 18:03 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-03-14 18:03 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-14 18:03 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-14 18:03 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-03-14 18:03 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-03-14 18:03 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-03-14 18:03 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-03-14 18:03 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-03-14 18:03 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-14 18:03 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-14 18:03 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-14 18:02 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-14 18:02 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 09:00 - 2014-03-12 09:00 - 00987442 _____ () C:\Users\Ani\Downloads\SecurityCheck.exe
2014-03-12 08:59 - 2014-03-12 08:59 - 00165376 _____ () C:\Users\Ani\Downloads\SystemLook_x64.exe
2014-03-11 21:37 - 2014-03-11 21:37 - 02347384 _____ (ESET) C:\Users\Ani\Downloads\esetsmartinstaller_enu.exe
2014-03-11 21:37 - 2014-03-11 21:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-11 21:35 - 2014-03-11 21:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-11 21:34 - 2014-03-11 21:34 - 01037734 _____ (Thisisu) C:\Users\Ani\Downloads\JRT.exe
2014-03-11 21:27 - 2014-03-11 21:27 - 01949184 _____ () C:\Users\Ani\Downloads\adwcleaner (2).exe
2014-03-11 21:26 - 2014-03-11 21:27 - 01949184 _____ () C:\Users\Ani\Downloads\adwcleaner (1).exe
2014-03-11 19:58 - 2014-03-28 16:45 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-11 19:58 - 2014-03-28 16:45 - 00000000 ____D () C:\Users\Ani\AppData\Roaming\Malwarebytes
2014-03-11 19:57 - 2014-03-28 16:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 19:57 - 2014-03-11 19:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-11 19:57 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-11 19:56 - 2014-03-11 19:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-08 16:31 - 2014-03-16 17:07 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-08 16:29 - 2014-03-08 16:30 - 00000000 ____D () C:\Users\Ani\AppData\Local\Deployment
2014-03-08 16:29 - 2014-03-08 16:29 - 00000000 ____D () C:\Users\Ani\AppData\Local\Apps\2.0
2014-03-08 13:09 - 2014-04-01 15:15 - 00000000 ____D () C:\AdwCleaner
2014-03-08 13:08 - 2014-03-08 13:08 - 01244192 _____ () C:\Users\Ani\Downloads\adwcleaner.exe
2014-03-07 17:57 - 2014-03-07 17:58 - 00000000 ____D () C:\Users\Ani\Apowersoft - Multimedia Solutions for Business and Daily Needs
2014-03-06 20:17 - 2014-03-06 20:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-06 20:16 - 2014-03-06 20:16 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-03-06 20:16 - 2014-03-06 20:16 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-03-06 20:16 - 2014-03-06 20:16 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-03-06 20:16 - 2014-03-06 20:16 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-03-06 20:16 - 2014-03-06 20:16 - 00000000 ____D () C:\ProgramData\Sun
2014-03-06 20:16 - 2014-03-06 20:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-06 20:15 - 2014-03-06 20:15 - 00921000 _____ (Oracle Corporation) C:\Users\Ani\Downloads\chromeinstall-7u51.exe
2014-03-06 19:12 - 2014-03-26 12:32 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-06 19:12 - 2014-03-06 19:12 - 00000000 ____D () C:\ProgramData\Sony
2014-03-06 19:12 - 2014-03-06 19:12 - 00000000 ____D () C:\Program Files (x86)\Sony

