Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win 8.1 - einzelne Wörter im Mozilla Firefox blau unterstrichen; Pop-ups (https://www.trojaner-board.de/163406-win-8-1-einzelne-woerter-mozilla-firefox-blau-unterstrichen-pop-ups.html)

AuGuRi 31.01.2015 13:54
Win 8.1 - einzelne Wörter im Mozilla Firefox blau unterstrichen; Pop-ups
 
Hallo liebe Trojaner-Board-Community,

ich habe ein Problem mit einzelnen Wörter die blau unterstrichen sind und auf Junkware hinweisen. Leider konnte sowohl mein Malewarebytes noch der CC-Cleaner Abhilfe schaffen :wtf: Ich habe ein Windows 8.1 PC und nütze ausschließlich Mozilla Firefox.

Wenn ich das alles richtig gelesen habe, liegt das Problem an einer Dateo/Programm names "ZombieInvasion". Leider find dich die in der Systemsteuerung auch nicht zum deinstallieren.

Brauche dringend eure Hilfe

Danke schonmal
AuGuRi

Hier mein letzetr Scan von Malewarebytes:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 31.01.2015
Suchlauf-Zeit: 10:13:56
Logdatei:
Administrator: Nein

Version: 2.00.4.1028
Malware Datenbank: v2015.01.31.02
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Hello

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 296468
Verstrichene Zeit: 13 Min, 28 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.ZombieInvasion.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\iMmvfemy, Löschen bei Neustart, [d41aa657ea9fb284a25c4881e819fd03],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, Löschen bei Neustart, [1ed0ab52cbbe3ff72b71495a0003ec14],

Registrierungswerte: 1
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_de_461, Löschen bei Neustart, [44aa6c91b5d4d3632492a5f40bf88878],

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 1
PUP.Optional.ZombieInvasion.A, C:\Users\Hello\AppData\Local\ZombieInvasion, In Quarantäne, [8d61a4592465d363f39a096127dc9e62],

Dateien: 5
PUP.Optional.ZombieInvasion.A, C:\ProgramData\vcqLGHAR\iMmvfemy.exe, Löschen bei Neustart, [d41aa657ea9fb284a25c4881e819fd03],
PUP.Optional.ZombieInvasion.A, C:\ProgramData\vcqLGHAR\dat\fONbCkPgCnI.exe, Löschen bei Neustart, [d717d429f3968da9609e78519170c63a],
PUP.Optional.ZombieInvasion.A, C:\ProgramData\vcqLGHAR\dat\VNViijCMNiN.exe, Löschen bei Neustart, [2ac4ac51d6b33ef8a9559e2bad5412ee],
PUP.Optional.Amonetize, C:\Users\Hello\Downloads\DivX.Web.Player.Installer__8420_i1456959972_il2062129.exe, In Quarantäne, [1bd348b5a0e9f145c00d997a5ca626da],
PUP.Optional.ZombieInvasion.A, C:\Users\Hello\AppData\Local\ZombieInvasion\data2.dat, In Quarantäne, [8d61a4592465d363f39a096127dc9e62],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

schrauber 31.01.2015 14:10
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


AuGuRi 31.01.2015 15:36
Danke, für die schnelle Antwort. Hier die gewünschten Dateien

FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015
Ran by Hello (ATTENTION: The logged in user is not administrator) on AUGURI on 31-01-2015 15:30:10
Running from C:\Users\Hello\Downloads
Loaded Profiles: Alina & Hello (Available profiles: Alina & Hello & Für Jeden)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Dropbox, Inc.) C:\Users\Hello\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [mbot_de_461] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\...\Run: [BitTorrent] => "C:\Users\Alina\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Hello\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50802;https=127.0.0.1:50802
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2372495719-1458228271-1439821906-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2372495719-1458228271-1439821906-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
URLSearchHook: [S-1-5-21-2372495719-1458228271-1439821906-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2372495719-1458228271-1439821906-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2372495719-1458228271-1439821906-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2372495719-1458228271-1439821906-1004 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2372495719-1458228271-1439821906-1004 -> {CDA90972-55EB-479B-94CA-5E229E5EFBAF} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE1140D20140909&p={SearchTerms}
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Hello\AppData\Roaming\Mozilla\Firefox\Profiles\h1gcaaa6.default
FF SearchEngineOrder.1: Sichere Suche
FF Homepage: google.de
FF Keyword.URL: https://de.search.yahoo.com/search?fr=mcafee&type=B111DE1140D20140909&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: YouTube Unblocker - C:\Users\Hello\AppData\Roaming\Mozilla\Firefox\Profiles\h1gcaaa6.default\Extensions\youtubeunblocker@unblocker.yt [2014-12-15]
FF Extension: WOT - C:\Users\Hello\AppData\Roaming\Mozilla\Firefox\Profiles\h1gcaaa6.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-09]
FF Extension: PlugIn-Checker - C:\Users\Hello\AppData\Roaming\Mozilla\Firefox\Profiles\h1gcaaa6.default\Extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack.xpi [2014-12-24]
FF Extension: Mein Grundeinkommen - CrowdBar - C:\Users\Hello\AppData\Roaming\Mozilla\Firefox\Profiles\h1gcaaa6.default\Extensions\jid1-XGbYhwCViPEOUQ@jetpack.xpi [2014-09-09]
FF Extension: {557e96f1-5803-41e9-80c4-d58f1505e906} - C:\Users\Hello\AppData\Roaming\Mozilla\Firefox\Profiles\h1gcaaa6.default\Extensions\{557e96f1-5803-41e9-80c4-d58f1505e906}.xpi [2014-12-15]
FF Extension: NoScript - C:\Users\Hello\AppData\Roaming\Mozilla\Firefox\Profiles\h1gcaaa6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-27]
FF Extension: HTMLHelperFree - C:\Users\Hello\AppData\Roaming\Mozilla\Firefox\Profiles\h1gcaaa6.default\Extensions\{b31dede0-724c-4f73-ae6f-9e4f5e466a71}.xpi [2014-12-25]
FF Extension: Adblock Plus - C:\Users\Hello\AppData\Roaming\Mozilla\Firefox\Profiles\h1gcaaa6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-09]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-09-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
R2 iMmvfemy; C:\ProgramData\vcqLGHAR\iMmvfemy.exe [2734384 2015-01-25] (Time Lapse Solutions)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-18] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                          )
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 15:30 - 2015-01-31 15:30 - 00015568 _____ () C:\Users\Hello\Downloads\FRST.txt
2015-01-31 15:30 - 2015-01-31 15:30 - 00000000 ____D () C:\FRST
2015-01-31 15:29 - 2015-01-31 15:29 - 02130944 _____ (Farbar) C:\Users\Hello\Downloads\FRST64.exe
2015-01-31 13:31 - 2015-01-31 13:31 - 00055808 ___SH () C:\Users\Hello\Desktop\Thumbs.db
2015-01-31 10:30 - 2015-01-31 15:30 - 00000000 ____D () C:\Users\Hello\AppData\Local\ZombieInvasion
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-27 09:36 - 2015-01-27 09:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 18:58 - 2015-01-25 19:02 - 00000000 ____D () C:\AdwCleaner
2015-01-25 18:58 - 2015-01-25 18:58 - 02194432 _____ () C:\Users\Hello\Downloads\AdwCleaner_4.109.exe
2015-01-25 18:48 - 2015-01-25 18:48 - 00004048 _____ () C:\Users\Alina\Desktop\JRT.txt
2015-01-25 18:43 - 2015-01-25 18:43 - 01707939 _____ (Thisisu) C:\Users\Hello\Downloads\JRT.exe
2015-01-25 18:38 - 2015-01-25 18:40 - 00000000 ____D () C:\ProgramData\vcqLGHAR
2015-01-25 18:28 - 2015-01-25 18:28 - 00000000 ____D () C:\ProgramData\DivX
2015-01-25 18:25 - 2015-01-25 18:25 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\Booster-Web
2015-01-25 11:23 - 2015-01-25 11:23 - 04070576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 09:11 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 09:11 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 09:11 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-14 09:11 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-14 09:11 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-14 09:11 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-14 09:11 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 09:11 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-14 09:11 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-14 09:11 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-14 09:11 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-14 09:11 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-14 09:11 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-14 09:11 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-14 09:11 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-14 09:11 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-14 09:11 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-14 09:11 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-14 09:11 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-14 09:11 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-14 09:11 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-05 10:59 - 2015-01-31 10:29 - 00000000 ___RD () C:\Users\Hello\Dropbox
2015-01-05 10:59 - 2015-01-05 10:59 - 00001177 _____ () C:\Users\Hello\Desktop\Dropbox.lnk
2015-01-05 10:58 - 2015-01-05 10:58 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-05 10:58 - 2015-01-05 10:58 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\Dropbox
2015-01-05 10:56 - 2015-01-31 10:29 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Dropbox
2015-01-05 10:55 - 2015-01-05 10:56 - 00324112 _____ (Dropbox, Inc.) C:\Users\Hello\Downloads\DropboxInstaller.exe
2015-01-04 14:06 - 2015-01-04 14:06 - 00068608 ___SH () C:\Users\Hello\Thumbs.db
2015-01-03 13:32 - 2015-01-03 13:32 - 05006832 _____ (Adobe Systems Inc.) C:\Users\Hello\Downloads\Shockwave_Installer_Slim.exe
2015-01-03 13:32 - 2015-01-03 13:32 - 00000000 ____D () C:\windows\SysWOW64\Adobe
2015-01-03 13:27 - 2015-01-31 15:23 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-03 13:20 - 2015-01-26 11:22 - 00000000 ____D () C:\Program Files\Java
2015-01-03 13:20 - 2015-01-26 11:21 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-01-03 13:19 - 2015-01-03 13:19 - 92658088 _____ (Oracle Corporation) C:\Users\Hello\Downloads\jre-8u25-windows-x64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 15:24 - 2014-09-09 13:26 - 01064786 _____ () C:\windows\WindowsUpdate.log
2015-01-31 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-01-31 13:48 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\Hello\Documents\Citavi 4
2015-01-31 10:28 - 2014-10-09 18:52 - 00002965 _____ () C:\windows\setupact.log
2015-01-31 10:28 - 2014-09-23 17:33 - 00000214 _____ () C:\windows\Tasks\AutoKMS.job
2015-01-31 10:28 - 2014-09-23 06:59 - 00001700 _____ () C:\windows\Tasks\XTIHHBZN.job
2015-01-31 10:28 - 2014-09-23 06:59 - 00001352 _____ () C:\windows\Tasks\QJCMSC.job
2015-01-31 10:28 - 2014-09-09 13:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-31 10:28 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-30 13:07 - 2014-09-28 09:32 - 00000000 ____D () C:\Users\Hello\Desktop\UNI
2015-01-29 10:44 - 2014-09-09 14:53 - 00000000 ____D () C:\Users\Hello\Documents\Arbeitsvorlagen
2015-01-28 18:44 - 2014-10-01 17:47 - 00261632 ___SH () C:\Users\Hello\Downloads\Thumbs.db
2015-01-28 18:32 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-01-28 11:51 - 2014-11-17 09:51 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Skype
2015-01-26 11:23 - 2014-10-03 20:40 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 11:22 - 2014-10-03 20:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 11:21 - 2014-10-03 20:40 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 09:51 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-01-25 19:03 - 2014-09-23 19:01 - 00016062 _____ () C:\windows\PFRO.log
2015-01-25 19:02 - 2014-09-09 14:05 - 00000000 ____D () C:\Users\Alina\Desktop\Programme
2015-01-25 18:30 - 2014-09-09 13:46 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-25 18:30 - 2014-05-06 16:01 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-01-25 17:59 - 2014-09-09 17:07 - 00000000 ____D () C:\Users\Hello
2015-01-24 21:20 - 2014-09-09 20:25 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-09-09 20:25 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 18:19 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\Hello\Documents\Bewerbungen
2015-01-14 09:57 - 2014-09-09 20:05 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 09:50 - 2014-04-29 10:41 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-04 10:57 - 2014-09-28 16:59 - 00000000 ____D () C:\Users\Hello\Desktop\Linienbuch
2015-01-03 13:20 - 2014-10-03 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== Files in the root of some directories =======

