Trojaner-Board - Bringe folgende Add-Ons nicht weg

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Bringe folgende Add-Ons nicht weg (https://www.trojaner-board.de/153862-bringe-folgende-add-ons-weg.html)

Bringe folgende Add-Ons nicht weg

Hallo Allerseits,

Ich bekomme so komische Add-Ons nicht weg!
Hier der Screenshot davon, sorry für die Seite die da offen ist ;)
http://img30.dreamies.de/img/641/b/ym84d5ra7r4.jpg
Außerdem habe ich mir nochmals Qone8 eingefangen, hab es mit adwCleaner weggemacht, hätte ich dass nicht machen sollen oder ist das egal?
Aber diese Add-Ons bekomme ich nicht weg, habe es schon über die Option Add-Ons versucht, doch dort finde ich nix!
Bitte um Hilfe!

MfG Indianaolli

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Okey, habe ich gemacht, habe es über die Seite irgendwie wegbekommen, hier aber trotzdem die beiden Logs:

FRST.txt:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01

Ran by Mandy (administrator) on MANDY-PC on 14-05-2014 20:45:05

Running from C:\Users\Mandy\Downloads

Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files\BetterMarkIt-soft\BetterMarkItqa161.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

() C:\Program Files\BetterMarkIt-soft\BetterMarkItdtbcuw.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(Akamai Technologies, Inc.) C:\Users\Mandy\AppData\Local\Akamai\netsession_win.exe

(Overwolf LTD) C:\Program Files\Overwolf\Overwolf.exe

(Akamai Technologies, Inc.) C:\Users\Mandy\AppData\Local\Akamai\netsession_win.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe

(Overwolf LTD) C:\Program Files\Common Files\Overwolf\OverwolfHelper.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_206_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

(Apple Inc.) C:\Program Files\iTunes\iTunes.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-07] (Microsoft Corporation)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mandy\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-23] (Google Inc.)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Policies\Explorer: [DisallowRun] 1

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\MountPoints2: {4fd5d7ad-55fd-11e3-b070-00218539a0cb} - I:\OnSpcLCK.exe

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\MountPoints2: {c61a9fc9-55fc-11e3-8534-806e6f6e6963} - E:\StartUp.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:13821

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {3D192D91-B64D-4DB9-A3FD-A1B28B053766} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {3D192D91-B64D-4DB9-A3FD-A1B28B053766} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
 

FireFox:

========

FF ProfilePath: C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\arjqb6vm.default

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Amazon-Icon - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\arjqb6vm.default\Extensions\amazon-icon@giga.de [2014-05-01]

FF Extension: Protegere - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\arjqb6vm.default\Extensions\security@protegere.org [2014-05-01]

FF Extension: NoScript - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\arjqb6vm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-28]

FF HKCU\...\Firefox\Extensions: [{DC2D4C70-7705-4024-EB42-006A09640797}] - C:\Program Files\BetterMarkIt-soft\161.xpi

FF Extension: BetterMarkIt - C:\Program Files\BetterMarkIt-soft\161.xpi [2014-05-12]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR Extension: (Google Drive) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-23]

CHR Extension: (YouTube) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-23]

CHR Extension: (Google-Suche) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-23]

CHR Extension: (BetterMarkIt) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccjbpohebhlgljklcklboiidddmmgel [2014-05-12]

CHR Extension: (Google Wallet) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-23]

CHR Extension: (Google Mail) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-23]
 

========================== Services (Whitelisted) =================
 

R2 BetterMarkIt; C:\Program Files\BetterMarkIt-soft\BetterMarkItqa161.exe [145408 2014-05-12] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
 

==================== Drivers (Whitelisted) ====================
 

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-14 19:50 - 2014-05-14 19:50 - 00000572 _____ () C:\Users\Public\Desktop\Fraps.lnk

2014-05-14 19:50 - 2014-05-14 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

2014-05-14 19:41 - 2014-05-14 19:41 - 02589760 _____ (Beepa Pty Ltd) C:\Users\Mandy\Downloads\Fraps-Vollversion by Michi.exe

2014-05-14 19:25 - 2014-05-14 19:25 - 00000165 ____H () C:\Users\Mandy\Desktop\~$SkyramafansTV Ladebildschirm.pptx

2014-05-14 17:08 - 2014-05-14 17:08 - 02587935 _____ () C:\Users\Mandy\Downloads\Skyrama Hack v3.3.5.zip

2014-05-14 17:04 - 2014-05-14 17:05 - 06395871 _____ () C:\Users\Mandy\Downloads\Skyrama Hack.zip

2014-05-12 20:04 - 2014-05-12 20:04 - 00000000 ____D () C:\Users\Mandy\Downloads\FRST-OlderVersion

2014-05-12 19:20 - 2014-05-12 19:20 - 01325827 _____ () C:\Users\Mandy\Downloads\adwcleaner.exe

2014-05-12 19:10 - 2014-05-14 19:11 - 00000390 _____ () C:\Windows\Tasks\BetterMarkIt_wd.job

2014-05-12 19:10 - 2014-05-12 19:10 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-05-12 19:10 - 2014-05-12 19:10 - 00000000 ____D () C:\Program Files\BetterMarkIt-soft

2014-05-12 19:07 - 2014-05-12 19:07 - 00420304 _____ () C:\Users\Mandy\Downloads\DiePutevonPanem (1).exe

2014-05-12 19:06 - 2014-05-12 19:07 - 00420304 _____ () C:\Users\Mandy\Downloads\DiePutevonPanem.exe

2014-05-12 18:43 - 2014-05-12 18:43 - 00771999 _____ () C:\Users\Mandy\Desktop\Avicii - Wake Me Up Instrumental 2.m4r

2014-05-11 21:48 - 2014-05-11 21:48 - 54036992 _____ () C:\Users\Mandy\Desktop\Test1.avi

2014-05-11 21:44 - 2014-05-11 21:44 - 00000000 ____D () C:\Users\Mandy\AppData\Local\DVDVideoSoft_Ltd

2014-05-11 21:41 - 2014-05-11 21:41 - 00002241 _____ () C:\Users\Public\Desktop\Free Screen Video Recorder.lnk

2014-05-11 21:41 - 2014-05-11 21:41 - 00001197 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk

2014-05-11 21:41 - 2014-05-11 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

2014-05-11 21:41 - 2014-05-11 21:41 - 00000000 ____D () C:\Program Files\DVDVideoSoft

2014-05-11 21:41 - 2014-05-11 21:41 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

2014-05-11 21:40 - 2014-05-11 21:41 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\DVDVideoSoft

2014-05-11 21:37 - 2014-05-11 21:39 - 24478272 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandy\Downloads\FreeScreenVideoRecorder.exe

2014-05-03 21:40 - 2014-05-03 21:40 - 00001917 _____ () C:\Users\Public\Desktop\Overwolf.lnk

2014-05-03 21:40 - 2014-05-03 21:40 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf

2014-05-03 21:39 - 2014-05-03 21:40 - 00000000 ____D () C:\Program Files\Overwolf

2014-05-03 21:39 - 2014-05-03 21:40 - 00000000 ____D () C:\Program Files\Common Files\Overwolf

2014-05-03 21:35 - 2014-05-12 19:23 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Overwolf

2014-05-03 21:35 - 2014-05-12 17:01 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\TS3Client

2014-05-03 21:35 - 2014-05-03 21:35 - 00001120 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

2014-05-03 21:35 - 2014-05-03 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

2014-05-03 21:35 - 2014-05-03 21:35 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client

2014-05-03 21:11 - 2014-05-03 21:13 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Mandy\Downloads\TeamSpeak3-Client-win32-3.0.14.exe

2014-05-03 18:34 - 2014-05-03 18:34 - 00000000 ____D () C:\Program Files\af0.net

2014-05-03 18:31 - 2014-05-03 18:31 - 02378752 _____ () C:\Users\Mandy\Downloads\Adblock_Installer.msi

2014-05-02 23:27 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-02 23:27 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-02 14:40 - 2014-05-02 14:40 - 00000000 ____D () C:\Program Files\ESET

2014-05-02 14:39 - 2014-05-02 14:39 - 02347384 _____ (ESET) C:\Users\Mandy\Downloads\esetsmartinstaller_deu.exe

2014-05-02 14:36 - 2014-05-02 14:36 - 00007043 _____ () C:\Users\Mandy\Desktop\mbam.txt

2014-05-02 14:15 - 2014-05-02 14:32 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-02 14:15 - 2014-05-02 14:15 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-02 14:15 - 2014-05-02 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-02 14:15 - 2014-05-02 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-02 14:15 - 2014-05-02 14:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-02 14:15 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-02 14:15 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-02 14:15 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-02 14:11 - 2014-05-02 14:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mandy\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-02 13:50 - 2014-05-02 13:50 - 00002171 _____ () C:\Users\Mandy\Desktop\JRT.txt

2014-05-02 13:48 - 2014-05-02 13:48 - 00000000 ____D () C:\Windows\ERUNT

2014-05-02 13:47 - 2014-05-02 13:47 - 01016261 _____ (Thisisu) C:\Users\Mandy\Downloads\JRT.exe

2014-05-02 13:34 - 2014-05-12 19:21 - 00000000 ____D () C:\AdwCleaner

2014-05-02 13:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2014-05-01 23:20 - 2014-05-01 23:20 - 00036305 _____ () C:\Users\Mandy\Downloads\FRST (1).txt

2014-05-01 23:18 - 2014-05-01 23:19 - 00027255 _____ () C:\Users\Mandy\Downloads\Addition.txt

2014-05-01 23:17 - 2014-05-14 20:45 - 00000000 ____D () C:\FRST

2014-05-01 23:16 - 2014-05-12 20:04 - 01056256 _____ (Farbar) C:\Users\Mandy\Downloads\FRST.exe

2014-05-01 23:09 - 2014-05-14 20:45 - 00012202 _____ () C:\Users\Mandy\Downloads\FRST.txt

2014-05-01 22:57 - 2014-05-01 22:57 - 04725948 _____ () C:\Users\Mandy\Downloads\GoogleQuickSearchBox-2.0.0.1447.Release.dmg

2014-05-01 22:47 - 2014-05-12 19:22 - 00002007 _____ () C:\Windows\setupact.log

2014-05-01 22:47 - 2014-05-12 19:21 - 00009240 _____ () C:\Windows\PFRO.log

2014-05-01 22:47 - 2014-05-01 22:47 - 00000000 _____ () C:\Windows\setuperr.log

2014-05-01 22:21 - 2014-05-14 19:50 - 00000000 ____D () C:\Fraps

2014-05-01 22:11 - 2014-05-01 22:11 - 00613200 _____ (Chip Digital GmbH) C:\Users\Mandy\Downloads\FRAPS - CHIP-Downloader.exe

2014-05-01 21:35 - 2014-05-01 21:35 - 416812032 _____ () C:\Users\Mandy\Desktop\Test 2.avi

2014-05-01 21:33 - 2014-05-01 21:33 - 415155712 _____ () C:\Users\Mandy\Desktop\Test.avi

2014-05-01 21:31 - 2014-05-14 19:31 - 00004535 _____ () C:\Users\Mandy\AppData\Roaming\CamStudio.cfg

2014-05-01 21:31 - 2014-05-14 19:31 - 00000408 _____ () C:\Users\Mandy\AppData\Roaming\CamShapes.ini

2014-05-01 21:31 - 2014-05-14 19:31 - 00000408 _____ () C:\Users\Mandy\AppData\Roaming\CamLayout.ini

2014-05-01 21:31 - 2014-05-14 19:31 - 00000096 _____ () C:\Users\Mandy\AppData\Roaming\Camdata.ini

2014-05-01 21:31 - 2014-05-14 19:31 - 00000000 ____D () C:\Users\Mandy\Documents\My CamStudio Temp Files