==================== One Month Modified Files and Folders =======

2014-04-01 15:35 - 2014-03-26 14:27 - 00013840 _____ () C:\Users\Ani\Downloads\FRST.txt
2014-04-01 15:35 - 2014-03-26 14:27 - 00000000 ____D () C:\FRST
2014-04-01 15:33 - 2014-04-01 15:33 - 00000728 _____ () C:\Users\Ani\Desktop\JRT.txt
2014-04-01 15:32 - 2014-04-01 15:32 - 00000000 _____ () C:\Users\Ani\Downloads\Nicht bestätigt 783938.crdownload
2014-04-01 15:32 - 2014-01-30 17:25 - 00000000 ____D () C:\Users\Ani\AppData\Roaming\Spotify
2014-04-01 15:29 - 2014-01-17 16:13 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3821535056-3605009046-4233020135-1001
2014-04-01 15:21 - 2014-04-01 15:21 - 01038974 _____ (Thisisu) C:\Users\Ani\Downloads\JRT (1).exe
2014-04-01 15:21 - 2013-11-05 22:40 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-01 15:21 - 2013-11-05 22:40 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-01 15:21 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-01 15:17 - 2014-01-28 15:48 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-01 15:17 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-01 15:16 - 2013-11-05 15:01 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2014-04-01 15:16 - 2013-11-05 13:59 - 01141780 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-01 15:16 - 2013-03-25 23:02 - 00284526 _____ () C:\WINDOWS\PFRO.log
2014-04-01 15:16 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-04-01 15:15 - 2014-03-08 13:09 - 00000000 ____D () C:\AdwCleaner
2014-04-01 15:13 - 2014-04-01 15:13 - 01426178 _____ () C:\Users\Ani\Downloads\adwcleaner (4).exe
2014-04-01 15:12 - 2014-04-01 15:12 - 01426178 _____ () C:\Users\Ani\Downloads\adwcleaner (3).exe
2014-04-01 15:11 - 2014-04-01 15:11 - 00046808 _____ () C:\Users\Ani\Desktop\mbam.txt
2014-04-01 15:09 - 2014-03-28 16:45 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 15:07 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-28 18:05 - 2014-01-28 15:48 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-28 16:45 - 2014-03-28 16:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-28 16:45 - 2014-03-11 19:58 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-28 16:45 - 2014-03-11 19:58 - 00000000 ____D () C:\Users\Ani\AppData\Roaming\Malwarebytes
2014-03-28 16:45 - 2014-03-11 19:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 16:44 - 2014-03-28 16:44 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-28 16:42 - 2014-03-28 16:42 - 00001279 _____ () C:\Users\Ani\Desktop\Revo Uninstaller.lnk
2014-03-28 16:42 - 2014-03-28 16:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-28 16:41 - 2014-03-28 16:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ani\Downloads\revosetup95.exe
2014-03-27 12:42 - 2014-02-13 20:43 - 00000000 ____D () C:\Users\Ani\AppData\Local\Audible
2014-03-26 23:34 - 2014-03-26 23:34 - 00000314 _____ () C:\Users\Ani\Downloads\BK_HOER_000950DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:34 - 2014-03-26 23:34 - 00000308 _____ () C:\Users\Ani\Downloads\BK_RHDE_001662DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:33 - 2014-03-26 23:33 - 00000314 _____ () C:\Users\Ani\Downloads\BK_HOER_001223DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:33 - 2014-03-26 23:33 - 00000294 _____ () C:\Users\Ani\Downloads\BK_LUEB_000979DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:23 - 2014-03-26 23:23 - 00000292 _____ () C:\Users\Ani\Downloads\BK_HOER_001263DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 23:21 - 2014-03-26 23:21 - 00000289 _____ () C:\Users\Ani\Downloads\BK_HAMB_000650DE_LC_128_44100_ste_AYM3O9O05MPIP.adh
2014-03-26 21:33 - 2014-01-30 17:26 - 00000000 ____D () C:\Users\Ani\AppData\Local\Spotify
2014-03-26 21:31 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-26 21:31 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-26 21:31 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-26 21:31 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-26 21:31 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-26 20:50 - 2014-01-21 17:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-26 20:49 - 2014-01-21 17:00 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-26 20:49 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-26 14:28 - 2014-03-26 14:28 - 00028298 _____ () C:\Users\Ani\Downloads\Addition.txt