2014-04-30 19:44 - 2014-04-30 19:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Hello\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfd3qt0.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---


und die Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-01-2015
Ran by Hello at 2015-01-31 15:32:15
Running from C:\Users\Hello\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4430.0 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.4430.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2230.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2230.0 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2527 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2372495719-1458228271-1439821906-1004\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Snap.Do (HKLM-x32\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\windows\Tasks\AutoKMS.job => ?
Task: C:\windows\Tasks\QJCMSC.job => ?
Task: C:\windows\Tasks\XTIHHBZN.job => ?

==================== Loaded Modules (whitelisted) =============

2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Hello\Letzte Version.docx:com.dropbox.attributes
AlternateDataStreams: C:\Users\Hello\Desktop\me.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Hello\Desktop\me.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2372495719-1458228271-1439821906-1004\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"

========================= Accounts: ==========================

Administrator (S-1-5-21-2372495719-1458228271-1439821906-500 - Administrator - Disabled)
Alina (S-1-5-21-2372495719-1458228271-1439821906-1001 - Administrator - Enabled) => C:\Users\Alina
Für Jeden (S-1-5-21-2372495719-1458228271-1439821906-1007 - Limited - Enabled) => C:\Users\Für Jeden
Gast (S-1-5-21-2372495719-1458228271-1439821906-501 - Limited - Disabled)
Hello (S-1-5-21-2372495719-1458228271-1439821906-1004 - Limited - Enabled) => C:\Users\Hello
HomeGroupUser$ (S-1-5-21-2372495719-1458228271-1439821906-1009 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 09:45:05 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (01/30/2015 10:35:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xf44
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (01/30/2015 06:24:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/30/2015 06:24:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/30/2015 06:03:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/30/2015 06:03:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/28/2015 00:12:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/28/2015 00:12:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/28/2015 00:10:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/28/2015 00:10:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (01/31/2015 01:32:03 PM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/31/2015 01:31:33 PM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/29/2015 07:17:09 PM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/29/2015 09:58:11 AM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/29/2015 09:49:10 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 70. Der Windows-SChannel-Fehlerstatus lautet: 105.

Error: (01/28/2015 00:05:37 PM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/26/2015 10:09:22 PM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/26/2015 11:51:59 AM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/25/2015 07:02:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/25/2015 07:02:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (01/31/2015 09:45:05 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (01/30/2015 10:35:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425f4401d03bbf5a2eded3C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle0b0a1d7-a8c7-11e4-8295-c03fd5a0a8fc

Error: (01/30/2015 06:24:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector5\Kernel\CES\CES_CacheAgent.exe.Manifest

Error: (01/30/2015 06:24:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest

Error: (01/30/2015 06:03:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector5\Kernel\CES\CES_CacheAgent.exe.Manifest

Error: (01/30/2015 06:03:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest

Error: (01/28/2015 00:12:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector5\Kernel\CES\CES_CacheAgent.exe.Manifest

Error: (01/28/2015 00:12:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest

Error: (01/28/2015 00:10:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector5\Kernel\CES\CES_CacheAgent.exe.Manifest

Error: (01/28/2015 00:10:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest


CodeIntegrity Errors:
===================================
  Date: 2015-01-31 13:33:49.999
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-31 13:33:49.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-31 13:33:48.277
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-31 13:33:15.853
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-31 13:33:14.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-31 10:32:08.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-31 10:32:07.247
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-31 10:32:06.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-31 10:32:04.407
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-31 10:32:03.223
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Percentage of memory in use: 41%
Total physical RAM: 3969.26 MB
Available physical RAM: 2312.48 MB
Total Pagefile: 4737.26 MB
Available Pagefile: 2649.96 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:758.72 GB) NTFS
Drive d: (Recover) (Fixed) (Total:59.99 GB) (Free:42.65 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber 31.01.2015 19:14
Unsere Tools brauchen immer Adminrechte!!


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Snap.Do


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 




MBAM updaten, scannen, Funde löschen.



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

AuGuRi 31.01.2015 21:10
Guten Abend,
also die ganzen blauen Unterstreichungen sind schon mal weg :) Läuft alles wieder wesentlich besser :singsing:

hier die gewünschten Log-Files:

AdwCleaner:
AdwCleaner Logfile:
Code:
# AdwCleaner v4.109 - Bericht erstellt am 31/01/2015 um 20:50:34
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 8.1 Connected  (64 bits)
# Benutzername : Alina - AUGURI
# Gestartet von : C:\Users\Alina\Downloads\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [9295 octets] - [25/01/2015 18:58:55]
AdwCleaner[R1].txt - [997 octets] - [31/01/2015 20:47:53]
AdwCleaner[S0].txt - [8488 octets] - [25/01/2015 19:02:19]
AdwCleaner[S1].txt - [919 octets] - [31/01/2015 20:50:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [978 octets] ##########
--- --- ---


JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Connected x64
Ran by Alina on 31.01.2015 at 20:57:46,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.01.2015 at 21:01:41,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und ein aktuelles FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015
Ran by Alina (administrator) on AUGURI on 31-01-2015 21:05:21
Running from C:\Users\Hello\Downloads
Loaded Profiles: Alina (Available profiles: Alina & Hello)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BitTorrent Inc.) C:\Users\Alina\AppData\Roaming\BitTorrent\BitTorrent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\...\Run: [BitTorrent] => C:\Users\Alina\AppData\Roaming\BitTorrent\BitTorrent.exe [1438808 2015-01-31] (BitTorrent Inc.)
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alina\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50802;https=127.0.0.1:50802
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Booster Web - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-25]
FF Extension: Zoom It - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\Extensions\{1fb8bbcf-8402-c24e-960a-29c8d1611e43} [2015-01-31]
FF Extension: WOT - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-09]
FF Extension: NoScript - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-09]
FF Extension: Adblock Plus - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-09]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-09-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                          )
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 21:01 - 2015-01-31 21:01 - 00000624 _____ () C:\Users\Alina\Desktop\JRT.txt
2015-01-31 20:53 - 2015-01-31 20:53 - 01707939 _____ (Thisisu) C:\Users\Alina\Downloads\JRT.exe
2015-01-31 20:47 - 2015-01-31 20:47 - 02194432 _____ () C:\Users\Alina\Downloads\AdwCleaner_4.109.exe
2015-01-31 19:47 - 2015-01-31 19:47 - 00001288 _____ () C:\Users\Alina\Desktop\Revo Uninstaller.lnk
2015-01-31 19:47 - 2015-01-31 19:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-31 19:46 - 2015-01-31 19:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hello\Downloads\revosetup95.exe
2015-01-31 15:32 - 2015-01-31 15:32 - 00025201 _____ () C:\Users\Hello\Downloads\Addition.txt
2015-01-31 15:30 - 2015-01-31 21:05 - 00013981 _____ () C:\Users\Hello\Downloads\FRST.txt
2015-01-31 15:30 - 2015-01-31 21:05 - 00000000 ____D () C:\FRST
2015-01-31 15:29 - 2015-01-31 15:29 - 02130944 _____ (Farbar) C:\Users\Hello\Downloads\FRST64.exe
2015-01-31 13:31 - 2015-01-31 20:44 - 00055808 ___SH () C:\Users\Hello\Desktop\Thumbs.db
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-27 09:36 - 2015-01-27 09:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 18:58 - 2015-01-31 20:50 - 00000000 ____D () C:\AdwCleaner
2015-01-25 18:58 - 2015-01-25 18:58 - 02194432 _____ () C:\Users\Hello\Downloads\AdwCleaner_4.109.exe
2015-01-25 18:43 - 2015-01-25 18:43 - 01707939 _____ (Thisisu) C:\Users\Hello\Downloads\JRT.exe
2015-01-25 18:38 - 2015-01-31 20:43 - 00000000 ____D () C:\ProgramData\vcqLGHAR
2015-01-25 18:28 - 2015-01-25 18:28 - 00000000 ____D () C:\ProgramData\DivX
2015-01-25 18:25 - 2015-01-25 18:25 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\Booster-Web
2015-01-25 11:23 - 2015-01-25 11:23 - 04070576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 09:11 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 09:11 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 09:11 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-14 09:11 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-14 09:11 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-14 09:11 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-14 09:11 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 09:11 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-14 09:11 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-14 09:11 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-14 09:11 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-14 09:11 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-14 09:11 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-14 09:11 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-14 09:11 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-14 09:11 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-14 09:11 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-14 09:11 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-14 09:11 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-14 09:11 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-14 09:11 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-05 10:59 - 2015-01-31 10:29 - 00000000 ___RD () C:\Users\Hello\Dropbox
2015-01-05 10:59 - 2015-01-05 10:59 - 00001177 _____ () C:\Users\Hello\Desktop\Dropbox.lnk
2015-01-05 10:58 - 2015-01-05 10:58 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-05 10:58 - 2015-01-05 10:58 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\Dropbox
2015-01-05 10:56 - 2015-01-31 10:29 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Dropbox
2015-01-05 10:55 - 2015-01-05 10:56 - 00324112 _____ (Dropbox, Inc.) C:\Users\Hello\Downloads\DropboxInstaller.exe
2015-01-04 14:06 - 2015-01-04 14:06 - 00068608 ___SH () C:\Users\Hello\Thumbs.db
2015-01-03 13:32 - 2015-01-03 13:32 - 05006832 _____ (Adobe Systems Inc.) C:\Users\Hello\Downloads\Shockwave_Installer_Slim.exe
2015-01-03 13:32 - 2015-01-03 13:32 - 00000000 ____D () C:\windows\SysWOW64\Adobe
2015-01-03 13:27 - 2015-01-31 20:23 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-03 13:27 - 2015-01-25 11:23 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-03 13:20 - 2015-01-26 11:22 - 00000000 ____D () C:\Program Files\Java
2015-01-03 13:20 - 2015-01-26 11:21 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-01-03 13:19 - 2015-01-03 13:19 - 92658088 _____ (Oracle Corporation) C:\Users\Hello\Downloads\jre-8u25-windows-x64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 21:04 - 2014-09-23 17:05 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\BitTorrent
2015-01-31 21:04 - 2014-09-09 15:24 - 00236032 ___SH () C:\Users\Alina\Downloads\Thumbs.db
2015-01-31 21:04 - 2014-09-09 13:33 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2372495719-1458228271-1439821906-1001
2015-01-31 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-01-31 20:56 - 2014-09-09 13:26 - 01788875 _____ () C:\windows\WindowsUpdate.log
2015-01-31 20:55 - 2014-12-11 18:07 - 00000000 ____D () C:\Users\Für Jeden
2015-01-31 20:55 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-01-31 20:51 - 2014-10-09 18:52 - 00003197 _____ () C:\windows\setupact.log
2015-01-31 20:51 - 2014-09-23 19:01 - 00021164 _____ () C:\windows\PFRO.log
2015-01-31 20:51 - 2014-09-23 17:33 - 00000214 _____ () C:\windows\Tasks\AutoKMS.job
2015-01-31 20:51 - 2014-09-23 06:59 - 00001700 _____ () C:\windows\Tasks\XTIHHBZN.job
2015-01-31 20:51 - 2014-09-23 06:59 - 00001352 _____ () C:\windows\Tasks\QJCMSC.job
2015-01-31 20:51 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-31 20:50 - 2013-08-22 14:25 - 00524288 ___SH () C:\windows\system32\config\BBI
2015-01-31 20:47 - 2014-09-09 13:44 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{797817F3-6D87-4081-BAAB-5F4E4D2E31FC}
2015-01-31 20:42 - 2014-04-29 13:28 - 00000000 ____D () C:\windows\tr
2015-01-31 20:16 - 2014-09-23 18:01 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 16:09 - 2014-09-23 19:55 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{17F2C544-6AE9-4B46-84C4-7AF0B4293D11}
2015-01-31 13:48 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\Hello\Documents\Citavi 4
2015-01-31 10:43 - 2014-09-09 17:13 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2372495719-1458228271-1439821906-1004
2015-01-31 10:28 - 2014-09-09 13:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 13:07 - 2014-09-28 09:32 - 00000000 ____D () C:\Users\Hello\Desktop\UNI
2015-01-29 10:44 - 2014-09-09 14:53 - 00000000 ____D () C:\Users\Hello\Documents\Arbeitsvorlagen
2015-01-28 18:44 - 2014-10-01 17:47 - 00261632 ___SH () C:\Users\Hello\Downloads\Thumbs.db
2015-01-28 18:32 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-01-28 11:51 - 2014-11-17 09:51 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Skype
2015-01-26 11:23 - 2014-10-03 20:40 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 11:22 - 2014-10-03 20:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 11:21 - 2014-10-03 20:40 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 19:02 - 2014-09-09 14:05 - 00000000 ____D () C:\Users\Alina\Desktop\Programme
2015-01-25 18:30 - 2014-09-23 17:35 - 00002118 _____ () C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-25 18:30 - 2014-09-09 13:46 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-25 18:30 - 2014-09-09 13:28 - 00001458 _____ () C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-25 18:30 - 2014-05-06 16:01 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-01-25 17:59 - 2014-09-09 17:07 - 00000000 ____D () C:\Users\Hello
2015-01-24 21:20 - 2014-09-09 20:25 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-09-09 20:25 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 18:19 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\Hello\Documents\Bewerbungen
2015-01-14 09:57 - 2014-09-09 20:05 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 09:50 - 2014-04-29 10:41 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-04 10:57 - 2014-09-28 16:59 - 00000000 ____D () C:\Users\Hello\Desktop\Linienbuch
2015-01-03 13:27 - 2014-09-09 13:49 - 00000000 ____D () C:\Users\Alina\AppData\Local\Adobe
2015-01-03 13:20 - 2014-10-03 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Alina\AppData\Roaming\QJCMSC
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Alina\AppData\Roaming\XTIHHBZN
2014-09-22 20:41 - 2014-09-23 17:10 - 0002233 _____ () C:\Users\Alina\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2014-04-30 19:44 - 2014-04-30 19:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Alina\AppData\Local\Temp\AppLauncher.exe
C:\Users\Alina\AppData\Local\Temp\Quarantine.exe
C:\Users\Alina\AppData\Local\Temp\sqlite3.dll
C:\Users\Hello\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfd3qt0.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 13:30

==================== End Of Log ============================
--- --- ---

schrauber 01.02.2015 10:15

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

AuGuRi 02.02.2015 12:07
so hat jetzt etwas gedauert, aber hier sind alle log datein:

ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7af7b2e020d1aa4096160983e87eca19
# engine=22257
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-02 10:50:06
# local_time=2015-02-02 11:50:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 11134 13178525 0 0
# scanned=283907
# found=22
# cleaned=0
# scan_time=6679
sh=497D88F38E21229D95650E02708207190CB6849E ft=1 fh=64a74ba51bf40770 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=5468230F587DE9F869DB9E22083131DCFD9451F2 ft=1 fh=07a842c13464288e vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=599F4EB498D7C05A680386C1D3E1FC3DD68A8FA9 ft=1 fh=bd87bce3b868a7f1 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=6F2DDAFE7B526A4CC60D75CCB1D4EBEA6F5D0DDC ft=1 fh=a836ee7136df2313 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=1DFF39C0F7B7617C8292510F1833B282CD0A1F21 ft=1 fh=18ddbd645dd0ae9c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=DF7B974F73F65FDF917E9C3AB8B8EC9FD97FC2A0 ft=1 fh=0e3a711fc1c46ea8 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=606D4414333C04E362F60B505926C78BB0B6C694 ft=1 fh=2f7c44d7fdd8d932 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir"
sh=FC2E815AA9297F3CE8FFB1CC691137E255A9357D ft=1 fh=df41aec1378259f8 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\vcqLGHAR\dat\fLSmLep.dll"
sh=066CA1D7048EE6FF3671028DAE651AC6D2901EAE ft=1 fh=b949b889568cb5a6 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\vcqLGHAR\dat\pmHQGfvrln.dll"
sh=0F2E755EAA59311BC816AB024BEF3A6F446EFB84 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner" ac=I fn="C:\Users\Alina\AppData\Local\Mozilla\Firefox\Profiles\mt0tqotm.default\cache2\entries\485809505290A04B7446C0D7C11C0D00016DF18A"
sh=D83D2AB3381EFB0352351D01BA840E92B8F224AE ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner" ac=I fn="C:\Users\Alina\AppData\Local\Mozilla\Firefox\Profiles\mt0tqotm.default\cache2\entries\6D08AD581F0FFE5EEEDFA6B81CFD30CC449249FF"
sh=A97C0385F0BCBFF11F175FFC0094BCA3D5321320 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner" ac=I fn="C:\Users\Alina\AppData\Local\Mozilla\Firefox\Profiles\mt0tqotm.default\cache2\entries\90CCAD9055B54F4701D3C42C579054EC3BDDD8A0"
sh=3006AB43D9DD1068294667FC19EFE3FBBE874E66 ft=1 fh=9fdeb3d17fc0c8b3 vn="Variante von Win32/SpeedBit.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alina\AppData\Local\Temp\awh7DBD.tmp"
sh=58CFEA3FF3669817ADECDE2B43B78E235499AC7A ft=1 fh=120f78d46d66ab04 vn="Variante von MSIL/Solimba.AD evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alina\AppData\Local\Temp\n6132\s6132.exe"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alina\AppData\Roaming\QJCMSC"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alina\AppData\Roaming\XTIHHBZN"
sh=54A44B1A80A2741D9B66B61ABEB5677D9C74B1E5 ft=1 fh=bad3c2811dcfe05f vn="Win32/SmootherWeb.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alina\AppData\Roaming\Booster-Web\Booster-Web-Installer.exe"
sh=D6092490B8B905B9058227DF77C38386F2E22BAA ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alina\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip"
sh=5D2D540F6BF641CDB2928E05C56E28B35EA0BE30 ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\extensions\jid1-U7omKQ6kQfxMaQ@jetpack\resources\smootherweb\data\content.js"
sh=FC2E815AA9297F3CE8FFB1CC691137E255A9357D ft=1 fh=df41aec1378259f8 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\vcqLGHAR\dat\fLSmLep.dll"
sh=066CA1D7048EE6FF3671028DAE651AC6D2901EAE ft=1 fh=b949b889568cb5a6 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\vcqLGHAR\dat\pmHQGfvrln.dll"
Security Check:
Code:
Results of screen317's Security Check version 0.99.95 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.9016) 
 Java 8 Update 31 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player        16.0.0.296 
 Adobe Reader XI 
 Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
und das FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Alina (administrator) on AUGURI on 02-02-2015 12:01:22
Running from C:\Users\Hello\Downloads
Loaded Profiles: Alina (Available profiles: Alina & Hello)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BitTorrent Inc.) C:\Users\Alina\AppData\Roaming\BitTorrent\BitTorrent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\...\Run: [BitTorrent] => C:\Users\Alina\AppData\Roaming\BitTorrent\BitTorrent.exe [1438808 2015-01-31] (BitTorrent Inc.)
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alina\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50802;https=127.0.0.1:50802
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Booster Web - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack [2015-01-25]
FF Extension: Zoom It - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\Extensions\{1c386c79-3e36-9187-b045-6cbfa6143c8d} [2015-02-02]
FF Extension: WOT - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-09]
FF Extension: NoScript - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-09]
FF Extension: Adblock Plus - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-09]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-09-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                          )
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 12:01 - 2015-02-02 12:01 - 00000000 ____D () C:\Users\Hello\Downloads\FRST-OlderVersion
2015-02-02 11:57 - 2015-02-02 11:57 - 00852573 _____ () C:\Users\Alina\Downloads\SecurityCheck.exe
2015-02-02 09:44 - 2015-02-02 09:47 - 02347384 _____ (ESET) C:\Users\Hello\Downloads\esetsmartinstaller_deu.exe
2015-02-01 09:45 - 2015-02-01 09:45 - 00055808 ___SH () C:\Users\Hello\Desktop\Thumbs.db
2015-01-31 21:01 - 2015-01-31 21:01 - 00000624 _____ () C:\Users\Alina\Desktop\JRT.txt
2015-01-31 20:53 - 2015-01-31 20:53 - 01707939 _____ (Thisisu) C:\Users\Alina\Downloads\JRT.exe
2015-01-31 20:47 - 2015-01-31 20:47 - 02194432 _____ () C:\Users\Alina\Downloads\AdwCleaner_4.109.exe
2015-01-31 19:47 - 2015-01-31 19:47 - 00001288 _____ () C:\Users\Alina\Desktop\Revo Uninstaller.lnk
2015-01-31 19:47 - 2015-01-31 19:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-31 19:46 - 2015-01-31 19:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hello\Downloads\revosetup95.exe
2015-01-31 15:32 - 2015-01-31 15:32 - 00025201 _____ () C:\Users\Hello\Downloads\Addition.txt
2015-01-31 15:30 - 2015-02-02 12:02 - 00014061 _____ () C:\Users\Hello\Downloads\FRST.txt
2015-01-31 15:30 - 2015-02-02 12:01 - 00000000 ____D () C:\FRST
2015-01-31 15:29 - 2015-02-02 12:01 - 02131456 _____ (Farbar) C:\Users\Hello\Downloads\FRST64.exe
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-27 09:36 - 2015-01-27 09:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 18:58 - 2015-01-31 20:50 - 00000000 ____D () C:\AdwCleaner
2015-01-25 18:58 - 2015-01-25 18:58 - 02194432 _____ () C:\Users\Hello\Downloads\AdwCleaner_4.109.exe
2015-01-25 18:43 - 2015-01-25 18:43 - 01707939 _____ (Thisisu) C:\Users\Hello\Downloads\JRT.exe
2015-01-25 18:38 - 2015-01-31 20:43 - 00000000 ____D () C:\ProgramData\vcqLGHAR
2015-01-25 18:28 - 2015-01-25 18:28 - 00000000 ____D () C:\ProgramData\DivX
2015-01-25 18:25 - 2015-01-25 18:25 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\Booster-Web
2015-01-25 11:23 - 2015-01-25 11:23 - 04070576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 09:11 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 09:11 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 09:11 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-14 09:11 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-14 09:11 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-14 09:11 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-14 09:11 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 09:11 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-14 09:11 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-14 09:11 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-14 09:11 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-14 09:11 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-14 09:11 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-14 09:11 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-14 09:11 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-14 09:11 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-14 09:11 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-14 09:11 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-14 09:11 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-14 09:11 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-14 09:11 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-05 10:59 - 2015-02-02 09:55 - 00000000 ___RD () C:\Users\Hello\Dropbox
2015-01-05 10:59 - 2015-01-05 10:59 - 00001177 _____ () C:\Users\Hello\Desktop\Dropbox.lnk
2015-01-05 10:58 - 2015-01-05 10:58 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-05 10:58 - 2015-01-05 10:58 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\Dropbox
2015-01-05 10:56 - 2015-01-31 21:12 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Dropbox
2015-01-05 10:55 - 2015-01-05 10:56 - 00324112 _____ (Dropbox, Inc.) C:\Users\Hello\Downloads\DropboxInstaller.exe
2015-01-04 14:06 - 2015-01-04 14:06 - 00068608 ___SH () C:\Users\Hello\Thumbs.db
2015-01-03 13:32 - 2015-01-03 13:32 - 05006832 _____ (Adobe Systems Inc.) C:\Users\Hello\Downloads\Shockwave_Installer_Slim.exe
2015-01-03 13:32 - 2015-01-03 13:32 - 00000000 ____D () C:\windows\SysWOW64\Adobe
2015-01-03 13:27 - 2015-02-02 11:23 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-03 13:27 - 2015-01-25 11:23 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-03 13:20 - 2015-01-26 11:22 - 00000000 ____D () C:\Program Files\Java
2015-01-03 13:20 - 2015-01-26 11:21 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-01-03 13:19 - 2015-01-03 13:19 - 92658088 _____ (Oracle Corporation) C:\Users\Hello\Downloads\jre-8u25-windows-x64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 12:01 - 2014-09-23 17:05 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\BitTorrent
2015-02-02 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-02 11:51 - 2014-09-09 13:33 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2372495719-1458228271-1439821906-1001
2015-02-02 10:54 - 2014-09-09 13:26 - 01272271 _____ () C:\windows\WindowsUpdate.log
2015-02-02 09:49 - 2014-09-23 06:59 - 00001700 _____ () C:\windows\Tasks\XTIHHBZN.job
2015-02-02 09:49 - 2014-09-23 06:59 - 00001352 _____ () C:\windows\Tasks\QJCMSC.job
2015-02-02 09:43 - 2014-09-23 19:55 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{17F2C544-6AE9-4B46-84C4-7AF0B4293D11}
2015-01-31 21:04 - 2014-09-09 15:24 - 00236032 ___SH () C:\Users\Alina\Downloads\Thumbs.db
2015-01-31 20:55 - 2014-12-11 18:07 - 00000000 ____D () C:\Users\Für Jeden
2015-01-31 20:55 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-01-31 20:51 - 2014-10-09 18:52 - 00003197 _____ () C:\windows\setupact.log
2015-01-31 20:51 - 2014-09-23 19:01 - 00021164 _____ () C:\windows\PFRO.log
2015-01-31 20:51 - 2014-09-23 17:33 - 00000214 _____ () C:\windows\Tasks\AutoKMS.job
2015-01-31 20:51 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-31 20:50 - 2013-08-22 14:25 - 00524288 ___SH () C:\windows\system32\config\BBI
2015-01-31 20:47 - 2014-09-09 13:44 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{797817F3-6D87-4081-BAAB-5F4E4D2E31FC}
2015-01-31 20:43 - 2014-04-29 13:28 - 00000000 ____D () C:\windows\tr
2015-01-31 20:16 - 2014-09-23 18:01 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 13:48 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\Hello\Documents\Citavi 4
2015-01-31 10:43 - 2014-09-09 17:13 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2372495719-1458228271-1439821906-1004
2015-01-31 10:28 - 2014-09-09 13:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 13:07 - 2014-09-28 09:32 - 00000000 ____D () C:\Users\Hello\Desktop\UNI
2015-01-29 10:44 - 2014-09-09 14:53 - 00000000 ____D () C:\Users\Hello\Documents\Arbeitsvorlagen
2015-01-28 18:44 - 2014-10-01 17:47 - 00261632 ___SH () C:\Users\Hello\Downloads\Thumbs.db
2015-01-28 18:32 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-01-28 11:51 - 2014-11-17 09:51 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Skype
2015-01-26 11:23 - 2014-10-03 20:40 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 11:22 - 2014-10-03 20:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 11:21 - 2014-10-03 20:40 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 19:02 - 2014-09-09 14:05 - 00000000 ____D () C:\Users\Alina\Desktop\Programme
2015-01-25 18:30 - 2014-09-23 17:35 - 00002118 _____ () C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-25 18:30 - 2014-09-09 13:46 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-25 18:30 - 2014-09-09 13:28 - 00001458 _____ () C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-25 18:30 - 2014-05-06 16:01 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-01-25 17:59 - 2014-09-09 17:07 - 00000000 ____D () C:\Users\Hello
2015-01-24 21:20 - 2014-09-09 20:25 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-09-09 20:25 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 18:19 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\Hello\Documents\Bewerbungen
2015-01-14 09:57 - 2014-09-09 20:05 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 09:50 - 2014-04-29 10:41 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-04 10:57 - 2014-09-28 16:59 - 00000000 ____D () C:\Users\Hello\Desktop\Linienbuch
2015-01-03 13:27 - 2014-09-09 13:49 - 00000000 ____D () C:\Users\Alina\AppData\Local\Adobe
2015-01-03 13:20 - 2014-10-03 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Alina\AppData\Roaming\QJCMSC
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Alina\AppData\Roaming\XTIHHBZN
2014-09-22 20:41 - 2014-09-23 17:10 - 0002233 _____ () C:\Users\Alina\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2014-04-30 19:44 - 2014-04-30 19:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Alina\AppData\Local\Temp\AppLauncher.exe
C:\Users\Alina\AppData\Local\Temp\Quarantine.exe
C:\Users\Alina\AppData\Local\Temp\sqlite3.dll
C:\Users\Hello\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwvn87w.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 13:30

==================== End Of Log ============================
--- --- ---



es ist etwas seltsam, aber seitdem ich den ESET und SecurityCheck gemacht habe, sind die blauen Unterstreichungen wieder da.. :headbang: Kann es daran liegen, dass ESET 22 Bedrohungen erkannt hat?

schrauber 02.02.2015 17:46
Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\ProgramData\vcqLGHAR

C:\Users\Alina\AppData\Local\Mozilla\Firefox\Profiles\mt0tqotm.default\cache2\entries\485809505290A04B7446C0D7C11C0D00016DF18A

C:\Users\Alina\AppData\Local\Mozilla\Firefox\Profiles\mt0tqotm.default\cache2\entries\6D08AD581F0FFE5EEEDFA6B81CFD30CC449249FF

C:\Users\Alina\AppData\Local\Mozilla\Firefox\Profiles\mt0tqotm.default\cache2\entries\90CCAD9055B54F4701D3C42C579054EC3BDDD8A0

C:\Users\Alina\AppData\Local\Temp\awh7DBD.tmp

C:\Users\Alina\AppData\Local\Temp\n6132\s6132.exe

C:\Users\Alina\AppData\Roaming\QJCMSC

C:\Users\Alina\AppData\Roaming\XTIHHBZN

C:\Users\Alina\AppData\Roaming\Booster-Web\Booster-Web-Installer.exe

C:\Users\Alina\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip

C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\extensions\jid1-U7omKQ6kQfxMaQ@jetpack\resources\smootherweb\data\content.js
HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50802;https=127.0.0.1:50802
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logs.