2014-05-01 21:30 - 2014-05-14 19:30 - 00000096 _____ () C:\Users\Mandy\AppData\Roaming\version2.xml

2014-05-01 21:30 - 2014-05-01 21:30 - 00001002 _____ () C:\Users\Public\Desktop\CamStudio.lnk

2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\dlg

2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7

2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\Program Files\CamStudio 2.7

2014-05-01 21:29 - 2014-05-01 21:29 - 00000000 ____D () C:\Program Files\PlusSHD-9.9

2014-05-01 21:24 - 2014-05-01 21:24 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Security System 2

2014-05-01 21:18 - 2014-05-01 21:18 - 00000000 ____D () C:\Users\Mandy\ChromeExtensions

2014-05-01 21:18 - 2014-05-01 21:18 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Tempf1876b600bb02be9eb240ccf6afe4b63

2014-05-01 21:18 - 2014-05-01 21:18 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Tempc4e0eaa8bdfe6fcfad4c7ab10b6866ee

2014-05-01 21:14 - 2014-05-01 21:14 - 01062288 _____ () C:\Users\Mandy\Downloads\FRAPS-lnstall.exe

2014-05-01 13:47 - 2014-05-01 13:47 - 01617328 _____ () C:\Users\Mandy\Desktop\SkyramafansTV Ladebildschirm.pptx

2014-05-01 13:40 - 2014-05-01 12:56 - 00161042 _____ () C:\Users\Mandy\Desktop\20140501 125339.m4a

2014-04-30 22:26 - 2014-05-14 19:29 - 00007168 _____ () C:\Users\Mandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-04-30 22:26 - 2014-05-01 21:15 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Solveig Multimedia

2014-04-30 22:22 - 2014-05-14 19:30 - 00000000 ____D () C:\Users\Mandy\Documents\HyperCam3

2014-04-30 22:22 - 2014-04-30 22:22 - 00001001 _____ () C:\Users\Mandy\Desktop\HyperCam 3.lnk

2014-04-30 22:22 - 2014-04-30 22:22 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\HyperCam

2014-04-30 22:22 - 2014-04-30 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 3

2014-04-30 22:22 - 2014-04-30 22:22 - 00000000 ____D () C:\Program Files\Common Files\Solveig Multimedia

2014-04-30 22:21 - 2014-04-30 22:22 - 00000000 ____D () C:\Program Files\HyperCam 3

2014-04-30 22:16 - 2014-04-30 22:19 - 17776768 _____ () C:\Users\Mandy\Downloads\SolveigMM_HyperCam_3_6_1403_19.exe

2014-04-14 13:10 - 2014-04-21 20:09 - 00000082 _____ () C:\Users\Mandy\AppData\Roaming\WB.CFG
 

==================== One Month Modified Files and Folders =======
 

2014-05-14 20:45 - 2014-05-01 23:17 - 00000000 ____D () C:\FRST

2014-05-14 20:45 - 2014-05-01 23:09 - 00012202 _____ () C:\Users\Mandy\Downloads\FRST.txt

2014-05-14 20:36 - 2014-02-23 12:27 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Skype

2014-05-14 20:24 - 2009-07-14 06:34 - 00017920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-14 20:24 - 2009-07-14 06:34 - 00017920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-14 20:11 - 2014-02-23 12:33 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-14 20:11 - 2014-02-23 12:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-14 19:50 - 2014-05-14 19:50 - 00000572 _____ () C:\Users\Public\Desktop\Fraps.lnk

2014-05-14 19:50 - 2014-05-14 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

2014-05-14 19:50 - 2014-05-01 22:21 - 00000000 ____D () C:\Fraps

2014-05-14 19:44 - 2013-11-26 00:17 - 01625069 _____ () C:\Windows\WindowsUpdate.log

2014-05-14 19:41 - 2014-05-14 19:41 - 02589760 _____ (Beepa Pty Ltd) C:\Users\Mandy\Downloads\Fraps-Vollversion by Michi.exe

2014-05-14 19:31 - 2014-05-01 21:31 - 00004535 _____ () C:\Users\Mandy\AppData\Roaming\CamStudio.cfg

2014-05-14 19:31 - 2014-05-01 21:31 - 00000408 _____ () C:\Users\Mandy\AppData\Roaming\CamShapes.ini

2014-05-14 19:31 - 2014-05-01 21:31 - 00000408 _____ () C:\Users\Mandy\AppData\Roaming\CamLayout.ini

2014-05-14 19:31 - 2014-05-01 21:31 - 00000096 _____ () C:\Users\Mandy\AppData\Roaming\Camdata.ini

2014-05-14 19:31 - 2014-05-01 21:31 - 00000000 ____D () C:\Users\Mandy\Documents\My CamStudio Temp Files

2014-05-14 19:30 - 2014-05-01 21:30 - 00000096 _____ () C:\Users\Mandy\AppData\Roaming\version2.xml

2014-05-14 19:30 - 2014-04-30 22:22 - 00000000 ____D () C:\Users\Mandy\Documents\HyperCam3

2014-05-14 19:29 - 2014-04-30 22:26 - 00007168 _____ () C:\Users\Mandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-05-14 19:25 - 2014-05-14 19:25 - 00000165 ____H () C:\Users\Mandy\Desktop\~$SkyramafansTV Ladebildschirm.pptx

2014-05-14 19:11 - 2014-05-12 19:10 - 00000390 _____ () C:\Windows\Tasks\BetterMarkIt_wd.job

2014-05-14 17:08 - 2014-05-14 17:08 - 02587935 _____ () C:\Users\Mandy\Downloads\Skyrama Hack v3.3.5.zip

2014-05-14 17:05 - 2014-05-14 17:04 - 06395871 _____ () C:\Users\Mandy\Downloads\Skyrama Hack.zip

2014-05-14 16:33 - 2014-01-07 21:10 - 00000000 ____D () C:\Users\Mandy\AppData\Local\3566F3D7-7B26-49CE-9BB3-D24D069FC175.aplzod

2014-05-14 16:12 - 2014-02-23 12:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-05-14 16:12 - 2014-02-23 12:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-05-14 14:37 - 2014-02-23 12:33 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-12 20:04 - 2014-05-12 20:04 - 00000000 ____D () C:\Users\Mandy\Downloads\FRST-OlderVersion

2014-05-12 20:04 - 2014-05-01 23:16 - 01056256 _____ (Farbar) C:\Users\Mandy\Downloads\FRST.exe

2014-05-12 19:23 - 2014-05-03 21:35 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Overwolf

2014-05-12 19:22 - 2014-05-01 22:47 - 00002007 _____ () C:\Windows\setupact.log

2014-05-12 19:22 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-12 19:21 - 2014-05-02 13:34 - 00000000 ____D () C:\AdwCleaner

2014-05-12 19:21 - 2014-05-01 22:47 - 00009240 _____ () C:\Windows\PFRO.log

2014-05-12 19:21 - 2014-04-06 13:10 - 00001058 _____ () C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

2014-05-12 19:21 - 2014-03-28 12:52 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-05-12 19:21 - 2014-03-28 12:52 - 00001007 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-05-12 19:21 - 2014-02-23 12:35 - 00001236 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-05-12 19:21 - 2014-02-23 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-05-12 19:21 - 2014-01-12 14:50 - 00001148 _____ () C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-05-12 19:21 - 2013-11-26 00:17 - 00001118 _____ () C:\Users\Mandy\Desktop\Internet Explorer.lnk

2014-05-12 19:20 - 2014-05-12 19:20 - 01325827 _____ () C:\Users\Mandy\Downloads\adwcleaner.exe

2014-05-12 19:10 - 2014-05-12 19:10 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-05-12 19:10 - 2014-05-12 19:10 - 00000000 ____D () C:\Program Files\BetterMarkIt-soft

2014-05-12 19:10 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-05-12 19:07 - 2014-05-12 19:07 - 00420304 _____ () C:\Users\Mandy\Downloads\DiePutevonPanem (1).exe

2014-05-12 19:07 - 2014-05-12 19:06 - 00420304 _____ () C:\Users\Mandy\Downloads\DiePutevonPanem.exe

2014-05-12 18:43 - 2014-05-12 18:43 - 00771999 _____ () C:\Users\Mandy\Desktop\Avicii - Wake Me Up Instrumental 2.m4r

2014-05-12 17:01 - 2014-05-03 21:35 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\TS3Client

2014-05-11 21:48 - 2014-05-11 21:48 - 54036992 _____ () C:\Users\Mandy\Desktop\Test1.avi

2014-05-11 21:46 - 2009-07-14 10:56 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-05-11 21:44 - 2014-05-11 21:44 - 00000000 ____D () C:\Users\Mandy\AppData\Local\DVDVideoSoft_Ltd

2014-05-11 21:41 - 2014-05-11 21:41 - 00002241 _____ () C:\Users\Public\Desktop\Free Screen Video Recorder.lnk

2014-05-11 21:41 - 2014-05-11 21:41 - 00001197 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk

2014-05-11 21:41 - 2014-05-11 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

2014-05-11 21:41 - 2014-05-11 21:41 - 00000000 ____D () C:\Program Files\DVDVideoSoft

2014-05-11 21:41 - 2014-05-11 21:41 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

2014-05-11 21:41 - 2014-05-11 21:40 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\DVDVideoSoft

2014-05-11 21:39 - 2014-05-11 21:37 - 24478272 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandy\Downloads\FreeScreenVideoRecorder.exe

2014-05-06 21:00 - 2014-03-15 21:43 - 00000466 _____ () C:\Users\Mandy\Documents\PhoenixLauncher.log

2014-05-03 21:40 - 2014-05-03 21:40 - 00001917 _____ () C:\Users\Public\Desktop\Overwolf.lnk

2014-05-03 21:40 - 2014-05-03 21:40 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf

2014-05-03 21:40 - 2014-05-03 21:39 - 00000000 ____D () C:\Program Files\Overwolf

2014-05-03 21:40 - 2014-05-03 21:39 - 00000000 ____D () C:\Program Files\Common Files\Overwolf

2014-05-03 21:35 - 2014-05-03 21:35 - 00001120 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

2014-05-03 21:35 - 2014-05-03 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

2014-05-03 21:35 - 2014-05-03 21:35 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client

2014-05-03 21:13 - 2014-05-03 21:11 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Mandy\Downloads\TeamSpeak3-Client-win32-3.0.14.exe

2014-05-03 18:34 - 2014-05-03 18:34 - 00000000 ____D () C:\Program Files\af0.net

2014-05-03 18:31 - 2014-05-03 18:31 - 02378752 _____ () C:\Users\Mandy\Downloads\Adblock_Installer.msi

2014-05-02 15:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache

2014-05-02 14:40 - 2014-05-02 14:40 - 00000000 ____D () C:\Program Files\ESET

2014-05-02 14:39 - 2014-05-02 14:39 - 02347384 _____ (ESET) C:\Users\Mandy\Downloads\esetsmartinstaller_deu.exe

2014-05-02 14:36 - 2014-05-02 14:36 - 00007043 _____ () C:\Users\Mandy\Desktop\mbam.txt

2014-05-02 14:32 - 2014-05-02 14:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-02 14:15 - 2014-05-02 14:15 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-02 14:15 - 2014-05-02 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-02 14:15 - 2014-05-02 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-02 14:15 - 2014-05-02 14:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-02 14:12 - 2014-05-02 14:11 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mandy\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-02 13:50 - 2014-05-02 13:50 - 00002171 _____ () C:\Users\Mandy\Desktop\JRT.txt

2014-05-02 13:48 - 2014-05-02 13:48 - 00000000 ____D () C:\Windows\ERUNT

2014-05-02 13:47 - 2014-05-02 13:47 - 01016261 _____ (Thisisu) C:\Users\Mandy\Downloads\JRT.exe

