Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Verdacht auf Viren: Secure Eraser kann Dateien nicht löschen (https://www.trojaner-board.de/167803-verdacht-viren-secure-eraser-dateien-loeschen.html)

Ecart 10.06.2015 17:02
Verdacht auf Viren: Secure Eraser kann Dateien nicht löschen
 
Hallo, liebes Forum,
mein Problem ist, dass ich einige Dateien unter Secure Eraser nicht löschen kann, was im Laufe der Zeit immer mal vorkam, doch gestern war es - unter der Gutman-Methode - fast jede Zweite, woraufhin ich im Journal die ganzen "Fehler"-Einträge der letzten Zeit aufgelistet sah und nun glaube, dass der Rechner vermutlich infiziert sein könnte.
Ich habe alles ausgedruckt, eingescannt, um es hier als PDF sichtbar zu machen, da es anders nicht möglich war, auch ist der rechte Rand etwas "abgehackt", war im Original aber auch so.
Vielleicht ist jemand so nett von euch und guckt mal drüber, denn für mich sind das alles "Böhmische Dörfer" - jeder ist halt Experte auf seinem Gebiet.

Als Anti-Viren-Software hatte ich die letzten beiden Jahre die gute GData, drum würde es mich wundern, wenn er infiziert wäre. Auch war ich mit Anhängen und Downloads vorsichtig und hab von der Original-Seite downgeloadet. Da er in letzter Zeit immer langsamer wurde und nur noch eingeschränkt zu nutzen war, was unter Vista ja leider oft die Krux ist, habe ich ein umfangreiches Programm mit Erfolg durchgeführt wurde, bei dem etliche Fehler in der Registry gefunden wurde und ich meine es war auch Malware darunter gewesen, er war jedenfalls mit irgendwas infiziert. :wtf: Nun schnurrt er aber wieder wie Schmitz Katze.
Aktuell hab ich nun die BitDefender Software aufgespielt und der "60 sec. Scan" hat nichts gefunden.
Mir geht es einfach darum, zu wissen, ob der Rechner infiziert ist und wie ich die Dateien dann letztlich löschen kann.


P.S.: Da die PDF-Datei zu groß war, hab ich alle komprimieren müssen, aber wie man nun 2 Dateien zu einer zippt - keine Ahnung, daher so viele:schäm: Und jetzt reicht der Platz nicht aus, sodass gleich noch die letzten 2 kommen.:balla:

Ecart 10.06.2015 17:04
Nachtrag
 
Hier nun noch die letzten beiden Dateien.

schrauber 10.06.2015 18:13
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Ecart 11.06.2015 17:44
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo,
danke für die schnelle Antwort, anbei die frst.txt und additional.txt Datei.

((#-Symbol im Eingabefenster der Webseite anklicken)) ging nicht.

