Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google wird mit Werbung zugespamt (https://www.trojaner-board.de/169189-google-werbung-zugespamt.html)

Dominik H. 30.07.2015 20:27
Google wird mit Werbung zugespamt
 
Hallo,

vor wenigen Tagen habe ich über chip.de das Programm "Streamtransport" installiert. Während der Installation habe ich alle Optionen wie Taskbar etc. wegegeklickt. Hatte ich in der Vergangenheit gute Erfahrungen mit chip.de, so habe ich jetzt ungewünscht Werbung.

Bei jedem Start von Firefox wird - trotz versuchter Änderung durch mich - die Yahoosuche als Startseite angezeigt.
Wenn ich bei Google bin, taucht ausserdem Werbung vor den ersten Beiträgen auf.:pfui:

Welche Informationen benötigt ihr, damit wir das Problem bearbeiten können?

Danke und Grüße
Dominik

schrauber 30.07.2015 20:39
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Dominik H. 30.07.2015 22:04
Danke für die Rückmeldung.
Hier die gewünschten Daten.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by user (administrator) on USER-PC (30-07-2015 23:02:25)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Cold Turkey\CTService.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Dominik\Programme\ciscoclient\cvpnd.exe
() C:\Program Files\Cold Turkey\CTConfigServer.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
() C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
() C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Dominik\Programme\Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\scalc.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
() C:\Program Files (x86)\Common Files\421f63af-3585-4410-b9ef-1ec5abd70f34\updater.exe
() C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugincontainer.exe
() C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\3\Plugin.exe
() C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\2\Plugin.exe
() C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\5\Plugin.exe
() C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\8\Plugin.exe
() C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\10\Plugin.exe
() C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\6\Plugin.exe
() C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\7\Plugin.exe
() C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\3\Plugin.exe
() C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\7\Plugin.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\...\Run: [Dropbox Update] => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2014-03-25]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sm-rhb-30__alt__ddc_dsssyc_bd_com
HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sm-rhb-30__alt__ddc_dsssyc_bd_com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sm-rhb-30__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sm-rhb-30__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sm-rhb-30__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000 -> OldSearch URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M7F092E0D-6A76-417A-AB83-06E7737A94DE&SearchSource=58&CUI=&UM=6&UP=SPD92F3851-3728-4B6F-A727-7F5255D9E2C7&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sm-rhb-30__alt__ddc_dss_bd_com&p={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-05-27] (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-26] (Oracle Corporation)
BHO-x32: More Results Hub -> {a8345a32-3b31-410a-bfbf-f2fdb81ba019} -> C:\Program Files (x86)\More Results Hub\Extensions\a8345a32-3b31-410a-bfbf-f2fdb81ba019.dll [2015-07-25] ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-26] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-07-16] (DVDVideoSoft Ltd.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{E1796407-EE12-4BF9-A2CF-56DFA7F556C0}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{F803A312-9FB2-4B80-830E-D0882C84BC70}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507
FF NewTab: hxxp://de.search.yahoo.com/?fr=hp-ddc-bd-tab&type=bl-bfr-sm-rhb-30__alt__ddc_dsssyctab_bd_com
FF DefaultSearchEngine: Yahoo Search!
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Yahoo Search!
FF Homepage: hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bfr-sm-rhb-30__alt__ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bfr-sm-rhb-30__alt__ddc_dss_bd_com&p={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-19] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\g2mr5o1m.default-1413196550790\user.js [2015-07-25]
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\user.js [2015-07-25]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\searchplugins\yahoo-search.xml [2015-07-25]
FF Extension: More Results Hub - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\g2mr5o1m.default-1413196550790\Extensions\{5536b186-1857-479d-821d-a99a1456d7c9}.xpi [2015-07-25]
FF Extension: Flash Video Downloader - YouTube HD Downloader [4K] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\Extensions\artur.dubovoy@gmail.com [2015-07-25]
FF Extension: Bing Search Engine - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\Extensions\bingsearch.full@microsoft.com [2015-04-08]
FF Extension: YouTube Unblocker - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\Extensions\youtubeunblocker__web@unblocker.yt [2015-06-11]
FF Extension: EPUBReader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-29]
FF Extension: Grooveshark Unlocker - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\Extensions\groovesharkUnlocker@overlord1337.xpi [2014-11-06]
FF Extension: ProxTube - Unblock YouTube - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\Extensions\ich@maltegoetz.de.xpi [2015-05-03]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-01-30]
FF Extension: More Results Hub - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\Extensions\{5536b186-1857-479d-821d-a99a1456d7c9}.xpi [2015-07-25]
FF Extension: {aa991923-b0b8-4938-b763-2aacc9c6992f} - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\Extensions\{aa991923-b0b8-4938-b763-2aacc9c6992f}.xpi [2015-03-17]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-03]
FF Extension: DivX Wizard - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\Extensions\{e93aa736-6c93-453a-a708-2fd62fbd573e}.xpi [2015-07-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-03]
FF HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-08-01]
FF HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hxod2v34.default-1408804336995\extensions\cliqz@cliqz.com