2014-05-02 13:42 - 2013-11-26 00:17 - 00000000 ____D () C:\Users\Mandy

2014-05-01 23:20 - 2014-05-01 23:20 - 00036305 _____ () C:\Users\Mandy\Downloads\FRST (1).txt

2014-05-01 23:19 - 2014-05-01 23:18 - 00027255 _____ () C:\Users\Mandy\Downloads\Addition.txt

2014-05-01 22:57 - 2014-05-01 22:57 - 04725948 _____ () C:\Users\Mandy\Downloads\GoogleQuickSearchBox-2.0.0.1447.Release.dmg

2014-05-01 22:47 - 2014-05-01 22:47 - 00000000 _____ () C:\Windows\setuperr.log

2014-05-01 22:11 - 2014-05-01 22:11 - 00613200 _____ (Chip Digital GmbH) C:\Users\Mandy\Downloads\FRAPS - CHIP-Downloader.exe

2014-05-01 21:35 - 2014-05-01 21:35 - 416812032 _____ () C:\Users\Mandy\Desktop\Test 2.avi

2014-05-01 21:33 - 2014-05-01 21:33 - 415155712 _____ () C:\Users\Mandy\Desktop\Test.avi

2014-05-01 21:30 - 2014-05-01 21:30 - 00001002 _____ () C:\Users\Public\Desktop\CamStudio.lnk

2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\dlg

2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7

2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\Program Files\CamStudio 2.7

2014-05-01 21:29 - 2014-05-01 21:29 - 00000000 ____D () C:\Program Files\PlusSHD-9.9

2014-05-01 21:24 - 2014-05-01 21:24 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Security System 2

2014-05-01 21:18 - 2014-05-01 21:18 - 00000000 ____D () C:\Users\Mandy\ChromeExtensions

2014-05-01 21:18 - 2014-05-01 21:18 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Tempf1876b600bb02be9eb240ccf6afe4b63

2014-05-01 21:18 - 2014-05-01 21:18 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Tempc4e0eaa8bdfe6fcfad4c7ab10b6866ee

2014-05-01 21:15 - 2014-04-30 22:26 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Solveig Multimedia

2014-05-01 21:14 - 2014-05-01 21:14 - 01062288 _____ () C:\Users\Mandy\Downloads\FRAPS-lnstall.exe

2014-05-01 13:47 - 2014-05-01 13:47 - 01617328 _____ () C:\Users\Mandy\Desktop\SkyramafansTV Ladebildschirm.pptx

2014-05-01 12:56 - 2014-05-01 13:40 - 00161042 _____ () C:\Users\Mandy\Desktop\20140501 125339.m4a

2014-04-30 22:22 - 2014-04-30 22:22 - 00001001 _____ () C:\Users\Mandy\Desktop\HyperCam 3.lnk

2014-04-30 22:22 - 2014-04-30 22:22 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\HyperCam

2014-04-30 22:22 - 2014-04-30 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 3

2014-04-30 22:22 - 2014-04-30 22:22 - 00000000 ____D () C:\Program Files\Common Files\Solveig Multimedia

2014-04-30 22:22 - 2014-04-30 22:21 - 00000000 ____D () C:\Program Files\HyperCam 3

2014-04-30 22:19 - 2014-04-30 22:16 - 17776768 _____ () C:\Users\Mandy\Downloads\SolveigMM_HyperCam_3_6_1403_19.exe

2014-04-29 14:48 - 2014-05-02 23:27 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-29 14:34 - 2014-05-02 23:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-28 20:40 - 2014-03-21 14:48 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Akamai

2014-04-21 20:09 - 2014-04-14 13:10 - 00000082 _____ () C:\Users\Mandy\AppData\Roaming\WB.CFG
 

Files to move or delete:

====================

C:\Users\Mandy\AppData\Roaming\Camdata.ini

C:\Users\Mandy\AppData\Roaming\CamLayout.ini

C:\Users\Mandy\AppData\Roaming\CamShapes.ini
 
 

Some content of TEMP:

====================

C:\Users\Mandy\AppData\Local\Temp\amazonicon_v4.exe

C:\Users\Mandy\AppData\Local\Temp\amazoninstallernircmdc.exe

C:\Users\Mandy\AppData\Local\Temp\foxy_security.exe

C:\Users\Mandy\AppData\Local\Temp\Quarantine.exe

C:\Users\Mandy\AppData\Local\Temp\sdanircmdc.exe

C:\Users\Mandy\AppData\Local\Temp\sdapskill.exe

C:\Users\Mandy\AppData\Local\Temp\sdaspwn.exe

C:\Users\Mandy\AppData\Local\Temp\setup.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-09 12:22
 

==================== End Of Log ============================

--- --- ---

Und Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014 01

Ran by Mandy at 2014-05-14 20:45:46

Running from C:\Users\Mandy\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 

==================== Installed Programs ======================
 

32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden

AdblockIE (HKLM\...\{5508128A-2C7B-46B5-81F9-58E8E8115F0B}) (Version: 1.2 - af0.net)

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)

Alarm für Cobra 11 - Das Syndikat (HKLM\...\Alarm für Cobra 11 - Das Syndikat_is1) (Version:  - dtp)

Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

BetterMarkIt (HKLM\...\2C2CCD34-12FC-B9D6-1712-67CE5F3DE626) (Version:  - BetterMarkIt-software) <==== ATTENTION

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)

CCleaner (HKLM\...\CCleaner) (Version: 2.36 - Piriform)

ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )

Feuerwehr-Simulator 2010 (HKLM\...\FFsim) (Version:  - )

Fraps (HKLM\...\Fraps) (Version:  - )

Free Screen Video Recorder version 2.5.33.430 (HKLM\...\Free Screen Video Recorder_is1) (Version: 2.5.33.430 - DVDVideoSoft Ltd.)

Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

HyperCam 3 (HKLM\...\HyperCam 3 3.6.1403.19) (Version: 3.6.1403.19 - Solveig Multimedia)

iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)

iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)

Kehrmaschinen-Simulator 2011 (HKLM\...\Kehrmaschinen-Simulator 2011_is1) (Version:  - astragon)

Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Antimalware Service DE-DE Language Pack (Version: 2.0.6212.2 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE (HKLM\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

Müllabfuhr-Simulator 2011 (HKLM\...\Müllabfuhr-Simulator 2011_is1) (Version:  - astragon Software GmbH)

Overwolf (HKLM\...\{FB83467F-D8EB-43E6-8B3D-860B045C1C52}) (Version: 0.51.325 - Overwolf)

Phoenix R/C® (HKLM\...\PhoenixRC) (Version: 5.0.m - Runtime Games Ltd)

PixelSampler (HKLM\...\PixelSampler_is1) (Version:  - Twisting Pixels, LLC)

PlusSHD-9.9 (HKLM\...\PlusSHD-9.9) (Version: 1.34.4.10 - PlusSHDD)

ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)

Protegere (HKLM\...\Protegere) (Version:  - )

QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Save Sense (remove only) (HKCU\...\Save Sense) (Version: 6.4.1.0 - SaveSense) <==== ATTENTION

Skype Web Plugin (HKLM\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)

Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

Tankwagen-Simulator 2011 (HKLM\...\Tankwagen-Simulator 2011_is1) (Version:  - astragon Software GmbH)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
 

==================== Restore Points  =========================
 

02-05-2014 11:55:57 Windows Update

02-05-2014 21:27:37 Windows Update

03-05-2014 16:33:29 Installed AdblockIE

06-05-2014 12:20:51 Windows Update

09-05-2014 19:59:46 Windows Update

13-05-2014 17:32:52 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {37784417-7E4C-4A97-957E-111F7A744B1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-23] (Google Inc.)

Task: {B02871BD-2800-4C1A-B0F0-A66C8CD351A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-23] (Google Inc.)

Task: {B9636330-E3ED-4053-8C67-E8696E18F5EB} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)

Task: {BF695A26-118C-49C0-8143-C0920C2065B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {DB4D668E-25DD-444C-88D1-D041B21D646F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)

Task: {DF878BC2-0B75-4950-B847-6F26F33F5AF4} - System32\Tasks\BetterMarkIt_wd => C:\Program Files\BetterMarkIt-soft\BetterMarkItdtbcuw.exe [2014-05-12] () <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\BetterMarkIt_wd.job => C:\Program Files\BetterMarkIt-soft\BetterMarkItdtbcuw.exe <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-05-12 19:10 - 2014-05-12 19:10 - 00145408 _____ () C:\Program Files\BetterMarkIt-soft\BetterMarkItqa161.exe

2014-05-12 19:10 - 2014-05-12 19:10 - 00133120 _____ () C:\Program Files\BetterMarkIt-soft\BetterMarkItqa161.dll

2014-05-12 19:10 - 2014-05-12 19:10 - 00071680 _____ () C:\Program Files\BetterMarkIt-soft\BetterMarkItdtbcuw.exe

2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll

2014-03-05 19:30 - 2014-03-05 19:30 - 00025600 _____ () C:\Program Files\Overwolf\CoreAudioApi.dll

2013-07-10 19:07 - 2013-07-10 19:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (05/12/2014 07:19:04 PM) (Source: Application Error) (User: ) (EventID: 1000)

Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17041, Zeitstempel: 0x531807e4

Name des fehlerhaften Moduls: urlmon.dll, Version: 11.0.9600.17041, Zeitstempel: 0x53180948

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00022738

ID des fehlerhaften Prozesses: 0x2454

Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0

Pfad der fehlerhaften Anwendung: iexplore.exe1

Pfad des fehlerhaften Moduls: iexplore.exe2

Berichtskennung: iexplore.exe3
 

Error: (05/12/2014 07:17:44 PM) (Source: Application Hang) (User: ) (EventID: 1002)

Description: Programm FRST.exe, Version 3.3.10.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 490
 

Startzeit: 01cf6e060505de3a
 

Endzeit: 9
 

Anwendungspfad: C:\Users\Mandy\Downloads\FRST.exe
 

Berichts-ID: 522418f8-d9f9-11e3-84ab-00218539a0cb
 

Error: (05/12/2014 07:17:05 PM) (Source: Application Hang) (User: ) (EventID: 1002)

Description: Programm FRST.exe, Version 3.3.10.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 2954
 

Startzeit: 01cf6e05e7f7168e
 

Endzeit: 8
 

Anwendungspfad: C:\Users\Mandy\Downloads\FRST.exe
 

Berichts-ID: 3b56aa9f-d9f9-11e3-84ab-00218539a0cb
 

Error: (05/12/2014 08:26:38 AM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 9797
 

Error: (05/12/2014 08:26:38 AM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledEvent 9797
 

Error: (05/12/2014 08:26:38 AM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/10/2014 00:36:55 AM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 9984
 

Error: (05/10/2014 00:36:55 AM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledEvent 9984
 

Error: (05/10/2014 00:36:55 AM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/09/2014 00:35:38 PM) (Source: Bonjour Service) (User: ) (EventID: 100)

Description: Task Scheduling Error: m->NextScheduledSPRetry 9875
 
 

System errors:

=============

Error: (05/14/2014 06:07:58 PM) (Source: Schannel) (User: NT-AUTORITÄT) (EventID: 4120)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (05/14/2014 04:43:39 PM) (Source: DCOM) (User: Mandy-PC) (EventID: 10016)

Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Mandy-PCMandyS-1-5-21-1535260990-2514592949-83207897-1000LocalHost (unter Verwendung von LRPC)
 

Error: (05/14/2014 04:43:39 PM) (Source: DCOM) (User: Mandy-PC) (EventID: 10016)

Description: AnwendungsspezifischLokalAktivierung{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Mandy-PCMandyS-1-5-21-1535260990-2514592949-83207897-1000LocalHost (unter Verwendung von LRPC)
 

Error: (05/13/2014 01:24:22 PM) (Source: Service Control Manager) (User: ) (EventID: 7011)

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.
 