AuGuRi 02.02.2015 19:52
jetzt schauts wieder super aus :Boogie:

hier die Log

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Alina at 2015-02-02 19:47:55 Run:1
Running from C:\Users\Hello\Downloads
Loaded Profiles: Alina (Available profiles: Alina & Hello)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\vcqLGHAR

C:\Users\Alina\AppData\Local\Mozilla\Firefox\Profiles\mt0tqotm.default\cache2\entries\485809505290A04B7446C0D7C11C0D00016DF18A

C:\Users\Alina\AppData\Local\Mozilla\Firefox\Profiles\mt0tqotm.default\cache2\entries\6D08AD581F0FFE5EEEDFA6B81CFD30CC449249FF

C:\Users\Alina\AppData\Local\Mozilla\Firefox\Profiles\mt0tqotm.default\cache2\entries\90CCAD9055B54F4701D3C42C579054EC3BDDD8A0

C:\Users\Alina\AppData\Local\Temp\awh7DBD.tmp

C:\Users\Alina\AppData\Local\Temp\n6132\s6132.exe

C:\Users\Alina\AppData\Roaming\QJCMSC

C:\Users\Alina\AppData\Roaming\XTIHHBZN

C:\Users\Alina\AppData\Roaming\Booster-Web\Booster-Web-Installer.exe

C:\Users\Alina\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip

C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\extensions\jid1-U7omKQ6kQfxMaQ@jetpack\resources\smootherweb\data\content.js
HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50802;https=127.0.0.1:50802
Emptytemp:
       
*****************

C:\ProgramData\vcqLGHAR => Moved successfully.
"C:\Users\Alina\AppData\Local\Mozilla\Firefox\Profiles\mt0tqotm.default\cache2\entries\485809505290A04B7446C0D7C11C0D00016DF18A" => File/Directory not found.
"C:\Users\Alina\AppData\Local\Mozilla\Firefox\Profiles\mt0tqotm.default\cache2\entries\6D08AD581F0FFE5EEEDFA6B81CFD30CC449249FF" => File/Directory not found.
"C:\Users\Alina\AppData\Local\Mozilla\Firefox\Profiles\mt0tqotm.default\cache2\entries\90CCAD9055B54F4701D3C42C579054EC3BDDD8A0" => File/Directory not found.
"C:\Users\Alina\AppData\Local\Temp\awh7DBD.tmp" => File/Directory not found.
"C:\Users\Alina\AppData\Local\Temp\n6132\s6132.exe" => File/Directory not found.
C:\Users\Alina\AppData\Roaming\QJCMSC => Moved successfully.
C:\Users\Alina\AppData\Roaming\XTIHHBZN => Moved successfully.
C:\Users\Alina\AppData\Roaming\Booster-Web\Booster-Web-Installer.exe => Moved successfully.
C:\Users\Alina\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip => Moved successfully.
"C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\mt0tqotm.default\extensions\jid1-U7omKQ6kQfxMaQ@jetpack\resources\smootherweb\data\content.js" => File/Directory not found.
"HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 86.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:48:07 ====

schrauber 03.02.2015 07:56
die frischen FRST Logs fehlen noch :)

AuGuRi 04.02.2015 08:36
Hallo schrauber
entschuldige bitte, dass es diesmal etwas gedauert hat. Hier ist nun noch das neue FSET


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Alina (administrator) on AUGURI on 04-02-2015 08:29:00
Running from C:\Users\Hello\Downloads
Loaded Profiles: Alina (Available profiles: Alina & Hello)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BitTorrent Inc.) C:\Users\Alina\AppData\Roaming\BitTorrent\BitTorrent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\...\Run: [BitTorrent] => C:\Users\Alina\AppData\Roaming\BitTorrent\BitTorrent.exe [1438808 2015-01-31] (BitTorrent Inc.)
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50802;https=127.0.0.1:50802
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\pk3pdjx4.default-1422902549553
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: YouTube Unblocker - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\pk3pdjx4.default-1422902549553\Extensions\youtubeunblocker@unblocker.yt [2015-02-02]
FF Extension: WOT - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\pk3pdjx4.default-1422902549553\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-02]
FF Extension: Adblock Plus - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\pk3pdjx4.default-1422902549553\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-02]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-09-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                          )
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 20:03 - 2015-02-02 20:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-02 19:42 - 2015-02-02 19:42 - 00000000 ____D () C:\Users\Alina\Desktop\Alte Firefox-Daten
2015-02-02 19:41 - 2015-02-02 20:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 19:41 - 2015-02-02 19:41 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 19:41 - 2015-02-02 19:41 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-02 19:39 - 2015-02-02 19:49 - 00000232 _____ () C:\windows\setupact.log
2015-02-02 19:39 - 2015-02-02 19:39 - 00000820 _____ () C:\windows\PFRO.log
2015-02-02 19:39 - 2015-02-02 19:39 - 00000000 _____ () C:\windows\setuperr.log
2015-02-02 15:01 - 2015-02-04 08:25 - 00418786 _____ () C:\windows\WindowsUpdate.log
2015-02-02 12:01 - 2015-02-02 12:01 - 00000000 ____D () C:\Users\Hello\Downloads\FRST-OlderVersion
2015-02-02 11:57 - 2015-02-02 11:57 - 00852573 _____ () C:\Users\Alina\Downloads\SecurityCheck.exe
2015-02-02 09:44 - 2015-02-02 09:47 - 02347384 _____ (ESET) C:\Users\Hello\Downloads\esetsmartinstaller_deu.exe
2015-01-31 21:01 - 2015-01-31 21:01 - 00000624 _____ () C:\Users\Alina\Desktop\JRT.txt
2015-01-31 20:53 - 2015-01-31 20:53 - 01707939 _____ (Thisisu) C:\Users\Alina\Downloads\JRT.exe
2015-01-31 20:47 - 2015-01-31 20:47 - 02194432 _____ () C:\Users\Alina\Downloads\AdwCleaner_4.109.exe
2015-01-31 19:47 - 2015-01-31 19:47 - 00001288 _____ () C:\Users\Alina\Desktop\Revo Uninstaller.lnk
2015-01-31 19:47 - 2015-01-31 19:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-31 19:46 - 2015-01-31 19:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hello\Downloads\revosetup95.exe
2015-01-31 15:32 - 2015-01-31 15:32 - 00025201 _____ () C:\Users\Hello\Downloads\Addition.txt
2015-01-31 15:30 - 2015-02-04 08:29 - 00013080 _____ () C:\Users\Hello\Downloads\FRST.txt
2015-01-31 15:30 - 2015-02-04 08:29 - 00000000 ____D () C:\FRST
2015-01-31 15:29 - 2015-02-02 12:01 - 02131456 _____ (Farbar) C:\Users\Hello\Downloads\FRST64.exe
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-25 18:58 - 2015-01-31 20:50 - 00000000 ____D () C:\AdwCleaner
2015-01-25 18:58 - 2015-01-25 18:58 - 02194432 _____ () C:\Users\Hello\Downloads\AdwCleaner_4.109.exe
2015-01-25 18:43 - 2015-01-25 18:43 - 01707939 _____ (Thisisu) C:\Users\Hello\Downloads\JRT.exe
2015-01-25 18:28 - 2015-01-25 18:28 - 00000000 ____D () C:\ProgramData\DivX
2015-01-25 18:25 - 2015-02-02 19:47 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\Booster-Web
2015-01-25 11:23 - 2015-01-25 11:23 - 04070576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 09:11 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 09:11 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 09:11 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-14 09:11 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-14 09:11 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-14 09:11 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-14 09:11 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 09:11 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-14 09:11 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-14 09:11 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-14 09:11 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-14 09:11 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-14 09:11 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-14 09:11 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-14 09:11 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-14 09:11 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-14 09:11 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-14 09:11 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-14 09:11 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-14 09:11 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-14 09:11 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-05 10:59 - 2015-02-02 16:43 - 00000000 ___RD () C:\Users\Hello\Dropbox
2015-01-05 10:59 - 2015-01-05 10:59 - 00001177 _____ () C:\Users\Hello\Desktop\Dropbox.lnk
2015-01-05 10:58 - 2015-01-05 10:58 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-05 10:58 - 2015-01-05 10:58 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\Dropbox
2015-01-05 10:56 - 2015-02-02 16:43 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Dropbox
2015-01-05 10:55 - 2015-01-05 10:56 - 00324112 _____ (Dropbox, Inc.) C:\Users\Hello\Downloads\DropboxInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 08:28 - 2014-09-23 17:05 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\BitTorrent
2015-02-04 08:28 - 2014-09-23 06:59 - 00001700 _____ () C:\windows\Tasks\XTIHHBZN.job
2015-02-04 08:28 - 2014-09-23 06:59 - 00001352 _____ () C:\windows\Tasks\QJCMSC.job
2015-02-04 08:23 - 2015-01-03 13:27 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 08:23 - 2014-09-23 19:55 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{17F2C544-6AE9-4B46-84C4-7AF0B4293D11}
2015-02-04 08:23 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-02-04 08:20 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-02 20:32 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache
2015-02-02 20:29 - 2014-09-09 17:13 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2372495719-1458228271-1439821906-1004
2015-02-02 19:54 - 2014-09-09 13:33 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2372495719-1458228271-1439821906-1001
2015-02-02 19:49 - 2014-09-23 17:33 - 00000214 _____ () C:\windows\Tasks\AutoKMS.job
2015-02-02 19:49 - 2014-09-22 21:50 - 00017920 ___SH () C:\Users\Alina\Desktop\Thumbs.db
2015-02-02 19:49 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-02 19:47 - 2014-09-09 15:24 - 00236032 ___SH () C:\Users\Alina\Downloads\Thumbs.db
2015-02-02 19:42 - 2014-09-09 13:44 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{797817F3-6D87-4081-BAAB-5F4E4D2E31FC}
2015-02-02 19:38 - 2013-08-22 14:25 - 00524288 ___SH () C:\windows\system32\config\BBI
2015-02-02 19:17 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\Hello\Documents\Simon
2015-02-02 19:01 - 2014-09-16 08:05 - 00256000 ___SH () C:\Users\Hello\Documents\Thumbs.db
2015-02-02 18:46 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\Hello\Documents\Citavi 4
2015-02-02 16:34 - 2015-01-03 13:27 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-02 16:34 - 2014-09-09 13:49 - 00000000 ____D () C:\Users\Alina\AppData\Local\Adobe
2015-02-02 14:59 - 2014-09-23 18:01 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 14:58 - 2014-11-03 20:34 - 00000000 ____D () C:\windows\Minidump
2015-02-02 14:57 - 2014-09-28 09:32 - 00000000 ____D () C:\Users\Hello\Desktop\UNI
2015-01-31 20:55 - 2014-12-11 18:07 - 00000000 ____D () C:\Users\Für Jeden
2015-01-31 20:43 - 2014-04-29 13:28 - 00000000 ____D () C:\windows\tr
2015-01-29 10:44 - 2014-09-09 14:53 - 00000000 ____D () C:\Users\Hello\Documents\Arbeitsvorlagen
2015-01-28 18:44 - 2014-10-01 17:47 - 00261632 ___SH () C:\Users\Hello\Downloads\Thumbs.db
2015-01-28 18:32 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-01-28 11:51 - 2014-11-17 09:51 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Skype
2015-01-26 11:23 - 2014-10-03 20:40 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 11:22 - 2015-01-03 13:20 - 00000000 ____D () C:\Program Files\Java
2015-01-26 11:22 - 2014-10-03 20:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 11:21 - 2015-01-03 13:20 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-01-26 11:21 - 2014-10-03 20:40 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 19:02 - 2014-09-09 14:05 - 00000000 ____D () C:\Users\Alina\Desktop\Programme
2015-01-25 18:30 - 2014-09-09 13:28 - 00001458 _____ () C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-25 18:30 - 2014-05-06 16:01 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-01-25 17:59 - 2014-09-09 17:07 - 00000000 ____D () C:\Users\Hello
2015-01-24 21:20 - 2014-09-09 20:25 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-09-09 20:25 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 18:19 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\Hello\Documents\Bewerbungen
2015-01-14 09:57 - 2014-09-09 20:05 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 09:50 - 2014-04-29 10:41 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-09-22 20:41 - 2014-09-23 17:10 - 0002233 _____ () C:\Users\Alina\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2014-04-30 19:44 - 2014-04-30 19:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 13:30

