Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Werbe Popups und andere Plagen nach Freewaredownload (https://www.trojaner-board.de/163723-werbe-popups-andere-plagen-freewaredownload.html)

Tusia1987 07.02.2015 19:08
Werbe Popups und andere Plagen nach Freewaredownload
 
Hallo zusammen!

Meine Freundin hatte vor kurzem mehrere Freeware recovery Programme irgendwo gezogen.
Seitdem hat sie Probleme mit ihrem neuen Asus Notebook. Ständig öffnen sich werbe Popups und Videos. Sie hat auch den Überblick verloren welche Programme dafür verantwortlich waren, bzw. hat sie auch keine Ahnung mehr, wo sie die Programme gezogen hat.
Um auf Nummer sicher zu gehen, dass sich nichts ernstes eingenistet hat, bitte ich um Rat.

Betriebssystem ist Windows 8.1

schrauber 07.02.2015 19:27
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Tusia1987 07.02.2015 19:51
Hi!

Danke für die schnelle Rückmeldung!

Anbei die FRST-Datei
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Magda (administrator) on SCHREIBFRÄULEIN on 07-02-2015 19:43:58
Running from C:\Users\Magda\Downloads
Loaded Profiles: Magda (Available profiles: Magda)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
Failed to access process -> csrss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Magda\AppData\Roaming\Spotify\spotify.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Spotify Ltd) C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Magda\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-15] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2930704379-1728940339-4244135640-1001\...\Run: [Spotify] => C:\Users\Magda\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-12] (Spotify Ltd)
HKU\S-1-5-21-2930704379-1728940339-4244135640-1001\...\Run: [Spotify Web Helper] => C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)
Startup: C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Magda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2930704379-1728940339-4244135640-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2930704379-1728940339-4244135640-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Magda\AppData\Roaming\Mozilla\Firefox\Profiles\vzm53m6p.default-1418942000211
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF user.js: detected! => C:\Users\Magda\AppData\Roaming\Mozilla\Firefox\Profiles\vzm53m6p.default-1418942000211\user.js
FF Extension: Positive Finds - C:\Users\Magda\AppData\Roaming\Mozilla\Firefox\Profiles\vzm53m6p.default-1418942000211\Extensions\{f57f3b24-cabd-4998-9e47-8842f793f6de}.xpi [2015-02-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-10-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-18] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-03-31] (ASUS Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-18] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 17:47 - 2015-02-07 17:47 - 00108901 _____ () C:\Users\Magda\Downloads\adblock_plus_pop_up_addon-0.9.2-fx(1).zip
2015-02-07 17:45 - 2015-02-07 17:45 - 00108901 _____ () C:\Users\Magda\Downloads\adblock_plus_pop_up_addon-0.9.2-fx.zip
2015-02-07 17:42 - 2015-02-07 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-06 23:39 - 2015-02-06 23:39 - 10760296 _____ (EaseUS ) C:\Users\Magda\Downloads\drw_free.exe
2015-02-06 23:39 - 2015-02-06 23:39 - 00000000 ____D () C:\Program Files\EaseUS
2015-02-06 23:37 - 2015-02-07 00:06 - 00000000 ____D () C:\Program Files (x86)\Positive Finds
2015-02-06 23:37 - 2015-02-07 00:05 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-02-06 23:36 - 2015-02-06 23:36 - 00000000 ____D () C:\Users\Magda\AppData\Roaming\OpenCandy
2015-02-06 23:34 - 2015-02-06 23:34 - 01198368 _____ () C:\Users\Magda\Downloads\Easeus Partition Master - CHIP-Installer.exe
2015-02-06 23:26 - 2015-02-06 23:26 - 03736125 _____ () C:\Users\Magda\Downloads\testdisk-6.14.win.zip
2015-02-06 23:26 - 2015-02-06 23:26 - 00000000 ____D () C:\Users\Magda\Downloads\testdisk-6.14.win
2015-02-06 23:25 - 2015-02-06 23:25 - 01198368 _____ () C:\Users\Magda\Downloads\TestDisk PhotoRec - CHIP-Installer.exe
2015-02-06 23:04 - 2015-02-06 23:04 - 00000000 ____D () C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2015-02-06 23:04 - 2015-02-06 23:04 - 00000000 ____D () C:\Program Files (x86)\Convar
2015-02-06 23:03 - 2015-02-06 23:03 - 03462033 _____ () C:\Users\Magda\Downloads\pci_filerecovery.exe
2015-02-06 22:55 - 2015-02-06 22:56 - 12278808 _____ () C:\Users\Magda\Downloads\testdisk-7.0-wip.win.zip
2015-02-06 22:48 - 2015-02-06 22:48 - 00000000 ____D () C:\Users\Magda\AppData\Roaming\dlg
2015-02-06 22:39 - 2015-02-06 23:38 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-06 22:39 - 2015-02-06 22:39 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-06 22:37 - 2015-02-06 22:37 - 00621016 _____ () C:\Users\Magda\Downloads\rcsetup151_CB-DL-Manager.exe
2015-02-06 22:29 - 2015-02-06 22:29 - 00851400 _____ (WinRecovery Software ) C:\Users\Magda\Downloads\cardrecovery_setup_de.exe
2015-02-06 22:26 - 2015-02-06 23:57 - 00000000 ____D () C:\Users\Magda\Desktop\Davids Geburtstag 2015
2015-02-05 12:14 - 2015-02-05 12:14 - 01460438 _____ () C:\Users\Magda\Downloads\Studio & Cat.zip
2015-02-05 00:24 - 2015-02-05 00:24 - 00001948 _____ () C:\Users\Magda\Desktop\Schönheitsideale.txt
2015-02-04 23:56 - 2015-02-04 23:56 - 00001962 _____ () C:\Users\Magda\Desktop\Parisian Chic.txt
2015-02-04 08:03 - 2015-02-04 07:59 - 00013405 _____ () C:\Users\Magda\Documents\KB_Claire%20Damaa_Loungewear.doc_1.odt
2015-02-03 18:37 - 2015-02-03 18:33 - 00013406 _____ () C:\Users\Magda\Documents\KB_Claire%20Damaa_Loungewear.doc_0_1.odt
2015-02-03 18:32 - 2015-02-03 18:27 - 00013533 _____ () C:\Users\Magda\Documents\KB_Claire%20Damaa_Loungewear.doc_0.odt
2015-02-03 16:19 - 2015-02-03 16:25 - 00000000 ____D () C:\Users\Magda\Desktop\Passionata
2015-02-03 02:14 - 2015-02-03 02:33 - 00106103 _____ () C:\Users\Magda\Desktop\HAUSHALTSBUCH.ods
2015-02-03 01:12 - 2015-02-03 01:39 - 1156227397 _____ () C:\Users\Magda\Downloads\LOOK BOOK CLAIRE DAMAA FALL WINTER 2015.2016 GENERAL.pptx
2015-02-03 00:00 - 2015-02-03 00:00 - 00000000 ____D () C:\Users\Magda\AppData\Roaming\Scribus
2015-02-02 23:52 - 2015-02-02 23:52 - 01191200 _____ () C:\Users\Magda\Downloads\Scribus 32 Bit - CHIP-Installer.exe
2015-01-30 20:32 - 2015-01-30 20:35 - 00012926 _____ () C:\Users\Magda\Desktop\Mama AOK Widerspruch.odt
2015-01-30 20:28 - 2015-01-30 20:29 - 00012672 _____ () C:\Users\Magda\Desktop\Mama Guthaben.odt