Error: (05/12/2014 07:23:19 PM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (05/12/2014 08:22:26 AM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (05/10/2014 11:12:33 AM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (05/09/2014 11:37:57 AM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (05/09/2014 06:49:38 AM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (05/08/2014 00:36:22 PM) (Source: DCOM) (User: NT-AUTORITÄT) (EventID: 10016)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Percentage of memory in use: 67%

Total physical RAM: 3070.18 MB

Available physical RAM: 982.71 MB

Total Pagefile: 6138.64 MB

Available Pagefile: 2113.25 MB

Total Virtual: 2047.88 MB

Available Virtual: 1912.15 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:576.16 GB) (Free:514.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVER) (Fixed) (Total:20 GB) (Free:11.73 GB) FAT32

Drive e: (COBRA11_V8) (CDROM) (Total:3.27 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 2BAB359D)

Partition 1: (Active) - (Size=576 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)
 

==================== End Of Log ============================

Kann ich jetzt noch was machen damit es nicht mehr Auftritt oder was ist der nächste Schritt, da es Quasi weg ist

Danke für die schnelle Antwort!

MfG

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:13821

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Adware & Co. deinstallieren

Lade Dir bitte von hier http://deeprybka.trojaner-board.de/b...ninstaller.pngRevo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:
http://deeprybka.trojaner-board.de/b.../revo/add1.png
diesen Zusatz haben:
http://deeprybka.trojaner-board.de/b...e/revo/att.PNG
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
http://deeprybka.trojaner-board.de/b.../uninstall.PNG http://deeprybka.trojaner-board.de/b...o/moderat2.PNG
Reste löschen:
Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014

Ran by Mandy at 2014-05-16 22:05:26 Run:1

Running from C:\Users\Mandy\Downloads\FRST-OlderVersion

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:13821

*****************
 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
 

==== End of Fixlog ====

Weiter komme ich leider nicht, da ich nicht verstehe wie das in schritt 2 funktioniert, bitte um Erklärung, danach setzte ich es fort ;)
Danke!

MfG

Was genau verstehst du daran nicht? :)
Es steht eigentlich jeder Schrit einzeln beschrieben dort.

Wie ich das suchen soll verstehe ich nicht

Revo zeigt alle installierten Programme an. In der Addition.txt von FRST findest Du auch ne Liste der installierten Programme. Hinter einigen steht der Zusatz ATTENTION, als Beispiel

Böse Toolbar <====ATTENTION

Jetzt suchst du Böse Toolbar in Revo und deinstallierst sie mit Revo.

So, die Fixlog.txt hast du ja schon von mir bekommen!
Hier der Log von Combofix:

Code:

ComboFix 14-05-19.01 - Mandy 22.05.2014  19:20:35.2.2 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3070.2031 [GMT 2:00]

ausgeführt von:: c:\users\Mandy\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ACEDRV11

-------\Service_acedrv11

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-04-22 bis 2014-05-22  ))))))))))))))))))))))))))))))

.

.

2014-05-22 16:45 . 2014-04-30 23:37        8073384        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{533F06EE-CC1E-4C55-A944-A9F2C14A1819}\mpengine.dll

2014-05-21 11:35 . 2014-05-02 11:56        765968        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F22EEB76-3FF5-49B2-B32C-FE9A632BD8CA}\gapaengine.dll

2014-05-21 11:35 . 2014-04-30 23:37        8073384        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-05-16 20:12 . 2014-05-16 20:12        --------        d-----w-        c:\users\Mandy\AppData\Local\ElevatedDiagnostics

2014-05-16 20:06 . 2014-05-16 20:06        --------        d-----w-        c:\program files\VS Revo Group

2014-05-16 19:59 . 2014-05-16 20:32        --------        d-----w-        c:\users\Mandy\AppData\Local\Nemex

2014-05-16 19:59 . 2014-05-16 20:49        --------        d-----w-        c:\users\Mandy\AppData\Roaming\Mouse Recorder Pro

2014-05-16 19:59 . 2014-05-16 19:59        --------        d-----w-        c:\program files\Nemex

2014-05-16 19:05 . 2014-05-16 19:05        --------        d-----w-        c:\program files\RobotSoft

2014-05-15 01:01 . 2014-05-06 03:07        2724864        ----a-w-        c:\windows\system32\mshtml.tlb

2014-05-12 17:10 . 2014-05-12 17:10        --------        d-----w-        c:\program files\BetterMarkIt-soft

2014-05-11 19:47 . 2014-05-11 19:47        48648        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2014-05-11 19:47 . 2014-05-11 19:47        824144        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2014-05-11 19:44 . 2014-05-11 19:44        --------        d-----w-        c:\users\Mandy\AppData\Local\DVDVideoSoft_Ltd

2014-05-11 19:41 . 2014-05-11 19:41        --------        d-----w-        c:\program files\DVDVideoSoft

2014-05-11 19:41 . 2014-05-11 19:41        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft

2014-05-11 19:40 . 2014-05-11 19:41        --------        d-----w-        c:\users\Mandy\AppData\Roaming\DVDVideoSoft

2014-05-03 19:39 . 2014-05-03 19:40        --------        d-----w-        c:\program files\Common Files\Overwolf

2014-05-03 19:39 . 2014-05-03 19:40        --------        d-----w-        c:\program files\Overwolf

2014-05-03 19:35 . 2014-05-22 17:35        --------        d-----w-        c:\users\Mandy\AppData\Local\Overwolf

2014-05-03 19:35 . 2014-05-12 15:01        --------        d-----w-        c:\users\Mandy\AppData\Roaming\TS3Client

2014-05-03 19:35 . 2014-05-03 19:35        --------        d-----w-        c:\program files\TeamSpeak 3 Client

2014-05-03 16:34 . 2014-05-03 16:34        --------        d-----w-        c:\program files\af0.net

2014-05-02 12:40 . 2014-05-02 12:40        --------        d-----w-        c:\program files\ESET

2014-05-02 12:15 . 2014-05-02 12:32        107736        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-05-02 12:15 . 2014-05-02 12:15        --------        d-----w-        c:\program files\Malwarebytes Anti-Malware

2014-05-02 12:15 . 2014-05-02 12:15        --------        d-----w-        c:\programdata\Malwarebytes

2014-05-02 12:15 . 2014-04-03 07:51        51416        ----a-w-        c:\windows\system32\drivers\mwac.sys

2014-05-02 12:15 . 2014-04-03 07:51        73432        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-05-02 12:15 . 2014-04-03 07:50        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys

2014-05-02 11:48 . 2014-05-02 11:48        --------        d-----w-        c:\windows\ERUNT

2014-05-02 11:34 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\system32\sqlite3.dll

2014-05-02 11:34 . 2014-05-12 17:21        --------        d-----w-        C:\AdwCleaner

2014-05-01 21:17 . 2014-05-16 20:05        --------        d-----w-        C:\FRST

2014-05-01 20:21 . 2014-05-14 17:50        --------        d-----w-        C:\Fraps

2014-05-01 19:30 . 2014-05-01 19:30        --------        d-----w-        c:\users\Mandy\AppData\Roaming\dlg

2014-05-01 19:30 . 2014-05-01 19:30        --------        d-----w-        c:\program files\CamStudio 2.7

2014-05-01 19:29 . 2014-05-01 19:29        --------        d-----w-        c:\program files\PlusSHD-9.9

2014-05-01 19:24 . 2014-05-01 19:24        --------        d-----w-        c:\users\Mandy\AppData\Roaming\Security System 2

2014-05-01 19:18 . 2014-05-01 19:18        --------        d-----w-        c:\users\Mandy\ChromeExtensions

2014-05-01 19:18 . 2014-05-01 19:18        --------        d-----w-        c:\users\Mandy\AppData\Local\Tempf1876b600bb02be9eb240ccf6afe4b63

2014-05-01 19:18 . 2014-05-01 19:18        --------        d-----w-        c:\users\Mandy\AppData\Local\Tempc4e0eaa8bdfe6fcfad4c7ab10b6866ee

2014-04-30 20:26 . 2014-05-01 19:15        --------        d-----w-        c:\users\Mandy\AppData\Roaming\Solveig Multimedia

2014-04-30 20:22 . 2014-04-30 20:22        --------        d-----w-        c:\users\Mandy\AppData\Roaming\HyperCam

2014-04-30 20:22 . 2014-04-30 20:22        --------        d-----w-        c:\program files\Common Files\Solveig Multimedia

2014-04-30 20:21 . 2014-04-30 20:22        --------        d-----w-        c:\program files\HyperCam 3

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-05-15 11:30 . 2014-02-23 10:29        70832        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2014-05-15 11:30 . 2014-02-23 10:29        692400        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2014-05-02 11:56 . 2014-02-23 10:57        765968        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-03-31 20:46 . 2014-03-31 20:46        130712        ----a-w-        c:\windows\system32\MSSTDFMT.DLL

2014-03-31 20:46 . 2014-03-31 20:46        1070232        ----a-w-        c:\windows\system32\MSCOMCTL.OCX

2014-03-11 08:52 . 2013-09-27 08:53        104264        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys

2014-03-06 08:31 . 2014-04-10 01:03        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll

2014-03-06 08:02 . 2014-04-10 01:03        61952        ----a-w-        c:\windows\system32\iesetup.dll

2014-03-06 08:02 . 2014-04-10 01:04        455168        ----a-w-        c:\windows\system32\vbscript.dll

2014-03-06 08:01 . 2014-04-10 01:03        51200        ----a-w-        c:\windows\system32\ieetwproxystub.dll

2014-03-06 07:46 . 2014-04-10 01:03        4254720        ----a-w-        c:\windows\system32\jscript9.dll

2014-03-06 07:38 . 2014-04-10 01:03        112128        ----a-w-        c:\windows\system32\ieUnatt.exe

2014-03-06 07:38 . 2014-04-10 01:03        108032        ----a-w-        c:\windows\system32\ieetwcollector.exe

2014-03-06 07:36 . 2014-04-10 01:03        592896        ----a-w-        c:\windows\system32\jscript9diag.dll

2014-03-06 07:28 . 2014-04-10 01:03        646144        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe

2014-03-06 07:13 . 2014-04-10 01:03        32256        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll

2014-03-06 06:40 . 2014-04-10 01:03        1967104        ----a-w-        c:\windows\system32\inetcpl.cpl

2014-03-06 05:41 . 2014-04-10 01:03        1789440        ----a-w-        c:\windows\system32\wininet.dll

2014-03-05 17:29 . 2014-03-05 17:29        773968        ----a-w-        c:\windows\system32\msvcr100.dll

2014-03-05 17:28 . 2014-03-05 17:28        421200        ----a-w-        c:\windows\system32\msvcp100.dll

2014-03-01 21:06 . 2009-08-18 10:30        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2014-03-01 21:06 . 2009-08-18 10:24        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2014-02-23 22:42 . 2014-02-23 22:42        645120        ----a-w-        c:\windows\system32\jsIntl.dll

2014-02-23 22:42 . 2014-02-23 22:42        194048        ----a-w-        c:\windows\system32\elshyph.dll

2014-02-23 22:42 . 2014-02-23 22:42        71680        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2014-02-23 22:42 . 2014-02-23 22:42        62464        ----a-w-        c:\windows\system32\tdc.ocx

2014-02-23 22:42 . 2014-02-23 22:42        337408        ----a-w-        c:\windows\system32\html.iec

2014-02-23 22:42 . 2014-02-23 22:42        24576        ----a-w-        c:\windows\system32\licmgr10.dll

2014-02-23 22:42 . 2014-02-23 22:42        182272        ----a-w-        c:\windows\system32\msls31.dll

2014-02-23 22:42 . 2014-02-23 22:42        151552        ----a-w-        c:\windows\system32\iexpress.exe

2014-02-23 22:42 . 2014-02-23 22:42        139264        ----a-w-        c:\windows\system32\wextract.exe

