Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win 8 : Probleme und Windows Verson Installer 2011-2014 nach Java Update (https://www.trojaner-board.de/154612-win-8-probleme-windows-verson-installer-2011-2014-java-update.html)

sarah1 01.06.2014 09:00
Win 8 : Probleme und Windows Verson Installer 2011-2014 nach Java Update
 
Hallo zusammen,

nach einem Java Update ist unser PC langsamer und verhält sich komisch. Bei allen Links wird oben ein grünes Zeichen angezeigt und wenn man auf irgendwelche Links im Internet klickt kommt man nie auf die gewollte Seite.

Außerdem wird mir immer ein Dialogfeld angezeigt "Windows Version Insaller 2011-2014" END USER LICENCE AGREEMENT", klicke das immer weg.

Habe FRST runtergeladen, hier Logfiles:

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014
Ran by Vicky-PC (administrator) on VICKY on 01-06-2014 09:44:25
Running from C:\Users\Vicky-PC\Desktop
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
() C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe
() C:\Users\Vicky-PC\AppData\Roaming\VOPackage\VOsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Users\Vicky-PC\AppData\Local\Temp\nsz1704.tmp
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-03-09] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2032216053-89665452-871656621-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2032216053-89665452-871656621-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe [815496 2013-10-07] (Adobe Systems Incorporated)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-05-08] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
SearchScopes: HKLM - {D1E91F4E-7933-4AB3-9124-EE056726F5BA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
SearchScopes: HKLM-x32 - {D1E91F4E-7933-4AB3-9124-EE056726F5BA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10065&did=10727&barid=177713605334279193587185982904893508547
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
SearchScopes: HKCU - {D1E91F4E-7933-4AB3-9124-EE056726F5BA} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10065&did=10727&barid=177713605334279193587185982904893508547
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Updater By Sweetpacks - {DEDAF650-12B8-48f5-A843-BBA100716106} - C:\Program Files\Updater By Sweetpacks\Extension64.dll ()
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: DealPly Shopping - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Updater By Sweetpacks - {DEDAF650-12B8-48f5-A843-BBA100716106} - C:\Program Files\Updater By Sweetpacks\Extension32.dll ()
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default
FF NewTab: hxxp://istart.webssearches.com/newtab/?type=nt&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\searchplugins\Sweetpacks Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Media_Play_AIR+ - C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\faf73efe-d6aa-46eb-8014-e0b47ac07ead@a90d6ab4-be69-4e96-a979-1fd9c1ae6f92.com [2014-05-30]
FF Extension: Quick Start - C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\quick_start@gmail.com [2014-05-30]
FF Extension: FireShot - C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-05-03]
FF Extension: DealPly  Shopping - C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\{906000a4-88d9-4d52-b209-7a772970d91f} [2013-10-07]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-10-07]
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF Extension: Updater By Sweetpacks - C:\Program Files\Updater By Sweetpacks\Firefox [2013-10-07]
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF Extension: Updater By Sweetpacks - C:\Program Files\Updater By Sweetpacks\Firefox [2013-10-07]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\extensions\quick_start@gmail.com [2014-05-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-08]
CHR Extension: (Google Drive) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-08]
CHR Extension: (YouTube) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-08]
CHR Extension: (Google-Suche) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-08]
CHR Extension: (Google Wallet) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-08]
CHR Extension: (Google Mail) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-05-30]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-10-07] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-10-07] (DealPly Technologies Ltd)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-11-20] (ELAN Microelectronics Corp.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-30] (globalUpdate)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-30] (globalUpdate)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-03-09] (Dritek System INC.)
R2 Updater By Sweetpacks; C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe [188760 2013-07-01] ()
R2 vosr; C:\Users\Vicky-PC\AppData\Roaming\VOPackage\VOsrv.exe [55808 2014-05-30] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [573344 2014-05-30] (Fuyu LIMITED)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-03-09] (Broadcom Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-09] (Dritek System Inc.)
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-01 09:44 - 2014-06-01 09:44 - 00024789 _____ () C:\Users\Vicky-PC\Desktop\FRST.txt
2014-06-01 09:44 - 2014-06-01 09:44 - 00000000 ____D () C:\FRST
2014-06-01 09:43 - 2014-06-01 09:43 - 02067456 _____ (Farbar) C:\Users\Vicky-PC\Desktop\FRST64.exe
2014-06-01 09:42 - 2014-06-01 09:42 - 01057792 _____ (Farbar) C:\Users\Vicky-PC\Desktop\FRST.exe
2014-06-01 08:39 - 2014-06-01 08:39 - 00284784 _____ () C:\Windows\Minidump\060114-36250-01.dmp
2014-05-30 16:50 - 2014-06-01 09:26 - 00001093 _____ () C:\Users\Vicky-PC\Desktop\Continue VuuPC Installation.lnk
2014-05-30 16:19 - 2014-05-30 16:20 - 00284784 _____ () C:\Windows\Minidump\053014-41953-01.dmp
2014-05-30 16:17 - 2014-06-01 09:25 - 00002458 _____ () C:\Windows\Tasks\Media_Play_AIR+-firefoxinstaller.job
2014-05-30 16:17 - 2014-06-01 09:25 - 00001552 _____ () C:\Windows\Tasks\Media_Play_AIR+-codedownloader.job
2014-05-30 16:17 - 2014-05-30 16:17 - 00004556 _____ () C:\Windows\System32\Tasks\Media_Play_AIR+-codedownloader
2014-05-30 16:16 - 2014-06-01 09:25 - 00001556 _____ () C:\Windows\Tasks\Media_Play_AIR+-novainstaller.job
2014-05-30 16:16 - 2014-06-01 09:25 - 00001486 _____ () C:\Windows\Tasks\Media_Play_AIR+-nova.job
2014-05-30 16:16 - 2014-05-30 16:17 - 00004490 _____ () C:\Windows\System32\Tasks\Media_Play_AIR+-nova
2014-05-30 16:16 - 2014-05-30 16:16 - 00003892 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-05-30 16:15 - 2014-06-01 09:25 - 00003462 _____ () C:\Windows\Tasks\Media_Play_AIR+-chromeinstaller.job
2014-05-30 16:15 - 2014-06-01 09:25 - 00001518 _____ () C:\Windows\Tasks\d2a7f241-093e-41bd-9633-fa3bf07bbd13-5.job
2014-05-30 16:15 - 2014-05-31 22:20 - 00000920 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-30 16:15 - 2014-05-30 16:16 - 00004522 _____ () C:\Windows\System32\Tasks\d2a7f241-093e-41bd-9633-fa3bf07bbd13-5
2014-05-30 16:14 - 2014-06-01 09:25 - 00000916 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-30 16:14 - 2014-05-31 22:17 - 00000000 ____D () C:\Program Files (x86)\Fre_Ven_s Pro 23
2014-05-30 16:14 - 2014-05-31 08:17 - 00000000 ____D () C:\Program Files (x86)\Media_Play_AIR+
2014-05-30 16:14 - 2014-05-30 16:22 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\Activeris
2014-05-30 16:14 - 2014-05-30 16:15 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-30 16:14 - 2014-05-30 16:15 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-05-30 16:14 - 2014-05-30 16:15 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-05-30 16:14 - 2014-05-30 16:14 - 00003656 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-05-30 16:14 - 2014-05-30 16:14 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\SupTab
2014-05-30 16:14 - 2014-05-30 16:14 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\globalUpdate
2014-05-30 16:14 - 2014-05-30 16:14 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-30 16:13 - 2014-05-30 16:15 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\VOPackage
2014-05-30 16:13 - 2014-05-30 16:13 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-05-30 16:12 - 2014-05-30 16:12 - 00277816 _____ () C:\Users\Vicky-PC\Downloads\jvlsetup(1).exe
2014-05-30 16:11 - 2014-05-30 16:11 - 00277816 _____ () C:\Users\Vicky-PC\Downloads\jvlsetup.exe
2014-05-20 08:19 - 2014-05-20 08:20 - 00284784 _____ () C:\Windows\Minidump\052014-47953-01.dmp
2014-05-20 08:18 - 2014-05-20 08:18 - 00000000 __SHD () C:\found.000
2014-05-19 07:16 - 2014-06-01 08:39 - 00000000 ____D () C:\Windows\Minidump
2014-05-19 07:16 - 2014-05-19 07:16 - 00284896 _____ () C:\Windows\Minidump\051914-22015-01.dmp
2014-05-19 07:15 - 2014-06-01 08:39 - 513750335 _____ () C:\Windows\MEMORY.DMP
2014-05-14 05:06 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 05:06 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 05:05 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 05:05 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 05:05 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-14 05:05 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-14 05:05 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 05:05 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 05:05 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 05:05 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 05:05 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-14 05:05 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 05:05 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 05:05 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 05:05 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 05:05 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-14 05:05 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-14 05:05 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-14 05:05 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 05:05 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 05:05 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 05:05 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 05:05 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 05:05 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 05:05 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 05:05 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 05:05 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 05:05 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-14 05:04 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 05:04 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 05:04 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 05:04 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 05:04 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 05:04 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 05:04 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-14 05:04 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-14 05:04 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-14 05:04 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-14 05:04 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-14 05:04 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-14 05:04 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-14 05:04 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-14 05:04 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-14 05:04 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-12 12:59 - 2014-05-12 12:59 - 00000000 ____D () C:\ProgramData\TreeCardGames
2014-05-12 12:58 - 2014-05-12 12:58 - 07103672 _____ (TreeCardGames ) C:\Users\Vicky-PC\Downloads\123freesolitaire-v100-setup.exe
2014-05-12 12:58 - 2014-05-12 12:58 - 00001045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire.lnk
2014-05-12 12:58 - 2014-05-12 12:58 - 00001033 _____ () C:\Users\Public\Desktop\123 Free Solitaire.lnk
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\TreeCardGames
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\Program Files (x86)\123 Free Solitaire
2014-05-09 22:31 - 2014-05-09 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 07:04 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-06 07:04 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 07:04 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 07:04 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 07:04 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