2015-01-29 23:01 - 2015-01-29 23:01 - 33730805 _____ () C:\Users\Magda\Downloads\HKMX_Imagebilder_2015.zip
2015-01-29 17:27 - 2015-01-29 17:33 - 278955653 _____ () C:\Users\Magda\Downloads\dddc_Freya_Lingerie_HW15_16.zip
2015-01-28 22:02 - 2015-01-29 08:40 - 00014385 _____ () C:\Users\Magda\Desktop\KSK Schätzung Jahreseinkommen.odt
2015-01-23 20:00 - 2015-01-23 20:03 - 119163320 _____ () C:\Users\Magda\Downloads\Divorce(1).zip
2015-01-23 19:54 - 2015-01-23 19:54 - 27529399 _____ () C:\Users\Magda\Downloads\wetransfer-174acf.zip
2015-01-22 14:04 - 2015-01-22 14:05 - 27338669 _____ () C:\Users\Magda\Downloads\wetransfer-f35ca2.zip
2015-01-21 21:19 - 2015-01-21 21:22 - 119163320 _____ () C:\Users\Magda\Downloads\Divorce.zip
2015-01-15 15:41 - 2015-01-29 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 14:40 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 14:40 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 14:40 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 14:40 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 14:40 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 14:40 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 14:40 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 14:40 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 14:40 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 14:40 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 14:40 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 14:40 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 14:40 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 14:40 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 14:40 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 14:40 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 14:40 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 14:40 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 14:40 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 14:40 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 14:40 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 14:40 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 14:40 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 14:40 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 19:44 - 2014-12-03 18:23 - 00000000 ____D () C:\Users\Magda\AppData\Roaming\Spotify
2015-02-07 19:44 - 2014-12-01 18:47 - 00000000 ____D () C:\FRST
2015-02-07 19:43 - 2014-12-10 22:35 - 00000000 ____D () C:\Users\Magda\Downloads\FRST-OlderVersion
2015-02-07 19:43 - 2014-12-01 18:47 - 00021173 _____ () C:\Users\Magda\Downloads\FRST.txt
2015-02-07 19:43 - 2014-12-01 18:42 - 02132992 _____ (Farbar) C:\Users\Magda\Downloads\FRST64.exe
2015-02-07 19:10 - 2014-12-08 08:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-07 19:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-07 18:55 - 2014-10-15 20:30 - 01143399 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 18:31 - 2014-11-24 21:38 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2930704379-1728940339-4244135640-1001
2015-02-07 17:46 - 2014-11-27 18:59 - 01083904 ___SH () C:\Users\Magda\Downloads\Thumbs.db
2015-02-07 17:19 - 2014-12-03 13:21 - 00000000 ____D () C:\Users\Magda\AppData\Local\Adobe
2015-02-07 17:18 - 2014-11-25 09:59 - 00000000 ___RD () C:\Users\Magda\Dropbox
2015-02-07 17:18 - 2014-11-25 09:56 - 00000000 ____D () C:\Users\Magda\AppData\Roaming\Dropbox
2015-02-07 17:16 - 2014-11-24 21:40 - 00000000 ___DO () C:\Users\Magda\OneDrive
2015-02-07 17:16 - 2014-11-24 21:32 - 00000093 _____ () C:\Users\Magda\AppData\Roaming\sp_data.sys
2015-02-07 00:48 - 2014-11-25 10:32 - 02087936 ___SH () C:\Users\Magda\Desktop\Thumbs.db
2015-02-06 22:48 - 2014-11-25 10:33 - 00000000 ____D () C:\Users\Magda\Desktop\EBAY
2015-02-06 21:32 - 2014-12-04 16:52 - 00000000 ____D () C:\Users\Magda\Desktop\Linie International
2015-02-06 20:43 - 2014-12-23 17:46 - 00126464 ___SH () C:\Users\Magda\Documents\Thumbs.db
2015-02-06 14:19 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-06 14:14 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-04 20:10 - 2014-12-08 08:43 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 17:37 - 2014-12-03 18:27 - 00000000 ____D () C:\Users\Magda\AppData\Local\Spotify
2015-02-04 12:33 - 2014-10-15 20:57 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-04 12:33 - 2013-08-22 15:46 - 00026608 _____ () C:\Windows\setupact.log
2015-02-04 12:33 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 12:32 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-03 20:31 - 2014-11-28 18:02 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-11-28 18:02 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 16:05 - 2014-05-16 00:45 - 00773008 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 16:05 - 2014-05-16 00:45 - 00162310 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 16:05 - 2014-03-18 16:26 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 15:13 - 2014-12-12 20:51 - 00000000 ____D () C:\Users\Magda\Desktop\Design Homepage
2015-01-30 11:09 - 2014-12-18 23:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 11:09 - 2014-03-18 09:16 - 00014310 _____ () C:\Windows\PFRO.log
2015-01-30 11:09 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-28 21:59 - 2014-11-25 11:07 - 00000000 ____D () C:\Users\Magda\Documents\Schreibfräulein
2015-01-25 17:20 - 2014-12-03 16:23 - 00015771 _____ () C:\Users\Magda\Desktop\Nachweis_DJV.odt
2015-01-19 09:10 - 2014-11-25 09:59 - 00001078 _____ () C:\Users\Magda\Desktop\Dropbox.lnk
2015-01-19 09:10 - 2014-11-25 09:57 - 00000000 ____D () C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-18 19:30 - 2014-11-27 14:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 19:26 - 2014-11-27 14:46 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-11-24 21:32 - 2015-02-07 17:16 - 0000093 _____ () C:\Users\Magda\AppData\Roaming\sp_data.sys
2014-12-01 10:41 - 2014-12-01 10:41 - 0000045 _____ () C:\Users\Magda\AppData\Roaming\WB.CFG
2014-10-15 20:46 - 2014-10-15 20:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-15 16:58 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-15 16:58 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-15 16:58 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Magda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpykjt7o.dll
C:\Users\Magda\AppData\Local\Temp\optprosetup.exe
C:\Users\Magda\AppData\Local\Temp\Quarantine.exe
C:\Users\Magda\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Magda\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-02 11:00