2014-02-23 22:42 . 2014-02-23 22:42        1051136        ----a-w-        c:\windows\system32\mshtmlmedia.dll

2014-02-23 22:42 . 2014-02-23 22:42        74240        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2014-02-23 22:42 . 2014-02-23 22:42        61952        ----a-w-        c:\windows\system32\MshtmlDac.dll

2014-02-23 22:42 . 2014-02-23 22:42        36352        ----a-w-        c:\windows\system32\imgutil.dll

2014-02-23 22:42 . 2014-02-23 22:42        13312        ----a-w-        c:\windows\system32\mshta.exe

2014-02-23 22:42 . 2014-02-23 22:42        111616        ----a-w-        c:\windows\system32\IEAdvpack.dll

2014-02-23 22:42 . 2014-02-23 22:42        86016        ----a-w-        c:\windows\system32\iesysprep.dll

2014-02-23 22:42 . 2014-02-23 22:42        48640        ----a-w-        c:\windows\system32\mshtmler.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]

"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]

"AppleIEDAV"="c:\program files\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-11-15 1326408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]

"Akamai NetSession Interface"="c:\users\Mandy\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]

"Overwolf"="c:\program files\Overwolf\Overwolf.exe" [2014-03-05 37664]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-02-23 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-01-07 280576]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-07-25 18944]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]

R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe [2014-03-05 99616]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2014-01-06 1343400]

S1 MpKsl88125cb5;MpKsl88125cb5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{533F06EE-CC1E-4C55-A944-A9F2C14A1819}\MpKsl88125cb5.sys [2014-05-22 39464]

S2 BetterMarkIt;BetterMarkIt;c:\program files\BetterMarkIt-soft\BetterMarkItqa161.exe [2014-05-12 145408]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-05-15 01:11        1077576        ----a-w-        c:\program files\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23 11:30]

.

2014-05-22 c:\windows\Tasks\BetterMarkIt_wd.job

- c:\program files\BetterMarkIt-soft\BetterMarkItdtbcuw.exe [2014-05-12 17:10]

.

2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-23 10:33]

.

2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-23 10:33]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyServer = http=127.0.0.1:13876

uSearchAssistant = hxxp://www.google.com

Trusted Zone: qone8.com\start

TCP: DhcpNameServer = 10.0.0.138 10.0.0.138

FF - ProfilePath - c:\users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\arjqb6vm.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

AddRemove-Save Sense - c:\users\Mandy\AppData\Local\SaveSense\uninst.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\taskhost.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\sppsvc.exe

c:\windows\System32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Apple\Internet Services\APSDaemon.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\DllHost.exe

c:\program files\Common Files\Overwolf\OverwolfHelper.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-05-22  19:41:25 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-05-22 17:41

.

Vor Suchlauf: 7 Verzeichnis(se), 554.479.558.656 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 554.256.441.344 Bytes frei

.

- - End Of File - - 00C8A15569314E6CD263912D31B22571

A36C5E4F47E84449FF07ED3517B43A31

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hi,

danke erstmal für die rasche Hilfe ;)
Hier der Log von MBAM:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 23.05.2014

Suchlauf-Zeit: 19:13:26

Logdatei: mbam1.txt

Administrator: Ja
 

Version: 2.00.1.1004

Malware Datenbank: v2014.05.23.10

Rootkit Datenbank: v2014.05.21.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Chameleon: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x86

Dateisystem: NTFS

Benutzer: Mandy
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 249239

Verstrichene Zeit: 12 Min, 25 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Shuriken: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 6

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [e62968ec8eedea4c18a8012cdd25fe02], 

PUP.Optional.HDPlus.A, HKLM\SOFTWARE\PlusSHD-9.9, In Quarantäne, [f916292b97e4b87e99f0d2bb42c0ea16], 

PUP.Optional.1ClickMovieDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\1ClickMovie-Download V9.0, In Quarantäne, [30dfada718634ee8113b435b3ec4f808], 

PUP.Optional.HDPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PlusSHD-9.9, In Quarantäne, [1df28acac4b76ec8d8b38d00d32f38c8], 

PUP.Optional.HDPlus.A, HKU\S-1-5-21-1535260990-2514592949-83207897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PlusSHD-9.9, In Quarantäne, [37d8ce860c6f3ff74f3c1578cc366997], 

PUP.Optional.HDPlus.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PlusSHD-9.9, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 1

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 
 

Dateien: 19

PUP.Optional.Superfish.A, C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, In Quarantäne, [3cd3a9ab1e5d54e2b77e7319e51d629e], 

PUP.Optional.Superfish.A, C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [e22d3024a0db30062015642861a17987], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\52916.crx, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\52916.xpi, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\55754578-5210-48e8-ad9d-406ec2352fb4-2.exe, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\55754578-5210-48e8-ad9d-406ec2352fb4-3.exe, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\55754578-5210-48e8-ad9d-406ec2352fb4-4.exe, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\55754578-5210-48e8-ad9d-406ec2352fb4-5.exe, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\background.html, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\bgNova.html, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-bg.exe, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-bho.dll, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-codedownloader.exe, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-nova.dll, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-nova.exe, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\PlusSHD-9.9-novainstaller.exe, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\PlusSHD-9.9.ico, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\Uninstall.exe, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 

PUP.Optional.HDPlus.A, C:\Program Files\PlusSHD-9.9\utils.exe, In Quarantäne, [ab64bc98017a3105a53ee2a1d131e41c], 
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

Hier von adwCleaner:

Code:

# AdwCleaner v3.210 - Bericht erstellt am 23/05/2014 um 19:22:04

# Aktualisiert 19/05/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)

# Benutzername : Mandy - MANDY-PC

# Gestartet von : C:\Users\Mandy\Downloads\adwcleaner_3.210.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS

Schlüssel Gelöscht : HKCU\Software\OCS
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17041
 
 

-\\ Mozilla Firefox v28.0 (de)
 

[ Datei : C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\arjqb6vm.default\prefs.js ]
 
 

-\\ Google Chrome v35.0.1916.114
 

[ Datei : C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [24289 octets] - [02/05/2014 13:34:38]

AdwCleaner[R1].txt - [24409 octets] - [02/05/2014 13:35:41]

AdwCleaner[R2].txt - [9587 octets] - [12/05/2014 19:20:36]

AdwCleaner[R3].txt - [1485 octets] - [23/05/2014 19:21:26]

AdwCleaner[S0].txt - [315 octets] - [02/05/2014 13:35:21]

AdwCleaner[S1].txt - [21016 octets] - [02/05/2014 13:42:02]

AdwCleaner[S2].txt - [7519 octets] - [12/05/2014 19:21:01]

AdwCleaner[S3].txt - [1406 octets] - [23/05/2014 19:22:04]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1466 octets] ##########

Und von JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x86

Ran by Mandy on 23.05.2014 at 19:26:50,12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 23.05.2014 at 19:28:33,31

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und der frische Scan mit FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014

Ran by Mandy (administrator) on MANDY-PC on 23-05-2014 19:30:53

Running from C:\Users\Mandy\Downloads\FRST-OlderVersion

Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files\BetterMarkIt-soft\BetterMarkItqa161.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

() C:\Program Files\BetterMarkIt-soft\BetterMarkItdtbcuw.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe

(Akamai Technologies, Inc.) C:\Users\Mandy\AppData\Local\Akamai\netsession_win.exe

(Overwolf LTD) C:\Program Files\Overwolf\Overwolf.exe

(Akamai Technologies, Inc.) C:\Users\Mandy\AppData\Local\Akamai\netsession_win.exe

(Overwolf LTD) C:\Program Files\Common Files\Overwolf\OverwolfHelper.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-07] (Microsoft Corporation)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mandy\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD)

HKU\S-1-5-21-1535260990-2514592949-83207897-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-23] (Google Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:13992

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {3D192D91-B64D-4DB9-A3FD-A1B28B053766} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {3D192D91-B64D-4DB9-A3FD-A1B28B053766} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
 

FireFox:

========

FF ProfilePath: C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\arjqb6vm.default

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Amazon-Icon - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\arjqb6vm.default\Extensions\amazon-icon@giga.de [2014-05-01]

FF Extension: Protegere - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\arjqb6vm.default\Extensions\security@protegere.org [2014-05-01]

FF Extension: NoScript - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\arjqb6vm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-28]

FF HKCU\...\Firefox\Extensions: [{DC2D4C70-7705-4024-EB42-006A09640797}] - C:\Program Files\BetterMarkIt-soft\161.xpi

FF Extension: BetterMarkIt - C:\Program Files\BetterMarkIt-soft\161.xpi [2014-05-12]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR Extension: (Google Drive) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-23]

CHR Extension: (YouTube) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-23]

CHR Extension: (Google-Suche) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-23]

CHR Extension: (BetterMarkIt) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccjbpohebhlgljklcklboiidddmmgel [2014-05-12]

CHR Extension: (Google Wallet) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-23]

CHR Extension: (Google Mail) - C:\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-23]
 

========================== Services (Whitelisted) =================
 

R2 BetterMarkIt; C:\Program Files\BetterMarkIt-soft\BetterMarkItqa161.exe [145408 2014-05-12] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
 

==================== Drivers (Whitelisted) ====================
 

R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [107736 2014-05-23] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Mandy\AppData\Local\Temp\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-23 19:28 - 2014-05-23 19:28 - 00000625 _____ () C:\Users\Mandy\Desktop\JRT.txt

2014-05-23 19:20 - 2014-05-23 19:21 - 01326389 _____ () C:\Users\Mandy\Downloads\adwcleaner_3.210.exe

2014-05-23 19:19 - 2014-05-23 19:19 - 00004797 _____ () C:\Users\Mandy\Desktop\mbam1.txt

2014-05-22 19:41 - 2014-05-22 19:41 - 00015385 _____ () C:\ComboFix.txt

2014-05-22 19:19 - 2014-05-22 19:19 - 00001130 _____ () C:\Users\Mandy\Desktop\ComboFix - Verknüpfung.lnk

2014-05-22 19:03 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-05-22 19:03 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-05-22 19:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-05-22 19:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-05-22 19:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-05-22 19:03 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-05-22 19:03 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-05-22 19:03 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-05-22 18:50 - 2014-05-22 19:41 - 00000000 ____D () C:\Qoobox

2014-05-22 18:50 - 2014-05-22 19:39 - 00000000 ____D () C:\Windows\erdnt

2014-05-22 18:49 - 2014-05-22 18:49 - 05200426 ____R (Swearware) C:\Users\Mandy\Downloads\ComboFix.exe

2014-05-19 15:36 - 2014-05-19 15:36 - 00140200 ____H () C:\Windows\system32\mlfcache.dat

2014-05-17 18:02 - 2014-05-17 18:03 - 35115008 _____ () C:\Users\Mandy\Desktop\Test2.avi

2014-05-16 22:06 - 2014-05-16 22:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mandy\Downloads\revosetup95.exe

2014-05-16 22:06 - 2014-05-16 22:06 - 00001222 _____ () C:\Users\Mandy\Desktop\Revo Uninstaller.lnk

2014-05-16 22:06 - 2014-05-16 22:06 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-05-16 21:59 - 2014-05-17 02:29 - 00000000 ____D () C:\Users\Mandy\Documents\My Recorded Scripts

2014-05-16 21:59 - 2014-05-16 22:49 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Mouse Recorder Pro

2014-05-16 21:59 - 2014-05-16 22:32 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Nemex

2014-05-16 21:59 - 2014-05-16 21:59 - 00001205 _____ () C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk

2014-05-16 21:59 - 2014-05-16 21:59 - 00001143 _____ () C:\Users\Public\Desktop\Mouse Recorder Play.lnk

2014-05-16 21:59 - 2014-05-16 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Recorder Pro 2