==================== One Month Modified Files and Folders =======

2014-06-01 09:44 - 2014-06-01 09:44 - 00024789 _____ () C:\Users\Vicky-PC\Desktop\FRST.txt
2014-06-01 09:44 - 2014-06-01 09:44 - 00000000 ____D () C:\FRST
2014-06-01 09:44 - 2013-10-07 12:05 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\Temp
2014-06-01 09:43 - 2014-06-01 09:43 - 02067456 _____ (Farbar) C:\Users\Vicky-PC\Desktop\FRST64.exe
2014-06-01 09:42 - 2014-06-01 09:42 - 01057792 _____ (Farbar) C:\Users\Vicky-PC\Desktop\FRST.exe
2014-06-01 09:26 - 2014-05-30 16:50 - 00001093 _____ () C:\Users\Vicky-PC\Desktop\Continue VuuPC Installation.lnk
2014-06-01 09:25 - 2014-05-30 16:17 - 00002458 _____ () C:\Windows\Tasks\Media_Play_AIR+-firefoxinstaller.job
2014-06-01 09:25 - 2014-05-30 16:17 - 00001552 _____ () C:\Windows\Tasks\Media_Play_AIR+-codedownloader.job
2014-06-01 09:25 - 2014-05-30 16:16 - 00001556 _____ () C:\Windows\Tasks\Media_Play_AIR+-novainstaller.job
2014-06-01 09:25 - 2014-05-30 16:16 - 00001486 _____ () C:\Windows\Tasks\Media_Play_AIR+-nova.job
2014-06-01 09:25 - 2014-05-30 16:15 - 00003462 _____ () C:\Windows\Tasks\Media_Play_AIR+-chromeinstaller.job
2014-06-01 09:25 - 2014-05-30 16:15 - 00001518 _____ () C:\Windows\Tasks\d2a7f241-093e-41bd-9633-fa3bf07bbd13-5.job
2014-06-01 09:25 - 2014-05-30 16:14 - 00000916 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-06-01 09:25 - 2013-10-08 16:36 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-01 09:25 - 2013-10-07 19:47 - 00000918 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2014-06-01 09:25 - 2013-10-07 14:22 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\Adobe
2014-06-01 09:07 - 2013-10-08 16:36 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-01 09:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-01 08:52 - 2013-10-07 19:47 - 00000922 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2014-06-01 08:47 - 2013-10-07 19:47 - 00000314 _____ () C:\Windows\Tasks\Dealply.job
2014-06-01 08:39 - 2014-06-01 08:39 - 00284784 _____ () C:\Windows\Minidump\060114-36250-01.dmp
2014-06-01 08:39 - 2014-05-19 07:16 - 00000000 ____D () C:\Windows\Minidump
2014-06-01 08:39 - 2014-05-19 07:15 - 513750335 _____ () C:\Windows\MEMORY.DMP
2014-06-01 08:39 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-01 08:06 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\Skype
2014-06-01 08:06 - 2013-10-07 13:50 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\clear.fi
2014-05-31 22:20 - 2014-05-30 16:15 - 00000920 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-31 22:17 - 2014-05-30 16:14 - 00000000 ____D () C:\Program Files (x86)\Fre_Ven_s Pro 23
2014-05-31 08:17 - 2014-05-30 16:14 - 00000000 ____D () C:\Program Files (x86)\Media_Play_AIR+
2014-05-30 22:58 - 2013-03-09 16:55 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 22:58 - 2013-03-09 16:55 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 22:58 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 22:50 - 2013-10-07 12:05 - 00000000 ____D () C:\Users\Vicky-PC
2014-05-30 22:50 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-30 19:46 - 2013-12-22 11:24 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\Deployment
2014-05-30 16:22 - 2014-05-30 16:14 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\Activeris
2014-05-30 16:20 - 2014-05-30 16:19 - 00284784 _____ () C:\Windows\Minidump\053014-41953-01.dmp
2014-05-30 16:19 - 2012-11-23 07:21 - 00159276 _____ () C:\Windows\PFRO.log
2014-05-30 16:17 - 2014-05-30 16:17 - 00004556 _____ () C:\Windows\System32\Tasks\Media_Play_AIR+-codedownloader
2014-05-30 16:17 - 2014-05-30 16:16 - 00004490 _____ () C:\Windows\System32\Tasks\Media_Play_AIR+-nova
2014-05-30 16:16 - 2014-05-30 16:16 - 00003892 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-05-30 16:16 - 2014-05-30 16:15 - 00004522 _____ () C:\Windows\System32\Tasks\d2a7f241-093e-41bd-9633-fa3bf07bbd13-5
2014-05-30 16:15 - 2014-05-30 16:14 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-30 16:15 - 2014-05-30 16:14 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-05-30 16:15 - 2014-05-30 16:14 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-05-30 16:15 - 2014-05-30 16:13 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\VOPackage
2014-05-30 16:14 - 2014-05-30 16:14 - 00003656 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-05-30 16:14 - 2014-05-30 16:14 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\SupTab
2014-05-30 16:14 - 2014-05-30 16:14 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\globalUpdate
2014-05-30 16:14 - 2014-05-30 16:14 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-30 16:13 - 2014-05-30 16:13 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-05-30 16:13 - 2013-10-08 16:37 - 00002395 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-30 16:13 - 2013-10-07 13:53 - 00001375 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-30 16:13 - 2013-10-07 13:53 - 00001363 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-30 16:13 - 2013-10-07 12:07 - 00001666 _____ () C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-30 16:12 - 2014-05-30 16:12 - 00277816 _____ () C:\Users\Vicky-PC\Downloads\jvlsetup(1).exe
2014-05-30 16:11 - 2014-05-30 16:11 - 00277816 _____ () C:\Users\Vicky-PC\Downloads\jvlsetup.exe
2014-05-22 13:50 - 2013-10-07 13:11 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 13:50 - 2013-10-07 13:11 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-20 08:20 - 2014-05-20 08:19 - 00284784 _____ () C:\Windows\Minidump\052014-47953-01.dmp
2014-05-20 08:18 - 2014-05-20 08:18 - 00000000 __SHD () C:\found.000
2014-05-19 07:16 - 2014-05-19 07:16 - 00284896 _____ () C:\Windows\Minidump\051914-22015-01.dmp
2014-05-19 07:01 - 2013-10-07 12:05 - 01160077 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 11:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-05-16 07:10 - 2013-10-07 12:07 - 00000000 ___RD () C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:10 - 2013-10-07 12:07 - 00000000 ___RD () C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 07:08 - 2013-12-04 18:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 10:50 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-14 11:44 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-14 05:53 - 2013-12-22 11:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 05:50 - 2013-10-08 17:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 05:47 - 2013-10-08 17:17 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 05:47 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-14 04:53 - 2013-10-07 14:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 12:59 - 2014-05-12 12:59 - 00000000 ____D () C:\ProgramData\TreeCardGames
2014-05-12 12:58 - 2014-05-12 12:58 - 07103672 _____ (TreeCardGames ) C:\Users\Vicky-PC\Downloads\123freesolitaire-v100-setup.exe
2014-05-12 12:58 - 2014-05-12 12:58 - 00001045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire.lnk
2014-05-12 12:58 - 2014-05-12 12:58 - 00001033 _____ () C:\Users\Public\Desktop\123 Free Solitaire.lnk
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\TreeCardGames
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\Program Files (x86)\123 Free Solitaire
2014-05-09 22:31 - 2014-05-09 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 08:02 - 2013-10-08 16:36 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 08:02 - 2013-10-08 16:36 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 07:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-06 07:14 - 2014-05-14 05:04 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:14 - 2014-05-14 05:04 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:48 - 2014-05-14 05:04 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:48 - 2014-05-14 05:04 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 05:37 - 2014-05-14 05:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:26 - 2014-05-14 05:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-04 21:40 - 2013-12-16 16:48 - 00004608 _____ () C:\Users\Vicky-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-04 21:40 - 2013-12-16 16:45 - 00000000 ____D () C:\Users\Vicky-PC\Documents\My Recordings
2014-05-04 20:55 - 2013-12-14 15:31 - 00008355 _____ () C:\Windows\system32\lvcoinst.log
2014-05-02 08:37 - 2013-12-09 21:43 - 00049664 ___SH () C:\Users\Vicky-PC\Desktop\Thumbs.db

Some content of TEMP:
====================
C:\Users\Vicky-PC\AppData\Local\Temp\avgnt.exe
C:\Users\Vicky-PC\AppData\Local\Temp\BackupSetup.exe
C:\Users\Vicky-PC\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Vicky-PC\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Vicky-PC\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Vicky-PC\AppData\Local\Temp\MyScreenRecorder.exe
C:\Users\Vicky-PC\AppData\Local\Temp\ose00000.exe
C:\Users\Vicky-PC\AppData\Local\Temp\Shortcut_IMsetup.exe
C:\Users\Vicky-PC\AppData\Local\Temp\spacksyahoo_717_active.exe
C:\Users\Vicky-PC\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Vicky-PC\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 05:05] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-30 06:18

==================== End Of Log ============================

und hier die Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014
Ran by Vicky-PC at 2014-06-01 09:45:01
Running from C:\Users\Vicky-PC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden
123 Free Solitaire v10.0 (HKLM-x32\...\123 Free Solitaire_is1) (Version:  - TreeCardGames)
7-Zip 9.30 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0930-000001000000}) (Version: 9.30.00.0 - Igor Pavlov)
7-Zip 9.32 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0932-000001000000}) (Version: 9.32.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3015 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.2.1.260 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe InCopy CC (HKLM-x32\...\{2606D96F-C1A3-1014-9A8F-E3561A1AC78D}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4489 - APN, LLC)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.96 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
Canon MP490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series) (Version:  - )
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364 - CyberLink Corp.) Hidden
Dealply (HKCU\...\Dealply) (Version:  - ) <==== ATTENTION
DealPly (remove only) (HKLM-x32\...\DealPly) (Version: 4.8.7.2 - DealPly Technologies Ltd.) <==== ATTENTION
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Fre_Ven_s Pro 23 (HKLM-x32\...\Fre_Ven_s Pro 23) (Version: 1.34.5.22 - setup)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Installer (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Media_Play_AIR+ (HKLM-x32\...\Media_Play_AIR+) (Version: 1.34.5.29 - enter)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
My Screen Recorder Pro 4.0 (HKLM-x32\...\My Screen Recorder Pro DotNet4_is1) (Version:  - Deskshare Inc.)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - MyPC Backup) <==== ATTENTION
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TweetDeck (HKLM-x32\...\{6848C97D-3728-4199-A70D-817E65D96ECC}) (Version: 3.2.4 - Twitter, Inc.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Updater By Sweetpacks 2.0.0.605 (HKLM\...\{DEDAF650-12B8-48f5-A843-BBA100716106}_is1) (Version: 2.0.0.605 - Sweetpacks) <==== ATTENTION
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version:  - webssearches) <==== ATTENTION
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
WindowsProtectManger20.0.0.339 (HKLM-x32\...\WindowsProtectManger) (Version: 20.0.0.339 - Fuyu LIMITED)
WinZip 18.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DE}) (Version: 18.0.10661 - WinZip Computing, S.L. )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

14-05-2014 03:40:52 Windows Update
21-05-2014 05:56:22 Geplanter Prüfpunkt
30-05-2014 04:24:51 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02703A85-0CA3-47EC-AF7F-B4D18CF52200} - System32\Tasks\Media_Play_AIR+-firefoxinstaller => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-firefoxinstaller.exe
Task: {086E20C4-76FA-4694-9AFF-ACE27333FE78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {214FE432-9C57-4BFE-9B32-9131CA66F82F} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {307F90A6-A396-4D4E-B4CD-634A3DDCED78} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {4379264D-F433-46DD-A857-020CCC076024} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {4CC312B7-6E38-48D7-968B-5A32EF6DE919} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {5973892A-E570-48C2-942D-80BCF9A53397} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {5B5A16A8-D55A-4FAA-9BE0-AE8C88F07859} - System32\Tasks\Media_Play_AIR+-chromeinstaller => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-chromeinstaller.exe
Task: {6EAAF0A1-61A5-48DC-AD3B-4D4DDB596BD7} - System32\Tasks\{30327668-E9EA-4D75-9CCA-9499E01E4522} => Chrome.exe hxxp://ui.skype.com/ui/0/5.6.0.110/de/go/help.faq.installer?LastError=1603
Task: {799F62F8-3EB0-4CC9-ACC4-DB12EA80C539} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-30] (globalUpdate) <==== ATTENTION
Task: {80B0112C-44D9-49BC-8252-6928768F9EA4} - System32\Tasks\d2a7f241-093e-41bd-9633-fa3bf07bbd13-5 => C:\Program Files (x86)\Fre_Ven_s Pro 23\d2a7f241-093e-41bd-9633-fa3bf07bbd13-5.exe
Task: {950FF553-88FF-4E08-B79E-6FB30B75D87A} - System32\Tasks\AdobeAAMUpdater-1.0-Vicky-Vicky-PC => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {95E3E942-D3E6-426B-8D4A-49E26EF29434} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A793ACE7-AB97-46A1-85F6-4B0A751BB42B} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {AC1AC535-CDD2-4F5C-B37D-1A5AF6E96D27} - System32\Tasks\Media_Play_AIR+-nova => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-nova.exe
Task: {ADEF40AB-724F-4271-9622-C259FCAA46C1} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-30] (globalUpdate) <==== ATTENTION
Task: {B4427329-DB9D-40C4-A1C1-7E150D9D5F40} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-10-07] (DealPly Technologies Ltd) <==== ATTENTION
Task: {C1139C68-EE86-4DE7-A3B6-3B85286E1C61} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-10-07] (DealPly Technologies Ltd) <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C8615E82-FE1A-48B3-869D-9683648239F7} - System32\Tasks\Dealply => C:\Users\Vicky-PC\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-10-07] () <==== ATTENTION
Task: {CC851DD6-6674-4505-BEAD-61D6AEF1EDA5} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-11-19] (Acer Incorporated)
Task: {E4BDC118-2C5A-4688-A69B-02C73F204756} - System32\Tasks\Media_Play_AIR+-novainstaller => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-novainstaller.exe
Task: {E68DE6BF-A61B-40BA-9006-BC6326D1B81D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {E7EA7153-E5D3-42DA-9F8B-3E1B1E4C49AD} - System32\Tasks\Media_Play_AIR+-codedownloader => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-codedownloader.exe
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\d2a7f241-093e-41bd-9633-fa3bf07bbd13-5.job => C:\Program Files (x86)\Fre_Ven_s Pro 23\d2a7f241-093e-41bd-9633-fa3bf07bbd13-5.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Vicky-PC\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Media_Play_AIR+-chromeinstaller.job => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-chromeinstaller.exe
Task: C:\Windows\Tasks\Media_Play_AIR+-codedownloader.job => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-codedownloader.exe
Task: C:\Windows\Tasks\Media_Play_AIR+-firefoxinstaller.job => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-firefoxinstaller.exe
Task: C:\Windows\Tasks\Media_Play_AIR+-nova.job => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-nova.exe
Task: C:\Windows\Tasks\Media_Play_AIR+-novainstaller.job => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-novainstaller.exe