==================== End Of Log ============================
--- --- ---

--- --- ---


Und die Addition-Datei:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
Ran by Magda at 2015-02-07 19:47:50
Running from C:\Users\Magda\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.1.0.070 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.1 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.9 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0036 - ASUS)
Dropbox (HKU\S-1-5-21-2930704379-1728940339-4244135640-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA Graphics Driver 333.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.02 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Spotify (HKU\S-1-5-21-2930704379-1728940339-4244135640-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2930704379-1728940339-4244135640-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Magda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2930704379-1728940339-4244135640-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2930704379-1728940339-4244135640-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2930704379-1728940339-4244135640-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2930704379-1728940339-4244135640-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2930704379-1728940339-4244135640-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2930704379-1728940339-4244135640-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2930704379-1728940339-4244135640-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2930704379-1728940339-4244135640-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2930704379-1728940339-4244135640-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Magda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

18-01-2015 19:22:37 Windows Update
23-01-2015 20:45:03 Windows Update
28-01-2015 18:32:57 Windows Update
06-02-2015 14:26:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {34A49AC3-C1B4-4714-8CC9-8E5941FDFC29} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)
Task: {515859A5-6604-45D9-BCD6-DE4CC322BA9C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-18] (Microsoft Corporation)
Task: {5E735119-FED4-4EC3-A36D-EA681556B14E} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor)
Task: {644582F9-A300-4331-8666-9C0F0B011C88} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-02-07] ()
Task: {76334A2D-8664-4992-8BD6-4CF83CFFE11B} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-02-07] ()
Task: {8EFBC904-351A-4748-9B17-D90D7F5959E0} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {90698235-0605-4BB2-8FB7-D2DD81723B4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {99D72F96-101A-41CB-A45E-1C693B86C642} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-MagdaZieba@outlook.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {B03E1D0B-24CF-4B68-B829-11E174E36615} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {B0EEE91D-7145-40B2-B0D1-D3C9DB9DF930} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor)
Task: {EA8B9F6F-2F4D-45FD-B9FA-B2CA7F65A8D6} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {F108D2F8-D629-4F0A-9BC0-691E264B7D18} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-04-11] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-10-15 20:42 - 2014-04-08 22:06 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-12-03 18:27 - 2014-12-12 18:08 - 00374840 _____ () C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-09-26 14:40 - 2014-09-26 14:40 - 06237856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-02-24 11:59 - 2014-02-24 11:59 - 00109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-10-15 20:37 - 2013-10-23 13:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2014-12-03 18:27 - 2014-12-12 18:08 - 36966968 _____ () C:\Users\Magda\AppData\Roaming\Spotify\Data\libcef.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00750080 _____ () C:\Users\Magda\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-07 17:17 - 2015-02-07 17:17 - 00043008 _____ () c:\users\magda\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpykjt7o.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00047616 _____ () C:\Users\Magda\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00863744 _____ () C:\Users\Magda\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-01-08 21:44 - 2015-01-08 21:44 - 00200704 _____ () C:\Users\Magda\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-03 13:29 - 2014-12-03 13:29 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-12-03 18:27 - 2014-12-12 18:08 - 00867896 _____ () C:\Users\Magda\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-12-03 18:27 - 2014-12-12 18:08 - 00886840 _____ () C:\Users\Magda\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-12-03 18:27 - 2014-12-12 18:08 - 00108600 _____ () C:\Users\Magda\AppData\Roaming\Spotify\Data\libegl.dll
2015-01-15 15:41 - 2015-01-29 18:27 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Magda\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2930704379-1728940339-4244135640-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Magda\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2930704379-1728940339-4244135640-500 - Administrator - Disabled)
Gast (S-1-5-21-2930704379-1728940339-4244135640-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2930704379-1728940339-4244135640-1003 - Limited - Enabled)
Magda (S-1-5-21-2930704379-1728940339-4244135640-1001 - Administrator - Enabled) => C:\Users\Magda

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2015 05:18:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCHREIBFRÄULEIN)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/07/2015 05:18:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SCHREIBFRÄULEIN)
Description: Die App „microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (02/06/2015 10:57:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: photorec_win.exe, Version: 7.0.0.0, Zeitstempel: 0x54bd687e
Name des fehlerhaften Moduls: cygiconv-2.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000135
Fehleroffset: 0x00098f05
ID des fehlerhaften Prozesses: 0x1948
Startzeit der fehlerhaften Anwendung: 0xphotorec_win.exe0
Pfad der fehlerhaften Anwendung: photorec_win.exe1
Pfad des fehlerhaften Moduls: photorec_win.exe2
Berichtskennung: photorec_win.exe3
Vollständiger Name des fehlerhaften Pakets: photorec_win.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: photorec_win.exe5