schrauber 12.06.2015 16:55
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Ecart 12.06.2015 18:45
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015
Ran by Anja (administrator) on ANJA-PC on 11-06-2015 18:07:32
Running from C:\Users\Anja\Downloads
Loaded Profiles: Anja (Available Profiles: Anja)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Deutsch
(Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Fujitsu Technology Solutions) C:\Program
Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper
Compact\WSHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(Microsoft Corporation)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will
not be moved.)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31]
(Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440
2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common
Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
HKLM\...\Run: [UnlockerAssistant] => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\Run: [Skype] => C:\Program
Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\Run: [WMPNSCFG] => C:\Program
Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\Run:
[GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] => C:\Program
Files\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.)
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\Run: [pdiface] => C:\Program
Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [261984 2013-10-30] (Bitdefender)
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\Run: [GUDelayStartup] => C:\Program
Files\Glary Utilities 5\StartupManager.exe [37152 2015-05-25] (Glarysoft Ltd)
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe
[443968 2008-02-26] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging
Monitor.lnk [2013-08-15]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:52068;https=127.0.0.1:52068
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\Software\Microsoft\Internet
Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
URLSearchHook: HKLM - (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
URLSearchHook: HKU\S-1-5-21-809830661-3849426339-1780571292-1000 - (No Name) -
{c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
URLSearchHook: HKU\S-1-5-21-809830661-3849426339-1780571292-1000 - (No Name) -
{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File
SearchScopes: HKLM -> DefaultScope {B3B87D9E-9337-4337-AA40-D681AED9E18C} URL =
SearchScopes: HKLM -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb
50-ie-opencandy.r-chromesbox-en-us&tb_uuid=20120505192925687&tb_oid=05-05-2012&tb_mrud=05-0
5-2012
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
SearchScopes: HKU\S-1-5-21-809830661-3849426339-1780571292-1000 ->
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-809830661-3849426339-1780571292-1000 ->
{443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKU\S-1-5-21-809830661-3849426339-1780571292-1000 ->
{821F78D8-87D2-45B8-B0D0-7D5636FB8D6E} URL =
hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms
}
SearchScopes: HKU\S-1-5-21-809830661-3849426339-1780571292-1000 ->
{8955FC93-79BC-488A-910F-F0F87AF12C90} URL =
hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKU\S-1-5-21-809830661-3849426339-1780571292-1000 ->
{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
BHO: mySecureSurfer -> {52EA1989-D16E-4560-9021-F0AD247DE4D1} ->
C:\Users\Anja\AppData\LocalLow\mySecureSurfer\IE\mySecureSurfer.dll [2014-06-27] (Soft-Ware
International Ltd.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program
Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program
Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-23] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-809830661-3849426339-1780571292-1000 -> No Name -
{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File
Toolbar: HKU\S-1-5-21-809830661-3849426339-1780571292-1000 -> No Name -
{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common
Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.102 80.69.100.230
FireFox:
========
FF ProfilePath: C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default
FF DefaultSearchEngine: DVDVideoSoftTB DE Customized Web Search
FF DefaultSearchUrl:
hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: DVDVideoSoftTB DE Customized Web Search
FF Homepage: about:home
FF NetworkProxy: "ftp", "123.110.49.119"
FF NetworkProxy: "ftp_port", 8088
FF NetworkProxy: "gopher", "5.135.193.216"
FF NetworkProxy: "gopher_port", 8089
FF NetworkProxy: "http", "123.110.49.119"
FF NetworkProxy: "http_port", 8088
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "socks", "123.110.49.119"
FF NetworkProxy: "socks_port", 8088
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "123.110.49.119"
FF NetworkProxy: "ssl_port", 8088
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer ->
C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-08-13]
(Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program
Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program
Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft
Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows
Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program
Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program
Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05]
(VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05]
(VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30]
(Adobe Systems Inc.)
FF user.js: detected! =>
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js [2013-10-25]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-30]
(Adobe Systems Inc.)
FF SearchPlugin:
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\searchplugins\aol-search.xm
l [2012-05-05]
FF SearchPlugin:
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\searchplugins\conduit.xml
[2013-09-11]
FF Extension: FoxyProxy Standard -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\foxyproxy@eric.
h.jung [2015-03-23]
FF Extension: Youtube Downloader - 4K Download -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\paulsaintuzb@g
mail.com [2015-03-06]
FF Extension: Tube Dimmer -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\support@tubedi
mmerapp.com [2013-10-29]
FF Extension: SweetPacks A8 -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{0b5130a9-cc50-
4ced-99d5-cda8cc12ae48} [2013-12-16]
FF Extension: mySecureSurfer -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{d64e478d-4dee-
4bfb-afe4-30b84e6a3157} [2014-07-04]
FF Extension: Proxy-Listen.de - Proxyswitcher -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\admin@proxy-li
sten.de.xpi [2012-09-27]
FF Extension: Best Proxy Switcher -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\bestproxyswitch
er@bestproxyswitcher.com.xpi [2014-07-08]
FF Extension: Elite Proxy Switcher -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\eliteproxyswitch
er@my-proxy.com.xpi [2015-03-21]
FF Extension: Video Downloader Professional -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\ffext_basicvideo
ext@startpage24.xpi [2013-10-25]
FF Extension: ZenMate Security & Privacy VPN -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\firefox@zenmate.
com.xpi [2015-03-21]
FF Extension: Awesome screenshot: Capture and Annotate -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\jid0-GXjLLfbCo
Ax0LcltEdFrEkQdQPI@jetpack.xpi [2014-04-12]
FF Extension: Translate This! -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\jid0-k75TfRGfO
XPHfEZmJ9cKu5eCgLc@jetpack.xpi [2013-11-06]
FF Extension: One Click Proxy -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\jid0-zXo3XFGyi
DalgkeEO4UYJTUwo2I@jetpack.xpi [2014-07-08]
FF Extension: Nimbus Screen Capture - editable screenshots. -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\nimbusscreencap
tureff@everhelper.me.xpi [2014-02-02]
FF Extension: Priv3+ -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\priv3plus@icsi.b
erkeley.edu.xpi [2015-03-21]
FF Extension: Proxy Tool -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\proxytool@prox
ylist.co.xpi [2012-12-11]
FF Extension: Google Translator for Firefox -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\translator@zoli.b
od.xpi [2013-11-06]
FF Extension: Casino Toolbar -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\wagerlogic.xpi
[2012-05-15]
FF Extension: ImTranslator -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{9AA46F4F-4D
C7-4c06-97AF-5035170634FE}.xpi [2012-04-26]
FF Extension: Video DownloadHelper -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{b9db16a4-6edc-
47ec-a1f4-b86292ed211d}.xpi [2015-03-17]
FF Extension: Fast Video Download -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{c50ca3c4-5656-
43c2-a061-13e717f73fc8}.xpi [2013-10-25]
FF Extension: Adblock Plus -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{d10d0bf8-f5b5-
c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-20]
FF Extension: QuickProxy -
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{d5ea4520-61a1-
11da-8cd6-0800200c9a66}.xpi [2014-07-08]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla
Firefox\extensions\afurladvisor@anchorfree.com [2015-03-21]
FF Extension: Word Layers - C:\Program Files\Mozilla Firefox\extensions\ugnraew@jqhljqmpngx.net
[2015-03-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] -
c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant -
c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension [2012-04-26]
Chrome:
=======
CHR Profile: C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Anja\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-15]
CHR Extension: (Google Drive) - C:\Users\Anja\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-15]
CHR Extension: (Webpage Screenshot) - C:\Users\Anja\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Anja\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-15]
CHR Extension: (Google Search) - C:\Users\Anja\AppData\Local\Google\Chrome\User
Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-15]
CHR Extension: (CyberGhost VPN - Free Proxy) - C:\Users\Anja\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fcbnikgemihknccdjaihjnfbapinljpi [2015-04-06]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) -
C:\Users\Anja\AppData\Local\Google\Chrome\User
Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-03-30]
CHR Extension: (AdBlock) - C:\Users\Anja\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-12]
CHR Extension: (Bookmark Manager) - C:\Users\Anja\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anja\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Anja\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-03]
CHR Extension: (Gmail) - C:\Users\Anja\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-15]
CHR HKLM\...\Chrome\Extension: [agabegcgoagbgcpiegohpamfdpcnmfba] -
C:\Users\Anja\AppData\LocalLow\mySecureSurfer\CHROME\mySecureSurfer.crx [2014-06-30]
CHR HKLM\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - No Path Or update_url
value
CHR HKLM\...\Chrome\Extension: [bhphemoobgnikcoofkgackkaimpfmenm] - No Path Or update_url
value
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] -
C:\Users\Anja\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-06-27]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common
Files\Spigot\GC\coupons_2.3.crx [2012-10-16]
CHR
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\SOFTWARE\Google\Chrome\Extensions\...\C
hrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - No Path Or update_url value
CHR
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\SOFTWARE\Google\Chrome\Extensions\...\C
hrome\Extension: [bhphemoobgnikcoofkgackkaimpfmenm] - No Path Or update_url value
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless
listed separately.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [57520 2013-10-23]
(Bitdefender)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-25]
(Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-01-25]
(Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File
not signed]
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1221384 2013-11-11]
(Bitdefender)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File
not signed]
R2 TestHandler; C:\Program
Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19]
(Fujitsu Technology Solutions)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft
Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless
listed separately.)
S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R0 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-03-07] (AVAST Software)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 bdftdif; C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [148600 2013-04-17]
(Bitdefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16]
(BitDefender LLC)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NAVENG;
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDe
fs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15;
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDe
fs\20080829.024\NAVEX15.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless
listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-11 18:07 - 2015-06-11 18:07 - 00021908 _____ C:\Users\Anja\Downloads\FRST.txt
2015-06-11 18:06 - 2015-06-11 18:07 - 00000000 ____D C:\FRST
2015-06-11 18:06 - 2015-06-11 18:06 - 01147904 _____ (Farbar) C:\Users\Anja\Downloads\FRST.exe
2015-06-11 16:34 - 2015-06-11 16:47 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 10:46 - 2015-06-10 10:46 - 00000000 ____D C:\Program Files\NoVirusThanks
2015-06-10 10:45 - 2015-06-10 10:45 - 01937000 _____ (NoVirusThanks Company Srl )
C:\Users\Anja\Downloads\filegovernor Löschdatei_setup.exe