==================== End Of Log ============================
--- --- ---

schrauber 04.02.2015 19:03
ich zitiere mich mal :)
Zitat:
FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logs.

AuGuRi 04.02.2015 22:07
uups hab ich total überlesen. Sorry!!!

Hier ein aktuelles FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Alina (administrator) on AUGURI on 04-02-2015 21:57:33
Running from C:\Users\Hello\Downloads
Loaded Profiles: Alina (Available profiles: Alina & Hello)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BitTorrent Inc.) C:\Users\Alina\AppData\Roaming\BitTorrent\BitTorrent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\...\Run: [BitTorrent] => C:\Users\Alina\AppData\Roaming\BitTorrent\BitTorrent.exe [1438808 2015-01-31] (BitTorrent Inc.)
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50802;https=127.0.0.1:50802
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\pk3pdjx4.default-1422902549553
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: YouTube Unblocker - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\pk3pdjx4.default-1422902549553\Extensions\youtubeunblocker@unblocker.yt [2015-02-02]
FF Extension: WOT - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\pk3pdjx4.default-1422902549553\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-02]
FF Extension: Adblock Plus - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\pk3pdjx4.default-1422902549553\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-02]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-09-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                          )
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 20:03 - 2015-02-02 20:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-02 19:42 - 2015-02-02 19:42 - 00000000 ____D () C:\Users\Alina\Desktop\Alte Firefox-Daten
2015-02-02 19:41 - 2015-02-02 20:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 19:41 - 2015-02-02 19:41 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 19:41 - 2015-02-02 19:41 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-02 19:39 - 2015-02-02 19:49 - 00000232 _____ () C:\windows\setupact.log
2015-02-02 19:39 - 2015-02-02 19:39 - 00000820 _____ () C:\windows\PFRO.log
2015-02-02 19:39 - 2015-02-02 19:39 - 00000000 _____ () C:\windows\setuperr.log
2015-02-02 15:01 - 2015-02-04 21:58 - 00567593 _____ () C:\windows\WindowsUpdate.log
2015-02-02 12:01 - 2015-02-04 21:57 - 00000000 ____D () C:\Users\Hello\Downloads\FRST-OlderVersion
2015-02-02 11:57 - 2015-02-02 11:57 - 00852573 _____ () C:\Users\Alina\Downloads\SecurityCheck.exe
2015-02-02 09:44 - 2015-02-02 09:47 - 02347384 _____ (ESET) C:\Users\Hello\Downloads\esetsmartinstaller_deu.exe
2015-01-31 21:01 - 2015-01-31 21:01 - 00000624 _____ () C:\Users\Alina\Desktop\JRT.txt
2015-01-31 20:53 - 2015-01-31 20:53 - 01707939 _____ (Thisisu) C:\Users\Alina\Downloads\JRT.exe
2015-01-31 20:47 - 2015-01-31 20:47 - 02194432 _____ () C:\Users\Alina\Downloads\AdwCleaner_4.109.exe
2015-01-31 19:47 - 2015-01-31 19:47 - 00001288 _____ () C:\Users\Alina\Desktop\Revo Uninstaller.lnk
2015-01-31 19:47 - 2015-01-31 19:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-31 19:46 - 2015-01-31 19:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hello\Downloads\revosetup95.exe
2015-01-31 15:32 - 2015-01-31 15:32 - 00025201 _____ () C:\Users\Hello\Downloads\Addition.txt
2015-01-31 15:30 - 2015-02-04 21:58 - 00013200 _____ () C:\Users\Hello\Downloads\FRST.txt
2015-01-31 15:30 - 2015-02-04 21:57 - 00000000 ____D () C:\FRST
2015-01-31 15:29 - 2015-02-04 21:57 - 02131968 _____ (Farbar) C:\Users\Hello\Downloads\FRST64.exe
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-25 18:58 - 2015-01-31 20:50 - 00000000 ____D () C:\AdwCleaner
2015-01-25 18:58 - 2015-01-25 18:58 - 02194432 _____ () C:\Users\Hello\Downloads\AdwCleaner_4.109.exe
2015-01-25 18:43 - 2015-01-25 18:43 - 01707939 _____ (Thisisu) C:\Users\Hello\Downloads\JRT.exe
2015-01-25 18:28 - 2015-01-25 18:28 - 00000000 ____D () C:\ProgramData\DivX
2015-01-25 18:25 - 2015-02-02 19:47 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\Booster-Web
2015-01-14 09:11 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 09:11 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 09:11 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-14 09:11 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-14 09:11 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-14 09:11 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-14 09:11 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 09:11 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-14 09:11 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-14 09:11 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-14 09:11 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-14 09:11 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-14 09:11 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-14 09:11 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-14 09:11 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-14 09:11 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-14 09:11 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-14 09:11 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-14 09:11 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-14 09:11 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-14 09:11 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-05 10:59 - 2015-02-02 16:43 - 00000000 ___RD () C:\Users\Hello\Dropbox
2015-01-05 10:59 - 2015-01-05 10:59 - 00001177 _____ () C:\Users\Hello\Desktop\Dropbox.lnk
2015-01-05 10:58 - 2015-01-05 10:58 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-05 10:58 - 2015-01-05 10:58 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\Dropbox
2015-01-05 10:56 - 2015-02-02 16:43 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Dropbox
2015-01-05 10:55 - 2015-01-05 10:56 - 00324112 _____ (Dropbox, Inc.) C:\Users\Hello\Downloads\DropboxInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 21:57 - 2014-09-23 17:05 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\BitTorrent
2015-02-04 21:56 - 2014-09-23 06:59 - 00001700 _____ () C:\windows\Tasks\XTIHHBZN.job
2015-02-04 21:56 - 2014-09-23 06:59 - 00001352 _____ () C:\windows\Tasks\QJCMSC.job
2015-02-04 21:23 - 2015-01-03 13:27 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-04 20:23 - 2015-01-03 13:27 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 17:42 - 2014-09-09 17:13 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2372495719-1458228271-1439821906-1004
2015-02-04 17:09 - 2014-09-23 19:55 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{17F2C544-6AE9-4B46-84C4-7AF0B4293D11}
2015-02-04 11:03 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\Hello\Documents\Citavi 4
2015-02-04 08:33 - 2014-09-09 13:33 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2372495719-1458228271-1439821906-1001
2015-02-04 08:23 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-02-02 20:32 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache
2015-02-02 19:49 - 2014-09-23 17:33 - 00000214 _____ () C:\windows\Tasks\AutoKMS.job
2015-02-02 19:49 - 2014-09-22 21:50 - 00017920 ___SH () C:\Users\Alina\Desktop\Thumbs.db
2015-02-02 19:49 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-02 19:47 - 2014-09-09 15:24 - 00236032 ___SH () C:\Users\Alina\Downloads\Thumbs.db
2015-02-02 19:42 - 2014-09-09 13:44 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{797817F3-6D87-4081-BAAB-5F4E4D2E31FC}
2015-02-02 19:38 - 2013-08-22 14:25 - 00524288 ___SH () C:\windows\system32\config\BBI
2015-02-02 19:17 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\Hello\Documents\Simon
2015-02-02 19:01 - 2014-09-16 08:05 - 00256000 ___SH () C:\Users\Hello\Documents\Thumbs.db
2015-02-02 16:34 - 2014-09-09 13:49 - 00000000 ____D () C:\Users\Alina\AppData\Local\Adobe
2015-02-02 14:59 - 2014-09-23 18:01 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 14:58 - 2014-11-03 20:34 - 00000000 ____D () C:\windows\Minidump
2015-02-02 14:57 - 2014-09-28 09:32 - 00000000 ____D () C:\Users\Hello\Desktop\UNI
2015-01-31 20:55 - 2014-12-11 18:07 - 00000000 ____D () C:\Users\Für Jeden
2015-01-31 20:43 - 2014-04-29 13:28 - 00000000 ____D () C:\windows\tr
2015-01-29 10:44 - 2014-09-09 14:53 - 00000000 ____D () C:\Users\Hello\Documents\Arbeitsvorlagen
2015-01-28 18:44 - 2014-10-01 17:47 - 00261632 ___SH () C:\Users\Hello\Downloads\Thumbs.db
2015-01-28 18:32 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-01-28 11:51 - 2014-11-17 09:51 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Skype
2015-01-26 11:23 - 2014-10-03 20:40 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 11:22 - 2015-01-03 13:20 - 00000000 ____D () C:\Program Files\Java
2015-01-26 11:22 - 2014-10-03 20:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 11:21 - 2015-01-03 13:20 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-01-26 11:21 - 2014-10-03 20:40 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 19:02 - 2014-09-09 14:05 - 00000000 ____D () C:\Users\Alina\Desktop\Programme
2015-01-25 18:30 - 2014-09-09 13:28 - 00001458 _____ () C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-25 18:30 - 2014-05-06 16:01 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-01-25 17:59 - 2014-09-09 17:07 - 00000000 ____D () C:\Users\Hello
2015-01-24 21:20 - 2014-09-09 20:25 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-09-09 20:25 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 18:19 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\Hello\Documents\Bewerbungen
2015-01-14 09:57 - 2014-09-09 20:05 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 09:50 - 2014-04-29 10:41 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-09-22 20:41 - 2014-09-23 17:10 - 0002233 _____ () C:\Users\Alina\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2014-04-30 19:44 - 2014-04-30 19:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 13:30