2014-03-26 14:26 - 2014-03-26 14:25 - 02157056 _____ (Farbar) C:\Users\Ani\Downloads\FRST64.exe
2014-03-26 14:25 - 2014-03-26 14:23 - 01145856 _____ (Farbar) C:\Users\Ani\Downloads\FRST.exe
2014-03-26 14:22 - 2014-03-26 14:22 - 00000000 ____D () C:\Users\Ani\AppData\Local\Intel_Corporation
2014-03-26 12:32 - 2014-03-06 19:12 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-26 12:32 - 2013-11-05 14:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-26 12:32 - 2013-11-05 13:59 - 00229676 _____ () C:\WINDOWS\DPINST.LOG
2014-03-26 12:31 - 2014-01-28 15:49 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-03-26 12:30 - 2014-03-26 12:29 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-17 16:04 - 2014-01-14 06:45 - 00000000 ___RD () C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-17 16:04 - 2014-01-14 06:45 - 00000000 ___RD () C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-17 16:01 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-16 17:07 - 2014-03-08 16:31 - 00002186 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-12 09:00 - 2014-03-12 09:00 - 00987442 _____ () C:\Users\Ani\Downloads\SecurityCheck.exe
2014-03-12 08:59 - 2014-03-12 08:59 - 00165376 _____ () C:\Users\Ani\Downloads\SystemLook_x64.exe
2014-03-12 03:06 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-11 21:37 - 2014-03-11 21:37 - 02347384 _____ (ESET) C:\Users\Ani\Downloads\esetsmartinstaller_enu.exe
2014-03-11 21:37 - 2014-03-11 21:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-11 21:35 - 2014-03-11 21:35 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-11 21:34 - 2014-03-11 21:34 - 01037734 _____ (Thisisu) C:\Users\Ani\Downloads\JRT.exe
2014-03-11 21:30 - 2014-01-14 06:45 - 00001002 _____ () C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-11 21:27 - 2014-03-11 21:27 - 01949184 _____ () C:\Users\Ani\Downloads\adwcleaner (2).exe
2014-03-11 21:27 - 2014-03-11 21:26 - 01949184 _____ () C:\Users\Ani\Downloads\adwcleaner (1).exe
2014-03-11 19:57 - 2014-03-11 19:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-11 19:57 - 2014-03-11 19:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ani\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-11 19:49 - 2014-01-27 23:20 - 00000000 ____D () C:\Users\Ani\AppData\Local\CrashDumps
2014-03-08 16:30 - 2014-03-08 16:29 - 00000000 ____D () C:\Users\Ani\AppData\Local\Deployment
2014-03-08 16:30 - 2014-01-28 15:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-08 16:29 - 2014-03-08 16:29 - 00000000 ____D () C:\Users\Ani\AppData\Local\Apps\2.0
2014-03-08 13:08 - 2014-03-08 13:08 - 01244192 _____ () C:\Users\Ani\Downloads\adwcleaner.exe
2014-03-07 17:59 - 2012-07-26 09:21 - 00029375 _____ () C:\WINDOWS\setupact.log
2014-03-07 17:58 - 2014-03-07 17:57 - 00000000 ____D () C:\Users\Ani\Apowersoft - Multimedia Solutions for Business and Daily Needs
2014-03-07 17:57 - 2014-01-14 06:44 - 00000000 ____D () C:\Users\Ani
2014-03-06 20:17 - 2014-03-06 20:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-06 20:16 - 2014-03-06 20:16 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-03-06 20:16 - 2014-03-06 20:16 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-03-06 20:16 - 2014-03-06 20:16 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-03-06 20:16 - 2014-03-06 20:16 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-03-06 20:16 - 2014-03-06 20:16 - 00000000 ____D () C:\ProgramData\Sun
2014-03-06 20:16 - 2014-03-06 20:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-06 20:15 - 2014-03-06 20:15 - 00921000 _____ (Oracle Corporation) C:\Users\Ani\Downloads\chromeinstall-7u51.exe
2014-03-06 20:14 - 2014-01-28 16:16 - 00000000 ____D () C:\Users\Ani\AppData\Roaming\Free Download Manager
2014-03-06 19:12 - 2014-03-06 19:12 - 00000000 ____D () C:\ProgramData\Sony
2014-03-06 19:12 - 2014-03-06 19:12 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-03-05 10:26 - 2014-03-28 16:45 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-28 16:45 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-11 19:57 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-05 00:52 - 2012-07-26 10:14 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:52 - 2012-07-26 10:14 - 00078304 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-03 10:40 - 2014-02-26 18:54 - 00000072 _____ () C:\Users\Public\LMDebug.log