2015-06-09 19:06 - 2015-06-10 09:56 - 00000000 ____D C:\Program Files\Unlocker
2015-06-09 19:06 - 2015-06-09 19:06 - 00000000 ____D C:\Users\Anja\AppData\Local\Babylon
2015-06-09 13:18 - 2015-06-09 13:21 - 00000000 ____D C:\Users\Anja\Documents\Sparda Bank Fax
Kapitalerträge
2015-06-09 13:15 - 2015-06-11 17:03 - 00000000 ____D C:\Users\Anja\Documents\Norisbank
2015-06-08 23:23 - 2015-06-08 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\K-Lite Codec Pack
2015-06-08 23:19 - 2015-06-08 23:22 - 36499753 _____ ( )
C:\Users\Anja\Downloads\K-Lite_Codec_Pack_1120_Full.exe
2015-06-08 20:09 - 2015-06-08 20:11 - 14929318 _____ ( )
C:\Users\Anja\Downloads\klcp_update_1121_20150605.exe
2015-06-06 16:40 - 2015-06-10 09:19 - 00000890 _____ C:\Windows\PFRO.log
2015-06-05 16:41 - 2015-06-05 16:41 - 00000855 _____ C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Glary Utilities 5.lnk
2015-06-05 16:41 - 2015-06-05 16:41 - 00000843 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-06-05 16:41 - 2015-06-05 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Glary Utilities 5
2015-06-05 16:40 - 2015-06-05 16:40 - 00017472 _____ (Glarysoft Ltd)
C:\Windows\system32\Drivers\GUBootStartup.sys
2015-06-05 16:37 - 2015-06-05 16:37 - 15121936 _____
C:\Users\Anja\Downloads\Glary_Utilities_v5.26.0.45.exe
2015-05-28 18:22 - 2015-05-29 22:04 - 00000000 ____D C:\Users\Anja\Documents\Roulette-Pilot Kopien
nach Test
2015-05-25 17:06 - 2015-05-25 17:06 - 00242504 _____ (BitDefender)
C:\Windows\system32\Drivers\avchv.sys
2015-05-24 23:56 - 2015-05-25 00:09 - 00000000 ____D C:\Users\Anja\Documents\Roulette-Pilot
Werbepause
2015-05-24 23:24 - 2015-05-24 23:24 - 00200449 _____ C:\ProgramData\1432502434.bdinstall.bin
2015-05-24 23:24 - 2015-05-24 23:24 - 00001973 _____ C:\Users\Public\Desktop\Bitdefender Antivirus
Free Edition.lnk
2015-05-24 23:24 - 2015-05-24 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Antivirus Free Edition
2015-05-24 23:22 - 2013-04-17 14:59 - 00633344 _____ (BitDefender)
C:\Windows\system32\Drivers\avc3.sys
2015-05-24 23:22 - 2013-04-17 14:59 - 00486536 _____ (BitDefender)
C:\Windows\system32\Drivers\avckf.sys
2015-05-24 23:22 - 2012-11-02 14:17 - 00242504 _____ (BitDefender)
C:\Windows\system32\Drivers\SET8B57.tmp
2015-05-24 23:22 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation)
C:\Windows\system32\WdfCoInstaller01009.dll
2015-05-24 23:21 - 2013-05-28 12:11 - 00355744 _____ (BitDefender S.R.L.)
C:\Windows\system32\Drivers\trufos.sys
2015-05-24 23:21 - 2013-04-22 13:20 - 00164952 _____ (BitDefender LLC)
C:\Windows\system32\Drivers\gzflt.sys
2015-05-24 23:20 - 2015-05-24 23:21 - 00000000 ____D C:\Users\Anja\AppData\Roaming\QuickScan
2015-05-24 23:20 - 2015-05-24 23:20 - 09927424 _____
C:\Users\Anja\Downloads\Antivirus_Free_Edition_x86.exe
2015-05-24 23:19 - 2015-05-24 23:19 - 00162208 _____
C:\Users\Anja\Downloads\Antivirus_Free_Edition.exe
2015-05-24 23:08 - 2015-05-24 23:08 - 00050180 _____ C:\ProgramData\1432501656.bdinstall.bin
2015-05-24 23:07 - 2015-05-24 23:24 - 00000000 ____D C:\Program Files\Bitdefender
2015-05-24 23:07 - 2015-05-24 23:07 - 31571808 _____ C:\Users\Anja\Downloads\60Second_x86.exe
2015-05-24 23:07 - 2015-05-24 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Bitdefender 60-Second Virus Scanner
2015-05-24 23:07 - 2015-05-24 23:07 - 00000000 ____D C:\ProgramData\Bitdefender
2015-05-24 23:06 - 2015-05-24 23:06 - 00160160 _____ C:\Users\Anja\Downloads\60Second_en_us.exe
2015-05-22 18:32 - 2015-05-22 18:32 - 00000000 _____
C:\Users\Anja\AppData\Local\{4B2FA74C-8229-4EA3-8FB0-5E96B272257C}
2015-05-21 20:13 - 2015-05-31 21:12 - 00000000 ____D C:\Users\Anja\Documents\Roulette Pilot
Verschiedene Systeme
2015-05-21 14:00 - 2015-05-21 14:00 - 00000000 _____
C:\Users\Anja\AppData\Local\{AFB11F1F-569B-4CE1-8BCC-931AA1DA58D8}
2015-05-20 19:04 - 2015-05-20 19:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-20 19:02 - 2015-05-20 19:03 - 21546080 _____ (Malwarebytes Corporation )
C:\Users\Anja\Downloads\Malwarbytes.exe
2015-05-19 21:57 - 2015-05-19 21:57 - 00001643 _____
C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Titanbet Casino.lnk
2015-05-19 21:57 - 2015-05-19 21:57 - 00001641 _____ C:\Users\Anja\Desktop\Titanbet Casino.lnk
2015-05-19 21:56 - 2015-05-19 21:57 - 00000000 ____D C:\Users\Anja\AppData\Local\Titanbet Casino
2015-05-19 20:04 - 2015-05-19 20:04 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Betvoyager
2015-05-19 20:02 - 2015-05-19 20:03 - 58089440 _____ (Betvoyager N.V. )
C:\Users\Anja\Downloads\Betvoyager Casino.exe
2015-05-17 16:41 - 2015-05-17 16:41 - 02592768 _____
C:\Users\Anja\Downloads\Install_RoulettePilot.msi
2015-05-17 15:48 - 2015-05-17 15:48 - 00001637 _____
C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Betfair Casino.lnk
2015-05-17 15:48 - 2015-05-17 15:48 - 00001635 _____ C:\Users\Anja\Desktop\Betfair Casino.lnk
2015-05-17 15:24 - 2015-05-17 15:24 - 00000000 ____D C:\Users\Anja\AppData\Roaming\GlarySoft
2015-05-17 15:24 - 2015-05-17 15:24 - 00000000 ____D C:\Users\Anja\AppData\Roaming\DiskDefrag
2015-05-17 15:23 - 2015-06-11 16:26 - 00000000 ____D C:\Program Files\Glary Utilities 5
2015-05-14 18:15 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation)
C:\Windows\system32\schannel.dll
2015-05-14 18:13 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation)
C:\Windows\system32\d3d10.dll
2015-05-14 18:13 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation)
C:\Windows\system32\d3d10_1core.dll
2015-05-14 18:13 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation)
C:\Windows\system32\d3d10core.dll
2015-05-14 18:13 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation)
C:\Windows\system32\d3d10_1.dll
2015-05-14 18:13 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation)
C:\Windows\system32\d3d10warp.dll
2015-05-14 18:13 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation)
C:\Windows\system32\d3d10level9.dll
2015-05-14 18:13 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation)
C:\Windows\system32\d2d1.dll
2015-05-14 18:13 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation)
C:\Windows\system32\DWrite.dll
2015-05-14 18:13 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation)
C:\Windows\system32\FntCache.dll
2015-05-14 18:13 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation)
C:\Windows\system32\win32k.sys
2015-05-14 18:11 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation)
C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 17:51 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation)
C:\Windows\system32\services.exe
2015-05-13 19:23 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation)
C:\Windows\system32\jscript9.dll
2015-05-13 19:23 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation)
C:\Windows\system32\html.iec
2015-05-13 19:23 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation)
C:\Windows\system32\ieframe.dll
2015-05-13 19:23 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation)
C:\Windows\system32\urlmon.dll
2015-05-13 19:23 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation)
C:\Windows\system32\inetcpl.cpl
2015-05-13 19:23 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation)
C:\Windows\system32\wininet.dll
2015-05-13 19:23 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation)
C:\Windows\system32\iertutil.dll
2015-05-13 19:23 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation)
C:\Windows\system32\jscript.dll
2015-05-13 19:23 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation)
C:\Windows\system32\msfeeds.dll
2015-05-13 19:23 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation)
C:\Windows\system32\vbscript.dll
2015-05-13 19:23 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation)
C:\Windows\system32\dxtmsft.dll
2015-05-13 19:23 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation)
C:\Windows\system32\url.dll
2015-05-13 19:23 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation)
C:\Windows\system32\ieUnatt.exe
2015-05-13 19:23 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation)
C:\Windows\system32\jsproxy.dll
2015-05-13 19:23 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation)
C:\Windows\system32\mshtml.tlb
2015-05-13 19:23 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation)
C:\Windows\system32\dxtrans.dll
2015-05-13 19:23 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation)
C:\Windows\system32\ieui.dll
2015-05-13 19:23 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation)
C:\Windows\system32\mshtmled.dll
2015-05-13 19:23 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation)
C:\Windows\system32\msfeedsbs.dll
2015-05-13 19:23 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation)
C:\Windows\system32\mshta.exe
2015-05-13 19:23 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation)
C:\Windows\system32\msfeedssync.exe
2015-05-13 19:22 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation)
C:\Windows\system32\mshtml.dll
2015-05-12 16:34 - 2015-05-12 16:34 - 00000043 _____ C:\Users\Anja\Downloads\wakenewsradio.m3u
2015-05-12 15:21 - 2015-05-12 15:21 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Macromedia
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-11 17:28 - 2012-05-01 21:03 - 00000360 _____ C:\Windows\Tasks\WpsUpdateTask_Anja.job
2015-06-11 17:17 - 2015-05-06 21:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player
Updater.job
2015-06-11 17:15 - 2012-04-25 19:03 - 00001098 _____
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-11 16:59 - 2012-04-25 17:53 - 01384391 _____ C:\Windows\WindowsUpdate.log
2015-06-11 16:33 - 2006-11-02 12:24 - 136900096 _____ (Microsoft Corporation)
C:\Windows\system32\mrt.exe
2015-06-11 16:29 - 2013-11-09 12:22 - 00000000 ____D C:\Users\Anja\Documents\Meine Scans
2015-06-11 16:24 - 2012-04-25 19:03 - 00001094 _____
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-11 16:23 - 2006-11-02 14:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-11 16:23 - 2006-11-02 14:45 - 00003616 ____H
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-60
1632D005A0
2015-06-11 16:23 - 2006-11-02 14:45 - 00003616 ____H
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-60
1632D005A0
2015-06-10 21:41 - 2006-11-02 14:58 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-10 20:08 - 2014-05-02 12:47 - 03691624 _____ (MetaQuotes Software Corp.)
C:\Windows\system32\MetaViewer.dll
2015-06-10 15:17 - 2012-05-03 15:32 - 00778416 _____ (Adobe Systems Incorporated)
C:\Windows\system32\FlashPlayerApp.exe
2015-06-10 15:17 - 2012-05-03 15:32 - 00142512 _____ (Adobe Systems Incorporated)
C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-10 10:19 - 2014-07-09 20:33 - 00001929 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 18:01 - 2012-06-19 20:30 - 00000000 ____D C:\Users\Anja\AppData\Roaming\vlc
2015-06-08 23:23 - 2015-05-11 19:31 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-06-06 23:08 - 2012-04-28 16:52 - 00000000 ____D C:\Users\Anja\Documents\Roulettesysteme
2015-05-31 20:09 - 2012-06-29 16:38 - 00000000 ____D C:\Program Files\DVDVideoSoftTB_DE
2015-05-25 17:18 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2015-05-25 17:14 - 2014-05-24 12:33 - 00000000 ____D C:\Program Files\Common Files\G Data
2015-05-25 17:14 - 2013-04-26 19:25 - 00000000 ____D C:\ProgramData\G Data
2015-05-24 23:23 - 2012-04-25 18:06 - 00000000 ____D C:\Users\Anja
2015-05-21 19:54 - 2015-05-08 21:06 - 00000000 ____D C:\Users\Anja\AppData\Local\EuroGrand
Casino
2015-05-20 14:56 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-05-20 11:07 - 2014-08-17 15:49 - 00000000 ____D C:\Users\Anja\AppData\Local\Adobe
2015-05-19 14:52 - 2013-08-16 18:26 - 00000000 ____D C:\Users\Anja\AppData\Roaming\HpUpdate
2015-05-17 15:48 - 2015-05-03 20:02 - 00000000 ____D C:\Users\Anja\AppData\Local\Betfair Casino
2015-05-17 15:30 - 2013-03-24 15:01 - 00000000 ____D C:\Windows\Minidump
2015-05-15 19:47 - 2015-05-04 21:22 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Adobe Reader X.lnk
2015-05-15 19:19 - 2006-11-02 14:44 - 00295896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-15 19:17 - 2015-05-08 20:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 23:08 - 2006-11-02 14:35 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-05-14 17:50 - 2015-05-08 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Microsoft Silverlight
2015-05-12 14:37 - 2015-05-11 16:17 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Adobe
==================== Files in the root of some directories =======
2014-05-22 20:13 - 2014-05-22 20:13 - 0000000 _____ () C:\Users\Anja\AppData\Roaming\gdfw.log
2014-05-22 20:12 - 2014-05-24 12:35 - 0000976 _____ () C:\Users\Anja\AppData\Roaming\gdscan.log
2014-09-08 19:28 - 2015-01-06 14:29 - 0000680 _____ () C:\Users\Anja\AppData\Local\d3d9caps.dat
2013-05-06 15:23 - 2013-05-06 15:23 - 0001483 _____ ()
C:\Users\Anja\AppData\Local\recently-used.xbel
2015-05-22 18:32 - 2015-05-22 18:32 - 0000000 _____ ()
C:\Users\Anja\AppData\Local\{4B2FA74C-8229-4EA3-8FB0-5E96B272257C}
2015-05-21 14:00 - 2015-05-21 14:00 - 0000000 _____ ()
C:\Users\Anja\AppData\Local\{AFB11F1F-569B-4CE1-8BCC-931AA1DA58D8}
2015-05-24 23:08 - 2015-05-24 23:08 - 0050180 _____ () C:\ProgramData\1432501656.bdinstall.bin
2015-05-24 23:24 - 2015-05-24 23:24 - 0200449 _____ () C:\ProgramData\1432502434.bdinstall.bin
2013-08-15 17:54 - 2015-02-12 13:45 - 0005078 _____ () C:\ProgramData\hpzinstall.log
2012-04-26 17:55 - 2012-04-26 17:55 - 0000107 _____ ()
C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-06-12 20:57 - 2012-06-12 20:57 - 0001534 _____ () C:\ProgramData\ss.ini
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-11 16:51
==================== End of log ============================
--- --- ---