==================== Loaded Modules (whitelisted) =============

2013-10-07 19:48 - 2013-07-01 10:10 - 00188760 _____ () C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe
2014-05-30 16:15 - 2014-05-30 16:15 - 00055808 _____ () C:\Users\Vicky-PC\AppData\Roaming\VOPackage\VOsrv.exe
2013-10-16 19:02 - 2013-10-16 19:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2012-11-23 07:14 - 2012-10-23 20:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-20 00:37 - 2013-09-20 00:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-09-20 00:32 - 2013-09-20 00:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2013-10-16 19:01 - 2013-10-16 19:01 - 04624240 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-06-01 09:25 - 2014-06-01 09:25 - 00591130 _____ () C:\Users\Vicky-PC\AppData\Local\Temp\nsz1704.tmp
2012-11-03 02:38 - 2012-11-03 02:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-03 02:38 - 2012-11-03 02:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-03 02:37 - 2012-11-03 02:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2013-03-09 08:12 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-10-17 17:45 - 2013-10-17 17:45 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-03-13 14:42 - 2013-06-05 15:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2014-02-25 10:55 - 2014-02-25 10:55 - 00151040 ____N () C:\Users\Vicky-PC\AppData\Local\Temp\is45637729\2829202_stp\RAM.dll
2014-03-13 16:39 - 2014-03-13 16:39 - 00645592 ____N () C:\Users\Vicky-PC\AppData\Local\Temp\is45637729\2829132_stp\sqlite3.dll
2014-03-17 14:19 - 2014-03-17 14:19 - 00214528 ____N () C:\Users\Vicky-PC\AppData\Local\Temp\is45637729\2829281_stp\icc.dll
2014-05-09 22:31 - 2014-05-09 22:31 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: HD WebCam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2014 09:07:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi

Error: (06/01/2014 08:07:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi

Error: (06/01/2014 01:07:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi

Error: (06/01/2014 00:07:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi

Error: (05/31/2014 11:07:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi

Error: (05/31/2014 10:07:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi

Error: (05/31/2014 09:07:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi

Error: (05/31/2014 08:07:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi

Error: (05/31/2014 07:07:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi

Error: (05/31/2014 06:07:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi


System errors:
=============
Error: (06/01/2014 08:40:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/01/2014 08:40:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/01/2014 08:40:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (06/01/2014 08:39:51 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007a (0x0000000000000004, 0x0000000000000000, 0xfffffa800a134770, 0xfffff683fd51ed88)C:\Windows\MEMORY.DMP060114-36250-01

Error: (06/01/2014 08:39:22 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎06.‎2014 um 08:11:27 unerwartet heruntergefahren.

Error: (05/30/2014 10:51:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/30/2014 10:51:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/30/2014 10:51:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (05/30/2014 04:20:40 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve

Error: (05/30/2014 04:20:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (06/01/2014 09:07:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/01/2014 08:07:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/01/2014 01:07:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/01/2014 00:07:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/31/2014 11:07:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/31/2014 10:07:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/31/2014 09:07:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/31/2014 08:07:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/31/2014 07:07:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/31/2014 06:07:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 3911.27 MB
Available physical RAM: 2220.15 MB
Total Pagefile: 15687.27 MB
Available Pagefile: 13838.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.19 GB) (Free:329.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3091FBA2)

Partition: GPT Partition Type.

==================== End Of Log ============================
Antivier hat auch was gefunden und in Quarantäne geschoben, braucht ihr die Logfiles auch ?

Wäre toll, wenn mir jemand hilft. Danke.

schrauber 01.06.2014 09:28
hi,

Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

sarah1 01.06.2014 11:01
hi,

danke für die Antwort.

Revo Uninstaller installiert, hat nicht alle Programme gefunden, darum habe ich auch Combofix runtergeladen, hier Logfile:

Code:
ComboFix 14-05-29.01 - Vicky-PC 01.06.2014  11:43:39.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3911.2199 [GMT 2:00]
ausgeführt von:: c:\users\Vicky-PC\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyIE64.dll
c:\program files (x86)\DealPly\DealPlyUpdateVer.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\program files\Updater By Sweetpacks\ExTEnsion32.dll
c:\users\Vicky-PC\AppData\Local\assembly\tmp
c:\users\Vicky-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2D02B49C-7282-4DC1-B8A1-A025ADBFCFEA}.xps
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-05-01 bis 2014-06-01  ))))))))))))))))))))))))))))))
.
.
2014-06-01 08:48 . 2014-06-01 08:48        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-06-01 07:44 . 2014-06-01 07:45        --------        d-----w-        C:\FRST
2014-05-30 14:14 . 2014-05-30 14:14        --------        d-----w-        c:\users\Vicky-PC\AppData\Roaming\SupTab
2014-05-30 14:14 . 2014-05-30 14:22        --------        d-----w-        c:\users\Vicky-PC\AppData\Roaming\Activeris
2014-05-30 14:14 . 2014-05-30 14:15        --------        d-----w-        c:\programdata\WindowsProtectManger
2014-05-30 14:14 . 2014-05-30 14:15        --------        d-----w-        c:\programdata\IePluginServices
2014-05-30 14:14 . 2014-05-30 14:15        --------        d-----w-        c:\program files (x86)\SupTab
2014-05-30 14:14 . 2014-05-31 06:17        --------        d-----w-        c:\program files (x86)\Media_Play_AIR+
2014-05-30 14:14 . 2014-05-30 14:14        --------        d-----w-        c:\program files (x86)\globalUpdate
2014-05-30 14:14 . 2014-05-30 14:14        --------        d-----w-        c:\users\Vicky-PC\AppData\Local\globalUpdate
2014-05-30 14:14 . 2014-05-31 20:17        --------        d-----w-        c:\program files (x86)\Fre_Ven_s Pro 23
2014-05-30 14:13 . 2014-05-30 14:13        --------        d-----w-        c:\users\Vicky-PC\AppData\Local\Programs
2014-05-20 06:18 . 2014-05-20 06:18        --------        d-----w-        C:\found.000
2014-05-14 03:06 . 2014-03-28 08:23        19759104        ----a-w-        c:\windows\system32\shell32.dll
2014-05-14 03:04 . 2014-03-28 08:23        1287168        ----a-w-        c:\windows\system32\schedsvc.dll
2014-05-12 10:59 . 2014-05-12 10:59        --------        d-----w-        c:\programdata\TreeCardGames
2014-05-12 10:58 . 2014-05-12 10:58        --------        d-----w-        c:\users\Vicky-PC\AppData\Roaming\TreeCardGames
2014-05-12 10:58 . 2014-05-12 10:58        --------        d-----w-        c:\program files (x86)\123 Free Solitaire
2014-05-06 05:04 . 2014-04-19 09:39        628024        ----a-w-        c:\windows\system32\NotificationUI.exe
2014-05-06 05:04 . 2014-04-19 08:45        693760        ----a-w-        c:\windows\system32\WSShared.dll
2014-05-06 05:04 . 2014-04-19 08:45        163840        ----a-w-        c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 05:04 . 2014-04-19 06:57        566784        ----a-w-        c:\windows\SysWow64\WSShared.dll
2014-05-06 05:04 . 2014-04-19 06:57        124928        ----a-w-        c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-22 11:50 . 2013-10-07 11:11        130584        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-05-22 11:50 . 2013-10-07 11:11        112080        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-05-14 03:47 . 2013-10-08 15:17        93223848        ----a-w-        c:\windows\system32\MRT.exe
2014-05-01 20:37 . 2013-12-04 16:28        78296        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 20:37 . 2013-12-04 16:28        694240        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-15 00:34 . 2014-04-15 00:34        1070232        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-07 00:48 . 2014-04-12 17:36        1766400        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-03-07 00:47 . 2014-04-12 17:36        2877952        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-03-07 00:08 . 2014-04-12 17:36        51712        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-03-07 00:08 . 2014-04-12 17:36        2240000        ----a-w-        c:\windows\system32\wininet.dll
2014-03-07 00:08 . 2014-04-12 17:36        1365504        ----a-w-        c:\windows\system32\urlmon.dll
2014-03-07 00:08 . 2014-04-12 17:36        915968        ----a-w-        c:\windows\system32\uxtheme.dll
2014-03-07 00:08 . 2014-04-12 17:36        603136        ----a-w-        c:\windows\system32\msfeeds.dll
2014-03-07 00:08 . 2014-04-12 17:36        855552        ----a-w-        c:\windows\system32\jscript.dll
2014-03-07 00:08 . 2014-04-12 17:36        3959808        ----a-w-        c:\windows\system32\jscript9.dll
2014-03-07 00:08 . 2014-04-12 17:36        15404544        ----a-w-        c:\windows\system32\ieframe.dll
2014-03-07 00:08 . 2014-04-12 17:36        2648576        ----a-w-        c:\windows\system32\iertutil.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-05-08 10:52        513648        ----a-w-        c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2014-02-13 05:22        12240        ----a-w-        c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2014-02-13 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RadioController"="c:\program files (x86)\RadioController\RfBtnHelper.exe" [2013-03-09 111216]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-08-15 2994880]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-05-22 737872]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-02-13 1758160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-11-05 2237328]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2012-07-26 62976]
.
c:\users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-9-20 1953320]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Acer Backup Manager Tray.lnk - c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k [2012-11-3 624192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\SupTab\SearchProtect32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
R2 dealplylive;DealPly Live-Dienst (dealplylive);c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe;c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dealplylivem;DealPly Live-Dienst (dealplylivem);c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe;c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [x]
R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;@oem13.inf,%PID_081B_DD%(UVC);Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 ccSet_NARA;NARA Settings Manager;c:\windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NARAx64\0401000.00E\ccSetx64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BrcmCardReader;Broadcom Card Reader Service;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe [x]
S2 CCDMonitorService;CCDMonitorService;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe;c:\program files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater By Sweetpacks;Updater By Sweetpacks;c:\program files\Updater By Sweetpacks\ExtensionUpdaterService.exe;c:\program files\Updater By Sweetpacks\ExtensionUpdaterService.exe [x]
S2 WindowsProtectManger;WindowsProtectManger Service;c:\programdata\WindowsProtectManger\wprotectmanager.exe;c:\programdata\WindowsProtectManger\wprotectmanager.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\System32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\System32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\System32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\System32\drivers\bScsiSDa.sys;c:\windows\SYSNATIVE\drivers\bScsiSDa.sys [x]
S3 ePowerSvc;ePower Service;c:\program files\Acer\Acer Power Management\ePowerSvc.exe;c:\program files\Acer\Acer Power Management\ePowerSvc.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-21 21:08        1091912        ----a-w-        c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-01 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
- c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-10-07 17:47]
.
2014-06-01 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
- c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-10-07 17:47]
.
2014-06-01 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-30 14:14]
.
2014-06-01 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-30 14:14]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-08 14:36]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-08 14:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2014-02-13 05:22        13776        ----a-w-        c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2014-02-13 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-10-16 17:02        3358064        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-10-16 17:02        3358064        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-10-16 17:02        3358064        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-23 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-23 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-23 441888]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-09-25 472984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SupTab\SearchProtect64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - c:\program files (x86)\DealPly\DealPlyIE.dll
BHO-{DEDAF650-12B8-48f5-A843-BBA100716106} - c:\program files\Updater By Sweetpacks\Extension32.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-LManager - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Activeris AntiMalware_is1 - c:\program files (x86)\Activeris AntiMalware\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Launch Manager\LManager.exe
c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
c:\program files (x86)\avira\antivir desktop\ipmGui.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-06-01  11:56:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-06-01 09:56
.
Vor Suchlauf: 7 Verzeichnis(se), 353.242.013.696 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 354.361.008.128 Bytes frei
.
- - End Of File - - 1F9A9BC9D8EC8048B2AEAD5D15A2DB92
was muss ich nun machen ?