==================== End Of Log ============================
--- --- ---


und das Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Alina at 2015-02-04 21:58:52
Running from C:\Users\Hello\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
BitTorrent (HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\...\BitTorrent) (Version: 7.9.2.38398 - BitTorrent Inc.)
Booster-Web (HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\...\Booster-Web) (Version: 2 - Appli LLC)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4430.0 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.4430.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2230.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2230.0 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2527 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2372495719-1458228271-1439821906-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hello\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2372495719-1458228271-1439821906-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2372495719-1458228271-1439821906-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hello\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2372495719-1458228271-1439821906-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hello\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2372495719-1458228271-1439821906-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hello\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2372495719-1458228271-1439821906-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hello\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2372495719-1458228271-1439821906-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hello\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2372495719-1458228271-1439821906-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hello\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2372495719-1458228271-1439821906-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hello\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2372495719-1458228271-1439821906-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hello\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

14-01-2015 09:48:39 Windows Update
23-01-2015 15:00:32 Windows Update
28-01-2015 18:30:23 Windows Update
31-01-2015 19:48:50 Revo Uninstaller's restore point - Snap.Do
02-02-2015 19:35:54 Revo Uninstaller's restore point - Mozilla Firefox 35.0.1 (x86 de)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {154BCD51-D412-4BE4-BC9A-AE318722956B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2B201585-F354-43FC-8301-0B6097A0139F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {42AC485D-5672-4A2A-B830-0A6FC5C37A07} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {532B9037-4864-45BA-B6BC-6C7AF87D83D1} - System32\Tasks\QJCMSC => C:\Users\Alina\AppData\Roaming\QJCMSC.exe <==== ATTENTION
Task: {6F00CD4F-4951-4AD8-956A-62DC30B89D57} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {7408912A-4F5C-45D6-9D1E-A708B26B8DCA} - System32\Tasks\XTIHHBZN => C:\Users\Alina\AppData\Roaming\XTIHHBZN.exe <==== ATTENTION
Task: {84CA37A1-300F-41A8-9D2D-8D89D8ECA722} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {A36231C7-2CB2-4B7F-8C2F-B896C2BD859D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D1FBB4C1-D4D0-4C89-900F-6B6C50D83B02} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\QJCMSC.job => C:\Users\Alina\AppData\Roaming\QJCMSC.exe <==== ATTENTION
Task: C:\windows\Tasks\XTIHHBZN.job => C:\Users\Alina\AppData\Roaming\XTIHHBZN.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-04-29 17:47 - 2011-08-22 13:44 - 01421216 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
2014-04-29 17:47 - 2012-07-30 10:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
2014-04-29 18:02 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-04-29 17:51 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Alina\Downloads\Office2010Toolkitand22__7821_il265(1).exe:typelib
AlternateDataStreams: C:\Users\Hello\Letzte Version.docx:com.dropbox.attributes
AlternateDataStreams: C:\Users\Hello\Desktop\me.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Hello\Desktop\me.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alina\Pictures\Pictures\MÜNCHEN\Westpark\August 08\IMGP1750.JPG

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2372495719-1458228271-1439821906-500 - Administrator - Disabled)
Alina (S-1-5-21-2372495719-1458228271-1439821906-1001 - Administrator - Enabled) => C:\Users\Alina
Gast (S-1-5-21-2372495719-1458228271-1439821906-501 - Limited - Disabled)
Hello (S-1-5-21-2372495719-1458228271-1439821906-1004 - Limited - Enabled) => C:\Users\Hello
HomeGroupUser$ (S-1-5-21-2372495719-1458228271-1439821906-1009 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2015 08:28:51 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/03/2015 05:29:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/03/2015 05:29:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/02/2015 07:46:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/02/2015 02:40:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/02/2015 11:54:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/02/2015 09:50:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/02/2015 09:50:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/02/2015 09:50:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/02/2015 09:50:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (02/04/2015 06:24:06 PM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/04/2015 08:42:07 AM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/02/2015 07:48:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062

Error: (02/02/2015 06:12:19 PM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/02/2015 06:11:49 PM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/01/2015 05:32:17 PM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/31/2015 09:10:39 PM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/31/2015 09:10:09 PM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/31/2015 09:09:39 PM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/31/2015 09:07:09 PM) (Source: DCOM) (EventID: 10010) (User: Auguri)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (02/04/2015 08:28:51 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Hello\Downloads\esetsmartinstaller_deu.exe

Error: (02/03/2015 05:29:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector5\Kernel\CES\CES_CacheAgent.exe.Manifest

Error: (02/03/2015 05:29:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest

Error: (02/02/2015 07:46:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Hello\Downloads\esetsmartinstaller_deu.exe

Error: (02/02/2015 02:40:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Hello\Downloads\esetsmartinstaller_deu.exe

Error: (02/02/2015 11:54:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/02/2015 09:50:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Hello\Downloads\esetsmartinstaller_deu.exe

Error: (02/02/2015 09:50:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Hello\Downloads\esetsmartinstaller_deu.exe

Error: (02/02/2015 09:50:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Hello\Downloads\esetsmartinstaller_deu.exe

Error: (02/02/2015 09:50:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Hello\Downloads\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-02-04 21:56:10.842
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-04 21:56:09.483
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-04 21:56:08.004
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-04 21:56:06.810
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-04 21:56:05.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-04 21:56:04.453
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-04 21:56:03.251
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-04 21:56:02.124
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-04 21:56:01.008
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-04 21:55:59.873
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Percentage of memory in use: 26%
Total physical RAM: 3969.26 MB
Available physical RAM: 2934.27 MB
Total Pagefile: 5121.26 MB
Available Pagefile: 3481.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:759.92 GB) NTFS
Drive d: (Recover) (Fixed) (Total:59.99 GB) (Free:42.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 05.02.2015 08:32
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50802;https=127.0.0.1:50802
2014-04-30 19:44 - 2014-04-30 19:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Task: {532B9037-4864-45BA-B6BC-6C7AF87D83D1} - System32\Tasks\QJCMSC => C:\Users\Alina\AppData\Roaming\QJCMSC.exe <==== ATTENTION

Task: {7408912A-4F5C-45D6-9D1E-A708B26B8DCA} - System32\Tasks\XTIHHBZN => C:\Users\Alina\AppData\Roaming\XTIHHBZN.exe <==== ATTENTION

Task: C:\windows\Tasks\QJCMSC.job => C:\Users\Alina\AppData\Roaming\QJCMSC.exe <==== ATTENTION

Task: C:\windows\Tasks\XTIHHBZN.job => C:\Users\Alina\AppData\Roaming\XTIHHBZN.exe <==== ATTENTION
C:\Users\Alina\AppData\Roaming\QJCMSC.exe
C:\Users\Alina\AppData\Roaming\XTIHHBZN.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



frisches FRST log bitte.