Code:

Additional
FRST Logfile:

       
Code:

       
scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by Anja at 2015-06-11 18:08:21
Running from C:\Users\Anja\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-809830661-3849426339-1780571292-500 - Administrator - Disabled)
Anja (S-1-5-21-809830661-3849426339-1780571292-1000 - Administrator - Enabled) =>
C:\Users\Anja
Gast (S-1-5-21-809830661-3849426339-1780571292-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date)
{9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date)
{203EB2F7-ECC3-D219-FED0-DC0A39857D09}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The
adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation)
Hidden
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 -
Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 -
Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe
Systems Incorporated)
Adobe Reader X (10.1.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001})
(Version: 10.1.14 - Adobe Systems Incorporated)
AIO_Scan (Version: 82.0.210.000 - Hewlett-Packard) Hidden
Betfair Casino (HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\Betfair Prod)
(Version: - )
Bitdefender 60-Second Virus Scanner
(HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 -
Bitdefender)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
ClipMem Advanced (HKLM\...\{E62952D9-52CC-4D65-B112-91DCD22856C5}_is1) (Version:
2.0 beta - Ingo Elsholz)
Compatibility Pack für 2007 Office System
(HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft
Corporation)
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (Version: 82.0.210.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 82.0.210.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 82.0.210.000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
EuroGrand Casino (HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\EuroGrand
Casino) (Version: - )
F2100 (Version: 82.0.210.000 - Hewlett-Packard) Hidden
F2100_Help (Version: 82.0.210.000 - Hewlett-Packard) Hidden
Free AVI Video Converter version 5.0.47.906 (HKLM\...\Free AVI Video Converter_is1) (Version:
5.0.47.906 - DVDVideoSoft Ltd.)
Free Window Registry Repair (HKLM\...\Free Window Registry Repair) (Version: - )
FreeRIP3 3.70 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.70 -
GreenTree Applications SRL)
Fujitsu OSD Utility (HKLM\...\InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686})
(Version: 1.2.1.6 - Quanta Computer Inc.)
Fujitsu OSD Utility (Version: 1.2.1.6 - Quanta Computer Inc.) Hidden
Glary Utilities 5.26 (HKLM\...\Glary Utilities 5) (Version: 5.26.0.45 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Deskjet All-In-One Software 8.0 (HKLM\...\{24557DC0-0839-496f-82F9-C4EB72EFE4FA})
(Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 -
HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002
- Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
InetStat (HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\InetStat) (Version: 0.5b -
InetStat) <==== ATTENTION!
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 -
Oracle Corporation)
Kingsoft Office 2012 (8.1.0.3010) (HKLM\...\Kingsoft Office) (Version: 8.1.0.3010 - Kingsoft
Corp.)
K-Lite Codec Pack 11.2.1 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.2.1 - )
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch)
(HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 -
Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} -
1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version:
5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2})
(Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
(HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft
Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
(HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft
Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
(HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft
Corporation)
Microsoft Works (HKLM\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621
- Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F})
(Version: 1.0.0 - Microsoft)
Mozilla Firefox 36.0.3 (x86 de) (HKLM\...\Mozilla Firefox 36.0.3 (x86 de)) (Version: 36.0.3 -
Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71})
(Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC})
(Version: 4.20.9876.0 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek High Definition Audio Driver
(HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek
Semiconductor Corp.)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Secure Eraser v4.0 (HKLM\...\Secure Eraser_is1) (Version: - ASCOMP Software GmbH)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 -
Skype Technologies S.A.)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Spin4Profit Ultimate 6.0.3.5 (HKLM\...\{B7CBF268-6DEF-4AA1-94E0-5E019CE48DFE}_is1)
(Version: - Spin4Profit Software)
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SystemDiagnostics (HKLM\...\{EF59DB7F-7426-426E-B862-7031F83ED304}) (Version:
2.04.0006 - Fujitsu Technology Solutions)
Titanbet Casino (HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\Titanbet Casino)
(Version: - )
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WinRAR 5.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be
moved unless listed separately.)
CustomCLSID:
HKU\S-1-5-21-809830661-3849426339-1780571292-1000_Classes\CLSID\{035FBE31-3755-450
A-A775-5E6BBD43D344}\InprocServer32 -> No Filepath
CustomCLSID:
HKU\S-1-5-21-809830661-3849426339-1780571292-1000_Classes\CLSID\{355EC88A-02E2-45
47-9DEE-F87426484BD1}\InprocServer32 -> No Filepath
CustomCLSID:
HKU\S-1-5-21-809830661-3849426339-1780571292-1000_Classes\CLSID\{62A0D750-DED9-44
8C-B693-406B34BB0892}\InprocServer32 -> No Filepath
CustomCLSID:
HKU\S-1-5-21-809830661-3849426339-1780571292-1000_Classes\CLSID\{634059C0-D264-4B2
C-AE80-F73E48D33E5B}\InprocServer32 -> No Filepath
CustomCLSID:
HKU\S-1-5-21-809830661-3849426339-1780571292-1000_Classes\CLSID\{6D7374DE-63AA-47
3C-8C02-60D9CDCD84C5}\InprocServer32 -> No Filepath
CustomCLSID:
HKU\S-1-5-21-809830661-3849426339-1780571292-1000_Classes\CLSID\{91EFB276-CEFE-48
EC-BB3A-57795A7B4008}\InprocServer32 -> No Filepath
CustomCLSID:
HKU\S-1-5-21-809830661-3849426339-1780571292-1000_Classes\CLSID\{A45426FB-E444-42
B2-AA56-419F8FBEEC61}\InprocServer32 -> No Filepath
CustomCLSID:
HKU\S-1-5-21-809830661-3849426339-1780571292-1000_Classes\CLSID\{A54D478D-4F70-4F
72-9A74-17C9986E35AB}\InprocServer32 -> No Filepath
CustomCLSID:
HKU\S-1-5-21-809830661-3849426339-1780571292-1000_Classes\CLSID\{C5A2122B-A05B-4F
D8-AE49-91990AE10998}\InprocServer32 -> No Filepath
CustomCLSID:
HKU\S-1-5-21-809830661-3849426339-1780571292-1000_Classes\CLSID\{EB06378B-ABB6-4
B3C-9B40-D488DD8A6E93}\InprocServer32 -> No Filepath
CustomCLSID:
HKU\S-1-5-21-809830661-3849426339-1780571292-1000_Classes\CLSID\{FB994D36-B312-46
CE-A40B-CF63980641F9}\InprocServer32 -> No Filepath
CustomCLSID:
HKU\S-1-5-21-809830661-3849426339-1780571292-1000_Classes\CLSID\{FE498BAB-CB4C-4
F88-AC3F-3641AAAF5E9E}\InprocServer32 -> No Filepath
==================== Restore Points =========================
19-05-2015 21:17:48 Revo Uninstaller Pro's restore point - Betvoyager Online Casino version 0.0.9
21-05-2015 18:22:52 RoulettePilot wird installiert
21-05-2015 18:27:06 RoulettePilot wird installiert
22-05-2015 18:57:16 Windows Update
24-05-2015 23:23:02 Gerätetreiber-Paketinstallation: BITDEFENDER S.R.L. Systemgeräte
24-05-2015 23:29:08 Revo Uninstaller Pro's restore point - G DATA INTERNET SECURITY
28-05-2015 18:24:09 RoulettePilot wird installiert
31-05-2015 20:48:38 RoulettePilot wird installiert
31-05-2015 20:51:53 Revo Uninstaller Pro's restore point - RoulettePilot
31-05-2015 20:52:20 RoulettePilot wird entfernt
01-06-2015 22:39:25 Made by Regsofts
03-06-2015 21:41:18 Made by Regsofts
09-06-2015 18:50:19 Made by Regsofts
11-06-2015 16:27:31 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be
moved unless listed separately.)
Task: {066B4B9C-EC28-4225-B1B7-4029BFF22D40} - System32\Tasks\ASP => C:\Program
Files\RCP\systweakasp.exe
Task: {57892D03-6DA1-4F46-8B4A-C968E3D34890} - System32\Tasks\klcp_update =>
C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-05-31] ()
Task: {6F548C12-F4CF-44F0-9F67-E12D813AC6B3} - System32\Tasks\GU5SkipUAC =>
C:\Program Files\Glary Utilities 5\Integrator.exe [2015-05-25] (Glarysoft Ltd)
Task: {7D374553-FBE0-424A-A6FC-D984B8E40532} -
System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common
Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7F92D41B-DF41-492B-99B6-59483751F58F} - System32\Tasks\Adobe Flash Player
Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10]
(Adobe Systems Incorporated)
Task: {8DE08EF6-BDF5-48D2-AE96-21305AD6AFDF} - System32\Tasks\WpsUpdateTask_Anja
=> C:\Program Files\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2011-11-03] (Zhuhai
Kingsoft Office-software Co.,Ltd)
Task: {98C7134A-13CA-4C91-90BD-42988234B995} -
System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe [2006-12-10] (Hewlett-Packard Co.)
Task: {A5F88C26-B125-4493-94F6-55818DBE7BF6} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program
Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {E9703E95-9D42-41DE-A405-615BF8CC6D98} - System32\Tasks\LaunchSignup =>
C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {EB6E60E5-F4BD-4925-B1F4-A15E9816C454} - System32\Tasks\GlaryInitialize 5 =>
C:\Program Files\Glary Utilities 5\Initialize.exe [2015-05-25] (Glarysoft Ltd)
Task: {F42C1FE6-6E17-4388-8788-CB72C2D47D70} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program
Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by
the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program
Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program
Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Anja.job => C:\Program Files\Kingsoft\Kingsoft
Office\office6\wpsupdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-05-24 23:22 - 2013-03-19 12:07 - 00508136 _____ () C:\Program Files\Bitdefender\Antivirus
Free Edition\sqlite3.dll
2015-05-24 23:22 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Antivirus
Free Edition\BDMetrics.dll
2012-09-30 16:13 - 2012-02-06 02:41 - 00450400 _____ () C:\Program Files\ASCOMP
Software\Secure Eraser\SecEraser32.dll
2014-06-30 14:18 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files\Common
Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-06-30 14:18 - 2014-02-15 11:48 - 00295936 _____ () C:\Program Files\Common
Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-05-25 08:22 - 2015-05-25 08:22 - 00080160 _____ () C:\Program Files\Glary Utilities
5\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will
be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\Control Panel\Desktop\\Wallpaper ->
C:\Users\Anja\Pictures\3,h=343.bild (1).jpeg
DNS Servers: 80.69.100.102 - 80.69.100.230
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ConduitFloatingPlugin_aobbhmkkplckkcbnbcdbkneemiooegoc =>
"C:\Windows\system32\Rundll32.exe" "C:\Program
Files\Conduit\CT3316068\plugins\TBVerifier.dll",RunConduitFloatingPlugin
aobbhmkkplckkcbnbcdbkneemiooegoc
MSCONFIG\startupreg: Picasa Media Detector => C:\Program
Files\Picasa2\PicasaMediaDetector.exe
MSCONFIG\startupreg: Vidalia => "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be
moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows
Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows
Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows
Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows
Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{B2499CBB-A810-403A-8AFA-D7E8609DB66E}] => (Allow) LPort=80
FirewallRules: [{C81ABEC4-ED94-468D-81ED-77C54015909C}] => (Allow) LPort=80
FirewallRules: [{13C8BF99-A090-4754-94D4-99E1C40C202E}] => (Allow) LPort=80
FirewallRules: [{811EF384-A8EE-4A83-A074-505741E0FAC5}] => (Allow) C:\Program
Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2988ACEC-48AF-4DF7-BECD-05502AF0DE10}] => (Allow) C:\Program
Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6C32C8C1-824F-4194-BC5F-902259CE9BA2}] => (Allow) C:\Program
Files\Skype\Phone\Skype.exe
FirewallRules: [{1E7398BC-7194-48F5-83CB-5C786B53018E}] => (Allow)
c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{09219D16-41A1-4F9D-95E1-14DE5E873B55}] => (Allow) C:\Program
Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9852FFD4-AF48-47B2-A293-87CE9B6B6BA5}] => (Allow) C:\Program
Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E2D537A1-E537-437C-A6F3-DAE01472FE17}C:\program
files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B3895CEE-DCDA-479D-8842-93EEA537CB3A}C:\program
files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{A547D0F6-8E79-47B5-AD41-9B21FFB5034B}] => (Allow) C:\Program
Files\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: avast! Firewall NDIS Filter Miniport #7
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the
registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the
service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting
wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/11/2015 04:46:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (06/11/2015 04:46:37 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (06/11/2015 04:26:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag
<C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der
Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (06/11/2015 04:26:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag
<C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der
Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (06/11/2015 04:26:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der
Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (06/11/2015 04:26:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der
Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (06/11/2015 04:26:17 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in
der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (06/11/2015 04:26:17 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in
der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (06/11/2015 04:26:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag
<C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK>
in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (06/11/2015 04:26:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag
<C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK>
in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (06/11/2015 04:25:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SRTSP
SRTSPX
Error: (06/11/2015 04:23:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID:
10000) (User: NT-AUTORITÄT)
Description: C:\Windows\system32\athihvs.dll126
Error: (06/10/2015 02:34:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SRTSP
SRTSPX
Error: (06/10/2015 02:34:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID:
10000) (User: NT-AUTORITÄT)
Description: C:\Windows\system32\athihvs.dll126
Error: (06/10/2015 09:20:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts
Error: (06/10/2015 09:20:55 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Windows Search2147749155 (0x80040D23)
Error: (06/10/2015 09:20:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SRTSP
SRTSPX
Error: (06/10/2015 09:20:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B68-F52A-11D8-B9A5-505054503030}
Error: (06/10/2015 09:19:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID:
10000) (User: NT-AUTORITÄT)
Description: C:\Windows\system32\athihvs.dll126
Error: (06/09/2015 11:58:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SRTSP
SRTSPX
Microsoft Office:
=========================
Error: (06/11/2015 04:46:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (06/11/2015 04:46:37 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (06/11/2015 04:26:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES
Error: (06/11/2015 04:26:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES
Error: (06/11/2015 04:26:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS
Error: (06/11/2015 04:26:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS
Error: (06/11/2015 04:26:17 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES
Error: (06/11/2015 04:26:17 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES
Error: (06/11/2015 04:26:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK
Error: (06/11/2015 04:26:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\ANJA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK
CodeIntegrity Errors:
===================================
Date: 2015-06-03 17:34:52.288
Description: Die Abbildintegrität der Datei
"\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden,
da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-03 17:34:51.594
Description: Die Abbildintegrität der Datei
"\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden,
da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-03 17:34:51.026
Description: Die Abbildintegrität der Datei
"\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden,
da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-03 17:34:50.394
Description: Die Abbildintegrität der Datei
"\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden,
da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-03 17:34:49.819
Description: Die Abbildintegrität der Datei
"\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden,
da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-03 17:34:49.199
Description: Die Abbildintegrität der Datei
"\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden,
da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-03 17:06:38.210
Description: Die Abbildintegrität der Datei
"\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden,
da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-03 09:58:35.513
Description: Die Abbildintegrität der Datei
"\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden,
da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-02 20:20:28.246
Description: Die Abbildintegrität der Datei
"\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden,
da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-02 20:20:27.671
Description: Die Abbildintegrität der Datei
"\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden,
da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU T1600 @ 1.66GHz
Percentage of memory in use: 60%
Total physical RAM: 2907.68 MB
Available physical RAM: 1154.4 MB
Total Pagefile: 6045.63 MB
Available Pagefile: 3967.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.55 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:92.21 GB) (Free:16.05 GB) NTFS ==>[Drive with boot
components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:48.05 GB) (Free:47.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: C5BC78E5)
Partition 1: (Not Active) - (Size=8.8 GB) - (Type=27)
Partition 2: (Active) - (Size=92.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=48 GB) - (Type=07 NTFS)
==================== End of log ============================

--- --- ---

schrauber 13.06.2015 13:49
Schalte mal bitte WordWrap in deinem Editor ab.


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    InetStat) <==== ATTENTION

    MyPCBackup

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ecart 14.06.2015 15:45
Hallo Schrauber,
RevoUninstaller ist installiert, aber keine von den 50 installierten Programmen lautet auf den Namen InetStat) <==== ATTENTION
MyPCBackup
auch die händische Eingabe in der Suchmaske verlief erfolglos. :heulen:


"Schalte mal bitte WordWrap in deinem Editor ab" Wie geht das, oder soll das eben mittels obiger Eingabe der Programme bzw. Deinstallation dann gehen? :confused:

Combofix ist ein Malware-Aufspür-Programm und wird bei hartnäckigen Fällen eingesetzt:
Lässt sich zum jetztigen Zeitpunkt zumindest schon einmal ein Trojaner ausschließen?

Gruß,
Ecart

schrauber 15.06.2015 06:28
Schau mal ob du die beiden Programme normal unter Windows findest zum Deinstallieren.

schau mal in Notepad, ob unter Format ein Haken bei Zeilenumbruch ist, wenn ja raus damit. Und lass CF laufen, die Kiste ist verseucht.

Ecart 15.06.2015 19:56
Schau mal ob du die beiden Programme normal unter Windows findest zum Deinstallieren.
Sind beide nicht auffindbar.

schau mal in Notepad, ob unter Format ein Haken bei Zeilenumbruch ist, wenn ja raus damit. war kein Häkchen dran.