Error: (02/06/2015 10:51:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/06/2015 10:37:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/05/2015 03:37:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (02/05/2015 03:11:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (02/05/2015 03:25:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: SCHREIBFRÄULEIN)
Description: Das Paket „microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+ppleae38af2e007f4358a809ac99a64a67c1“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (02/04/2015 00:37:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCHREIBFRÄULEIN)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/04/2015 00:37:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17d8

Startzeit: 01d0406eda1a34c4

Endzeit: 4294967295

Anwendungspfad: C:\Windows\system32\wwahost.exe

Berichts-ID: 25e319e2-ac62-11e4-826c-ac9e1707b405

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail


System errors:
=============
Error: (02/07/2015 05:15:25 PM) (Source: iaStorA) (EventID: 4102) (User: )
Description: Error log: Smart event occured on disk :WD-WXC1E649WZP9

Error: (02/06/2015 02:12:42 PM) (Source: iaStorA) (EventID: 4102) (User: )
Description: Error log: Smart event occured on disk :WD-WXC1E649WZP9

Error: (02/05/2015 11:12:23 PM) (Source: iaStorA) (EventID: 4102) (User: )
Description: Error log: Smart event occured on disk :WD-WXC1E649WZP9

Error: (02/05/2015 03:00:42 PM) (Source: iaStorA) (EventID: 4102) (User: )
Description: Error log: Smart event occured on disk :WD-WXC1E649WZP9

Error: (02/05/2015 00:47:57 PM) (Source: iaStorA) (EventID: 4102) (User: )
Description: Error log: Smart event occured on disk :WD-WXC1E649WZP9

Error: (02/05/2015 11:27:10 AM) (Source: iaStorA) (EventID: 4102) (User: )
Description: Error log: Smart event occured on disk :WD-WXC1E649WZP9

Error: (02/05/2015 03:25:43 AM) (Source: iaStorA) (EventID: 4102) (User: )
Description: Error log: Smart event occured on disk :WD-WXC1E649WZP9

Error: (02/04/2015 09:15:46 PM) (Source: iaStorA) (EventID: 4102) (User: )
Description: Error log: Smart event occured on disk :WD-WXC1E649WZP9

Error: (02/04/2015 08:52:32 PM) (Source: iaStorA) (EventID: 4102) (User: )
Description: Error log: Smart event occured on disk :WD-WXC1E649WZP9

Error: (02/04/2015 08:44:00 PM) (Source: iaStorA) (EventID: 4102) (User: )
Description: Error log: Smart event occured on disk :WD-WXC1E649WZP9


Microsoft Office Sessions:
=========================
Error: (02/07/2015 05:18:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCHREIBFRÄULEIN)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142

Error: (02/07/2015 05:18:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SCHREIBFRÄULEIN)
Description: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail

Error: (02/06/2015 10:57:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: photorec_win.exe7.0.0.054bd687ecygiconv-2.dll6.3.9600.1727853eeb4a3c000013500098f05194801d04257d9bf1dbeC:\Users\Magda\AppData\Local\Temp\Temp1_testdisk-7.0-wip.win.zip\testdisk-7.0-WIP\photorec_win.execygiconv-2.dll1b4fe8a9-ae4b-11e4-826c-ac9e1707b405

Error: (02/06/2015 10:51:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Magda\Downloads\esetsmartinstaller_deu.exe

Error: (02/06/2015 10:37:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Magda\Downloads\esetsmartinstaller_deu.exe

Error: (02/05/2015 03:37:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (02/05/2015 03:11:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (02/05/2015 03:25:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: SCHREIBFRÄULEIN)
Description: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/04/2015 00:37:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCHREIBFRÄULEIN)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142

Error: (02/04/2015 00:37:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1703117d801d0406eda1a34c44294967295C:\Windows\system32\wwahost.exe25e319e2-ac62-11e4-826c-ac9e1707b405microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 40%
Total physical RAM: 8075.26 MB
Available physical RAM: 4806.91 MB
Total Pagefile: 9419.26 MB
Available Pagefile: 5469.28 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:212.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 67DEBB89)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

schrauber 08.02.2015 11:30
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Tusia1987 08.02.2015 17:17
Hallo schrauber,

anbei schonmal das Ergebnis des Anti-Malware-Suchlaufes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 08.02.2015
Suchlauf-Zeit: 16:06:01
Logdatei: Anti Malware.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.08.04
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Magda

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 338399
Verstrichene Zeit: 22 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 10
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, In Quarantäne, [fe061ffd7b0f4ee82bc62bd1ed15e61a],
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, In Quarantäne, [fe061ffd7b0f4ee82bc62bd1ed15e61a],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{30c85a3d-1d96-4589-b63f-91fb7ef45a41}, In Quarantäne, [43c1ae6e206a87afba78a359ee1411ef],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{63c63464-1423-4fdb-ba5d-6f75f491c63e}, In Quarantäne, [43c1ae6e206a87afba78a359ee1411ef],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{50F60937-910A-4C05-8E36-FE4E299191CF}, In Quarantäne, [43c1ae6e206a87afba78a359ee1411ef],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{50F60937-910A-4C05-8E36-FE4E299191CF}, In Quarantäne, [43c1ae6e206a87afba78a359ee1411ef],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{63c63464-1423-4fdb-ba5d-6f75f491c63e}, In Quarantäne, [43c1ae6e206a87afba78a359ee1411ef],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}, In Quarantäne, [43c1ae6e206a87afba78a359ee1411ef],
PUP.Optional.FindPositive.A, HKU\S-1-5-21-2930704379-1728940339-4244135640-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}, In Quarantäne, [43c1ae6e206a87afba78a359ee1411ef],
PUP.Optional.FindPositive.A, HKU\S-1-5-21-2930704379-1728940339-4244135640-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}, In Quarantäne, [43c1ae6e206a87afba78a359ee1411ef],