AuGuRi 05.02.2015 12:32
so alles nach Anleitung erledigt :)

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by Alina at 2015-02-05 12:25:03 Run:2
Running from C:\Users\Alina\Desktop
Loaded Profiles: Alina (Available profiles: Alina & Hello)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50802;https=127.0.0.1:50802
2014-04-30 19:44 - 2014-04-30 19:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Task: {532B9037-4864-45BA-B6BC-6C7AF87D83D1} - System32\Tasks\QJCMSC => C:\Users\Alina\AppData\Roaming\QJCMSC.exe <==== ATTENTION

Task: {7408912A-4F5C-45D6-9D1E-A708B26B8DCA} - System32\Tasks\XTIHHBZN => C:\Users\Alina\AppData\Roaming\XTIHHBZN.exe <==== ATTENTION

Task: C:\windows\Tasks\QJCMSC.job => C:\Users\Alina\AppData\Roaming\QJCMSC.exe <==== ATTENTION

Task: C:\windows\Tasks\XTIHHBZN.job => C:\Users\Alina\AppData\Roaming\XTIHHBZN.exe <==== ATTENTION
C:\Users\Alina\AppData\Roaming\QJCMSC.exe
C:\Users\Alina\AppData\Roaming\XTIHHBZN.exe
Emptytemp:
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{532B9037-4864-45BA-B6BC-6C7AF87D83D1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{532B9037-4864-45BA-B6BC-6C7AF87D83D1}" => Key deleted successfully.
C:\Windows\System32\Tasks\QJCMSC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QJCMSC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7408912A-4F5C-45D6-9D1E-A708B26B8DCA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7408912A-4F5C-45D6-9D1E-A708B26B8DCA}" => Key deleted successfully.
C:\Windows\System32\Tasks\XTIHHBZN => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\XTIHHBZN" => Key deleted successfully.
C:\windows\Tasks\QJCMSC.job => Moved successfully.
C:\windows\Tasks\XTIHHBZN.job => Moved successfully.
"C:\Users\Alina\AppData\Roaming\QJCMSC.exe" => File/Directory not found.
"C:\Users\Alina\AppData\Roaming\XTIHHBZN.exe" => File/Directory not found.
EmptyTemp: => Removed 30.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:25:13 ====
und noch das FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Alina (administrator) on AUGURI on 05-02-2015 12:30:34
Running from C:\Users\Alina\Desktop
Loaded Profiles: Alina (Available profiles: Alina & Hello)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BitTorrent Inc.) C:\Users\Alina\AppData\Roaming\BitTorrent\BitTorrent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2372495719-1458228271-1439821906-1001\...\Run: [BitTorrent] => C:\Users\Alina\AppData\Roaming\BitTorrent\BitTorrent.exe [1438808 2015-01-31] (BitTorrent Inc.)
HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe [969632 2012-08-10] (Ashampoo)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Hello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50802;https=127.0.0.1:50802
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\pk3pdjx4.default-1422902549553
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: YouTube Unblocker - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\pk3pdjx4.default-1422902549553\Extensions\youtubeunblocker@unblocker.yt [2015-02-02]
FF Extension: WOT - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\pk3pdjx4.default-1422902549553\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-02]
FF Extension: Adblock Plus - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\pk3pdjx4.default-1422902549553\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-02]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-09-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] ()
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                          )
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 12:26 - 2015-02-05 12:26 - 00000116 _____ () C:\windows\setupact.log
2015-02-05 12:26 - 2015-02-05 12:26 - 00000000 _____ () C:\windows\setuperr.log
2015-02-02 20:03 - 2015-02-02 20:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-02 19:42 - 2015-02-02 19:42 - 00000000 ____D () C:\Users\Alina\Desktop\Alte Firefox-Daten
2015-02-02 19:41 - 2015-02-05 12:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 19:41 - 2015-02-02 19:41 - 00001179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-02 19:41 - 2015-02-02 19:41 - 00001167 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-02 15:01 - 2015-02-05 12:13 - 00868871 _____ () C:\windows\WindowsUpdate.log
2015-02-02 12:01 - 2015-02-04 21:57 - 00000000 ____D () C:\Users\Hello\Downloads\FRST-OlderVersion
2015-02-02 11:57 - 2015-02-02 11:57 - 00852573 _____ () C:\Users\Alina\Downloads\SecurityCheck.exe
2015-02-02 09:44 - 2015-02-02 09:47 - 02347384 _____ (ESET) C:\Users\Hello\Downloads\esetsmartinstaller_deu.exe
2015-01-31 21:01 - 2015-01-31 21:01 - 00000624 _____ () C:\Users\Alina\Desktop\JRT.txt
2015-01-31 20:53 - 2015-01-31 20:53 - 01707939 _____ (Thisisu) C:\Users\Alina\Downloads\JRT.exe
2015-01-31 20:47 - 2015-01-31 20:47 - 02194432 _____ () C:\Users\Alina\Downloads\AdwCleaner_4.109.exe
2015-01-31 19:47 - 2015-01-31 19:47 - 00001288 _____ () C:\Users\Alina\Desktop\Revo Uninstaller.lnk
2015-01-31 19:47 - 2015-01-31 19:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-31 19:46 - 2015-01-31 19:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hello\Downloads\revosetup95.exe
2015-01-31 15:32 - 2015-02-04 21:59 - 00036609 _____ () C:\Users\Alina\Desktop\Addition.txt
2015-01-31 15:30 - 2015-02-05 12:30 - 00013155 _____ () C:\Users\Alina\Desktop\FRST.txt
2015-01-31 15:30 - 2015-02-05 12:30 - 00000000 ____D () C:\FRST
2015-01-31 15:29 - 2015-02-04 21:57 - 02131968 _____ (Farbar) C:\Users\Alina\Desktop\FRST64.exe
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-28 11:53 - 2015-01-28 11:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-25 18:58 - 2015-01-31 20:50 - 00000000 ____D () C:\AdwCleaner
2015-01-25 18:58 - 2015-01-25 18:58 - 02194432 _____ () C:\Users\Hello\Downloads\AdwCleaner_4.109.exe
2015-01-25 18:43 - 2015-01-25 18:43 - 01707939 _____ (Thisisu) C:\Users\Hello\Downloads\JRT.exe
2015-01-25 18:28 - 2015-01-25 18:28 - 00000000 ____D () C:\ProgramData\DivX
2015-01-25 18:25 - 2015-02-02 19:47 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\Booster-Web
2015-01-14 09:11 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 09:11 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 09:11 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-14 09:11 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-14 09:11 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-14 09:11 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-14 09:11 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-14 09:11 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 09:11 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-14 09:11 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-14 09:11 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-14 09:11 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-14 09:11 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-14 09:11 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-14 09:11 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-14 09:11 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-14 09:11 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-14 09:11 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-14 09:11 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-14 09:11 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-14 09:11 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-14 09:11 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-14 09:11 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 12:31 - 2014-09-23 17:05 - 00000000 ____D () C:\Users\Alina\AppData\Roaming\BitTorrent
2015-02-05 12:29 - 2014-09-09 13:44 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{797817F3-6D87-4081-BAAB-5F4E4D2E31FC}
2015-02-05 12:26 - 2014-09-23 17:33 - 00000214 _____ () C:\windows\Tasks\AutoKMS.job
2015-02-05 12:26 - 2014-09-22 21:50 - 00017920 ___SH () C:\Users\Alina\Desktop\Thumbs.db
2015-02-05 12:26 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-05 12:23 - 2015-01-03 13:27 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-05 11:58 - 2014-09-09 17:13 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2372495719-1458228271-1439821906-1004
2015-02-05 11:53 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-02-05 11:47 - 2014-09-23 19:55 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{17F2C544-6AE9-4B46-84C4-7AF0B4293D11}
2015-02-04 22:26 - 2014-09-09 13:33 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2372495719-1458228271-1439821906-1001
2015-02-04 22:11 - 2014-09-23 18:01 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 20:23 - 2015-01-03 13:27 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 11:03 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\Hello\Documents\Citavi 4
2015-02-02 20:32 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache
2015-02-02 19:47 - 2014-09-09 15:24 - 00236032 ___SH () C:\Users\Alina\Downloads\Thumbs.db
2015-02-02 19:38 - 2013-08-22 14:25 - 00524288 ___SH () C:\windows\system32\config\BBI
2015-02-02 19:17 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\Hello\Documents\Simon
2015-02-02 19:01 - 2014-09-16 08:05 - 00256000 ___SH () C:\Users\Hello\Documents\Thumbs.db
2015-02-02 16:43 - 2015-01-05 10:59 - 00000000 ___RD () C:\Users\Hello\Dropbox
2015-02-02 16:43 - 2015-01-05 10:56 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Dropbox
2015-02-02 16:34 - 2014-09-09 13:49 - 00000000 ____D () C:\Users\Alina\AppData\Local\Adobe
2015-02-02 14:58 - 2014-11-03 20:34 - 00000000 ____D () C:\windows\Minidump
2015-02-02 14:57 - 2014-09-28 09:32 - 00000000 ____D () C:\Users\Hello\Desktop\UNI
2015-01-31 20:55 - 2014-12-11 18:07 - 00000000 ____D () C:\Users\Für Jeden
2015-01-31 20:43 - 2014-04-29 13:28 - 00000000 ____D () C:\windows\tr
2015-01-29 10:44 - 2014-09-09 14:53 - 00000000 ____D () C:\Users\Hello\Documents\Arbeitsvorlagen
2015-01-28 18:44 - 2014-10-01 17:47 - 00261632 ___SH () C:\Users\Hello\Downloads\Thumbs.db
2015-01-28 18:32 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-01-28 11:51 - 2014-11-17 09:51 - 00000000 ____D () C:\Users\Hello\AppData\Roaming\Skype
2015-01-26 11:23 - 2014-10-03 20:40 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 11:22 - 2015-01-03 13:20 - 00000000 ____D () C:\Program Files\Java
2015-01-26 11:22 - 2014-10-03 20:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 11:21 - 2015-01-03 13:20 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-01-26 11:21 - 2014-10-03 20:40 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-26 11:21 - 2014-10-03 20:40 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 19:02 - 2014-09-09 14:05 - 00000000 ____D () C:\Users\Alina\Desktop\Programme
2015-01-25 18:30 - 2014-09-09 13:28 - 00001458 _____ () C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-25 18:30 - 2014-05-06 16:01 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-01-25 17:59 - 2014-09-09 17:07 - 00000000 ____D () C:\Users\Hello
2015-01-24 21:20 - 2014-09-09 20:25 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-09-09 20:25 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 18:19 - 2014-09-09 14:54 - 00000000 ____D () C:\Users\Hello\Documents\Bewerbungen
2015-01-14 09:57 - 2014-09-09 20:05 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 09:50 - 2014-04-29 10:41 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-09-22 20:41 - 2014-09-23 17:10 - 0002233 _____ () C:\Users\Alina\AppData\Local\Citavi Picker Internet Explorer Protocol.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-05 12:22

==================== End Of Log ============================
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:11 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19