Hier nun die Logfile von Combofix:

Code:

Combofix Logfile:

       
Code:

       
ComboFix 15-06-09.01 - Anja 15.06.2015  20:13:33.1.2 - x86
ausgeführt von:: c:\users\Anja\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1432501656.bdinstall.bin
c:\programdata\1432502434.bdinstall.bin
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\ar\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\bg\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\ca\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\cs\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\da\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\de\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\el\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\en\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\es\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\fi\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\fr\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\gu\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\he\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\hr\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\hu\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\id\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\it\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\ja\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\nb\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\nl\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\pl\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\pt_BR\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\pt_PT\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\ro\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\ru\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\sk\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\sl\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\sr\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\sv\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\te\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\tr\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\uk\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\vi\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\zh_CN\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_locales\zh_TW\messages.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_metadata\computed_hashes.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\_metadata\verified_contents.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\adblock_start_chrome.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\adblock_start_common.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\background.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\bandaids.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\button\popup.css
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\button\popup.html
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\button\popup.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\button\search\search.css
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\button\search\search.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\CHANGELOG.txt
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\checkupdates.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\chrome_oauth_receiver.html
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\chrome_oauth_receiver.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\dropbox-datastores.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\filtering\domainset.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\filtering\filternormalizer.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\filtering\filteroptions.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\filtering\filterset.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\filtering\filtertypes.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\filtering\myfilters.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\functions.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\gab_question.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\idlehandler.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\delete.gif
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\dropbox1.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\dropbox2.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\dropbox3.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\facebook-sprite.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\gifloader.gif
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\gplus-sprite.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\icon128.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\icon16.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\icon16_grayscale.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\icon16_grayscale@2x.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\icon19-grayscale.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\icon19-whitelisted.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\icon19.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\icon24.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\icon32.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\icon38-grayscale.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\icon38-whitelisted.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\icon38.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\icon48.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\logo.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\search\check.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\search\magnifying_glass.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\search\search-engine-card_no-shadow.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\search\search-engine-icons.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\search\search-omnibox-card_no-shadow.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\search\search_engine_select_arrow.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\img\twitter-sprite.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\css\images\ui-icons_056b93_256x240.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\css\jquery-ui.custom.css
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\css\override-page.css
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\jquery-ui.custom.min.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\jquery.cookie.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\jquery\jquery.min.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\LICENSE
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\manifest.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\notificationoverlay.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\options\customize.html
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\options\customize.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\options\filters.html
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\options\filters.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\options\general.html
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\options\general.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\options\index.html
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\options\index.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\options\options.css
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\options\support.html
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\options\support.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\pages\adreport.html
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\pages\adreport.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\pages\resourceblock.html
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\pages\resourceblock.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\pages\subscribe.html
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\pages\subscribe.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\port.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\punycode.min.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\README.markdown
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\search\focus.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\search\incognito.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\search\pitchpage.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\search\search-plus-one.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\search\secure_reminder.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\search\serp.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\stats.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\survey.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\translators.json
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\uiscripts\blacklisting\blacklistui.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\uiscripts\blacklisting\clickwatcher.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\uiscripts\blacklisting\elementchain.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\uiscripts\blacklisting\overlay.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\uiscripts\blacklisting\rightclick_hook.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\uiscripts\load_jquery_ui.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\uiscripts\send_content_to_back.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\uiscripts\top_open_blacklist_ui.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\uiscripts\top_open_whitelist_ui.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.35_0\ytchannel.js
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
c:\users\Anja\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\system32\drivers\SET8B57.tmp
c:\users\Anja\AppData\Local\Temp\RarSFX0\lang\en-US.exe . . . . Nicht in der Lage zu löschen
c:\users\Anja\AppData\Local\Temp\RarSFX0\lang\it-IT.exe . . . . Nicht in der Lage zu löschen
c:\users\Anja\AppData\Local\Temp\RarSFX0\lang\pt-BR.exe . . . . Nicht in der Lage zu löschen
c:\users\Anja\AppData\Local\Temp\RarSFX0\lang\ro-RO.exe . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-15 bis 2015-06-15  ))))))))))))))))))))))))))))))
.
.
2015-06-15 18:24 . 2015-06-15 18:24        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-06-14 14:30 . 2015-06-14 14:30        --------        d-----w-        c:\program files\VS Revo Group
2015-06-11 16:06 . 2015-06-11 16:09        --------        d-----w-        C:\FRST
2015-06-11 14:47 . 2015-04-24 15:54        532480        ----a-w-        c:\windows\system32\comctl32.dll
2015-06-11 14:47 . 2015-05-21 14:22        2066432        ----a-w-        c:\windows\system32\win32k.sys
2015-06-11 14:34 . 2015-06-11 14:47        --------        d-----w-        c:\windows\system32\MRT
2015-06-11 14:29 . 2015-05-04 22:50        7680        ----a-w-        c:\windows\system32\spwmp.dll
2015-06-11 14:28 . 2015-05-04 22:50        4096        ----a-w-        c:\windows\system32\msdxm.ocx
2015-06-11 14:28 . 2015-05-04 22:50        4096        ----a-w-        c:\windows\system32\dxmasf.dll
2015-06-11 14:28 . 2015-05-04 21:21        107520        ----a-w-        c:\program files\Windows Media Player\wmpconfig.exe
2015-06-11 14:28 . 2015-05-04 21:21        168960        ----a-w-        c:\program files\Windows Media Player\wmplayer.exe
2015-06-11 14:28 . 2015-05-04 21:21        107520        ----a-w-        c:\program files\Windows Media Player\wmpshare.exe
2015-06-11 14:28 . 2015-05-04 21:21        8147456        ----a-w-        c:\windows\system32\wmploc.DLL
2015-06-10 08:46 . 2015-06-10 08:46        --------        d-----w-        c:\program files\NoVirusThanks
2015-06-10 07:39 . 2015-05-30 23:49        768512        ----a-w-        c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2015-06-10 07:39 . 2015-05-30 23:55        1809920        ----a-w-        c:\windows\system32\jscript9.dll
2015-06-09 17:06 . 2015-06-10 07:56        --------        d-----w-        c:\program files\Unlocker
2015-06-09 17:06 . 2015-06-09 17:06        --------        d-----w-        c:\users\Anja\AppData\Local\Babylon
2015-06-05 14:40 . 2015-06-05 14:40        17472        ----a-w-        c:\windows\system32\drivers\GUBootStartup.sys
2015-05-25 15:18 . 2015-05-25 15:18        --------        d-----w-        c:\windows\system32\wbem\MOF\good
2015-05-25 15:18 . 2015-05-25 15:18        --------        d-----w-        c:\windows\system32\wbem\MOF\bad
2015-05-25 15:06 . 2015-05-25 15:06        242504        ----a-w-        c:\windows\system32\drivers\avchv.sys
2015-05-24 21:22 . 2009-07-14 21:27        1461992        ----a-w-        c:\windows\system32\WdfCoInstaller01009.dll
2015-05-24 21:22 . 2013-04-17 12:59        633344        ----a-w-        c:\windows\system32\drivers\avc3.sys
2015-05-24 21:22 . 2013-04-17 12:59        486536        ----a-w-        c:\windows\system32\drivers\avckf.sys
2015-05-24 21:21 . 2013-04-22 11:20        164952        ----a-w-        c:\windows\system32\drivers\gzflt.sys
2015-05-24 21:21 . 2013-05-28 10:11        355744        ----a-w-        c:\windows\system32\drivers\trufos.sys
2015-05-24 21:20 . 2015-05-24 21:21        --------        d-----w-        c:\users\Anja\AppData\Roaming\QuickScan
2015-05-24 21:07 . 2015-05-24 21:07        --------        d-----w-        c:\programdata\Bitdefender
2015-05-24 21:07 . 2015-05-24 21:24        --------        d-----w-        c:\program files\Bitdefender
2015-05-22 16:58 . 2015-05-03 03:42        9265072        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{785C5AB5-74F4-4FD7-8566-A3622915AD14}\mpengine.dll
2015-05-20 17:04 . 2015-05-20 17:04        --------        d-----w-        c:\programdata\Malwarebytes
2015-05-19 19:56 . 2015-05-19 19:57        --------        d-----w-        c:\users\Anja\AppData\Local\Titanbet Casino
2015-05-19 18:04 . 2015-05-19 18:04        --------        d-----w-        c:\users\Anja\AppData\Roaming\Betvoyager
2015-05-17 13:24 . 2015-05-17 13:24        --------        d-----w-        c:\users\Anja\AppData\Roaming\DiskDefrag
2015-05-17 13:24 . 2015-05-17 13:24        --------        d-----w-        c:\users\Anja\AppData\Roaming\GlarySoft
2015-05-17 13:23 . 2015-06-15 15:05        --------        d-----w-        c:\program files\Glary Utilities 5
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-10 18:08 . 2014-05-02 10:47        3691624        ----a-w-        c:\windows\system32\MetaViewer.dll
2015-06-10 13:17 . 2012-05-03 13:32        778416        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2015-06-10 13:17 . 2012-05-03 13:32        142512        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-30 16:03 . 2015-05-14 16:15        279040        ----a-w-        c:\windows\system32\schannel.dll
2015-04-30 13:14 . 2015-05-14 16:11        102608        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-19 21:24 . 2015-05-14 16:13        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2015-04-19 21:24 . 2015-05-14 16:13        189952        ----a-w-        c:\windows\system32\d3d10core.dll
2015-04-19 21:24 . 2015-05-14 16:13        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2015-04-19 21:24 . 2015-05-14 16:13        1029120        ----a-w-        c:\windows\system32\d3d10.dll
2015-04-19 20:19 . 2015-05-14 16:13        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2015-04-19 20:18 . 2015-05-14 16:13        486400        ----a-w-        c:\windows\system32\d3d10level9.dll
2015-04-19 20:13 . 2015-05-14 16:13        682496        ----a-w-        c:\windows\system32\d2d1.dll
2015-04-19 20:12 . 2015-05-14 16:13        1072640        ----a-w-        c:\windows\system32\DWrite.dll
2015-04-19 20:12 . 2015-05-14 16:13        801792        ----a-w-        c:\windows\system32\FntCache.dll
2015-04-14 00:35 . 2015-04-14 00:35        875720        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 00:35 . 2015-04-14 00:35        536776        ----a-w-        c:\windows\system32\msvcp120_clr0400.dll
2015-04-10 23:22 . 2015-05-14 15:51        279552        ----a-w-        c:\windows\system32\services.exe
2015-03-23 14:39 . 2015-02-06 17:28        96680        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{52EA1989-D16E-4560-9021-F0AD247DE4D1}]
2014-06-27 15:36        577474        ----a-w-        c:\users\Anja\AppData\LocalLow\mySecureSurfer\IE\mySecureSurfer.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463"="c:\program files\Google\Chrome\Application\chrome.exe" [2015-06-05 813896]
"pdiface"="c:\program files\Bitdefender\60-Second Virus Scanner\pdiface.exe" [2013-10-30 261984]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2015-05-25 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-02-20 1994752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ           autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConduitFloatingPlugin_aobbhmkkplckkcbnbcdbkneemiooegoc]
1617-11-28 09:41        287008        ----a-w-        c:\program files\Conduit\CT3316068\plugins\TBVerifier.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-02-26 01:23        443968        ----a-w-        c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
2012-02-14 12:50        5781554        ----a-w-        c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-809830661-3849426339-1780571292-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache
HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-10 08:14        986440        ----a-w-        c:\program files\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-11 13:17]
.
2015-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 15:48]
.
2015-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 15:48]
.
2015-06-15 c:\windows\Tasks\WpsUpdateTask_Anja.job
- c:\program files\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2011-11-03 16:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Anja\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 80.69.100.102 80.69.100.230
FF - ProfilePath - c:\users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB DE Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 123.110.49.119
FF - prefs.js: network.proxy.ftp_port - 8088
FF - prefs.js: network.proxy.gopher - 5.135.193.216
FF - prefs.js: network.proxy.gopher_port - 8089
FF - prefs.js: network.proxy.http - 123.110.49.119
FF - prefs.js: network.proxy.http_port - 8088
FF - prefs.js: network.proxy.socks - 123.110.49.119
FF - prefs.js: network.proxy.socks_port - 8088
FF - prefs.js: network.proxy.ssl - 123.110.49.119
FF - prefs.js: network.proxy.ssl_port - 8088
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: !HIDDEN! 2012-02-23 17:02; {d64e478d-4dee-4bfb-afe4-30b84e6a3157}; c:\users\Anja\..\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{d64e478d-4dee-4bfb-afe4-30b84e6a3157}
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - fe4daf1a00000000000000ff79c56aa8
FF - user.js: extensions.BabylonToolbar_i.hardId - fe4daf1a00000000000000ff79c56aa8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15463
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:06
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.claro.id - fe4daf1a00000000000000ff79c56aa8
FF - user.js: extensions.claro.instlDay - 15562
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.120:37
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-06-15 20:28
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Bitdefender\60-Second Virus Scanner\pdscan.exe
c:\program files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Bitdefender\Antivirus Free Edition\gziface.exe
c:\windows\system32\conime.exe
c:\program files\Glary Utilities 5\Integrator.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-15  20:34:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-06-15 18:34
.
Vor Suchlauf: 16785571840 Bytes frei
Nach Suchlauf: 16696643584 Bytes frei
.
- - End Of File - - 7E3CCFE0007F36E11E0E4CB3EDBF28D5

--- --- ---
5C616939100B85E558DA92B899A0FC36

schrauber 16.06.2015 16:04
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Ecart 16.06.2015 20:45
Anmerkung zur Anwendung von Malware Anti-Malware, da ich nicht weiß, ob es wichtig ist:
Im ersten Durchgang wurden über 1400 Bedrohungen nach 23 Minuten gefunden, jedoch wies der Verlauf nur die nicht relevanten Protection-Logs aus, aber keinen einzigen Scan-Log, sodass ein neuer Suchlauf gestartet wurde. Dieser ergab nach 53 Minuten 201 Bedrohungen, die nach einer Weile auch im Verlauf als Scan-Log erschienen. Diese Datei ist als txt. untenstehend. Nach beiden Durchläufen wurde jeweils der Quarantäne-Ordner gelöscht, wie im dortigen Hinweis auch ersichtlich, um Bedrohungen vom Rechner zu löschen.