Registrierungswerte: 1
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, In Quarantäne, [9b69b567fd8d55e16fe042ce4bbadd23]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 5
Rogue.Multiple, C:\ProgramData\600440862, In Quarantäne, [da2a51cb1278290dfb31003f42c18977],
PUP.Optional.OpenCandy, C:\Users\Magda\AppData\Roaming\OpenCandy, In Quarantäne, [c440a47803875ed87d3e83cb3ec5e917],
PUP.Optional.OpenCandy, C:\Users\Magda\AppData\Roaming\OpenCandy\1D6A329E84444BC5B1301A95E4E85552, In Quarantäne, [c440a47803875ed87d3e83cb3ec5e917],
PUP.Optional.OpenCandy, C:\Users\Magda\AppData\Roaming\OpenCandy\C7D0A35E8F4D4CA99C38F1D54A6DD80C, In Quarantäne, [c440a47803875ed87d3e83cb3ec5e917],
PUP.Optional.FindPositive.A, C:\Program Files (x86)\Positive Finds, In Quarantäne, [bc485bc1464490a681f45e27cd36fb05],

Dateien: 8
PUP.Optional.BPlug, C:\Users\Magda\AppData\Local\Temp\is765589038\6D3C7EE4_stp.EXE, In Quarantäne, [8e7626f6d6b4b5819c47ba164ab7629e],
PUP.Optional.InstallCore, C:\Users\Magda\AppData\Local\Temp\is765589038\5D4B7A38_stp\uninstaller.exe, In Quarantäne, [93715dbf7f0b30063a1e002136cc8d73],
PUP.Adware.Agent, C:\Users\Magda\AppData\Local\Temp\PositiveFinds\Setup.exe, In Quarantäne, [9272c6562466a78fe3e737cf649cb848],
Rogue.Multiple, C:\ProgramData\600440862\BIT929E.tmp, In Quarantäne, [da2a51cb1278290dfb31003f42c18977],
PUP.Optional.OpenCandy, C:\Users\Magda\AppData\Roaming\OpenCandy\1D6A329E84444BC5B1301A95E4E85552\du.exe, In Quarantäne, [c440a47803875ed87d3e83cb3ec5e917],
PUP.Optional.OpenCandy, C:\Users\Magda\AppData\Roaming\OpenCandy\1D6A329E84444BC5B1301A95E4E85552\TuneUpUtilities2014_de-DE_2200571.exe, In Quarantäne, [c440a47803875ed87d3e83cb3ec5e917],
PUP.Optional.OpenCandy, C:\Users\Magda\AppData\Roaming\OpenCandy\C7D0A35E8F4D4CA99C38F1D54A6DD80C\du.exe, In Quarantäne, [c440a47803875ed87d3e83cb3ec5e917],
PUP.Optional.OpenCandy, C:\Users\Magda\AppData\Roaming\OpenCandy\C7D0A35E8F4D4CA99C38F1D54A6DD80C\setup0116.exe, In Quarantäne, [c440a47803875ed87d3e83cb3ec5e917],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Und hier das Protokoll von AdwCleaner:AdwCleaner Logfile:
Code:
# AdwCleaner v4.110 - Bericht erstellt 08/02/2015 um 16:59:46
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-08.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Magda - SCHREIBFRÄULEIN
# Gestarted von : C:\Users\Magda\Downloads\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Magda\AppData\Local\Temp\DigiHelp
Datei Gelöscht : C:\Users\Magda\AppData\Roaming\Mozilla\Firefox\Profiles\vzm53m6p.default-1418942000211\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\PositiveFinds

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [2729 Bytes] - [03/12/2014 20:47:07]
AdwCleaner[R1].txt - [2789 Bytes] - [03/12/2014 21:02:13]
AdwCleaner[R2].txt - [1821 Bytes] - [03/12/2014 21:55:12]
AdwCleaner[R3].txt - [4481 Bytes] - [08/12/2014 09:05:53]
AdwCleaner[R4].txt - [1441 Bytes] - [08/02/2015 16:50:45]
AdwCleaner[R5].txt - [1500 Bytes] - [08/02/2015 16:57:46]
AdwCleaner[S0].txt - [1882 Bytes] - [03/12/2014 22:01:42]
AdwCleaner[S1].txt - [3890 Bytes] - [08/12/2014 09:08:47]
AdwCleaner[S2].txt - [1376 Bytes] - [08/02/2015 16:59:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1435  Bytes] ##########
--- --- ---

Und noch das Ergebnis von Junkware:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Magda on 08.02.2015 at 17:11:37,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2015 at 17:15:33,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 08.02.2015 18:37

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Tusia1987 11.02.2015 15:38
Hi schrauber,