2014-05-16 21:59 - 2014-05-16 21:59 - 00000000 ____D () C:\Program Files\Nemex

2014-05-16 21:58 - 2014-05-16 21:58 - 02358445 _____ () C:\Users\Mandy\Downloads\mrp274setup.zip

2014-05-16 21:05 - 2014-05-16 21:05 - 00000000 ____D () C:\Program Files\RobotSoft

2014-05-16 21:04 - 2014-05-16 21:04 - 00626638 _____ (Robot-Soft.com, Inc. ) C:\Users\Mandy\Downloads\FreeMouseKeyboardRecorder.exe

2014-05-16 21:04 - 2014-05-16 21:04 - 00626638 _____ (Robot-Soft.com, Inc. ) C:\Users\Mandy\Downloads\FreeMouseKeyboardRecorder (1).exe

2014-05-15 03:02 - 2014-05-15 03:02 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-15 03:01 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-15 03:01 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-15 03:01 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-14 19:50 - 2014-05-14 19:50 - 00000572 _____ () C:\Users\Public\Desktop\Fraps.lnk

2014-05-14 19:50 - 2014-05-14 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

2014-05-14 19:44 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-14 19:44 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-14 19:44 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-14 19:44 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-05-14 19:44 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-14 19:44 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-14 19:44 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-14 19:44 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2014-05-14 19:44 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-14 19:44 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-14 19:44 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-14 19:44 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-14 19:44 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-14 19:44 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-14 19:44 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-14 19:44 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-14 19:44 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-14 19:44 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2014-05-14 19:44 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2014-05-14 19:44 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2014-05-14 19:44 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2014-05-14 19:44 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-14 19:44 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2014-05-14 19:44 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-05-14 19:43 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-14 19:41 - 2014-05-14 19:41 - 02589760 _____ (Beepa Pty Ltd) C:\Users\Mandy\Downloads\Fraps-Vollversion by Michi.exe

2014-05-14 17:08 - 2014-05-14 17:08 - 02587935 _____ () C:\Users\Mandy\Downloads\Skyrama Hack v3.3.5.zip

2014-05-14 17:04 - 2014-05-14 17:05 - 06395871 _____ () C:\Users\Mandy\Downloads\Skyrama Hack.zip

2014-05-12 20:04 - 2014-05-23 19:30 - 00000000 ____D () C:\Users\Mandy\Downloads\FRST-OlderVersion

2014-05-12 19:10 - 2014-05-23 19:23 - 00000390 _____ () C:\Windows\Tasks\BetterMarkIt_wd.job

2014-05-12 19:10 - 2014-05-12 19:10 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-05-12 19:10 - 2014-05-12 19:10 - 00000000 ____D () C:\Program Files\BetterMarkIt-soft

2014-05-12 19:07 - 2014-05-12 19:07 - 00420304 _____ () C:\Users\Mandy\Downloads\DiePutevonPanem (1).exe

2014-05-12 19:06 - 2014-05-12 19:07 - 00420304 _____ () C:\Users\Mandy\Downloads\DiePutevonPanem.exe

2014-05-12 18:43 - 2014-05-12 18:43 - 00771999 _____ () C:\Users\Mandy\Desktop\Avicii - Wake Me Up Instrumental 2.m4r

2014-05-11 21:48 - 2014-05-11 21:48 - 54036992 _____ () C:\Users\Mandy\Desktop\Test1.avi

2014-05-11 21:44 - 2014-05-11 21:44 - 00000000 ____D () C:\Users\Mandy\AppData\Local\DVDVideoSoft_Ltd

2014-05-11 21:41 - 2014-05-11 21:41 - 00002241 _____ () C:\Users\Public\Desktop\Free Screen Video Recorder.lnk

2014-05-11 21:41 - 2014-05-11 21:41 - 00001197 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk

2014-05-11 21:41 - 2014-05-11 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

2014-05-11 21:41 - 2014-05-11 21:41 - 00000000 ____D () C:\Program Files\DVDVideoSoft

2014-05-11 21:41 - 2014-05-11 21:41 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

2014-05-11 21:40 - 2014-05-11 21:41 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\DVDVideoSoft

2014-05-11 21:37 - 2014-05-11 21:39 - 24478272 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandy\Downloads\FreeScreenVideoRecorder.exe

2014-05-03 21:40 - 2014-05-03 21:40 - 00001917 _____ () C:\Users\Public\Desktop\Overwolf.lnk

2014-05-03 21:40 - 2014-05-03 21:40 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf

2014-05-03 21:39 - 2014-05-03 21:40 - 00000000 ____D () C:\Program Files\Overwolf

2014-05-03 21:39 - 2014-05-03 21:40 - 00000000 ____D () C:\Program Files\Common Files\Overwolf

2014-05-03 21:35 - 2014-05-23 19:24 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Overwolf

2014-05-03 21:35 - 2014-05-12 17:01 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\TS3Client

2014-05-03 21:35 - 2014-05-03 21:35 - 00001120 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

2014-05-03 21:35 - 2014-05-03 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

2014-05-03 21:35 - 2014-05-03 21:35 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client

2014-05-03 21:11 - 2014-05-03 21:13 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Mandy\Downloads\TeamSpeak3-Client-win32-3.0.14.exe

2014-05-03 18:34 - 2014-05-03 18:34 - 00000000 ____D () C:\Program Files\af0.net

2014-05-03 18:31 - 2014-05-03 18:31 - 02378752 _____ () C:\Users\Mandy\Downloads\Adblock_Installer.msi

2014-05-02 14:40 - 2014-05-02 14:40 - 00000000 ____D () C:\Program Files\ESET

2014-05-02 14:39 - 2014-05-02 14:39 - 02347384 _____ (ESET) C:\Users\Mandy\Downloads\esetsmartinstaller_deu.exe

2014-05-02 14:36 - 2014-05-02 14:36 - 00007043 _____ () C:\Users\Mandy\Desktop\mbam.txt

2014-05-02 14:15 - 2014-05-23 19:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-02 14:15 - 2014-05-02 14:15 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-02 14:15 - 2014-05-02 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-02 14:15 - 2014-05-02 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-02 14:15 - 2014-05-02 14:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-02 14:15 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-02 14:15 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-02 14:15 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-02 14:11 - 2014-05-02 14:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mandy\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-02 13:48 - 2014-05-02 13:48 - 00000000 ____D () C:\Windows\ERUNT

2014-05-02 13:47 - 2014-05-02 13:47 - 01016261 _____ (Thisisu) C:\Users\Mandy\Downloads\JRT.exe

2014-05-02 13:34 - 2014-05-23 19:22 - 00000000 ____D () C:\AdwCleaner

2014-05-02 13:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2014-05-01 23:20 - 2014-05-01 23:20 - 00036305 _____ () C:\Users\Mandy\Downloads\FRST (1).txt

2014-05-01 23:18 - 2014-05-14 20:46 - 00020535 _____ () C:\Users\Mandy\Downloads\Addition.txt

2014-05-01 23:17 - 2014-05-23 19:30 - 00000000 ____D () C:\FRST

2014-05-01 23:16 - 2014-05-12 20:04 - 01056256 _____ (Farbar) C:\Users\Mandy\Downloads\FRST.exe

2014-05-01 23:09 - 2014-05-14 20:46 - 00035199 _____ () C:\Users\Mandy\Downloads\FRST.txt

2014-05-01 22:57 - 2014-05-01 22:57 - 04725948 _____ () C:\Users\Mandy\Downloads\GoogleQuickSearchBox-2.0.0.1447.Release.dmg

2014-05-01 22:47 - 2014-05-23 19:23 - 00003239 _____ () C:\Windows\setupact.log

2014-05-01 22:47 - 2014-05-23 19:22 - 00016076 _____ () C:\Windows\PFRO.log

2014-05-01 22:47 - 2014-05-01 22:47 - 00000000 _____ () C:\Windows\setuperr.log

2014-05-01 22:21 - 2014-05-14 19:50 - 00000000 ____D () C:\Fraps

2014-05-01 22:11 - 2014-05-01 22:11 - 00613200 _____ (Chip Digital GmbH) C:\Users\Mandy\Downloads\FRAPS - CHIP-Downloader.exe

2014-05-01 21:35 - 2014-05-01 21:35 - 416812032 _____ () C:\Users\Mandy\Desktop\Test 2.avi

2014-05-01 21:33 - 2014-05-01 21:33 - 415155712 _____ () C:\Users\Mandy\Desktop\Test.avi

2014-05-01 21:31 - 2014-05-14 19:31 - 00004535 _____ () C:\Users\Mandy\AppData\Roaming\CamStudio.cfg

2014-05-01 21:31 - 2014-05-14 19:31 - 00000408 _____ () C:\Users\Mandy\AppData\Roaming\CamShapes.ini

2014-05-01 21:31 - 2014-05-14 19:31 - 00000408 _____ () C:\Users\Mandy\AppData\Roaming\CamLayout.ini

2014-05-01 21:31 - 2014-05-14 19:31 - 00000096 _____ () C:\Users\Mandy\AppData\Roaming\Camdata.ini

2014-05-01 21:31 - 2014-05-14 19:31 - 00000000 ____D () C:\Users\Mandy\Documents\My CamStudio Temp Files

2014-05-01 21:30 - 2014-05-14 19:30 - 00000096 _____ () C:\Users\Mandy\AppData\Roaming\version2.xml

2014-05-01 21:30 - 2014-05-01 21:30 - 00001002 _____ () C:\Users\Public\Desktop\CamStudio.lnk

2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\dlg

2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7

2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\Program Files\CamStudio 2.7

2014-05-01 21:24 - 2014-05-01 21:24 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Security System 2

2014-05-01 21:18 - 2014-05-01 21:18 - 00000000 ____D () C:\Users\Mandy\ChromeExtensions

2014-05-01 21:18 - 2014-05-01 21:18 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Tempf1876b600bb02be9eb240ccf6afe4b63

2014-05-01 21:18 - 2014-05-01 21:18 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Tempc4e0eaa8bdfe6fcfad4c7ab10b6866ee

2014-05-01 21:14 - 2014-05-01 21:14 - 01062288 _____ () C:\Users\Mandy\Downloads\FRAPS-lnstall.exe

2014-05-01 13:47 - 2014-05-01 13:47 - 01617328 _____ () C:\Users\Mandy\Desktop\SkyramafansTV Ladebildschirm.pptx

2014-05-01 13:40 - 2014-05-01 12:56 - 00161042 _____ () C:\Users\Mandy\Desktop\20140501 125339.m4a

2014-04-30 22:26 - 2014-05-14 19:29 - 00007168 _____ () C:\Users\Mandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-04-30 22:26 - 2014-05-01 21:15 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Solveig Multimedia

2014-04-30 22:22 - 2014-05-14 19:30 - 00000000 ____D () C:\Users\Mandy\Documents\HyperCam3

2014-04-30 22:22 - 2014-04-30 22:22 - 00001001 _____ () C:\Users\Mandy\Desktop\HyperCam 3.lnk

2014-04-30 22:22 - 2014-04-30 22:22 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\HyperCam

2014-04-30 22:22 - 2014-04-30 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 3

2014-04-30 22:22 - 2014-04-30 22:22 - 00000000 ____D () C:\Program Files\Common Files\Solveig Multimedia

2014-04-30 22:21 - 2014-04-30 22:22 - 00000000 ____D () C:\Program Files\HyperCam 3

2014-04-30 22:16 - 2014-04-30 22:19 - 17776768 _____ () C:\Users\Mandy\Downloads\SolveigMM_HyperCam_3_6_1403_19.exe
 

==================== One Month Modified Files and Folders =======
 

2014-05-23 19:30 - 2014-05-12 20:04 - 00000000 ____D () C:\Users\Mandy\Downloads\FRST-OlderVersion