Code:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.06.2015
Suchlauf-Zeit: 19:31:25
Logdatei: Malware Scan.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.16.05
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Anja

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 336294
Verstrichene Zeit: 53 Min, 22 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 171
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\LocalLow\BabylonToolbar, , [b8ada615bad0e650e637bf0d27dce020],
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\LocalLow\BabylonToolbar\BabylonToolbar, , [b8ada615bad0e650e637bf0d27dce020],
PUP.Optional.SystemSpeedup, C:\Users\Anja\AppData\Roaming\Systweak\ssd, , [6bfa982388029f97eb96626f51b2817f],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot, , [6401f1cad8b2ac8a2237eeeba45f7b85],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC, , [6401f1cad8b2ac8a2237eeeba45f7b85],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\logic, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\logic\uninstall, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\logic\uninstall\dialog, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\logic\uninstall\dialog\css, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\logic\uninstall\dialog\images, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\logic\uninstall\dialog\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\aboutBox, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\aboutBox\images, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\aboutBox\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ac, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ac\css, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ac\img, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ac\res, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\api, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\msd, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\options, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\options\css, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\options\images, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\options\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\options\js\resources, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\sp, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\sp\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\sp\spbd, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\sp\spbd\images, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\sp\spsd, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\sp\spsd\images, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ui, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ui\dlg, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ui\dlg\ftd, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ui\dlg\ftd\images, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ui\gadgetFrame, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ui\gf, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ui\gf\css, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ui\gf\img, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ui\gf\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ui\menu, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ui\menu\css, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ui\menu\img, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\ui\menu\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\APPLICATION_BUTTON, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\APPLICATION_BUTTON\Js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\APPLICATION_BUTTON\resources, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\EMAIL_NOTIFIER, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\EMAIL_NOTIFIER\css, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\EMAIL_NOTIFIER\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\HIGHLIGHTER, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\HIGHLIGHTER\css, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\HIGHLIGHTER\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\MULTI_RSS, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\MULTI_RSS\css, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\MULTI_RSS\img, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\MULTI_RSS\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\MULTI_RSS\js\resources, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\NOTIFICATION, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\NOTIFICATION\css, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\NOTIFICATION\images, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\NOTIFICATION\images\dark, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\NOTIFICATION\images\light, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\NOTIFICATION\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\Optimizer, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\Optimizer\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\PRICE_GONG, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\PRICE_GONG\agreement, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\PRICE_GONG\css, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\PRICE_GONG\css\custom-theme, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\PRICE_GONG\images, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\RADIO_PLAYER, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\RADIO_PLAYER\css, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\RADIO_PLAYER\css\custom-theme, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\RADIO_PLAYER\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\RADIO_PLAYER\js\resources, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\SEARCH, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\SEARCH\buildSettings, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\SEARCH\Css, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\SEARCH\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\SEARCH\resources, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\SEARCH\view, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\SEARCH\view\script, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\SEARCH\view\style, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\SEARCH\view\style\rsx, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\TWITTER, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\TWITTER\img, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\TWITTER\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\WEATHER, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\WEATHER\css, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\al\wa\WEATHER\js, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\core, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\lib, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\lib\jquery.alerts, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\lib\jquery.alerts\images, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\lib\jquery.jscrollpane, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\CT3316068\content\tb\sl, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\mam, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Chrome\mam\content, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\components, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\components\mam, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\defaults, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\defaults\preferences, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\lib, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\META-INF, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\modules, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.SweetPacks.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}\Plugins, , [8cd98a3168224cea3789d8019f6449b7],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Logs, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\AddedAppDialog, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\DefualtImages, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\DetectedAppDialog, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\EngineFirstTimeDialog, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\NewSearchProtectorDialog, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\NewSearchProtectorDialog\images, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorBubbleDialog, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorBubbleDialog\images, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorDialog, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorDialog\Images, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorRetakeoverDialog, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorRetakeoverDialog\Images, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\images, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarUntrustedAppsApprovalDialog, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UninstallDialog, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UntrustedAddedAppDialog, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UntrustedAppApprovalDialog, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UntrustedAppPendingDialog, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\EmailNotifier, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\ExternalComponent, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\MyStuffApps, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\plugins, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\RadioPlayer, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Repository, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\AppsMetaData, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\DynamicDialogs, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarHiddenLogin, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarHiddenSettings, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarLogin, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarSettings, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarTranslation, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_de, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_de\ToolbarTranslation, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\SearchInNewTab, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE\UserDefinedItems, , [560f2c8f4d3df640b900b922bc47a35d],
PUP.Optional.DVDVideoSoftTB.A, C:\Program Files\DVDVideoSoftTB_DE, , [22431c9f800ac4723189f3e8748fb44c],
PUP.Optional.ConduitTB.Gen, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\conduitCommon, , [82e325965a306ccae80ef8f8bf4449b7],
PUP.Optional.ConduitTB.Gen, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\conduitCommon\alert, , [82e325965a306ccae80ef8f8bf4449b7],
PUP.Optional.ConduitTB.Gen, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\conduitCommon\alert\Dialogs, , [82e325965a306ccae80ef8f8bf4449b7],
PUP.Optional.ConduitTB.Gen, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\conduitCommon\alert\Dialogs\AppNotificationDialog, , [82e325965a306ccae80ef8f8bf4449b7],
PUP.Optional.ConduitTB.Gen, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images, , [82e325965a306ccae80ef8f8bf4449b7],
PUP.Optional.ConduitTB.Gen, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\dark, , [82e325965a306ccae80ef8f8bf4449b7],
PUP.Optional.ConduitTB.Gen, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\conduitCommon\alert\Dialogs\AppNotificationDialog\Images\light, , [82e325965a306ccae80ef8f8bf4449b7],
PUP.Optional.ConduitTB.Gen, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\conduitCommon\facebook, , [82e325965a306ccae80ef8f8bf4449b7],
PUP.Optional.ConduitTB.Gen, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\conduitCommon\modules, , [82e325965a306ccae80ef8f8bf4449b7],
PUP.Optional.ConduitTB.Gen, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\conduitCommon\modules\3.14.1.0, , [82e325965a306ccae80ef8f8bf4449b7],

Dateien: 30
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), ,[f76e605b8505e6501b42077ed82e5ba5]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (ferechanges to this file while the application is running,
 * the), ,[293c07b44f3b0036e17c88fd808636ca]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: ( this file while the application is running,
 * the changes will be overwritten whe), ,[1d485c5fd2b8eb4b73ea463fb650bf41]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (he application is running,
 * the changes will be overwritten when the applicat), ,[cb9a09b2731742f4332ac2c31aec49b7]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (le the application is running,
 * the changes will be over), ,[184d902b90fa3105b4a9394c838330d0]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (nges to this file while the application is running,
 * t), ,[bca987346228ce68ee6fd0b56e9857a9]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (hanges to this file while the application is running,
 * the cha), ,[70f56a515f2bba7c233abbcaa6606799]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (o this file while the application is running,
 * the change), ,[cf96d0ebfa90350190cd8ef7759157a9]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (ges to this file while the application is running,
 * th), ,[a4c1e6d5f397999d4b12c1c40afc1be5]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (hanges to this file while the application is running,
), ,[600527945b2fb284302d3a4b36d0748c]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (rechanges to this file while the application is running), ,[a4c1d3e86d1d999d7de07b0a5aacfe02]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (echanges to this file while the application is running,
 ), ,[69fc5566b6d4c571f36ac8bdc73f6c94]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (anges to this file while the application is running,
 * the changes), ,[bbaa7b40a7e3e5512538285d44c2bc44]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (his file while the application is running,
 * the changes ), ,[b5b0f7c4038737ffb4a97c09c4428c74]
PUP.Optional.Conduit.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (user_pref("CT3316068.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316068&SearchSource=2&CUI=UN20141627741223012&UM=2&q=");), ,[31341ba03d4ddb5b09a9aed7d234a45c]
PUP.Optional.Conduit.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\prefs.js, Gut: (), Schlecht: (user_pref("CT3316068.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3316068&octid=CT3316068&SearchSource=15&CUI=UN20141627741223012&SSPV=&Lay=1&UM=2\"}");), ,[4b1ad0ebddadec4af9c75d28de28936d]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), ,[6203a11ae9a1280ee61f780d8f77ba46]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: (ons.autoDisablse);

user_pref("extensions.BabylonToo), ,[214447741e6cb284e42194f17b8b56aa]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: (s.autoDisablse);

user_pref("extensions.BabylonToolbar_i.babExt", "");
user_p), ,[b0b5f6c58dfd46f012f3d2b3ec1a8d73]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: (ref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar), ,[4a1ba813addd0234d233fd88c73fcf31]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: ("extensions.BabylonToolbar_i.babExt", "");
user_pref("exte), ,[481d9d1ea4e69a9cf312186d16f027d9]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: (oDisablse);

user_pref("extensions.BabylonToolbar_i.babE), ,[fd68b8031872ed490cf9a9dca561ed13]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: (toDisablse);

user_pref("extensions.BabylonToolbar_i.babE), ,[026369526e1c8aaca164e69fd72ffe02]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: (oDisablse);

user_pref("extensions.BabylonToolbar_i.babExt", "");
), ,[560f02b991f91b1bbb4adea7c4428b75]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: ();

user_pref("extensions.BabylonToolbar_i.babExt", "");
), ,[d1942794602ab28420e5bfc6ad59e51b]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: (Disablse);

user_pref("extensions.BabylonToolbar_i.babExt", "")), ,[f96c2a91bad058dee61f8afba165ae52]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: (lse);

user_pref("extensions.BabylonToolbar_i.babExt",), ,[b6af6e4d484257df3ec79bea9b6b857b]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: (autoDisablse);

user_pref("extensions.BabylonToolbar_i.), ,[ff66cfecc9c1b18593725d28b15554ac]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: (utoDisablse);

user_pref("extensions.BabylonToolbar_i), ,[263fd7e43b4f4fe747bebacb4cba15eb]
PUP.Optional.Babylon.A, C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js, Gut: (), Schlecht: (.autoDisablse);

user_pref("extensions.BabylonToolbar_i), ,[1e4704b70d7df640ae57ef9610f649b7]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
--------------------------------------------------------------------------------------

Nun AdwCleaner:

Code:
AdwCleaner Logfile:

       
Code:

       
# AdwCleaner v4.206 - Bericht erstellt 16/06/2015 um 21:02:32
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-16.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (x86)
# Benutzername : Anja - ANJA-PC
# Gestarted von : C:\Users\Anja\Downloads\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\TubeDimmer
Ordner Gelöscht : C:\ProgramData\KingSoft
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Program Files\FlvPlayer
Ordner Gelöscht : C:\Program Files\GreenTree Applications
Ordner Gelöscht : C:\Program Files\SearchProtect
Ordner Gelöscht : C:\Program Files\KingSoft
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\Users\Anja\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Anja\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Anja\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Anja\AppData\Local\KingSoft
Ordner Gelöscht : C:\Users\Anja\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Anja\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\Anja\AppData\LocalLow\mySecureSurfer
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Solvusoft
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\KingSoft
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
[!] Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{d64e478d-4dee-4bfb-afe4-30b84e6a3157}
Datei Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\invalidprefs.js
Datei Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\agabegcgoagbgcpiegohpamfdpcnmfba
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\inetstat.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{07AD74F3-2AF5-4D6D-9755-6E5A8BDF9E7F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{52EA1989-D16E-4560-9021-F0AD247DE4D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52EA1989-D16E-4560-9021-F0AD247DE4D1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52EA1989-D16E-4560-9021-F0AD247DE4D1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07AD74F3-2AF5-4D6D-9755-6E5A8BDF9E7F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{52EA1989-D16E-4560-9021-F0AD247DE4D1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\MGShareware
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\MGShareware
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InetStat
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean-Pro_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinThruster_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:52068;hxxps=127.0.0.1:52068
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16659