schrauber 02.06.2014 10:10
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

sarah1 02.06.2014 20:28
hallo,

hier die logfiles:

mbam:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 02.06.2014
Suchlauf-Zeit: 20:40:43
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.03.04.09
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Vicky-PC

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 244460
Verstrichene Zeit: 13 Min, 9 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1108, Löschen bei Neustart, [b0998b74166478be56e42375f0110af6]
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe, 2280, Löschen bei Neustart, [0a3f22ddcbaf55e13b4aca7edf2212ee]

Module: 1
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],

Registrierungsschlüssel: 109
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [b0998b74166478be56e42375f0110af6],
PUP.Optional.SweetPacks.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Updater By Sweetpacks, In Quarantäne, [0a3f22ddcbaf55e13b4aca7edf2212ee],
PUP.Optional.DealPly.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dealplylive, In Quarantäne, [d277f00f0971d06613e184da0ff27987],
PUP.Optional.DealPly.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dealplylivem, In Quarantäne, [d277f00f0971d06613e184da0ff27987],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [56f34db26b0f6ec887d780f49072a957],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [56f34db26b0f6ec887d780f49072a957],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [56f34db26b0f6ec887d780f49072a957],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [56f34db26b0f6ec887d780f49072a957],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [56f34db26b0f6ec887d780f49072a957],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [56f34db26b0f6ec887d780f49072a957],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [56f34db26b0f6ec887d780f49072a957],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [61e86a95f88267cf9ec1037119e90ef2],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [61e86a95f88267cf9ec1037119e90ef2],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [61e86a95f88267cf9ec1037119e90ef2],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [61e86a95f88267cf9ec1037119e90ef2],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [61e86a95f88267cf9ec1037119e90ef2],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [61e86a95f88267cf9ec1037119e90ef2],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [61e86a95f88267cf9ec1037119e90ef2],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}, In Quarantäne, [54f5807fa5d52c0adb85f4800af8d927],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [54f5807fa5d52c0adb85f4800af8d927],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [54f5807fa5d52c0adb85f4800af8d927],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [54f5807fa5d52c0adb85f4800af8d927],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [54f5807fa5d52c0adb85f4800af8d927],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}, In Quarantäne, [1b2eb44b710963d3baa7660e9a6826da],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [1b2eb44b710963d3baa7660e9a6826da],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [1b2eb44b710963d3baa7660e9a6826da],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [1b2eb44b710963d3baa7660e9a6826da],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [1b2eb44b710963d3baa7660e9a6826da],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [a0a951aef38705310f07023d887aaa56],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [a0a951aef38705310f07023d887aaa56],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [a0a951aef38705310f07023d887aaa56],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}, In Quarantäne, [9faa37c84931cd6929392c48639fb14f],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [9faa37c84931cd6929392c48639fb14f],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [9faa37c84931cd6929392c48639fb14f],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [9faa37c84931cd6929392c48639fb14f],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [9faa37c84931cd6929392c48639fb14f],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}, In Quarantäne, [90b9649ba7d3b58164ff52224db55da3],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [90b9649ba7d3b58164ff52224db55da3],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [90b9649ba7d3b58164ff52224db55da3],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [90b9649ba7d3b58164ff52224db55da3],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [90b9649ba7d3b58164ff52224db55da3],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}, In Quarantäne, [80c97a850b6f91a50d577bf9c63cd62a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [80c97a850b6f91a50d577bf9c63cd62a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [80c97a850b6f91a50d577bf9c63cd62a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [80c97a850b6f91a50d577bf9c63cd62a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [80c97a850b6f91a50d577bf9c63cd62a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}, In Quarantäne, [e9602ad5ee8c3006580d1e5635cd5aa6],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [e9602ad5ee8c3006580d1e5635cd5aa6],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [e9602ad5ee8c3006580d1e5635cd5aa6],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [e9602ad5ee8c3006580d1e5635cd5aa6],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [e9602ad5ee8c3006580d1e5635cd5aa6],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}, In Quarantäne, [db6e6e91a6d42b0b67ff86ee7b87af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [db6e6e91a6d42b0b67ff86ee7b87af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [db6e6e91a6d42b0b67ff86ee7b87af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [db6e6e91a6d42b0b67ff86ee7b87af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [db6e6e91a6d42b0b67ff86ee7b87af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}, In Quarantäne, [71d866998eecac8a99ce076de919c43c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}, In Quarantäne, [71d866998eecac8a99ce076de919c43c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [61e8ab54bdbdd95d095f75ff79895ba5],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [61e8ab54bdbdd95d095f75ff79895ba5],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [61e8ab54bdbdd95d095f75ff79895ba5],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [61e8ab54bdbdd95d095f75ff79895ba5],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [61e8ab54bdbdd95d095f75ff79895ba5],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [61e8ab54bdbdd95d095f75ff79895ba5],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [61e8ab54bdbdd95d095f75ff79895ba5],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [61e8ab54bdbdd95d095f75ff79895ba5],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [61e8ab54bdbdd95d095f75ff79895ba5],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [61e8ab54bdbdd95d095f75ff79895ba5],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}, In Quarantäne, [51f803fcd1a914224b1e5024de248a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66}, In Quarantäne, [5fea58a7acce65d1b62d92af659d58a8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}, In Quarantäne, [5fea58a7acce65d1b62d92af659d58a8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [d475cb340b6fb4822f3b8fe5c73b0cf4],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [d475cb340b6fb4822f3b8fe5c73b0cf4],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [d475cb340b6fb4822f3b8fe5c73b0cf4],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [d475cb340b6fb4822f3b8fe5c73b0cf4],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [d475cb340b6fb4822f3b8fe5c73b0cf4],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [d475cb340b6fb4822f3b8fe5c73b0cf4],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}, In Quarantäne, [153446b93b3fc0765c0f1b59d82a11ef],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [153446b93b3fc0765c0f1b59d82a11ef],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [153446b93b3fc0765c0f1b59d82a11ef],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [153446b93b3fc0765c0f1b59d82a11ef],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [153446b93b3fc0765c0f1b59d82a11ef],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DEDAF650-12B8-48f5-A843-BBA100716106}, In Quarantäne, [74d510ef3347072f7e10b48d738f768a],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DEDAF650-12B8-48F5-A843-BBA100716106}, In Quarantäne, [74d510ef3347072f7e10b48d738f768a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}, In Quarantäne, [a8a15da283f7d4626b012a4ad032f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [a8a15da283f7d4626b012a4ad032f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [a8a15da283f7d4626b012a4ad032f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [a8a15da283f7d4626b012a4ad032f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [a8a15da283f7d4626b012a4ad032f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}, In Quarantäne, [1c2d639c8bef102678f52f4514ee738d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [1c2d639c8bef102678f52f4514ee738d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [1c2d639c8bef102678f52f4514ee738d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [1c2d639c8bef102678f52f4514ee738d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [1c2d639c8bef102678f52f4514ee738d],
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\Updater By Sweetpacks, In Quarantäne, [7ccde817a7d379bdc59f3d7309faea16],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [7dcc837ca8d2b086c2704f5d9c675ea2],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [4affe8175f1b2016c9dd189ee12222de],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, In Quarantäne, [4702fb047efcfb3b0f25b1fb34cf7d83],
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\Updater By Sweetpacks, In Quarantäne, [2b1ecf30a0da8caa92d2bdf334cfd12f],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [f257ed127505b97db082842817eca45c],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [a0a96d928cee59ddffa7ebcb6b982ad6],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=3, In Quarantäne, [c4852ed14d2db87e0b2b0ca018eb9e62],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=9, In Quarantäne, [8dbccb34f08adb5b2115ab01897ac23e],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [03460bf4e2980e28a6183c6f23e0c43c],
PUP.Optional.DealPly.A, HKU\S-1-5-21-2032216053-89665452-871656621-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPlyLive, In Quarantäne, [db6e798696e4d066f44488240ef52ed2],
PUP.Optional.Qone8, HKU\S-1-5-21-2032216053-89665452-871656621-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [e168e51a82f8e452a302d0e65ba8ba46],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-2032216053-89665452-871656621-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, In Quarantäne, [85c45da2cbaf89ad9d207c2fd62d43bd],
PUP.Optional.InstallBrain.A, HKU\S-1-5-21-2032216053-89665452-871656621-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, In Quarantäne, [be8b609f0e6c4de92dc5357c7d86f907],
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{DEDAF650-12B8-48f5-A843-BBA100716106}_is1, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],

Registrierungswerte: 3
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 177713605334279193587185982904893508547, In Quarantäne, [03460bf4e2980e28a6183c6f23e0c43c]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-2032216053-89665452-871656621-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 177713605334279193587185982904893508547, In Quarantäne, [85c45da2cbaf89ad9d207c2fd62d43bd]
PUP.Optional.InstallBrain.A, HKU\S-1-5-21-2032216053-89665452-871656621-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSEARCH_SWEETPACKS, In Quarantäne, [be8b609f0e6c4de92dc5357c7d86f907]

Registrierungsdaten: 4
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~1.DLL, Gut: (), Schlecht: (C:\PROGRA~2\SupTab\SEARCH~1.DLL),Ersetzt,[a7a24ab5adcd9b9bbd61ccc5d9290cf4]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~2.DLL, Gut: (), Schlecht: (C:\PROGRA~2\SupTab\SEARCH~2.DLL),Ersetzt,[a7a24ab5adcd9b9bbd61ccc5d9290cf4]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[bc8dd42bb0ca7db955ee60cf699b21df]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a2a7c53a265488ae0d36ee41e51fb050]

Ordner: 52
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive, In Quarantäne, [bc8ddc2314662412430e157155ade11f],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update, In Quarantäne, [bc8ddc2314662412430e157155ade11f],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log, In Quarantäne, [bc8ddc2314662412430e157155ade11f],
PUP.Optional.DealPly.A, C:\Users\Vicky-PC\AppData\Roaming\Dealply, In Quarantäne, [79d06c93b3c768cec48e493d9d65ab55],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\CrashReports, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Download, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Install, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline\{7F0732A7-4846-4551-B697-0BC76182E2A7}, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks, Löschen bei Neustart, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\libraries, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\resources, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\locale, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\locale\en-US, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\skin, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\defaults, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\defaults\preferences, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\libraries, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\resources, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.DealPly.A, C:\Users\Vicky-PC\AppData\Local\DealPlyLive, In Quarantäne, [a4a56d923a400036545588fe18ea619f],
PUP.Optional.DealPly.A, C:\Users\Vicky-PC\AppData\Local\DealPlyLive\CrashReports, In Quarantäne, [a4a56d923a400036545588fe18ea619f],

Dateien: 146
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [b0998b74166478be56e42375f0110af6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe, Löschen bei Neustart, [0a3f22ddcbaf55e13b4aca7edf2212ee],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe, In Quarantäne, [d277f00f0971d06613e184da0ff27987],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [a0a951aef38705310f07023d887aaa56],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll, In Quarantäne, [71d866998eecac8a99ce076de919c43c],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll, In Quarantäne, [61e8ab54bdbdd95d095f75ff79895ba5],
PUP.Optional.InstallBrain.A, C:\Users\Vicky-PC\Downloads\cbsidlm-tr1_15-My_Screen_Recorder-ORG-10972953.exe, In Quarantäne, [c485ff00a2d8ad8976c576a046be8c74],
PUP.Optional.Softonic.A, C:\Users\Vicky-PC\Downloads\SoftonicDownloader_fuer_pdfbinder.exe, In Quarantäne, [4dfc98671f5b8ea838cb7ce6f011649c],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [a7a24ab5adcd9b9bbd61ccc5d9290cf4],
PUP.Optional.DealPly.A, C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job, In Quarantäne, [1f2a9669a3d7c571cfc7bcf4b44f5fa1],
PUP.Optional.DealPly.A, C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job, In Quarantäne, [e366639c4c2eb0867224238d966d21df],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log, In Quarantäne, [bc8ddc2314662412430e157155ade11f],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll, In Quarantäne, [c188c6392159a88ebc97d5b15ea410f0],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Extension64.dll, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\InstallerHelper.dll, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\unins000.dat, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\unins000.exe, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome.manifest, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\install.rdf, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\main.js, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\main.js.bak, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\main.xul, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\libraries\DataExchangeScript.js, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\resources\localscript.js, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\locale\en-US\overlay.dtd, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\skin\overlay.css, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\defaults\preferences\defaults.js, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\libraries\DataExchangeScript.js, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\resources\localscript.js, In Quarantäne, [81c817e8cfab0234db7ecdb9a35f1ae6],