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-12]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-12]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-12]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-12]
CHR Extension: (Instair New Tab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdepldelkjiaidnlfgbffbnbljjddfh [2014-08-21]
CHR Extension: (Extensions new tab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimnlpkklbehlibkphacaolndffafifk [2014-08-22]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-12]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 CTService; C:\Program Files\Cold Turkey\CTService.exe [62976 2013-12-08] () [File not signed]
R2 CVPND; C:\Dominik\Programme\ciscoclient\cvpnd.exe [1529856 2011-03-04] (Cisco Systems, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Service Mgr MoreResultsHub; C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugincontainer.exe [1096976 2015-07-30] ()
R2 Update Mgr MoreResultsHub; C:\Program Files (x86)\Common Files\421f63af-3585-4410-b9ef-1ec5abd70f34\updater.exe [1030928 2015-07-30] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2013-05-06] ()
R2 ZDServ; C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe [427264 2014-07-07] ()

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 atmeltpm; C:\Windows\System32\DRIVERS\atmeltpm64.sys [19456 2011-08-05] (Atmel, Inc.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2015-03-12] (QUALCOMM Incorporated)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-31] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 TPPWRIF; C:\Dominik\Programme\Lenovo Battery Utility 2014\TPPWR64V.sys [20736 2014-03-05] (Lenovo Group Limited)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 23:02 - 2015-07-30 23:02 - 00023555 _____ C:\Users\user\Downloads\FRST.txt
2015-07-30 23:02 - 2015-07-30 23:02 - 00000000 ____D C:\Users\user\Downloads\FRST-OlderVersion
2015-07-30 23:01 - 2015-07-30 23:02 - 02168832 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-07-30 19:15 - 2015-07-30 19:15 - 00010675 _____ C:\Users\user\Desktop\annageschenk.ods
2015-07-30 19:15 - 2015-07-30 19:15 - 00000093 ____H C:\Users\user\Desktop\.~lock.annageschenk.ods#
2015-07-26 13:15 - 2015-07-26 15:10 - 00000000 ____D C:\Users\user\Desktop\Fotos für Wohnung
2015-07-25 23:36 - 2015-07-25 23:36 - 01937816 _____ C:\Users\user\Downloads\Video Wir sind so frei - Doku in Einsfestival.undefined
2015-07-25 23:26 - 2015-07-25 23:26 - 00000000 ____D C:\Users\user\Documents\StreamTransport
2015-07-25 23:23 - 2015-07-30 19:15 - 00000000 ____D C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34
2015-07-25 23:23 - 2015-07-25 23:23 - 00000000 ____D C:\Program Files (x86)\More Results Hub
2015-07-25 23:22 - 2015-07-25 23:22 - 00000000 ____D C:\Users\user\AppData\Roaming\elroar
2015-07-25 23:22 - 2015-07-25 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
2015-07-25 23:19 - 2015-07-25 23:19 - 01198368 _____ C:\Users\user\Downloads\StreamTransport - CHIP-Installer.exe
2015-07-25 23:09 - 2015-07-25 23:33 - 00000000 ____D C:\Users\user\.mediathek3
2015-07-25 23:07 - 2015-07-25 23:07 - 01198368 _____ C:\Users\user\Downloads\MediathekView - CHIP-Installer.exe
2015-07-25 14:04 - 2015-07-25 14:18 - 00000000 ____D C:\Users\user\AppData\Roaming\Meltdown
2015-07-25 14:04 - 2015-07-25 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Meltdown
2015-07-25 11:11 - 2015-07-25 11:11 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-21 19:44 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 19:44 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 19:44 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 19:44 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 19:44 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 19:44 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 19:44 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 19:44 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 19:44 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 19:44 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 18:46 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 18:46 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 18:46 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 18:46 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 18:46 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 18:46 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 18:46 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 18:46 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 18:46 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 18:46 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 18:46 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 18:46 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 18:46 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 18:46 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 18:46 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 18:46 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 18:46 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 18:46 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 18:46 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 18:46 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 18:46 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 18:45 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 18:45 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 18:45 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 18:45 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 18:45 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 18:45 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 18:45 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 18:45 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 18:45 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 18:45 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 18:45 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 18:45 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 18:45 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 18:45 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 18:45 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 18:45 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 18:45 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 18:45 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 18:45 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 18:45 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 18:45 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 18:45 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 18:45 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 18:45 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 18:45 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 18:45 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 