2014-05-23 19:30 - 2014-05-01 23:17 - 00000000 ____D () C:\FRST

2014-05-23 19:28 - 2014-05-23 19:28 - 00000625 _____ () C:\Users\Mandy\Desktop\JRT.txt

2014-05-23 19:26 - 2013-11-26 00:17 - 02028808 _____ () C:\Windows\WindowsUpdate.log

2014-05-23 19:25 - 2014-02-23 12:27 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Skype

2014-05-23 19:24 - 2014-05-03 21:35 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Overwolf

2014-05-23 19:23 - 2014-05-12 19:10 - 00000390 _____ () C:\Windows\Tasks\BetterMarkIt_wd.job

2014-05-23 19:23 - 2014-05-01 22:47 - 00003239 _____ () C:\Windows\setupact.log

2014-05-23 19:23 - 2014-02-23 12:33 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-23 19:23 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-23 19:22 - 2014-05-02 13:34 - 00000000 ____D () C:\AdwCleaner

2014-05-23 19:22 - 2014-05-01 22:47 - 00016076 _____ () C:\Windows\PFRO.log

2014-05-23 19:22 - 2009-07-14 06:34 - 00017920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-23 19:22 - 2009-07-14 06:34 - 00017920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-23 19:21 - 2014-05-23 19:20 - 01326389 _____ () C:\Users\Mandy\Downloads\adwcleaner_3.210.exe

2014-05-23 19:19 - 2014-05-23 19:19 - 00004797 _____ () C:\Users\Mandy\Desktop\mbam1.txt

2014-05-23 19:17 - 2014-05-02 14:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-23 19:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\PLA

2014-05-23 19:11 - 2014-02-23 12:33 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-23 19:11 - 2014-02-23 12:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-23 13:53 - 2014-02-23 12:35 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-05-22 19:41 - 2014-05-22 19:41 - 00015385 _____ () C:\ComboFix.txt

2014-05-22 19:41 - 2014-05-22 18:50 - 00000000 ____D () C:\Qoobox

2014-05-22 19:41 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default

2014-05-22 19:41 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public

2014-05-22 19:39 - 2014-05-22 18:50 - 00000000 ____D () C:\Windows\erdnt

2014-05-22 19:34 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini

2014-05-22 19:31 - 2009-07-14 04:03 - 49283072 _____ () C:\Windows\system32\config\SOFTWARE.bak

2014-05-22 19:31 - 2009-07-14 04:03 - 13369344 _____ () C:\Windows\system32\config\SYSTEM.bak

2014-05-22 19:31 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak

2014-05-22 19:31 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

2014-05-22 19:31 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak

2014-05-22 19:19 - 2014-05-22 19:19 - 00001130 _____ () C:\Users\Mandy\Desktop\ComboFix - Verknüpfung.lnk

2014-05-22 18:49 - 2014-05-22 18:49 - 05200426 ____R (Swearware) C:\Users\Mandy\Downloads\ComboFix.exe

2014-05-19 15:36 - 2014-05-19 15:36 - 00140200 ____H () C:\Windows\system32\mlfcache.dat

2014-05-18 13:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache

2014-05-17 18:03 - 2014-05-17 18:02 - 35115008 _____ () C:\Users\Mandy\Desktop\Test2.avi

2014-05-17 02:29 - 2014-05-16 21:59 - 00000000 ____D () C:\Users\Mandy\Documents\My Recorded Scripts

2014-05-16 22:49 - 2014-05-16 21:59 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Mouse Recorder Pro

2014-05-16 22:32 - 2014-05-16 21:59 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Nemex

2014-05-16 22:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-05-16 22:06 - 2014-05-16 22:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mandy\Downloads\revosetup95.exe

2014-05-16 22:06 - 2014-05-16 22:06 - 00001222 _____ () C:\Users\Mandy\Desktop\Revo Uninstaller.lnk

2014-05-16 22:06 - 2014-05-16 22:06 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-05-16 21:59 - 2014-05-16 21:59 - 00001205 _____ () C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk

2014-05-16 21:59 - 2014-05-16 21:59 - 00001143 _____ () C:\Users\Public\Desktop\Mouse Recorder Play.lnk

2014-05-16 21:59 - 2014-05-16 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Recorder Pro 2

2014-05-16 21:59 - 2014-05-16 21:59 - 00000000 ____D () C:\Program Files\Nemex

2014-05-16 21:58 - 2014-05-16 21:58 - 02358445 _____ () C:\Users\Mandy\Downloads\mrp274setup.zip

2014-05-16 21:05 - 2014-05-16 21:05 - 00000000 ____D () C:\Program Files\RobotSoft

2014-05-16 21:04 - 2014-05-16 21:04 - 00626638 _____ (Robot-Soft.com, Inc. ) C:\Users\Mandy\Downloads\FreeMouseKeyboardRecorder.exe

2014-05-16 21:04 - 2014-05-16 21:04 - 00626638 _____ (Robot-Soft.com, Inc. ) C:\Users\Mandy\Downloads\FreeMouseKeyboardRecorder (1).exe

2014-05-15 13:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-05-15 13:30 - 2014-02-23 12:31 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Adobe

2014-05-15 13:30 - 2014-02-23 12:29 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-05-15 13:30 - 2014-02-23 12:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-05-15 03:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

2014-05-15 03:05 - 2013-11-26 00:20 - 01518986 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-15 03:04 - 2014-01-06 15:05 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-15 03:04 - 2013-11-26 00:27 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-05-15 03:02 - 2014-05-15 03:02 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-15 03:02 - 2014-01-06 15:05 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-05-14 20:46 - 2014-05-01 23:18 - 00020535 _____ () C:\Users\Mandy\Downloads\Addition.txt

2014-05-14 20:46 - 2014-05-01 23:09 - 00035199 _____ () C:\Users\Mandy\Downloads\FRST.txt

2014-05-14 19:50 - 2014-05-14 19:50 - 00000572 _____ () C:\Users\Public\Desktop\Fraps.lnk

2014-05-14 19:50 - 2014-05-14 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

2014-05-14 19:50 - 2014-05-01 22:21 - 00000000 ____D () C:\Fraps

2014-05-14 19:41 - 2014-05-14 19:41 - 02589760 _____ (Beepa Pty Ltd) C:\Users\Mandy\Downloads\Fraps-Vollversion by Michi.exe

2014-05-14 19:31 - 2014-05-01 21:31 - 00004535 _____ () C:\Users\Mandy\AppData\Roaming\CamStudio.cfg

2014-05-14 19:31 - 2014-05-01 21:31 - 00000408 _____ () C:\Users\Mandy\AppData\Roaming\CamShapes.ini

2014-05-14 19:31 - 2014-05-01 21:31 - 00000408 _____ () C:\Users\Mandy\AppData\Roaming\CamLayout.ini

2014-05-14 19:31 - 2014-05-01 21:31 - 00000096 _____ () C:\Users\Mandy\AppData\Roaming\Camdata.ini

2014-05-14 19:31 - 2014-05-01 21:31 - 00000000 ____D () C:\Users\Mandy\Documents\My CamStudio Temp Files

2014-05-14 19:30 - 2014-05-01 21:30 - 00000096 _____ () C:\Users\Mandy\AppData\Roaming\version2.xml

2014-05-14 19:30 - 2014-04-30 22:22 - 00000000 ____D () C:\Users\Mandy\Documents\HyperCam3

2014-05-14 19:29 - 2014-04-30 22:26 - 00007168 _____ () C:\Users\Mandy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-05-14 17:08 - 2014-05-14 17:08 - 02587935 _____ () C:\Users\Mandy\Downloads\Skyrama Hack v3.3.5.zip

2014-05-14 17:05 - 2014-05-14 17:04 - 06395871 _____ () C:\Users\Mandy\Downloads\Skyrama Hack.zip

2014-05-14 16:33 - 2014-01-07 21:10 - 00000000 ____D () C:\Users\Mandy\AppData\Local\3566F3D7-7B26-49CE-9BB3-D24D069FC175.aplzod

2014-05-12 20:04 - 2014-05-01 23:16 - 01056256 _____ (Farbar) C:\Users\Mandy\Downloads\FRST.exe

2014-05-12 19:21 - 2014-04-06 13:10 - 00001058 _____ () C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

2014-05-12 19:21 - 2014-03-28 12:52 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-05-12 19:21 - 2014-03-28 12:52 - 00001007 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-05-12 19:21 - 2014-02-23 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-05-12 19:21 - 2014-01-12 14:50 - 00001148 _____ () C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-05-12 19:21 - 2013-11-26 00:17 - 00001118 _____ () C:\Users\Mandy\Desktop\Internet Explorer.lnk

2014-05-12 19:10 - 2014-05-12 19:10 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-05-12 19:10 - 2014-05-12 19:10 - 00000000 ____D () C:\Program Files\BetterMarkIt-soft

2014-05-12 19:10 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-05-12 19:07 - 2014-05-12 19:07 - 00420304 _____ () C:\Users\Mandy\Downloads\DiePutevonPanem (1).exe

2014-05-12 19:07 - 2014-05-12 19:06 - 00420304 _____ () C:\Users\Mandy\Downloads\DiePutevonPanem.exe

2014-05-12 18:43 - 2014-05-12 18:43 - 00771999 _____ () C:\Users\Mandy\Desktop\Avicii - Wake Me Up Instrumental 2.m4r

2014-05-12 17:01 - 2014-05-03 21:35 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\TS3Client

2014-05-11 21:48 - 2014-05-11 21:48 - 54036992 _____ () C:\Users\Mandy\Desktop\Test1.avi

2014-05-11 21:46 - 2009-07-14 10:56 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-05-11 21:44 - 2014-05-11 21:44 - 00000000 ____D () C:\Users\Mandy\AppData\Local\DVDVideoSoft_Ltd

2014-05-11 21:41 - 2014-05-11 21:41 - 00002241 _____ () C:\Users\Public\Desktop\Free Screen Video Recorder.lnk

2014-05-11 21:41 - 2014-05-11 21:41 - 00001197 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk

2014-05-11 21:41 - 2014-05-11 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

2014-05-11 21:41 - 2014-05-11 21:41 - 00000000 ____D () C:\Program Files\DVDVideoSoft

2014-05-11 21:41 - 2014-05-11 21:41 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft

2014-05-11 21:41 - 2014-05-11 21:40 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\DVDVideoSoft

2014-05-11 21:39 - 2014-05-11 21:37 - 24478272 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandy\Downloads\FreeScreenVideoRecorder.exe

2014-05-06 21:00 - 2014-03-15 21:43 - 00000466 _____ () C:\Users\Mandy\Documents\PhoenixLauncher.log

2014-05-06 05:25 - 2014-05-15 03:01 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-06 05:07 - 2014-05-15 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-06 04:10 - 2014-05-15 03:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-03 21:40 - 2014-05-03 21:40 - 00001917 _____ () C:\Users\Public\Desktop\Overwolf.lnk

2014-05-03 21:40 - 2014-05-03 21:40 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf

2014-05-03 21:40 - 2014-05-03 21:39 - 00000000 ____D () C:\Program Files\Overwolf

2014-05-03 21:40 - 2014-05-03 21:39 - 00000000 ____D () C:\Program Files\Common Files\Overwolf

2014-05-03 21:35 - 2014-05-03 21:35 - 00001120 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

2014-05-03 21:35 - 2014-05-03 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

2014-05-03 21:35 - 2014-05-03 21:35 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client

2014-05-03 21:13 - 2014-05-03 21:11 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Mandy\Downloads\TeamSpeak3-Client-win32-3.0.14.exe

2014-05-03 18:34 - 2014-05-03 18:34 - 00000000 ____D () C:\Program Files\af0.net

2014-05-03 18:31 - 2014-05-03 18:31 - 02378752 _____ () C:\Users\Mandy\Downloads\Adblock_Installer.msi