Physische Sektoren: 0
(No malicious items detected)


(end)

Adwcleaner:

Code:
# AdwCleaner v3.211 - Bericht erstellt am 02/06/2014 um 21:08:45
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Vicky-PC - VICKY
# Gestartet von : C:\Users\Vicky-PC\Downloads\adwcleaner_3.211(1).exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : BackupStack
[#] Dienst Gelöscht : globalUpdatem

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
Ordner Gelöscht : C:\Windows\System32\ljkb
Ordner Gelöscht : C:\Users\Vicky-PC\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Vicky-PC\AppData\Roaming\Activeris
Ordner Gelöscht : C:\Users\Vicky-PC\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Vicky-PC\AppData\Local\Software
Ordner Gelöscht : C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}
Ordner Gelöscht : C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\quick_start@gmail.com
Ordner Gelöscht : C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\faf73efe-d6aa-46eb-8014-e0b47ac07ead@a90d6ab4-be69-4e96-a979-1fd9c1ae6f92.com
Datei Gelöscht : C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Vicky-PC\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Vicky-PC\Desktop\Continue VuuPC Installation.lnk
Datei Gelöscht : C:\Users\Vicky-PC\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\searchplugins\Sweetpacks Search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Datei Gelöscht : C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://istart.webssearches.com/newtab/?type=nt&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "webssearches");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT");
Zeile gelöscht : user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1464d83a79307ad939e084b1430d348a");
Zeile gelöscht : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Updater By Sweetpacks");

-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
Gelöscht [Homepage] : hxxp://istart.webssearches.com/?type=hp&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [10730 octets] - [02/06/2014 21:06:52]
AdwCleaner[S0].txt - [8511 octets] - [02/06/2014 21:08:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8571 octets] ##########

JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Vicky-PC on 02.06.2014 at 21:16:29,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Emptied folder: C:\Users\Vicky-PC\AppData\Roaming\mozilla\firefox\profiles\g4rapp85.default\minidumps [20 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.06.2014 at 21:19:53,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
neues FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Vicky-PC (administrator) on VICKY on 02-06-2014 21:25:46
Running from C:\Users\Vicky-PC\Desktop
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Fuyu LIMITED) C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-03-09] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2032216053-89665452-871656621-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {D1E91F4E-7933-4AB3-9124-EE056726F5BA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {D1E91F4E-7933-4AB3-9124-EE056726F5BA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {D1E91F4E-7933-4AB3-9124-EE056726F5BA} URL =
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireShot - C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-05-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-08]
CHR Extension: (Google Drive) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-08]
CHR Extension: (YouTube) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-08]
CHR Extension: (Google-Suche) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-08]
CHR Extension: (Google Wallet) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-08]
CHR Extension: (Google Mail) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-08]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-11-20] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-03-09] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [573344 2014-05-30] (Fuyu LIMITED)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-03-09] (Broadcom Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-09] (Dritek System Inc.)
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Users\Vicky-PC\Desktop\FRST-OlderVersion
2014-06-02 21:20 - 2014-06-02 21:20 - 00001089 _____ () C:\Users\Vicky-PC\Desktop\JRT1.txt
2014-06-02 21:19 - 2014-06-02 21:19 - 00001089 _____ () C:\Users\Vicky-PC\Desktop\JRT.txt
2014-06-02 21:16 - 2014-06-02 21:16 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 21:15 - 2014-06-02 21:15 - 01016261 _____ (Thisisu) C:\Users\Vicky-PC\Desktop\JRT.exe
2014-06-02 21:13 - 2014-06-02 21:13 - 00008675 _____ () C:\Users\Vicky-PC\Desktop\AdwCleaner[S0].txt
2014-06-02 21:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-02 21:06 - 2014-06-02 21:09 - 00000000 ____D () C:\AdwCleaner
2014-06-02 21:05 - 2014-06-02 21:05 - 01327971 _____ () C:\Users\Vicky-PC\Downloads\adwcleaner_3.211(1).exe
2014-06-02 21:04 - 2014-06-02 21:05 - 01327971 _____ () C:\Users\Vicky-PC\Downloads\adwcleaner_3.211.exe
2014-06-02 21:01 - 2014-06-02 21:01 - 00046990 _____ () C:\Users\Vicky-PC\Desktop\mbam.txt
2014-06-02 20:39 - 2014-06-02 21:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 20:39 - 2014-06-02 20:39 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-02 20:39 - 2014-06-02 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-02 20:39 - 2014-06-02 20:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 20:39 - 2014-06-02 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-02 20:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-02 20:39 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-02 20:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-02 20:35 - 2014-06-02 20:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Vicky-PC\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 13:27 - 2014-06-02 13:28 - 00284784 _____ () C:\Windows\Minidump\060214-37250-01.dmp
2014-06-01 11:56 - 2014-06-01 11:56 - 00022756 _____ () C:\ComboFix.txt
2014-06-01 11:56 - 2014-06-01 11:56 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-01 11:56 - 2014-06-01 11:56 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-01 11:56 - 2014-06-01 11:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-01 11:40 - 2014-06-01 11:56 - 00000000 ____D () C:\Qoobox
2014-06-01 11:40 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-01 11:40 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-01 11:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-01 11:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-01 11:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-01 11:40 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-06-01 11:40 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-01 11:40 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-01 11:40 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-01 11:39 - 2014-06-01 11:53 - 00000000 ____D () C:\Windows\erdnt
2014-06-01 11:37 - 2014-06-01 11:38 - 05203398 ____R (Swearware) C:\Users\Vicky-PC\Desktop\ComboFix.exe
2014-06-01 10:48 - 2014-06-01 10:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Vicky-PC\Desktop\revosetup95.exe
2014-06-01 10:48 - 2014-06-01 10:48 - 00001264 _____ () C:\Users\Vicky-PC\Desktop\Revo Uninstaller.lnk
2014-06-01 10:48 - 2014-06-01 10:48 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-01 09:45 - 2014-06-01 09:45 - 00039415 _____ () C:\Users\Vicky-PC\Desktop\Addition.txt
2014-06-01 09:44 - 2014-06-02 21:25 - 00014985 _____ () C:\Users\Vicky-PC\Desktop\FRST.txt
2014-06-01 09:44 - 2014-06-02 21:25 - 00000000 ____D () C:\FRST
2014-06-01 09:43 - 2014-06-02 21:25 - 02068992 _____ (Farbar) C:\Users\Vicky-PC\Desktop\FRST64.exe
2014-06-01 08:39 - 2014-06-01 08:39 - 00284784 _____ () C:\Windows\Minidump\060114-36250-01.dmp
2014-05-30 16:19 - 2014-05-30 16:20 - 00284784 _____ () C:\Windows\Minidump\053014-41953-01.dmp
2014-05-30 16:14 - 2014-05-31 22:17 - 00000000 ____D () C:\Program Files (x86)\Fre_Ven_s Pro 23
2014-05-30 16:14 - 2014-05-31 08:17 - 00000000 ____D () C:\Program Files (x86)\Media_Play_AIR+
2014-05-30 16:14 - 2014-05-30 16:15 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-30 16:12 - 2014-05-30 16:12 - 00277816 _____ () C:\Users\Vicky-PC\Downloads\jvlsetup(1).exe
2014-05-30 16:11 - 2014-05-30 16:11 - 00277816 _____ () C:\Users\Vicky-PC\Downloads\jvlsetup.exe
2014-05-20 08:19 - 2014-05-20 08:20 - 00284784 _____ () C:\Windows\Minidump\052014-47953-01.dmp
2014-05-20 08:18 - 2014-05-20 08:18 - 00000000 ____D () C:\found.000
2014-05-19 07:16 - 2014-06-02 13:27 - 00000000 ____D () C:\Windows\Minidump
2014-05-19 07:16 - 2014-05-19 07:16 - 00284896 _____ () C:\Windows\Minidump\051914-22015-01.dmp
2014-05-19 07:15 - 2014-06-02 13:27 - 423953727 _____ () C:\Windows\MEMORY.DMP
2014-05-14 05:06 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 05:06 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 05:05 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 05:05 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 05:05 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-14 05:05 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-14 05:05 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 05:05 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 05:05 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 05:05 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 05:05 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-14 05:05 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 05:05 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 05:05 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 05:05 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 05:05 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-14 05:05 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-14 05:05 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-14 05:05 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 05:05 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 05:05 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 05:05 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 05:05 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 05:05 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 05:05 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 05:05 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 05:05 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 05:05 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-14 05:04 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 05:04 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 05:04 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 05:04 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 05:04 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 05:04 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 05:04 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-14 05:04 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-14 05:04 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-14 05:04 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-14 05:04 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-14 05:04 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-14 05:04 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-14 05:04 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-14 05:04 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-14 05:04 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-12 12:59 - 2014-05-12 12:59 - 00000000 ____D () C:\ProgramData\TreeCardGames
2014-05-12 12:58 - 2014-05-12 12:58 - 07103672 _____ (TreeCardGames ) C:\Users\Vicky-PC\Downloads\123freesolitaire-v100-setup.exe
2014-05-12 12:58 - 2014-05-12 12:58 - 00001045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire.lnk
2014-05-12 12:58 - 2014-05-12 12:58 - 00001033 _____ () C:\Users\Public\Desktop\123 Free Solitaire.lnk
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\TreeCardGames
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\Program Files (x86)\123 Free Solitaire
2014-05-09 22:31 - 2014-05-09 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 07:04 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-06 07:04 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 07:04 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 07:04 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 07:04 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