-\\ Mozilla Firefox v36.0.3 (x86 de)

[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT3316068&octid=CT3316068&SearchSource=61&CUI=UN20141627741223012&UM=2&UP=SP56EB409F-B793-4175-BC62-D26A39CF877F");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848.SearchCaption", "DVDVideoSoftTB DE Customized Web Search");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT2625848&octid=CT2625848&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2625848");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT2625848.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT3316068.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT3316068.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316068&SearchSource=2&CUI=UN20141627741223012&UM=2&q=");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT3316068.embeddedsData", "[{\"appId\":\"130250223751191786\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT3316068.installType", "conduitnsisintegration");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT3316068.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3316068&octid=CT3316068&SearchSource=15&CUI=UN20141627741223012&SSPV=&Lay=1&UM=2\"}");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT3316068.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT3316068.smartbar.CTID", "CT3316068");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT3316068.smartbar.Uninstall", "0");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT3316068.smartbar.homepage", "true");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CT3316068.smartbar.toolbarName", "SweetPacks A8 ");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB DE Customized Web Search");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2625848", "\"1367226749\"");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"9f8d2729abc2ce1:0\"");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2625848", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"79f374394c38516c56ea9141bca29732\"");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316068&SearchSource=2&CUI=UN20141627741223012&UM=2&q=");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2625848");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2625848");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2625848");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.globalUserId", "39002d45-9e3e-4ffe-a25e-5812dd94caf4");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2625848");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3316068&octid=CT3316068&SearchSource=61&CUI=UN20141627741223012&UM=2&UP=SP56EB409F-B793-4175-BC62-D26A39CF877F");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "SweetPacks A8 Customized Web Search");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3316068");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "DVDVideoSoftTB DE Customized Web Search");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB DE Customized Web Search");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "DVDVideoSoftTB DE Customized Web Search");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "fe4daf1a00000000000000ff79c56aa8");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "fe4daf1a00000000000000ff79c56aa8");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15463");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:06:25");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.admin", false);
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.aflt", "babsst");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.dfltLng", "en");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.excTlbr", false);
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.id", "fe4daf1a00000000000000ff79c56aa8");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.instlDay", "15562");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.instlRef", "sst");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.prdct", "claro");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.tlbrId", "claro");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.vrsn", "1.6.4.1");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro.vrsni", "1.6.4.1");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.6.4.120:37:58");
[yaiw8gqm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.proxytool.referers", "www.google.com,google.com,smallseotools.com,yahoo.com,bing.com,ask.com,currate.com,facebook.com,twitter.com,craigslist.org");

-\\ Google Chrome v43.0.2357.124

[C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
[C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN10104650612083217&ctid=CT3316068&UM=2

*************************

AdwCleaner[R0].txt - [18930 Bytes] - [16/06/2015 20:53:26]
AdwCleaner[S0].txt - [19286 Bytes] - [16/06/2015 21:02:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19346  Bytes] ##########

--- --- ---
-----------------------------------------------------------------------------------------

Junkmove-Removal:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.9 (06.16.2015:2)
OS: Windows Vista (TM) Home Basic x86
Ran by Anja on 16.06.2015 at 21:13:33.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\freerip3
Successfully deleted: [Folder] C:\ProgramData\freerip
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\free window registry repair
Successfully deleted: [Folder] C:\Users\Anja\appdata\locallow\freerip
Successfully deleted: [Folder] C:\Users\Anja\AppData\Roaming\microsoft\windows\start menu\programs\free window registry repair



~~~ FireFox




~~~ Chrome


[C:\Users\Anja\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Anja\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Anja\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Anja\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  dhkplhfnhceodhffomolpfigojocbpcb,
  mhkaekfpcppmmioggniknbnbdbcigpkk
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.06.2015 at 21:17:31.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------------------------

Und zu guter Letzt noch ein frisches FRST.txt:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Anja (administrator) on ANJA-PC on 16-06-2015 21:23:55
Running from C:\Users\Anja\Downloads
Loaded Profiles: Anja (Available Profiles: Anja)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [261984 2013-10-30] (Bitdefender)
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2015-05-25] (Glarysoft Ltd)
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\...\Run: [GoogleChromeAutoLaunch_50EA6731804A0FA2B2DE051BEA45E463] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.)
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-08-15]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-809830661-3849426339-1780571292-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-809830661-3849426339-1780571292-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-809830661-3849426339-1780571292-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-23] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.102 80.69.100.230

FireFox:
========
FF ProfilePath: C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default
FF Homepage: about:home
FF NetworkProxy: "ftp", "123.110.49.119"
FF NetworkProxy: "ftp_port", 8088
FF NetworkProxy: "gopher", "5.135.193.216"
FF NetworkProxy: "gopher_port", 8089
FF NetworkProxy: "http", "123.110.49.119"
FF NetworkProxy: "http_port", 8088
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "socks", "123.110.49.119"
FF NetworkProxy: "socks_port", 8088
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "123.110.49.119"
FF NetworkProxy: "ssl_port", 8088
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Extension: FoxyProxy Standard - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\foxyproxy@eric.h.jung [2015-03-23]
FF Extension: Youtube Downloader - 4K Download - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\paulsaintuzb@gmail.com [2015-03-06]
FF Extension: No Name - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48} [2013-12-16]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\admin@proxy-listen.de.xpi [2012-09-27]
FF Extension: Best Proxy Switcher - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2014-07-08]
FF Extension: Elite Proxy Switcher - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\eliteproxyswitcher@my-proxy.com.xpi [2015-03-21]
FF Extension: Video Downloader Professional - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\ffext_basicvideoext@startpage24.xpi [2013-10-25]
FF Extension: ZenMate Security & Privacy VPN - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\firefox@zenmate.com.xpi [2015-03-21]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2014-04-12]
FF Extension: Translate This! - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2013-11-06]
FF Extension: One Click Proxy - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2014-07-08]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2014-02-02]
FF Extension: Priv3+ - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\priv3plus@icsi.berkeley.edu.xpi [2015-03-21]
FF Extension: Proxy Tool - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\proxytool@proxylist.co.xpi [2012-12-11]
FF Extension: Google Translator for Firefox - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\translator@zoli.bod.xpi [2013-11-06]
FF Extension: Casino Toolbar - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\wagerlogic.xpi [2012-05-15]
FF Extension: ImTranslator - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012-04-26]
FF Extension: Adblock Plus - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-20]
FF Extension: QuickProxy - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\Extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}.xpi [2014-07-08]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2015-03-21]
FF Extension: Word Layers - C:\Program Files\Mozilla Firefox\extensions\ugnraew@jqhljqmpngx.net [2015-03-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-04-26]
FF Extension: No Name - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\yaiw8gqm.default\extensions\support@tubedimmerapp.com [not found]

Chrome:
=======
CHR Profile: C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-15]
CHR Extension: (Google Docs) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-15]
CHR Extension: (Google Drive) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-15]
CHR Extension: (Webpage Screenshot) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-15]
CHR Extension: (Google Search) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-15]
CHR Extension: (CyberGhost VPN - Free Proxy) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbnikgemihknccdjaihjnfbapinljpi [2015-04-06]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-03-30]
CHR Extension: (Google Sheets) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-15]
CHR Extension: (AdBlock) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-03]
CHR Extension: (Gmail) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-15]
CHR HKLM\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - No Path Or update_url value
CHR HKU\S-1-5-21-809830661-3849426339-1780571292-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - No Path Or update_url value