Some content of TEMP:
====================
C:\Users\Ani\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ani\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Ani\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Ani\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Ani\AppData\Local\Temp\MatroskaSplitter.exe
C:\Users\Ani\AppData\Local\Temp\mbagfrtqqjqcm.exe
C:\Users\Ani\AppData\Local\Temp\mMamStub.exe
C:\Users\Ani\AppData\Local\Temp\Quarantine.exe
C:\Users\Ani\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-08 16:15

==================== End Of Log ============================
--- --- ---

schrauber 02.04.2014 11:30

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Ani1 03.04.2014 14:54
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4f872a8ee7fe9a409bbf02d9b45d785c
# engine=17403
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-12 12:51:08
# local_time=2014-03-12 01:51:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=772 16777213 66 82 1073569 3672165 0 0
# compatibility_mode=5893 16776574 100 94 3748568 21868943 0 0
# scanned=190164
# found=3
# cleaned=0
# scan_time=18426
sh=8600D26F71A288EF76E46D78B22BF9AA6842C29A ft=1 fh=c7d6aa476776e143 vn="Win32/AdWare.AddLyrics.AD application" ac=I fn="C:\Users\Ani\AppData\Local\Temp\awhCAAC.tmp"
sh=DB5E4E4F64BAA359255F230C658BE286E266892A ft=1 fh=cc4c339215781df4 vn="multiple threats" ac=I fn="C:\Users\Ani\AppData\Local\Temp\{14379735-A566-4F8C-9072-F0D3BEBF0E2C}\setup.exe"
sh=DB5E4E4F64BAA359255F230C658BE286E266892A ft=1 fh=cc4c339215781df4 vn="multiple threats" ac=I fn="C:\Users\Ani\AppData\Local\Temp\{B03D9786-A5EC-42D2-AC8E-407C9204A3FD}\setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4f872a8ee7fe9a409bbf02d9b45d785c
# engine=17727
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-02 06:27:13
# local_time=2014-04-02 08:27:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=772 16777213 66 82 2951334 5549930 0 0
# compatibility_mode=5893 16776574 100 94 600966 13809162 0 0
# scanned=193128
# found=5
# cleaned=0
# scan_time=11200
sh=8600D26F71A288EF76E46D78B22BF9AA6842C29A ft=1 fh=c7d6aa476776e143 vn="Win32/AdWare.AddLyrics.AD application" ac=I fn="C:\Users\Ani\AppData\Local\Temp\awhCAAC.tmp"
sh=57BA28B40515E484FF894807A226FBA8D741C194 ft=1 fh=b34e093f204ff3b2 vn="a variant of Win32/SpeedingUpMyPC.H application" ac=I fn="C:\Users\Ani\AppData\Local\Temp\316dd943-bb0f-4ccf-8df2-599e2406fbd1\software\OptimizerPro.exe"
sh=57BA28B40515E484FF894807A226FBA8D741C194 ft=1 fh=b34e093f204ff3b2 vn="a variant of Win32/SpeedingUpMyPC.H application" ac=I fn="C:\Users\Ani\AppData\Local\Temp\50a0a9dd-b808-4e1a-9e09-ea9a167c79bb\software\OptimizerPro.exe"
sh=DB5E4E4F64BAA359255F230C658BE286E266892A ft=1 fh=cc4c339215781df4 vn="multiple threats" ac=I fn="C:\Users\Ani\AppData\Local\Temp\{14379735-A566-4F8C-9072-F0D3BEBF0E2C}\setup.exe"
sh=DB5E4E4F64BAA359255F230C658BE286E266892A ft=1 fh=cc4c339215781df4 vn="multiple threats" ac=I fn="C:\Users\Ani\AppData\Local\Temp\{B03D9786-A5EC-42D2-AC8E-407C9204A3FD}\setup.exe"

Results of screen317's Security Check version 0.99.80
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
avast! Internet Security
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Adobe Reader XI
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Ani (administrator) on LENOVO-PC on 03-04-2014 15:53:42
Running from C:\Users\Ani\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) C:\Users\Ani\Desktop\Disk Speedup\DSUDefragSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Spotify Ltd) C:\Users\Ani\AppData\Roaming\Spotify\spotify.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Spotify Ltd) C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UMonit64] - C:\WINDOWS\SysWOW64\UMonit64.exe [40960 2013-02-28] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-07-17] (Synaptics Incorporated)
HKLM\...\Run: [RtsFT] - C:\WINDOWS\RTFTrack.exe [6340312 2013-08-03] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15792112 2013-11-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] - C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [101360 2013-11-05] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-28] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] ( (Atheros Communications))
HKU\S-1-5-21-3821535056-3605009046-4233020135-1001\...\Run: [Spotify] - C:\Users\Ani\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-30] (Spotify Ltd)
HKU\S-1-5-21-3821535056-3605009046-4233020135-1001\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-3821535056-3605009046-4233020135-1001\...\Run: [Spotify Web Helper] - C:\Users\Ani\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-30] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {EF90F642-B8E6-4E6C-A71A-C406192758C7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKCU - DefaultScope {EF90F642-B8E6-4E6C-A71A-C406192758C7} URL =
SearchScopes: HKCU - {EF90F642-B8E6-4E6C-A71A-C406192758C7} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\b3wf8nsc.default

schrauber 04.04.2014 10:55
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.




Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131