==================== One Month Modified Files and Folders =======

2014-06-02 21:26 - 2014-06-01 09:44 - 00014985 _____ () C:\Users\Vicky-PC\Desktop\FRST.txt
2014-06-02 21:26 - 2013-10-07 12:05 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\Temp
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Users\Vicky-PC\Desktop\FRST-OlderVersion
2014-06-02 21:25 - 2014-06-01 09:44 - 00000000 ____D () C:\FRST
2014-06-02 21:25 - 2014-06-01 09:43 - 02068992 _____ (Farbar) C:\Users\Vicky-PC\Desktop\FRST64.exe
2014-06-02 21:22 - 2013-10-07 12:13 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2032216053-89665452-871656621-1001
2014-06-02 21:20 - 2014-06-02 21:20 - 00001089 _____ () C:\Users\Vicky-PC\Desktop\JRT1.txt
2014-06-02 21:19 - 2014-06-02 21:19 - 00001089 _____ () C:\Users\Vicky-PC\Desktop\JRT.txt
2014-06-02 21:16 - 2014-06-02 21:16 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 21:15 - 2014-06-02 21:15 - 01016261 _____ (Thisisu) C:\Users\Vicky-PC\Desktop\JRT.exe
2014-06-02 21:13 - 2014-06-02 21:13 - 00008675 _____ () C:\Users\Vicky-PC\Desktop\AdwCleaner[S0].txt
2014-06-02 21:12 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\Skype
2014-06-02 21:11 - 2013-10-08 16:36 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 21:11 - 2013-10-07 12:05 - 01277946 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 21:10 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 21:09 - 2014-06-02 21:06 - 00000000 ____D () C:\AdwCleaner
2014-06-02 21:09 - 2012-11-23 07:21 - 00211972 _____ () C:\Windows\PFRO.log
2014-06-02 21:08 - 2013-10-08 16:37 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-02 21:08 - 2013-10-08 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-02 21:08 - 2013-10-07 13:53 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-02 21:08 - 2013-10-07 13:53 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-02 21:08 - 2013-10-07 12:07 - 00001005 _____ () C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-02 21:08 - 2013-10-07 12:07 - 00000000 ___RD () C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-02 21:07 - 2013-10-08 16:36 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 21:05 - 2014-06-02 21:05 - 01327971 _____ () C:\Users\Vicky-PC\Downloads\adwcleaner_3.211(1).exe
2014-06-02 21:05 - 2014-06-02 21:04 - 01327971 _____ () C:\Users\Vicky-PC\Downloads\adwcleaner_3.211.exe
2014-06-02 21:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-02 21:01 - 2014-06-02 21:01 - 00046990 _____ () C:\Users\Vicky-PC\Desktop\mbam.txt
2014-06-02 21:00 - 2014-06-02 20:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 20:56 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-06-02 20:39 - 2014-06-02 20:39 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-02 20:39 - 2014-06-02 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-02 20:39 - 2014-06-02 20:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 20:39 - 2014-06-02 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-02 20:38 - 2014-06-02 20:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Vicky-PC\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 13:32 - 2013-10-07 14:22 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\Adobe
2014-06-02 13:28 - 2014-06-02 13:27 - 00284784 _____ () C:\Windows\Minidump\060214-37250-01.dmp
2014-06-02 13:27 - 2014-05-19 07:16 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 13:27 - 2014-05-19 07:15 - 423953727 _____ () C:\Windows\MEMORY.DMP
2014-06-02 12:52 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-01 11:56 - 2014-06-01 11:56 - 00022756 _____ () C:\ComboFix.txt
2014-06-01 11:56 - 2014-06-01 11:56 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-01 11:56 - 2014-06-01 11:56 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-01 11:56 - 2014-06-01 11:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-01 11:56 - 2014-06-01 11:40 - 00000000 ____D () C:\Qoobox
2014-06-01 11:56 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-06-01 11:53 - 2014-06-01 11:39 - 00000000 ____D () C:\Windows\erdnt
2014-06-01 11:50 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-06-01 11:49 - 2012-07-26 07:26 - 69730304 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-01 11:49 - 2012-07-26 07:26 - 13893632 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-01 11:49 - 2012-07-26 07:26 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-01 11:49 - 2012-07-26 07:26 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-01 11:49 - 2012-07-26 07:26 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-06-01 11:38 - 2014-06-01 11:37 - 05203398 ____R (Swearware) C:\Users\Vicky-PC\Desktop\ComboFix.exe
2014-06-01 10:48 - 2014-06-01 10:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Vicky-PC\Desktop\revosetup95.exe
2014-06-01 10:48 - 2014-06-01 10:48 - 00001264 _____ () C:\Users\Vicky-PC\Desktop\Revo Uninstaller.lnk
2014-06-01 10:48 - 2014-06-01 10:48 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-01 09:45 - 2014-06-01 09:45 - 00039415 _____ () C:\Users\Vicky-PC\Desktop\Addition.txt
2014-06-01 08:39 - 2014-06-01 08:39 - 00284784 _____ () C:\Windows\Minidump\060114-36250-01.dmp
2014-06-01 08:06 - 2013-10-07 13:50 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\clear.fi
2014-05-31 22:17 - 2014-05-30 16:14 - 00000000 ____D () C:\Program Files (x86)\Fre_Ven_s Pro 23
2014-05-31 08:17 - 2014-05-30 16:14 - 00000000 ____D () C:\Program Files (x86)\Media_Play_AIR+
2014-05-30 22:58 - 2013-03-09 16:55 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 22:58 - 2013-03-09 16:55 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 22:58 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 22:50 - 2013-10-07 12:05 - 00000000 ____D () C:\Users\Vicky-PC
2014-05-30 22:50 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-30 19:46 - 2013-12-22 11:24 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\Deployment
2014-05-30 16:20 - 2014-05-30 16:19 - 00284784 _____ () C:\Windows\Minidump\053014-41953-01.dmp
2014-05-30 16:15 - 2014-05-30 16:14 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-30 16:12 - 2014-05-30 16:12 - 00277816 _____ () C:\Users\Vicky-PC\Downloads\jvlsetup(1).exe
2014-05-30 16:11 - 2014-05-30 16:11 - 00277816 _____ () C:\Users\Vicky-PC\Downloads\jvlsetup.exe
2014-05-22 13:50 - 2013-10-07 13:11 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 13:50 - 2013-10-07 13:11 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-20 08:20 - 2014-05-20 08:19 - 00284784 _____ () C:\Windows\Minidump\052014-47953-01.dmp
2014-05-20 08:18 - 2014-05-20 08:18 - 00000000 ____D () C:\found.000
2014-05-19 07:16 - 2014-05-19 07:16 - 00284896 _____ () C:\Windows\Minidump\051914-22015-01.dmp
2014-05-16 11:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-05-16 07:10 - 2013-10-07 12:07 - 00000000 ___RD () C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 07:08 - 2013-12-04 18:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 10:50 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-14 05:53 - 2013-12-22 11:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 05:50 - 2013-10-08 17:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 05:47 - 2013-10-08 17:17 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 05:47 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-14 04:53 - 2013-10-07 14:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 12:59 - 2014-05-12 12:59 - 00000000 ____D () C:\ProgramData\TreeCardGames
2014-05-12 12:58 - 2014-05-12 12:58 - 07103672 _____ (TreeCardGames ) C:\Users\Vicky-PC\Downloads\123freesolitaire-v100-setup.exe
2014-05-12 12:58 - 2014-05-12 12:58 - 00001045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire.lnk
2014-05-12 12:58 - 2014-05-12 12:58 - 00001033 _____ () C:\Users\Public\Desktop\123 Free Solitaire.lnk
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\TreeCardGames
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\Program Files (x86)\123 Free Solitaire
2014-05-12 07:26 - 2014-06-02 20:39 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-02 20:39 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-02 20:39 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 22:31 - 2014-05-09 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 08:02 - 2013-10-08 16:36 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 08:02 - 2013-10-08 16:36 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 07:14 - 2014-05-14 05:04 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:14 - 2014-05-14 05:04 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:48 - 2014-05-14 05:04 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:48 - 2014-05-14 05:04 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 05:37 - 2014-05-14 05:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:26 - 2014-05-14 05:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-04 21:40 - 2013-12-16 16:48 - 00004608 _____ () C:\Users\Vicky-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-04 21:40 - 2013-12-16 16:45 - 00000000 ____D () C:\Users\Vicky-PC\Documents\My Recordings
2014-05-04 20:55 - 2013-12-14 15:31 - 00008355 _____ () C:\Windows\system32\lvcoinst.log

Some content of TEMP:
====================
C:\Users\Vicky-PC\AppData\Local\Temp\avgnt.exe
C:\Users\Vicky-PC\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 05:05] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-30 06:18

==================== End Of Log ============================
--- --- ---

--- --- ---


was muss ich jetzt danach machen?

schrauber 03.06.2014 18:42

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

sarah1 04.06.2014 18:54
hey,

danke für deine Antwort. Habe es durchgeführt.
Was sagen die Logs nun?

eset:
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=fb981608411c5a4cb478c12221c18caf
# engine=18555
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-04 05:39:07
# local_time=2014-06-04 07:39:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 1722753 61409658 0 0
# scanned=245374
# found=57
# cleaned=0
# scan_time=8084
sh=465A61F1CA60AA5CC6B395A524A560FBEFF6F798 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\faf73efe-d6aa-46eb-8014-e0b47ac07ead@a90d6ab4-be69-4e96-a979-1fd9c1ae6f92.com\extensionData\plugins\91.js.vir"
sh=9CA4774891E9538150DBC295BC303D11173CE7FB ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul.vir"
sh=2CB7E54573FCD1C1C703EF751327D6053C3AA0FF ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\SweetNT.crx.vir"
sh=0AB7E14045C76206A8733C6E4D36220A58C85A77 ft=1 fh=9f671b8e7a289dd3 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
sh=14DEA19C346BAA184CD96010C8788D02418D78AB ft=1 fh=2852b0fb4a5772c0 vn="Variante von Win32/Bundled.Toolbar.Ask.E potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe"
sh=408E55A7D2D56C02EF844CA63C1EA8D440D1F8B2 ft=1 fh=cf5f3ba9cab9d1c3 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll"
sh=EC5913DE16698FF281FE1F1108602BD300AFDA91 ft=1 fh=400322602d09beb6 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe"
sh=4E3A9EF57C71B5829AC8CD185CBED27AF6610C13 ft=1 fh=83a0e01ca2b69786 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll"
sh=698FB11D2C5D96C744D8602AD22309F10509063A ft=1 fh=c3312308a781a9fa vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll"
sh=0111559B94F5572B6777EBE3E85CB9F9C94BC85B ft=1 fh=76e883fd9357c7a4 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe"
sh=BB237CE0031AFF6ABD4E3626D7C6AE3D6ABEDB5A ft=1 fh=2522929e49563be6 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll"
sh=9C835C702D070F54C59E36FED31696261FEBFDA3 ft=1 fh=29643e02259e76bc vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll"
sh=B27AA1F8303815E20CE148744957CB3726BCDE96 ft=1 fh=e7bb97c341e31fcc vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe"
sh=6CDE6B1DD298CA47510EB79334AE149F60FEFFCE ft=1 fh=0241d1e8e3e9ed03 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll"
sh=84987AF48F5107F84A12BB7418C0A7A2106906B0 ft=1 fh=6e62188c597b6ea7 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll"
sh=AD5DA3A1CEEE990DE24B77FCCD8D17227517BBAD ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.10.0_AVIRA-V7.msi"
sh=678483A054686E05A67E73A17A1D536693A6B681 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.5.1_AVIRA-V7.msi"
sh=EA524B6840F6A37F360AB18282E5239B1F8B34F2 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.6.0_AVIRA-V7.msi"
sh=0AB7E14045C76206A8733C6E4D36220A58C85A77 ft=1 fh=9f671b8e7a289dd3 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe"
sh=408E55A7D2D56C02EF844CA63C1EA8D440D1F8B2 ft=1 fh=cf5f3ba9cab9d1c3 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll"
sh=EC5913DE16698FF281FE1F1108602BD300AFDA91 ft=1 fh=400322602d09beb6 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe"
sh=4E3A9EF57C71B5829AC8CD185CBED27AF6610C13 ft=1 fh=83a0e01ca2b69786 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll"
sh=698FB11D2C5D96C744D8602AD22309F10509063A ft=1 fh=c3312308a781a9fa vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll"
sh=0111559B94F5572B6777EBE3E85CB9F9C94BC85B ft=1 fh=76e883fd9357c7a4 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe"
sh=BB237CE0031AFF6ABD4E3626D7C6AE3D6ABEDB5A ft=1 fh=2522929e49563be6 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll"
sh=9C835C702D070F54C59E36FED31696261FEBFDA3 ft=1 fh=29643e02259e76bc vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll"
sh=B27AA1F8303815E20CE148744957CB3726BCDE96 ft=1 fh=e7bb97c341e31fcc vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe"
sh=6CDE6B1DD298CA47510EB79334AE149F60FEFFCE ft=1 fh=0241d1e8e3e9ed03 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll"
sh=84987AF48F5107F84A12BB7418C0A7A2106906B0 ft=1 fh=6e62188c597b6ea7 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll"
sh=75A9BFE798ADFBFDFA8E0155A242E69ACD396E53 ft=1 fh=7e8b040c1a60dd55 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\VNT\vntldr.exe"
sh=A6F6779EE5EB8A0BB75844B9B62F38A9DDBD0134 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Fre_Ven_s Pro 23\58028.crx"
sh=DC9FDC201E6D3AC68635E610197861FDDE350021 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Fre_Ven_s Pro 23\58028.xpi"
sh=1E27952EE234F87ACAD5E8FC613061B06F849677 ft=1 fh=b41abc498d03e865 vn="Variante von Win32/Packed.VMDetector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Fre_Ven_s Pro 23\utils.exe"
sh=C9EB2BB8ACC6D42D34D138C771E1CF2A638BEA9E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Media_Play_AIR+\360-58488.crx"
sh=AEF4D1703AEE214AEDDA329DF9973FDCD02577EB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Media_Play_AIR+\58488.crx"
sh=6338C76E49CAFF6BAF17A938291824258B851C29 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Media_Play_AIR+\58488.xpi"
sh=1A46F6F3F215999959A72F328D6632D249E74990 ft=1 fh=73b0f8820462ebcc vn="Variante von Win32/Toolbar.CrossRider.AF evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-bho.dll"
sh=E8651C8E22F0AF9237ABC515992259A85DE5F2B9 ft=1 fh=44d79481f6977f46 vn="Variante von Win64/Toolbar.Crossrider.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-bho64.dll"
sh=EA55D075CD8637D1BA48108A1EAA8B71C386E10F ft=1 fh=40d472002e41e17f vn="Variante von Win32/Packed.VMDetector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Media_Play_AIR+\utils.exe"
sh=3E1726B904874101C93B51C784917F2AEDD3863C ft=1 fh=eb464124995b6664 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Updater By Sweetpacks\ExTEnsion32.dll.vir"
sh=5339ABEE428B92A04DF04A1D1B81896A68CF7CBD ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPly.crx.vir"
sh=B93A611E29C3BD6E13E9F3A2BD98F17EED127102 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPly.xpi.vir"
sh=30D457E18D2B8CAF0B8900A4D64146CB171B57E0 ft=1 fh=c5d4173284eff9c1 vn="Variante von Win32/DealPly.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyIE.dll.vir"
sh=2D6B1EC0EFA47C992C32AD9CECFB0EC4543ACA0A ft=1 fh=7076499debea4e9c vn="Variante von Win32/DealPly.F evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdateVer.exe.vir"
sh=44541BD12D0C1454310BABB38EF65579544BB7CB ft=1 fh=8d6b21df337ddf5c vn="Variante von Win32/SweetIM.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vicky-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OADK5OJU\bundlesweetimsetup[1].exe"
sh=03CA6F37C46F2BF0CDFABF222E4FA5B546F8373A ft=1 fh=0c867f661ae3d518 vn="Win32/VOPackage.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vicky-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OADK5OJU\dl[1].htm"
sh=F26008B69C43875FC2944276856873A9627023C8 ft=1 fh=d1852b0413ac5164 vn="Win32/InstallCore.OY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vicky-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OADK5OJU\Setup[1].exe"
sh=04100985E324FC779170BC5F82B6E47F7F3F6A3C ft=1 fh=cc6c97439e132eed vn="Variante von Win32/VOPackage.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vicky-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WOZGK53I\dl[1].htm"
sh=D1DA333F523D3B473B763CC0E65696679E0F6A98 ft=1 fh=a015a9ad103af1b1 vn="Win32/InstallCore.OH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vicky-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WOZGK53I\Setup[1].exe"
sh=21A31B33D8992DAA7122FB96DFB28C2F06EEAA48 ft=1 fh=95aa92222d5172d3 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vicky-PC\Downloads\jvlsetup(1).exe"
sh=155F0448304314DCE425FD551717526F1A848E09 ft=1 fh=c53591e82d5172d3 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Vicky-PC\Downloads\jvlsetup.exe"
sh=ADDD29FE3B633B332FEA05B91F72D129DBF39832 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z"
sh=567F7670AC05037B3D666088C2B25036098F2AA7 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z"
sh=5A66C171963EC6CD5840A912571F2E0FEB40D43E ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z"
sh=ADDD29FE3B633B332FEA05B91F72D129DBF39832 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z"
sh=567F7670AC05037B3D666088C2B25036098F2AA7 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z"
sh=5A66C171963EC6CD5840A912571F2E0FEB40D43E ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z"
SecurityCheck:

Code:
Results of screen317's Security Check version 0.99.83 
  x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player        11.8.800.168 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (29.0.1)
 Google Chrome 34.0.1847.137 
 Google Chrome 35.0.1916.114 
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Windows Defender MsMpEng.exe 
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
neu FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Vicky-PC (administrator) on VICKY on 04-06-2014 19:49:22
Running from C:\Users\Vicky-PC\Desktop
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Fuyu LIMITED) C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-03-09] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2032216053-89665452-871656621-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {D1E91F4E-7933-4AB3-9124-EE056726F5BA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {D1E91F4E-7933-4AB3-9124-EE056726F5BA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {D1E91F4E-7933-4AB3-9124-EE056726F5BA} URL =
SearchScopes: HKCU - {D1E91F4E-7933-4AB3-9124-EE056726F5BA} URL =
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\staged [2014-06-04]
FF Extension: FireShot - C:\Users\Vicky-PC\AppData\Roaming\Mozilla\Firefox\Profiles\g4rapp85.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-05-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1401459184&from=tugs&uid=TOSHIBAXMQ01ABF050_Y2JSC2VBTXXY2JSC2VBT&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-08]
CHR Extension: (Google Drive) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-08]
CHR Extension: (YouTube) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-08]
CHR Extension: (Google-Suche) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-08]
CHR Extension: (Google Wallet) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-08]
CHR Extension: (Google Mail) - C:\Users\Vicky-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-08]

==================== Services (Whitelisted) =================

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
R3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-11-20] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-03-09] (Dritek System INC.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [573344 2014-05-30] (Fuyu LIMITED)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-03-09] (Broadcom Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-09] (Dritek System Inc.)
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]
R4 avkmgr; \SystemRoot\system32\DRIVERS\avkmgr.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 19:49 - 2014-06-04 19:49 - 00000959 _____ () C:\Users\Vicky-PC\Desktop\security check checkup.txt
2014-06-04 19:47 - 2014-06-04 19:47 - 00854367 _____ () C:\Users\Vicky-PC\Desktop\SecurityCheck.exe
2014-06-04 19:46 - 2014-06-04 19:46 - 00014607 _____ () C:\Users\Vicky-PC\Desktop\eset.log
2014-06-04 17:26 - 2014-01-19 09:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-06-04 17:21 - 2014-06-04 17:21 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-06-04 17:16 - 2014-06-04 17:16 - 02347384 _____ (ESET) C:\Users\Vicky-PC\Desktop\esetsmartinstaller_deu.exe
2014-06-04 17:16 - 2014-06-04 17:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Users\Vicky-PC\Desktop\FRST-OlderVersion
2014-06-02 21:20 - 2014-06-02 21:20 - 00001089 _____ () C:\Users\Vicky-PC\Desktop\JRT1.txt
2014-06-02 21:19 - 2014-06-02 21:19 - 00001089 _____ () C:\Users\Vicky-PC\Desktop\JRT.txt
2014-06-02 21:16 - 2014-06-02 21:16 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 21:15 - 2014-06-02 21:15 - 01016261 _____ (Thisisu) C:\Users\Vicky-PC\Desktop\JRT.exe
2014-06-02 21:13 - 2014-06-02 21:13 - 00008675 _____ () C:\Users\Vicky-PC\Desktop\AdwCleaner[S0].txt
2014-06-02 21:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-02 21:06 - 2014-06-02 21:09 - 00000000 ____D () C:\AdwCleaner
2014-06-02 21:05 - 2014-06-02 21:05 - 01327971 _____ () C:\Users\Vicky-PC\Downloads\adwcleaner_3.211(1).exe
2014-06-02 21:04 - 2014-06-02 21:05 - 01327971 _____ () C:\Users\Vicky-PC\Downloads\adwcleaner_3.211.exe
2014-06-02 21:01 - 2014-06-02 21:01 - 00046990 _____ () C:\Users\Vicky-PC\Desktop\mbam.txt
2014-06-02 20:39 - 2014-06-02 21:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 20:39 - 2014-06-02 20:39 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-02 20:39 - 2014-06-02 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-02 20:39 - 2014-06-02 20:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 20:39 - 2014-06-02 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-02 20:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-02 20:39 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-02 20:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-02 20:35 - 2014-06-02 20:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Vicky-PC\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 13:27 - 2014-06-02 13:28 - 00284784 _____ () C:\Windows\Minidump\060214-37250-01.dmp
2014-06-01 11:56 - 2014-06-01 11:56 - 00022756 _____ () C:\ComboFix.txt
2014-06-01 11:56 - 2014-06-01 11:56 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-01 11:56 - 2014-06-01 11:56 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-01 11:56 - 2014-06-01 11:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-01 11:40 - 2014-06-01 11:56 - 00000000 ____D () C:\Qoobox
2014-06-01 11:40 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-01 11:40 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-01 11:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-01 11:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-01 11:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-01 11:40 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-06-01 11:40 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-01 11:40 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-01 11:40 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-01 11:39 - 2014-06-01 11:53 - 00000000 ____D () C:\Windows\erdnt
2014-06-01 11:37 - 2014-06-01 11:38 - 05203398 ____R (Swearware) C:\Users\Vicky-PC\Desktop\ComboFix.exe
2014-06-01 10:48 - 2014-06-01 10:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Vicky-PC\Desktop\revosetup95.exe
2014-06-01 10:48 - 2014-06-01 10:48 - 00001264 _____ () C:\Users\Vicky-PC\Desktop\Revo Uninstaller.lnk
2014-06-01 10:48 - 2014-06-01 10:48 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-01 09:45 - 2014-06-01 09:45 - 00039415 _____ () C:\Users\Vicky-PC\Desktop\Addition.txt
2014-06-01 09:44 - 2014-06-04 19:49 - 00014314 _____ () C:\Users\Vicky-PC\Desktop\FRST.txt
2014-06-01 09:44 - 2014-06-04 19:49 - 00000000 ____D () C:\FRST
2014-06-01 09:43 - 2014-06-02 21:25 - 02068992 _____ (Farbar) C:\Users\Vicky-PC\Desktop\FRST64.exe
2014-06-01 08:39 - 2014-06-01 08:39 - 00284784 _____ () C:\Windows\Minidump\060114-36250-01.dmp
2014-05-30 16:19 - 2014-05-30 16:20 - 00284784 _____ () C:\Windows\Minidump\053014-41953-01.dmp
2014-05-30 16:14 - 2014-05-31 22:17 - 00000000 ____D () C:\Program Files (x86)\Fre_Ven_s Pro 23
2014-05-30 16:14 - 2014-05-31 08:17 - 00000000 ____D () C:\Program Files (x86)\Media_Play_AIR+
2014-05-30 16:14 - 2014-05-30 16:15 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-30 16:12 - 2014-05-30 16:12 - 00277816 _____ () C:\Users\Vicky-PC\Downloads\jvlsetup(1).exe
2014-05-30 16:11 - 2014-05-30 16:11 - 00277816 _____ () C:\Users\Vicky-PC\Downloads\jvlsetup.exe
2014-05-20 08:19 - 2014-05-20 08:20 - 00284784 _____ () C:\Windows\Minidump\052014-47953-01.dmp
2014-05-20 08:18 - 2014-05-20 08:18 - 00000000 ____D () C:\found.000
2014-05-19 07:16 - 2014-06-02 13:27 - 00000000 ____D () C:\Windows\Minidump
2014-05-19 07:16 - 2014-05-19 07:16 - 00284896 _____ () C:\Windows\Minidump\051914-22015-01.dmp
2014-05-19 07:15 - 2014-06-02 13:27 - 423953727 _____ () C:\Windows\MEMORY.DMP
2014-05-14 05:06 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 05:06 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 05:05 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 05:05 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 05:05 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-14 05:05 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-14 05:05 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 05:05 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 05:05 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 05:05 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 05:05 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-14 05:05 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 05:05 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 05:05 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 05:05 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 05:05 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 05:05 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-14 05:05 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-14 05:05 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-14 05:05 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 05:05 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 05:05 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 05:05 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 05:05 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 05:05 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 05:05 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 05:05 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 05:05 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 05:05 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 05:05 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-14 05:04 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 05:04 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 05:04 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 05:04 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 05:04 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 05:04 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 05:04 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-14 05:04 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-14 05:04 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-14 05:04 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-14 05:04 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-14 05:04 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-14 05:04 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-14 05:04 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-14 05:04 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-14 05:04 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-12 12:59 - 2014-05-12 12:59 - 00000000 ____D () C:\ProgramData\TreeCardGames
2014-05-12 12:58 - 2014-05-12 12:58 - 07103672 _____ (TreeCardGames ) C:\Users\Vicky-PC\Downloads\123freesolitaire-v100-setup.exe
2014-05-12 12:58 - 2014-05-12 12:58 - 00001045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire.lnk
2014-05-12 12:58 - 2014-05-12 12:58 - 00001033 _____ () C:\Users\Public\Desktop\123 Free Solitaire.lnk
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\TreeCardGames
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\Program Files (x86)\123 Free Solitaire
2014-05-09 22:31 - 2014-05-09 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 07:04 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-06 07:04 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 07:04 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 07:04 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 07:04 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