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [57520 2013-10-23] (Bitdefender)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-25] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-01-25] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1221384 2013-11-11] (Bitdefender)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 TestHandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R0 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-03-07] (AVAST Software)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 bdftdif; C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [148600 2013-04-17] (Bitdefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Anja\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 21:23 - 2015-06-16 21:24 - 00018069 _____ C:\Users\Anja\Downloads\FRST.txt
2015-06-16 21:23 - 2015-06-16 21:23 - 00000000 ____D C:\Users\Anja\Downloads\FRST-OlderVersion
2015-06-16 21:17 - 2015-06-16 21:17 - 00001746 _____ C:\Users\Anja\Desktop\JRT.txt
2015-06-16 21:13 - 2015-06-16 21:13 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ANJA-PC-Windows-Vista-(TM)-Home-Basic-(32-bit).dat
2015-06-16 21:13 - 2015-06-16 21:13 - 00000000 ____D C:\RegBackup
2015-06-16 21:12 - 2015-06-16 21:12 - 02945901 _____ (Thisisu) C:\Users\Anja\Downloads\JRT.exe
2015-06-16 20:52 - 2015-06-16 21:04 - 00000000 ____D C:\AdwCleaner
2015-06-16 20:51 - 2015-06-16 20:51 - 02231296 _____ C:\Users\Anja\Downloads\AdwCleaner_4.206.exe
2015-06-16 20:43 - 2015-06-16 20:43 - 00042979 _____ C:\Users\Anja\Documents\Malware Scan.txt
2015-06-16 20:36 - 2015-06-16 20:36 - 00042999 _____ C:\Users\Anja\Documents\Malware 201 Bedrohungen gefunden.txt
2015-06-16 18:50 - 2015-06-16 18:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 18:50 - 2015-06-16 18:50 - 00000865 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-16 18:50 - 2015-06-16 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-16 18:50 - 2015-06-16 18:50 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-16 18:50 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-16 18:50 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-16 18:50 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-16 18:45 - 2015-06-16 18:49 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Anja\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-15 20:39 - 2015-06-15 20:39 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-15 20:34 - 2015-06-15 20:34 - 00035696 _____ C:\ComboFix.txt
2015-06-15 20:25 - 2015-06-16 21:06 - 00001302 _____ C:\Windows\PFRO.log
2015-06-15 20:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-15 20:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-15 20:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-15 20:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-15 20:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-15 20:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-15 20:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-15 20:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-15 20:09 - 2015-06-15 20:35 - 00000000 ____D C:\Qoobox
2015-06-15 20:09 - 2015-06-15 20:31 - 00000000 ____D C:\Windows\erdnt
2015-06-15 20:04 - 2015-06-15 20:04 - 05628161 ____R (Swearware) C:\Users\Anja\Downloads\ComboFix.exe
2015-06-14 17:15 - 2015-06-14 17:15 - 00015762 _____ C:\Users\Anja\Downloads\Sparda Bank Kapitalerträge.tif
2015-06-14 16:30 - 2015-06-14 16:30 - 00001023 _____ C:\Users\Anja\Desktop\Revo Uninstaller.lnk
2015-06-14 16:30 - 2015-06-14 16:30 - 00000000 ____D C:\Program Files\VS Revo Group
2015-06-14 16:27 - 2015-06-14 16:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Anja\Downloads\revosetup95.exe
2015-06-11 18:08 - 2015-06-11 18:09 - 00030501 _____ C:\Users\Anja\Downloads\Addition.txt
2015-06-11 18:06 - 2015-06-16 21:23 - 01148416 _____ (Farbar) C:\Users\Anja\Downloads\FRST.exe
2015-06-11 18:06 - 2015-06-16 21:23 - 00000000 ____D C:\FRST
2015-06-11 16:47 - 2015-05-21 16:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-11 16:47 - 2015-05-09 01:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-11 16:47 - 2015-04-24 17:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-11 16:34 - 2015-06-11 16:47 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 16:29 - 2015-05-05 00:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-11 16:28 - 2015-05-05 00:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-11 16:28 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-11 16:28 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-11 16:28 - 2015-05-04 23:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 10:46 - 2015-06-10 10:46 - 00000000 ____D C:\Program Files\NoVirusThanks
2015-06-10 10:45 - 2015-06-10 10:45 - 01937000 _____ (NoVirusThanks Company Srl ) C:\Users\Anja\Downloads\filegovernor Löschdatei_setup.exe
2015-06-10 09:40 - 2015-05-31 01:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 09:40 - 2015-05-31 01:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 09:40 - 2015-05-31 01:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 09:40 - 2015-05-31 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 09:40 - 2015-05-31 01:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:40 - 2015-05-31 01:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 09:40 - 2015-05-31 01:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 09:40 - 2015-05-31 01:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 09:40 - 2015-05-31 01:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 09:40 - 2015-05-31 01:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 09:40 - 2015-05-31 01:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-10 09:40 - 2015-05-31 01:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 09:40 - 2015-05-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 09:40 - 2015-05-31 01:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 09:40 - 2015-05-31 01:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-10 09:40 - 2015-05-31 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 09:40 - 2015-05-31 01:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 09:40 - 2015-05-31 01:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-10 09:40 - 2015-05-31 01:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-10 09:39 - 2015-05-31 02:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 09:39 - 2015-05-31 01:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 09:39 - 2015-05-31 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 19:06 - 2015-06-10 09:56 - 00000000 ____D C:\Program Files\Unlocker
2015-06-09 13:18 - 2015-06-09 13:21 - 00000000 ____D C:\Users\Anja\Documents\Sparda Bank Fax Kapitalerträge
2015-06-09 13:15 - 2015-06-11 17:03 - 00000000 ____D C:\Users\Anja\Documents\Norisbank
2015-06-08 23:23 - 2015-06-08 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-06-08 23:19 - 2015-06-08 23:22 - 36499753 _____ ( ) C:\Users\Anja\Downloads\K-Lite_Codec_Pack_1120_Full.exe
2015-06-08 20:09 - 2015-06-08 20:11 - 14929318 _____ ( ) C:\Users\Anja\Downloads\klcp_update_1121_20150605.exe
2015-06-05 16:41 - 2015-06-05 16:41 - 00000855 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-06-05 16:41 - 2015-06-05 16:41 - 00000843 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-06-05 16:41 - 2015-06-05 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-06-05 16:40 - 2015-06-05 16:40 - 00017472 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2015-06-05 16:37 - 2015-06-05 16:37 - 15121936 _____ C:\Users\Anja\Downloads\Glary_Utilities_v5.26.0.45.exe
2015-05-28 18:22 - 2015-05-29 22:04 - 00000000 ____D C:\Users\Anja\Documents\Roulette-Pilot Kopien nach Test
2015-05-25 17:06 - 2015-05-25 17:06 - 00242504 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-05-24 23:56 - 2015-05-25 00:09 - 00000000 ____D C:\Users\Anja\Documents\Roulette-Pilot Werbepause
2015-05-24 23:24 - 2015-05-24 23:24 - 00001973 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2015-05-24 23:24 - 2015-05-24 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-05-24 23:22 - 2013-04-17 14:59 - 00633344 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-05-24 23:22 - 2013-04-17 14:59 - 00486536 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-05-24 23:22 - 2009-07-14 23:27 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-05-24 23:21 - 2013-05-28 12:11 - 00355744 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-05-24 23:21 - 2013-04-22 13:20 - 00164952 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-05-24 23:20 - 2015-05-24 23:21 - 00000000 ____D C:\Users\Anja\AppData\Roaming\QuickScan
2015-05-24 23:20 - 2015-05-24 23:20 - 09927424 _____ C:\Users\Anja\Downloads\Antivirus_Free_Edition_x86.exe
2015-05-24 23:19 - 2015-05-24 23:19 - 00162208 _____ C:\Users\Anja\Downloads\Antivirus_Free_Edition.exe
2015-05-24 23:07 - 2015-05-24 23:24 - 00000000 ____D C:\Program Files\Bitdefender
2015-05-24 23:07 - 2015-05-24 23:07 - 31571808 _____ C:\Users\Anja\Downloads\60Second_x86.exe
2015-05-24 23:07 - 2015-05-24 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
2015-05-24 23:07 - 2015-05-24 23:07 - 00000000 ____D C:\ProgramData\Bitdefender
2015-05-24 23:06 - 2015-05-24 23:06 - 00160160 _____ C:\Users\Anja\Downloads\60Second_en_us.exe
2015-05-22 18:32 - 2015-05-22 18:32 - 00000000 _____ C:\Users\Anja\AppData\Local\{4B2FA74C-8229-4EA3-8FB0-5E96B272257C}
2015-05-21 20:13 - 2015-05-31 21:12 - 00000000 ____D C:\Users\Anja\Documents\Roulette Pilot Verschiedene Systeme
2015-05-21 14:00 - 2015-05-21 14:00 - 00000000 _____ C:\Users\Anja\AppData\Local\{AFB11F1F-569B-4CE1-8BCC-931AA1DA58D8}
2015-05-20 19:04 - 2015-05-20 19:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-19 21:57 - 2015-05-19 21:57 - 00001643 _____ C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Titanbet Casino.lnk
2015-05-19 21:57 - 2015-05-19 21:57 - 00001641 _____ C:\Users\Anja\Desktop\Titanbet Casino.lnk
2015-05-19 21:56 - 2015-05-19 21:57 - 00000000 ____D C:\Users\Anja\AppData\Local\Titanbet Casino
2015-05-19 20:04 - 2015-05-19 20:04 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Betvoyager
2015-05-19 20:02 - 2015-05-19 20:03 - 58089440 _____ (Betvoyager N.V. ) C:\Users\Anja\Downloads\Betvoyager Casino.exe
2015-05-17 16:41 - 2015-05-17 16:41 - 02592768 _____ C:\Users\Anja\Downloads\Install_RoulettePilot.msi
2015-05-17 15:48 - 2015-05-17 15:48 - 00001637 _____ C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Betfair Casino.lnk
2015-05-17 15:48 - 2015-05-17 15:48 - 00001635 _____ C:\Users\Anja\Desktop\Betfair Casino.lnk
2015-05-17 15:24 - 2015-05-17 15:24 - 00000000 ____D C:\Users\Anja\AppData\Roaming\GlarySoft
2015-05-17 15:24 - 2015-05-17 15:24 - 00000000 ____D C:\Users\Anja\AppData\Roaming\DiskDefrag
2015-05-17 15:23 - 2015-06-16 21:08 - 00000000 ____D C:\Program Files\Glary Utilities 5

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 21:17 - 2015-05-06 21:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-16 21:16 - 2006-11-02 14:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-16 21:16 - 2006-11-02 14:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-16 21:14 - 2012-04-25 19:03 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-16 21:11 - 2012-04-25 17:53 - 01528099 _____ C:\Windows\WindowsUpdate.log
2015-06-16 21:06 - 2012-04-25 19:03 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-16 21:06 - 2006-11-02 14:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-16 21:05 - 2006-11-02 14:58 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-16 20:28 - 2012-05-01 21:03 - 00000360 _____ C:\Windows\Tasks\WpsUpdateTask_Anja.job
2015-06-15 20:35 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2015-06-15 20:34 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2015-06-15 20:28 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2015-06-12 16:48 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2015-06-12 16:28 - 2006-11-02 14:44 - 00295896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 20:54 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2015-06-11 16:33 - 2006-11-02 12:24 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-11 16:29 - 2013-11-09 12:22 - 00000000 ____D C:\Users\Anja\Documents\Meine Scans
2015-06-10 20:08 - 2014-05-02 12:47 - 03691624 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer.dll
2015-06-10 15:17 - 2012-05-03 15:32 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-10 15:17 - 2012-05-03 15:32 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-10 10:19 - 2014-07-09 20:33 - 00001929 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 18:01 - 2012-06-19 20:30 - 00000000 ____D C:\Users\Anja\AppData\Roaming\vlc
2015-06-08 23:23 - 2015-05-11 19:31 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-06-06 23:08 - 2012-04-28 16:52 - 00000000 ____D C:\Users\Anja\Documents\Roulettesysteme
2015-05-25 17:18 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2015-05-25 17:14 - 2014-05-24 12:33 - 00000000 ____D C:\Program Files\Common Files\G Data
2015-05-25 17:14 - 2013-04-26 19:25 - 00000000 ____D C:\ProgramData\G Data
2015-05-24 23:23 - 2012-04-25 18:06 - 00000000 ____D C:\Users\Anja
2015-05-21 19:54 - 2015-05-08 21:06 - 00000000 ____D C:\Users\Anja\AppData\Local\EuroGrand Casino
2015-05-20 14:56 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-05-20 11:07 - 2014-08-17 15:49 - 00000000 ____D C:\Users\Anja\AppData\Local\Adobe
2015-05-19 14:52 - 2013-08-16 18:26 - 00000000 ____D C:\Users\Anja\AppData\Roaming\HpUpdate
2015-05-17 15:48 - 2015-05-03 20:02 - 00000000 ____D C:\Users\Anja\AppData\Local\Betfair Casino
2015-05-17 15:30 - 2013-03-24 15:01 - 00000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories =======

2014-05-22 20:13 - 2014-05-22 20:13 - 0000000 _____ () C:\Users\Anja\AppData\Roaming\gdfw.log
2014-05-22 20:12 - 2014-05-24 12:35 - 0000976 _____ () C:\Users\Anja\AppData\Roaming\gdscan.log
2014-09-08 19:28 - 2015-01-06 14:29 - 0000680 _____ () C:\Users\Anja\AppData\Local\d3d9caps.dat
2013-05-06 15:23 - 2013-05-06 15:23 - 0001483 _____ () C:\Users\Anja\AppData\Local\recently-used.xbel
2015-05-22 18:32 - 2015-05-22 18:32 - 0000000 _____ () C:\Users\Anja\AppData\Local\{4B2FA74C-8229-4EA3-8FB0-5E96B272257C}
2015-05-21 14:00 - 2015-05-21 14:00 - 0000000 _____ () C:\Users\Anja\AppData\Local\{AFB11F1F-569B-4CE1-8BCC-931AA1DA58D8}
2013-08-15 17:54 - 2015-02-12 13:45 - 0005078 _____ () C:\ProgramData\hpzinstall.log
2012-04-26 17:55 - 2012-04-26 17:55 - 0000107 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-06-12 20:57 - 2012-06-12 20:57 - 0001534 _____ () C:\ProgramData\ss.ini

Some files in TEMP:
====================
C:\Users\Anja\AppData\Local\Temp\Quarantine.exe
C:\Users\Anja\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-16 21:18

==================== End of log ============================
--- --- ---



Gruß,
Ecart

Ecart 17.06.2015 13:06
Nachtrag
 
Ist der Rechner soweit nun erst einmal sauber?
Welche Schutzprogramme empfiehlst du mir, damit es auch so bleibt?
Und wie lassen sich die unlöschbaren Dateien von Secure Eraser löschen?

schrauber 18.06.2015 06:42
Wir machen noch Kontrollscans :)


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Ecart 19.06.2015 11:40
Eset-Scanner funktioniert nicht
 
Mit dem Eset-Scanner hat es in 2 Versuchen nicht geklappt: Ich hab mich genau an die bebilderte Anleitung gehalten und darauf geachtet, wo die Häkchen zu machen sind und was anzukreuzen ist, habe sämtliche Antiviren-und Firewalls deaktiviert und die beiden USB-Sticks vor dem Start mit angeschlossen. Dann, nach 11 Minuten Abbruch von mir, da der Balken immer noch bei 0% war, erneuter Versuch mit gleichem "Ergebnis" und Abbruch nach ca. 60 Minuten.
Es sind auch keine Dateien darüber aufzufinden.
Wo könnte der Fehler sein, oder soll ich weitermachen mit dem SecurityCheck?


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:54 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19