anbei das log von ESET

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cdbb686dd764fb43a416d17c3985b8e3
# engine=22368
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-08 10:50:46
# local_time=2015-02-08 11:50:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 5992363 209631820 0 0
# compatibility_mode_1='McAfee Anti-Virus * Anti-Spyware'
# compatibility_mode=5130 16777214 100 97 6245410 50680132 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 6321577 22399419 0 0
# scanned=223784
# found=15
# cleaned=0
# scan_time=12349
sh=0ED2F93747F44B8E09991E83793C4F89F195C867 ft=1 fh=2bd8eaaf26a2bbf8 vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Magda\Downloads\FileOpenerSetup(1).exe.xBAD"
sh=0C619A7EC13D4E21DC977D21DCB1A00798434D5B ft=1 fh=2bd8eaaf5c5757cc vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Magda\Downloads\FileOpenerSetup.exe.xBAD"
sh=2BDD0D672E3BDAF2CB691B230DE463FC2CB62682 ft=1 fh=7a0f88418487277a vn="Variante von Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Magda\Downloads\ReimageRepair(1).exe.xBAD"
sh=7E7709304D6C516EED0EA381CC5C2AE1B09DFE9D ft=1 fh=491cb96bac3e4361 vn="Variante von Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Magda\Downloads\ReimageRepair.exe.xBAD"
sh=15219C0F274C5C9956981C91ABEC5D4E3A1F6442 ft=1 fh=3fec66b3c1704bce vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=ABB986078DF45408AB30FE448CB33C2E41CA4F5D ft=1 fh=250f61e8aae6f5fd vn="Variante von Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Magda\AppData\Local\Microsoft\Windows\INetCache\IE\XQWJDX2Y\ReimagePackage1801x64k[1].exe"
sh=68B53E6C7C6DA98C863C424911BA547B9A3AA088 ft=1 fh=871fbe96a53e35ba vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Magda\AppData\Local\Temp\optprosetup.exe"
sh=ABB986078DF45408AB30FE448CB33C2E41CA4F5D ft=1 fh=250f61e8aae6f5fd vn="Variante von Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Magda\AppData\Local\Temp\ReimagePackage.exe"
sh=61445CF141ED133F87389743CD88AB1CCB9E3772 ft=1 fh=7907f7fc610451a2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Magda\AppData\Local\Temp\DMR\dmr_72.exe"
sh=586FB793296100C4133E6218B1B1E4E6F33A9933 ft=1 fh=f00aaed3a520e181 vn="Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung" ac=I fn="C:\Users\Magda\AppData\Local\Temp\is765589038\4BA5C890_stp\OptimizerPro.exe"
sh=734DE6136462D6596B32F9899BE7102B44760FC7 ft=1 fh=7ca694768daf81e4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Magda\Downloads\Easeus Partition Master - CHIP-Installer.exe"
sh=2AF1BFAF575F6692F5D3F02CF5B7363105F0EAF4 ft=1 fh=635d913900637aef vn="Variante von Win32/InstallCore.NF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Magda\Downloads\OpenOfficeSetup.exe"
sh=5B53B16512FCC07CDA28A681AFBBF69C3EC623D0 ft=1 fh=c676a4e8c24011f7 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Magda\Downloads\rcsetup151_CB-DL-Manager.exe"
sh=671CD238AD526206869BD66AFADC584B9D737DEC ft=1 fh=b9f0a449dac9c953 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Magda\Downloads\Scribus 32 Bit - CHIP-Installer.exe"
sh=28E473925A7E9E209A921033DDB07A355EBF1974 ft=1 fh=1440ce07aef760a8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Magda\Downloads\TestDisk PhotoRec - CHIP-Installer.exe"
ESETSmartInstaller@High as downloader log:
all ok

Und hier Securitycheck:

Results of screen317's Security Check version 0.99.96
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Panda Free Antivirus
McAfee Anti-Virus und Anti-Spyware
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Und noch ein frisches FRST
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015
Ran by Magda (administrator) on SCHREIBFRÄULEIN on 11-02-2015 15:25:30
Running from C:\Users\Magda\Downloads\FRST-OlderVersion
Loaded Profiles: Magda (Available profiles: Magda)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Magda\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Magda\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
() C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-15] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2930704379-1728940339-4244135640-1001\...\Run: [Spotify] => C:\Users\Magda\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-12] (Spotify Ltd)
HKU\S-1-5-21-2930704379-1728940339-4244135640-1001\...\Run: [Spotify Web Helper] => C:\Users\Magda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)
Startup: C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Magda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2930704379-1728940339-4244135640-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2930704379-1728940339-4244135640-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Magda\AppData\Roaming\Mozilla\Firefox\Profiles\vzm53m6p.default-1418942000211
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Positive Finds - C:\Users\Magda\AppData\Roaming\Mozilla\Firefox\Profiles\vzm53m6p.default-1418942000211\Extensions\{f57f3b24-cabd-4998-9e47-8842f793f6de}.xpi [2015-02-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-10-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-18] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-03-31] (ASUS Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-18] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-11] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 15:20 - 2015-02-11 15:20 - 00852594 _____ () C:\Users\Magda\Downloads\SecurityCheck(1).exe
2015-02-11 13:43 - 2015-02-11 13:43 - 00000000 ____D () C:\Users\Magda\Desktop\Hunkemöller
2015-02-08 20:25 - 2015-02-08 20:25 - 00852594 _____ () C:\Users\Magda\Downloads\SecurityCheck.exe
2015-02-08 20:21 - 2015-02-08 20:21 - 02347384 _____ (ESET) C:\Users\Magda\Downloads\esetsmartinstaller_deu(1).exe
2015-02-08 20:21 - 2015-02-08 20:21 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-08 20:02 - 2015-02-08 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-08 17:15 - 2015-02-08 17:15 - 00000614 _____ () C:\Users\Magda\Desktop\JRT.txt
2015-02-08 17:09 - 2015-02-08 17:10 - 01388274 _____ (Thisisu) C:\Users\Magda\Downloads\JRT(1).exe
2015-02-08 16:50 - 2015-02-08 16:50 - 02112512 _____ () C:\Users\Magda\Downloads\AdwCleaner_4.110.exe
2015-02-08 16:47 - 2015-02-08 16:47 - 00004942 _____ () C:\Users\Magda\Desktop\Anti Malware.txt
2015-02-08 16:32 - 2015-02-08 19:37 - 00027186 _____ () C:\Users\Magda\Desktop\Interview_Cat Daniels.odt
2015-02-08 16:01 - 2015-02-11 15:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 16:01 - 2015-02-08 16:01 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-08 16:01 - 2015-02-08 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-08 16:01 - 2015-02-08 16:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-08 16:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-08 16:01 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-08 16:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-08 15:46 - 2015-02-08 15:47 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Magda\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-02-07 21:30 - 2015-02-07 21:30 - 00864256 _____ () C:\Users\Magda\Downloads\Rechnung_Nr 1_Conleys Blog_ Januar 2015.indd
2015-02-07 21:30 - 2015-02-07 21:30 - 00745472 _____ () C:\Users\Magda\Downloads\Rechnung_Nr 2_Dessous Diary_ Februar 2015.indd
2015-02-07 20:53 - 2015-02-07 20:53 - 00000000 ____D () C:\adobeTemp
2015-02-07 20:17 - 2015-02-07 20:17 - 00815104 _____ () C:\Users\Magda\Desktop\Rechnung_Nr 20_Dessous Diary_November 2014.indd
2015-02-07 19:49 - 2015-02-07 19:49 - 00031009 _____ () C:\Users\Magda\Desktop\Addition.txt
2015-02-07 19:46 - 2015-02-07 19:46 - 00035646 _____ () C:\Users\Magda\Desktop\FRST.txt
2015-02-07 17:47 - 2015-02-07 17:47 - 00108901 _____ () C:\Users\Magda\Downloads\adblock_plus_pop_up_addon-0.9.2-fx(1).zip
2015-02-07 17:45 - 2015-02-07 17:45 - 00108901 _____ () C:\Users\Magda\Downloads\adblock_plus_pop_up_addon-0.9.2-fx.zip
2015-02-06 23:39 - 2015-02-06 23:39 - 10760296 _____ (EaseUS ) C:\Users\Magda\Downloads\drw_free.exe
2015-02-06 23:39 - 2015-02-06 23:39 - 00000000 ____D () C:\Program Files\EaseUS
2015-02-06 23:26 - 2015-02-06 23:26 - 03736125 _____ () C:\Users\Magda\Downloads\testdisk-6.14.win.zip
2015-02-06 23:26 - 2015-02-06 23:26 - 00000000 ____D () C:\Users\Magda\Downloads\testdisk-6.14.win
2015-02-06 23:04 - 2015-02-06 23:04 - 00000000 ____D () C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2015-02-06 23:04 - 2015-02-06 23:04 - 00000000 ____D () C:\Program Files (x86)\Convar
2015-02-06 23:03 - 2015-02-06 23:03 - 03462033 _____ () C:\Users\Magda\Downloads\pci_filerecovery.exe
2015-02-06 22:55 - 2015-02-06 22:56 - 12278808 _____ () C:\Users\Magda\Downloads\testdisk-7.0-wip.win.zip
2015-02-06 22:48 - 2015-02-06 22:48 - 00000000 ____D () C:\Users\Magda\AppData\Roaming\dlg
2015-02-06 22:39 - 2015-02-06 23:38 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-06 22:39 - 2015-02-06 22:39 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-06 22:29 - 2015-02-06 22:29 - 00851400 _____ (WinRecovery Software ) C:\Users\Magda\Downloads\cardrecovery_setup_de.exe
2015-02-06 22:26 - 2015-02-06 23:57 - 00000000 ____D () C:\Users\Magda\Desktop\Davids Geburtstag 2015
2015-02-05 12:14 - 2015-02-05 12:14 - 01460438 _____ () C:\Users\Magda\Downloads\Studio & Cat.zip
2015-02-05 00:24 - 2015-02-05 00:24 - 00001948 _____ () C:\Users\Magda\Desktop\Schönheitsideale.txt
2015-02-04 23:56 - 2015-02-04 23:56 - 00001962 _____ () C:\Users\Magda\Desktop\Parisian Chic.txt
2015-02-04 08:03 - 2015-02-04 07:59 - 00013405 _____ () C:\Users\Magda\Documents\KB_Claire%20Damaa_Loungewear.doc_1.odt
2015-02-03 18:37 - 2015-02-03 18:33 - 00013406 _____ () C:\Users\Magda\Documents\KB_Claire%20Damaa_Loungewear.doc_0_1.odt
2015-02-03 18:32 - 2015-02-03 18:27 - 00013533 _____ () C:\Users\Magda\Documents\KB_Claire%20Damaa_Loungewear.doc_0.odt
2015-02-03 16:19 - 2015-02-03 16:25 - 00000000 ____D () C:\Users\Magda\Desktop\Passionata
2015-02-03 02:14 - 2015-02-03 02:33 - 00106103 _____ () C:\Users\Magda\Desktop\HAUSHALTSBUCH.ods
2015-02-03 01:12 - 2015-02-03 01:39 - 1156227397 _____ () C:\Users\Magda\Downloads\LOOK BOOK CLAIRE DAMAA FALL WINTER 2015.2016 GENERAL.pptx
2015-02-03 00:00 - 2015-02-03 00:08 - 00000000 ____D () C:\Users\Magda\AppData\Roaming\Scribus
2015-01-30 20:32 - 2015-01-30 20:35 - 00012926 _____ () C:\Users\Magda\Desktop\Mama AOK Widerspruch.odt
2015-01-30 20:28 - 2015-01-30 20:29 - 00012672 _____ () C:\Users\Magda\Desktop\Mama Guthaben.odt
2015-01-29 23:01 - 2015-01-29 23:01 - 33730805 _____ () C:\Users\Magda\Downloads\HKMX_Imagebilder_2015.zip
2015-01-29 17:27 - 2015-01-29 17:33 - 278955653 _____ () C:\Users\Magda\Downloads\dddc_Freya_Lingerie_HW15_16.zip
2015-01-28 22:02 - 2015-01-29 08:40 - 00014385 _____ () C:\Users\Magda\Desktop\KSK Schätzung Jahreseinkommen.odt
2015-01-23 20:00 - 2015-01-23 20:03 - 119163320 _____ () C:\Users\Magda\Downloads\Divorce(1).zip
2015-01-23 19:54 - 2015-01-23 19:54 - 27529399 _____ () C:\Users\Magda\Downloads\wetransfer-174acf.zip
2015-01-22 14:04 - 2015-01-22 14:05 - 27338669 _____ () C:\Users\Magda\Downloads\wetransfer-f35ca2.zip