==================== One Month Modified Files and Folders =======

2014-06-04 19:49 - 2014-06-04 19:49 - 00000959 _____ () C:\Users\Vicky-PC\Desktop\security check checkup.txt
2014-06-04 19:49 - 2014-06-01 09:44 - 00014314 _____ () C:\Users\Vicky-PC\Desktop\FRST.txt
2014-06-04 19:49 - 2014-06-01 09:44 - 00000000 ____D () C:\FRST
2014-06-04 19:49 - 2013-10-07 12:05 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\Temp
2014-06-04 19:48 - 2013-10-07 12:13 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2032216053-89665452-871656621-1001
2014-06-04 19:47 - 2014-06-04 19:47 - 00854367 _____ () C:\Users\Vicky-PC\Desktop\SecurityCheck.exe
2014-06-04 19:46 - 2014-06-04 19:46 - 00014607 _____ () C:\Users\Vicky-PC\Desktop\eset.log
2014-06-04 19:07 - 2013-10-08 16:36 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-04 17:37 - 2013-10-07 12:05 - 01402134 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 17:26 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-06-04 17:21 - 2014-06-04 17:21 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-06-04 17:16 - 2014-06-04 17:16 - 02347384 _____ (ESET) C:\Users\Vicky-PC\Desktop\esetsmartinstaller_deu.exe
2014-06-04 17:16 - 2014-06-04 17:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-04 17:12 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\Skype
2014-06-04 08:07 - 2013-10-08 16:36 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 21:21 - 2013-03-09 08:41 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-03 07:37 - 2013-10-07 14:22 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\Adobe
2014-06-02 21:25 - 2014-06-02 21:25 - 00000000 ____D () C:\Users\Vicky-PC\Desktop\FRST-OlderVersion
2014-06-02 21:25 - 2014-06-01 09:43 - 02068992 _____ (Farbar) C:\Users\Vicky-PC\Desktop\FRST64.exe
2014-06-02 21:20 - 2014-06-02 21:20 - 00001089 _____ () C:\Users\Vicky-PC\Desktop\JRT1.txt
2014-06-02 21:19 - 2014-06-02 21:19 - 00001089 _____ () C:\Users\Vicky-PC\Desktop\JRT.txt
2014-06-02 21:16 - 2014-06-02 21:16 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 21:15 - 2014-06-02 21:15 - 01016261 _____ (Thisisu) C:\Users\Vicky-PC\Desktop\JRT.exe
2014-06-02 21:13 - 2014-06-02 21:13 - 00008675 _____ () C:\Users\Vicky-PC\Desktop\AdwCleaner[S0].txt
2014-06-02 21:10 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 21:09 - 2014-06-02 21:06 - 00000000 ____D () C:\AdwCleaner
2014-06-02 21:09 - 2012-11-23 07:21 - 00211972 _____ () C:\Windows\PFRO.log
2014-06-02 21:08 - 2013-10-08 16:37 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-02 21:08 - 2013-10-08 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-02 21:08 - 2013-10-07 13:53 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-02 21:08 - 2013-10-07 13:53 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-02 21:08 - 2013-10-07 12:07 - 00001005 _____ () C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-02 21:08 - 2013-10-07 12:07 - 00000000 ___RD () C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-02 21:05 - 2014-06-02 21:05 - 01327971 _____ () C:\Users\Vicky-PC\Downloads\adwcleaner_3.211(1).exe
2014-06-02 21:05 - 2014-06-02 21:04 - 01327971 _____ () C:\Users\Vicky-PC\Downloads\adwcleaner_3.211.exe
2014-06-02 21:01 - 2014-06-02 21:01 - 00046990 _____ () C:\Users\Vicky-PC\Desktop\mbam.txt
2014-06-02 21:00 - 2014-06-02 20:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 20:56 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-06-02 20:39 - 2014-06-02 20:39 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-02 20:39 - 2014-06-02 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-02 20:39 - 2014-06-02 20:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 20:39 - 2014-06-02 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-02 20:38 - 2014-06-02 20:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Vicky-PC\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 13:28 - 2014-06-02 13:27 - 00284784 _____ () C:\Windows\Minidump\060214-37250-01.dmp
2014-06-02 13:27 - 2014-05-19 07:16 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 13:27 - 2014-05-19 07:15 - 423953727 _____ () C:\Windows\MEMORY.DMP
2014-06-02 12:52 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-01 11:56 - 2014-06-01 11:56 - 00022756 _____ () C:\ComboFix.txt
2014-06-01 11:56 - 2014-06-01 11:56 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-01 11:56 - 2014-06-01 11:56 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-01 11:56 - 2014-06-01 11:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-01 11:56 - 2014-06-01 11:40 - 00000000 ____D () C:\Qoobox
2014-06-01 11:56 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-06-01 11:53 - 2014-06-01 11:39 - 00000000 ____D () C:\Windows\erdnt
2014-06-01 11:50 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-06-01 11:49 - 2012-07-26 07:26 - 69730304 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-01 11:49 - 2012-07-26 07:26 - 13893632 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-01 11:49 - 2012-07-26 07:26 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-01 11:49 - 2012-07-26 07:26 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-01 11:49 - 2012-07-26 07:26 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-06-01 11:38 - 2014-06-01 11:37 - 05203398 ____R (Swearware) C:\Users\Vicky-PC\Desktop\ComboFix.exe
2014-06-01 10:48 - 2014-06-01 10:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Vicky-PC\Desktop\revosetup95.exe
2014-06-01 10:48 - 2014-06-01 10:48 - 00001264 _____ () C:\Users\Vicky-PC\Desktop\Revo Uninstaller.lnk
2014-06-01 10:48 - 2014-06-01 10:48 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-01 09:45 - 2014-06-01 09:45 - 00039415 _____ () C:\Users\Vicky-PC\Desktop\Addition.txt
2014-06-01 08:39 - 2014-06-01 08:39 - 00284784 _____ () C:\Windows\Minidump\060114-36250-01.dmp
2014-06-01 08:06 - 2013-10-07 13:50 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\clear.fi
2014-05-31 22:17 - 2014-05-30 16:14 - 00000000 ____D () C:\Program Files (x86)\Fre_Ven_s Pro 23
2014-05-31 08:17 - 2014-05-30 16:14 - 00000000 ____D () C:\Program Files (x86)\Media_Play_AIR+
2014-05-30 22:58 - 2013-03-09 16:55 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 22:58 - 2013-03-09 16:55 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 22:58 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 22:50 - 2013-10-07 12:05 - 00000000 ____D () C:\Users\Vicky-PC
2014-05-30 22:50 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-30 19:46 - 2013-12-22 11:24 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Local\Deployment
2014-05-30 16:20 - 2014-05-30 16:19 - 00284784 _____ () C:\Windows\Minidump\053014-41953-01.dmp
2014-05-30 16:15 - 2014-05-30 16:14 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-05-30 16:12 - 2014-05-30 16:12 - 00277816 _____ () C:\Users\Vicky-PC\Downloads\jvlsetup(1).exe
2014-05-30 16:11 - 2014-05-30 16:11 - 00277816 _____ () C:\Users\Vicky-PC\Downloads\jvlsetup.exe
2014-05-20 08:20 - 2014-05-20 08:19 - 00284784 _____ () C:\Windows\Minidump\052014-47953-01.dmp
2014-05-20 08:18 - 2014-05-20 08:18 - 00000000 ____D () C:\found.000
2014-05-19 07:16 - 2014-05-19 07:16 - 00284896 _____ () C:\Windows\Minidump\051914-22015-01.dmp
2014-05-16 11:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-05-16 07:10 - 2013-10-07 12:07 - 00000000 ___RD () C:\Users\Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 07:08 - 2013-12-04 18:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 21:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 10:50 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-14 05:53 - 2013-12-22 11:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 05:50 - 2013-10-08 17:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 05:47 - 2013-10-08 17:17 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 04:53 - 2013-10-07 14:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 12:59 - 2014-05-12 12:59 - 00000000 ____D () C:\ProgramData\TreeCardGames
2014-05-12 12:58 - 2014-05-12 12:58 - 07103672 _____ (TreeCardGames ) C:\Users\Vicky-PC\Downloads\123freesolitaire-v100-setup.exe
2014-05-12 12:58 - 2014-05-12 12:58 - 00001045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire.lnk
2014-05-12 12:58 - 2014-05-12 12:58 - 00001033 _____ () C:\Users\Public\Desktop\123 Free Solitaire.lnk
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\Users\Vicky-PC\AppData\Roaming\TreeCardGames
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire
2014-05-12 12:58 - 2014-05-12 12:58 - 00000000 ____D () C:\Program Files (x86)\123 Free Solitaire
2014-05-12 07:26 - 2014-06-02 20:39 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-02 20:39 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-02 20:39 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 22:31 - 2014-05-09 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-07 08:02 - 2013-10-08 16:36 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 08:02 - 2013-10-08 16:36 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 07:14 - 2014-05-14 05:04 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:14 - 2014-05-14 05:04 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:48 - 2014-05-14 05:04 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:48 - 2014-05-14 05:04 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 05:37 - 2014-05-14 05:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:26 - 2014-05-14 05:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Some content of TEMP:
====================
C:\Users\Vicky-PC\AppData\Local\Temp\avgnt.exe
C:\Users\Vicky-PC\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 05:05] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-30 06:18

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 05.06.2014 17:59
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Flash Player updaten.


Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.




Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

sarah1 07.06.2014 22:05
Hi,

danke für die Hilfe, es scheint so, dass der PC wieder gut läuft. Habe alles nach Anleitung gemacht. Hier noch Fixlog:

Code:
# DelFix v10.7 - Datei am 06/06/2014 um 21:32:25 erstellt
# Aktualisiert am 27/04/2014 von Xplode
# Benutzer : Vicky-PC - VICKY
# Betriebssystem : Windows 8  (64 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\Users\Vicky-PC\Desktop\FRST-OlderVersion
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Users\Vicky-PC\Desktop\Addition.txt
Gelöscht : C:\Users\Vicky-PC\Desktop\AdwCleaner[S0].txt
Gelöscht : C:\Users\Vicky-PC\Desktop\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\Vicky-PC\Desktop\Fixlog.txt
Gelöscht : C:\Users\Vicky-PC\Desktop\FRST.txt
Gelöscht : C:\Users\Vicky-PC\Desktop\FRST64.exe
Gelöscht : C:\Users\Vicky-PC\Desktop\FRSTneu.txt
Gelöscht : C:\Users\Vicky-PC\Desktop\JRT.exe
Gelöscht : C:\Users\Vicky-PC\Desktop\JRT.txt
Gelöscht : C:\Users\Vicky-PC\Desktop\JRT1.txt
Gelöscht : C:\Users\Vicky-PC\Desktop\logvi.txt
Gelöscht : C:\Users\Vicky-PC\Desktop\SecurityCheck.exe
Gelöscht : C:\Users\Vicky-PC\Desktop\TFC.exe
Gelöscht : C:\Users\Vicky-PC\Downloads\adwcleaner_3.211(1).exe
Gelöscht : C:\Users\Vicky-PC\Downloads\adwcleaner_3.211.exe
Gelöscht : HKLM\SOFTWARE\OldTimer Tools
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #37 [ComboFix created restore point | 06/06/2014 19:30:15]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########
Danke für die Hilfe :) !!! für jetzt scheint es keine Probleme zu geben.

schrauber 08.06.2014 09:59
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:47 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131