2014-05-02 14:40 - 2014-05-02 14:40 - 00000000 ____D () C:\Program Files\ESET

2014-05-02 14:39 - 2014-05-02 14:39 - 02347384 _____ (ESET) C:\Users\Mandy\Downloads\esetsmartinstaller_deu.exe

2014-05-02 14:36 - 2014-05-02 14:36 - 00007043 _____ () C:\Users\Mandy\Desktop\mbam.txt

2014-05-02 14:15 - 2014-05-02 14:15 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-02 14:15 - 2014-05-02 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-02 14:15 - 2014-05-02 14:15 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-02 14:15 - 2014-05-02 14:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-02 14:12 - 2014-05-02 14:11 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mandy\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-02 13:48 - 2014-05-02 13:48 - 00000000 ____D () C:\Windows\ERUNT

2014-05-02 13:47 - 2014-05-02 13:47 - 01016261 _____ (Thisisu) C:\Users\Mandy\Downloads\JRT.exe

2014-05-02 13:42 - 2013-11-26 00:17 - 00000000 ____D () C:\Users\Mandy

2014-05-01 23:20 - 2014-05-01 23:20 - 00036305 _____ () C:\Users\Mandy\Downloads\FRST (1).txt

2014-05-01 22:57 - 2014-05-01 22:57 - 04725948 _____ () C:\Users\Mandy\Downloads\GoogleQuickSearchBox-2.0.0.1447.Release.dmg

2014-05-01 22:47 - 2014-05-01 22:47 - 00000000 _____ () C:\Windows\setuperr.log

2014-05-01 22:11 - 2014-05-01 22:11 - 00613200 _____ (Chip Digital GmbH) C:\Users\Mandy\Downloads\FRAPS - CHIP-Downloader.exe

2014-05-01 21:35 - 2014-05-01 21:35 - 416812032 _____ () C:\Users\Mandy\Desktop\Test 2.avi

2014-05-01 21:33 - 2014-05-01 21:33 - 415155712 _____ () C:\Users\Mandy\Desktop\Test.avi

2014-05-01 21:30 - 2014-05-01 21:30 - 00001002 _____ () C:\Users\Public\Desktop\CamStudio.lnk

2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\dlg

2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7

2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\Program Files\CamStudio 2.7

2014-05-01 21:24 - 2014-05-01 21:24 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Security System 2

2014-05-01 21:18 - 2014-05-01 21:18 - 00000000 ____D () C:\Users\Mandy\ChromeExtensions

2014-05-01 21:18 - 2014-05-01 21:18 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Tempf1876b600bb02be9eb240ccf6afe4b63

2014-05-01 21:18 - 2014-05-01 21:18 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Tempc4e0eaa8bdfe6fcfad4c7ab10b6866ee

2014-05-01 21:15 - 2014-04-30 22:26 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\Solveig Multimedia

2014-05-01 21:14 - 2014-05-01 21:14 - 01062288 _____ () C:\Users\Mandy\Downloads\FRAPS-lnstall.exe

2014-05-01 13:47 - 2014-05-01 13:47 - 01617328 _____ () C:\Users\Mandy\Desktop\SkyramafansTV Ladebildschirm.pptx

2014-05-01 12:56 - 2014-05-01 13:40 - 00161042 _____ () C:\Users\Mandy\Desktop\20140501 125339.m4a

2014-04-30 22:22 - 2014-04-30 22:22 - 00001001 _____ () C:\Users\Mandy\Desktop\HyperCam 3.lnk

2014-04-30 22:22 - 2014-04-30 22:22 - 00000000 ____D () C:\Users\Mandy\AppData\Roaming\HyperCam

2014-04-30 22:22 - 2014-04-30 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 3

2014-04-30 22:22 - 2014-04-30 22:22 - 00000000 ____D () C:\Program Files\Common Files\Solveig Multimedia

2014-04-30 22:22 - 2014-04-30 22:21 - 00000000 ____D () C:\Program Files\HyperCam 3

2014-04-30 22:19 - 2014-04-30 22:16 - 17776768 _____ () C:\Users\Mandy\Downloads\SolveigMM_HyperCam_3_6_1403_19.exe

2014-04-28 20:40 - 2014-03-21 14:48 - 00000000 ____D () C:\Users\Mandy\AppData\Local\Akamai
 

Files to move or delete:

====================

C:\Users\Mandy\AppData\Roaming\Camdata.ini

C:\Users\Mandy\AppData\Roaming\CamLayout.ini

C:\Users\Mandy\AppData\Roaming\CamShapes.ini
 
 

Some content of TEMP:

====================

C:\Users\Mandy\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe

[2014-05-14 19:44] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
 

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-19 13:57
 

==================== End Of Log ============================

--- --- ---

Vielen Dank!
Ihr seit echt Klasse!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Danke erstmal für die Hilfe!
Hier das Log von ESET:

Code:

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=7b2e8f8fefdea143a2bf964eb108133b

# engine=18399

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-05-24 08:24:11

# local_time=2014-05-24 10:24:11 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5892 16777213 88 94 4994575 10357469 0 0

# scanned=148647

# found=45

# cleaned=0

# scan_time=2881

sh=12A81C015E84CAB1346754690B8683E3D0F5C542 ft=1 fh=2038865bafb4f80a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\DaemonProcess.exe.vir"

sh=CC52EE1298EA7A344B1C0CD7D03D1A059C77FD39 ft=1 fh=d235b59034f549ec vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\Mobogenie.exe.vir"

sh=659E678C5D8CE742CC03A211C59AA57E6018FDC6 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\MUServer.apk.vir"

sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\nengine.dll.vir"

sh=930F6C24088B7CB47481D4EDD64A873A817E73FC ft=1 fh=44fb5a4b02bb1a4e vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\New_UpdateMoboGenie.exe.vir"

sh=F6C505361D0E9703F759A1694BEC980F5B35B30C ft=1 fh=e6b882125f01150b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\UpdateMoboGenie.exe.vir"

sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\browser\nsprotector.js.vir"

sh=2C06A350EA95B428E1BD9BBC94B5932061EC71DB ft=1 fh=a351c33b2a9de0d7 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptimizerPro.exe.vir"

sh=03122518CF789F63ACE5E6CC18D09BD6E3D34A04 ft=1 fh=3537c5d07cea3b07 vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProCrash.dll.vir"

sh=888E0F78F11013E11283DA19CDE2B574E4E8833B ft=1 fh=7d4b0bc979117643 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProLauncher.exe.vir"

sh=34EDAC09C618F20D260A0B2AB6E51584EA4996EE ft=1 fh=621aa319d1387749 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProSmartScan.exe.vir"

sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\SaveSenseLive.exe.vir"

sh=10903598F769E2AC5F1E2372E90F6722A3A860B7 ft=1 fh=89560075533c3d40 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir"

sh=88482528CE4F67A1004B50BA93282CEACCEDE534 ft=1 fh=e40b702402e604d5 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\psmachine.dll.vir"

sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe.vir"

sh=70D49B9ABA391E6976DAB5C4BEA63733459B3F1C ft=1 fh=0b76a05977e7722a vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe.vir"

sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe.vir"

sh=F09B9B9B1D16D1539D23CC6ACDE0DC7BC983DF59 ft=1 fh=2dbadf99ca2df2d7 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe.vir"

sh=4E475FD620FBCCBB37453AF2BD0427BDA73109FF ft=1 fh=70875884387ffbdb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"

sh=524ED1264811258D64BA2BE8B48005C6D1935713 ft=1 fh=19b60c262a337e59 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir"

sh=72971E4B87542575A876B36FB87879B416F4EC88 ft=1 fh=eb8c71c588367618 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterfacef32.dll.vir"

sh=F34BB16FA7EEF85B106A7C3A3FDEEE95ECF18001 ft=1 fh=7bd5299d4d87abc5 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir"

sh=FB15CD6ADCD9BDFBF68D5DF5EAEA02BF329F8D4F ft=1 fh=dfa2b1c2f56e7303 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir"

sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"

sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir"

sh=A70C63312CBCD0D975236E48372A5F3275A01554 ft=1 fh=b3500ac9ac48c1c9 vn="Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir"

sh=B2C09DC8D9F5020A619DA4E5975BD8B5A0C1DB7D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.41_0\extensionData\plugins\91.js.vir"

sh=9DD0F7453F429A74EDA0C5519D70C91AF1EC6AA2 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mandy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip.vir"

sh=12A81C015E84CAB1346754690B8683E3D0F5C542 ft=1 fh=2038865bafb4f80a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mandy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"

sh=CC52EE1298EA7A344B1C0CD7D03D1A059C77FD39 ft=1 fh=d235b59034f549ec vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mandy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"

sh=659E678C5D8CE742CC03A211C59AA57E6018FDC6 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mandy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"

sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mandy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir"

sh=930F6C24088B7CB47481D4EDD64A873A817E73FC ft=1 fh=44fb5a4b02bb1a4e vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mandy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"

sh=C7438D942F5D66F71822D807D890EA30B68DEA5E ft=1 fh=cea6bc5b719b3fa1 vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mandy\AppData\Local\SaveSense\SaveSenseUpdateVer.exe.vir"

sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mandy\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"

sh=B2C09DC8D9F5020A619DA4E5975BD8B5A0C1DB7D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\arjqb6vm.default\Extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com\extensionData\plugins\91.js.vir"

sh=8E84B3369C409B88BFF2F167495B5BDA08485065 ft=1 fh=cea6bc5b1fc91d53 vn="Variante von Win32/DealPly.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mandy\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe.vir"

sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mandy\AppData\Roaming\SupTab\SupTab.dll.vir"

sh=4EFF93347F20FEADA338A54922A77E94C774E41E ft=1 fh=4239668088b340d1 vn="Variante von Win32/AdWare.AddLyrics.AJ Anwendung" ac=I fn="C:\Program Files\BetterMarkIt-soft\BetterMarkItdtbcuw.exe"

sh=888C7A5435FE567A68447D1E5F9A321740C7B4DC ft=1 fh=4fddf60580882042 vn="Variante von Win32/AdWare.AddLyrics.AK Anwendung" ac=I fn="C:\Program Files\BetterMarkIt-soft\BetterMarkItqa161.exe"

sh=D02E317BF0ED629D27B85645B165ACB0B23153F6 ft=1 fh=d41b9bb80d9f1337 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mandy\Downloads\FRAPS - CHIP-Downloader.exe"

sh=C0438ACBB8037DA9A9E9A26C4D5D2BC3205DC335 ft=1 fh=e5ff87a7fa885ec8 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mandy\Downloads\FRAPS-lnstall.exe"

sh=F2DA86C3CF763F494AB57B132015A35D50B0984A ft=0 fh=0000000000000000 vn="Variante von MSIL/FakeTool.HJ Trojaner" ac=I fn="C:\Users\Mandy\Downloads\Skyrama Hack v3.3.5.zip"

sh=CFA11DB33E91DF653D0BFECD9AB50A3CE67CA5CB ft=0 fh=0000000000000000 vn="Variante von MSIL/FakeTool.GJ Trojaner" ac=I fn="C:\Users\Mandy\Downloads\Skyrama Hack.zip"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/AdWare.AddLyrics.AJ Anwendung" ac=I fn="${Memory}"

SecurityCheck funktioniert denke ich nicht, hier der Screenshot:
http://img26.dreamies.de/img/127/b/xgb8grek94z.gif

Log von FRST kann ich dann ja erst nachher beifügen ;)

MfG

dann warte ich mal auf das Log von FRST und auf die Antwort auf meine Frage :)

Lieber schrauber,

Ich hatte keine Probleme mehr und jetzt, als ich den Cache des Browsers gelöscht habe und alle Cookies, eben alles außer die Passwörter und den Cache des Flashplayers, sind sie wieder da, bitte um Hifle!
Vielen Dank für eure Geduld!

MfG