2015-01-21 21:19 - 2015-01-21 21:22 - 119163320 _____ () C:\Users\Magda\Downloads\Divorce.zip
2015-01-15 15:41 - 2015-01-29 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 14:40 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 14:40 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 14:40 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 14:40 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 14:40 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 14:40 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 14:40 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 14:40 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 14:40 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 14:40 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 14:40 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 14:40 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 14:40 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 14:40 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 14:40 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 14:40 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 14:40 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 14:40 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 14:40 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 14:40 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 14:40 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 14:40 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 14:40 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 14:40 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 14:40 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 15:25 - 2014-12-10 22:35 - 00000000 ____D () C:\Users\Magda\Downloads\FRST-OlderVersion
2015-02-11 15:25 - 2014-12-01 18:47 - 00000000 ____D () C:\FRST
2015-02-11 15:15 - 2014-11-24 21:38 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2930704379-1728940339-4244135640-1001
2015-02-11 15:14 - 2014-12-03 18:23 - 00000000 ____D () C:\Users\Magda\AppData\Roaming\Spotify
2015-02-11 15:11 - 2014-10-15 20:30 - 01850381 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 15:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-11 15:10 - 2014-12-08 08:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 15:10 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-11 15:01 - 2014-11-24 21:32 - 00000000 ____D () C:\Users\Magda\AppData\Local\VirtualStore
2015-02-11 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-11 13:46 - 2014-05-16 00:45 - 00773008 _____ () C:\Windows\system32\perfh007.dat
2015-02-11 13:46 - 2014-05-16 00:45 - 00162310 _____ () C:\Windows\system32\perfc007.dat
2015-02-11 13:46 - 2014-03-18 16:26 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-11 13:11 - 2014-12-03 13:21 - 00000000 ____D () C:\Users\Magda\AppData\Local\Adobe
2015-02-11 13:11 - 2014-11-24 21:32 - 00000093 _____ () C:\Users\Magda\AppData\Roaming\sp_data.sys
2015-02-11 13:07 - 2014-12-03 18:27 - 00000000 ____D () C:\Users\Magda\AppData\Local\Spotify
2015-02-08 20:37 - 2014-11-27 18:59 - 01138688 ___SH () C:\Users\Magda\Downloads\Thumbs.db
2015-02-08 19:46 - 2014-11-24 21:40 - 00000000 ___DO () C:\Users\Magda\OneDrive
2015-02-08 19:44 - 2014-11-25 09:59 - 00000000 ___RD () C:\Users\Magda\Dropbox
2015-02-08 19:44 - 2014-11-25 09:56 - 00000000 ____D () C:\Users\Magda\AppData\Roaming\Dropbox
2015-02-08 19:42 - 2013-08-22 15:46 - 00026956 _____ () C:\Windows\setupact.log
2015-02-08 19:42 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 19:37 - 2014-11-25 10:32 - 02111488 ___SH () C:\Users\Magda\Desktop\Thumbs.db
2015-02-08 17:00 - 2014-03-18 09:16 - 00020708 _____ () C:\Windows\PFRO.log
2015-02-08 17:00 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-08 16:59 - 2014-12-03 20:46 - 00000000 ____D () C:\AdwCleaner
2015-02-08 16:37 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-07 21:01 - 2014-12-03 13:56 - 00000000 ____D () C:\Program Files\Adobe
2015-02-07 20:53 - 2014-12-03 13:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-07 20:34 - 2014-12-03 13:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-07 19:49 - 2014-12-01 18:47 - 00035735 _____ () C:\Users\Magda\Downloads\FRST.txt
2015-02-07 19:48 - 2014-12-01 18:48 - 00031009 _____ () C:\Users\Magda\Downloads\Addition.txt
2015-02-07 19:43 - 2014-12-01 18:42 - 02132992 _____ (Farbar) C:\Users\Magda\Downloads\FRST64.exe
2015-02-06 22:48 - 2014-11-25 10:33 - 00000000 ____D () C:\Users\Magda\Desktop\EBAY
2015-02-06 21:32 - 2014-12-04 16:52 - 00000000 ____D () C:\Users\Magda\Desktop\Linie International
2015-02-06 20:43 - 2014-12-23 17:46 - 00126464 ___SH () C:\Users\Magda\Documents\Thumbs.db
2015-02-04 20:10 - 2014-12-08 08:43 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 12:33 - 2014-10-15 20:57 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-03 20:31 - 2014-11-28 18:02 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-11-28 18:02 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-31 15:13 - 2014-12-12 20:51 - 00000000 ____D () C:\Users\Magda\Desktop\Design Homepage
2015-01-30 11:09 - 2014-12-18 23:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 21:59 - 2014-11-25 11:07 - 00000000 ____D () C:\Users\Magda\Documents\Schreibfräulein
2015-01-25 17:20 - 2014-12-03 16:23 - 00015771 _____ () C:\Users\Magda\Desktop\Nachweis_DJV.odt
2015-01-19 09:10 - 2014-11-25 09:59 - 00001078 _____ () C:\Users\Magda\Desktop\Dropbox.lnk
2015-01-19 09:10 - 2014-11-25 09:57 - 00000000 ____D () C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-18 19:30 - 2014-11-27 14:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 19:26 - 2014-11-27 14:46 - 113365784 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-11-24 21:32 - 2015-02-11 13:11 - 0000093 _____ () C:\Users\Magda\AppData\Roaming\sp_data.sys
2014-12-01 10:41 - 2014-12-01 10:41 - 0000045 _____ () C:\Users\Magda\AppData\Roaming\WB.CFG
2014-10-15 20:46 - 2014-10-15 20:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-15 16:58 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-15 16:58 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-15 16:58 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Magda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprx7joh.dll
C:\Users\Magda\AppData\Local\Temp\Quarantine.exe
C:\Users\Magda\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-08 19:26

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 11.02.2015 18:26
Download Ordner leeren, und aufhören bei Chip zu laden, oder Du bist in ner Woche wieder hier ;)


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
2014-05-15 16:58 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-15 16:58 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-15 16:58 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Tusia1987 11.02.2015 19:20
Hallo schrauber,

gerne würde ich die Fixlist mit FRST aufrufen, doch leider finde ich das Programm auf meinem PC nicht mehr. Daraufhin wollte ich es neu herunterladen, doch verhindert mein PC das Öfnnen der exe-Datei. Was kann ich tun?

schrauber 12.02.2015 06:45
Hast Du Delfix schon ausgeführt?
Was genau kommt als Meldung wenn Du FRST laden willst?

Tusia1987 12.02.2015 09:46
Delfix? Habe ich wohl übersehen. Was soll ich da genau machen?

Bei FRST blockiert der PC die "App" sagt er, wenn ich die exe ausführen will. Weil ich das Programm selbst nicht mehr finde. Zwar den Ordner schon, weiß aber nicht, wie man das Programm dann startet. Deshalb habe ich die exe nochmal heruntergeladen ...

schrauber 12.02.2015 18:41
Screenshot bitte von der Meldung wenn es geblockt wird.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:47 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131