18:45 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 18:45 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 18:45 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 18:45 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 18:45 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 18:45 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 18:45 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 18:45 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 18:45 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 18:45 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 18:45 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 18:45 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 18:45 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 18:45 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 18:45 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 18:45 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 18:45 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 18:45 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 18:42 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 18:42 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 18:42 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 18:42 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 18:42 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 18:42 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 18:42 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 18:42 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 18:42 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 18:42 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 18:42 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 18:42 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 18:42 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 18:42 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 18:42 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 18:42 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 18:42 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 18:42 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 18:42 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 18:42 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 18:42 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 18:42 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 18:42 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 18:42 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 18:42 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 18:42 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 18:42 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 18:42 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 18:42 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 18:42 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 18:42 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 18:42 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 18:42 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 18:42 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 18:42 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 18:42 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 18:42 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 18:42 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 18:42 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 18:42 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 18:42 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 18:42 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 18:42 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 18:42 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 18:42 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 18:42 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 18:42 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 18:42 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 18:42 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 18:42 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 18:42 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 18:42 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-05 20:27 - 2015-07-07 20:47 - 00000142 _____ C:\Users\user\Desktop\Fahrradtour.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 23:02 - 2014-08-20 12:40 - 00000000 ____D C:\FRST
2015-07-30 23:00 - 2015-06-20 11:07 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3705937506-1407253618-1579061599-1000UA.job
2015-07-30 22:59 - 2014-01-16 09:01 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-30 22:59 - 2014-01-15 20:26 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2015-07-30 22:59 - 2013-12-08 02:15 - 01685003 _____ C:\Windows\WindowsUpdate.log
2015-07-30 21:33 - 2009-07-14 06:51 - 00067802 _____ C:\Windows\setupact.log
2015-07-30 18:39 - 2015-06-20 11:07 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3705937506-1407253618-1579061599-1000Core.job
2015-07-30 18:39 - 2014-01-16 09:01 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-29 18:01 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-29 18:01 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-29 07:09 - 2009-07-14 07:13 - 00781822 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-29 07:04 - 2014-04-10 11:59 - 00000000 ___RD C:\Users\user\Dropbox
2015-07-29 07:04 - 2014-04-10 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2015-07-29 07:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-27 21:08 - 2010-11-21 05:47 - 00135520 _____ C:\Windows\PFRO.log
2015-07-25 23:33 - 2014-01-18 09:16 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2015-07-23 22:31 - 2009-07-14 06:45 - 00293088 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-19 10:15 - 2015-06-20 11:07 - 00004192 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3705937506-1407253618-1579061599-1000UA
2015-07-19 10:15 - 2015-06-20 11:07 - 00003796 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3705937506-1407253618-1579061599-1000Core
2015-07-17 21:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 22:22 - 2014-12-25 14:21 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-16 22:09 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-16 19:48 - 2013-12-08 03:11 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 18:38 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-14 22:12 - 2014-10-01 11:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-14 22:12 - 2014-01-15 20:26 - 00000000 ____D C:\ProgramData\Skype
2015-07-05 12:52 - 2014-01-30 23:58 - 00000000 ____D C:\Program Files\Cold Turkey
2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 08:43 - 2013-12-08 03:11 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-05-01 21:23 - 2015-05-01 21:23 - 1065984 _____ () C:\Users\user\AppData\Local\file__0.localstorage
2014-01-27 17:16 - 2014-01-27 17:16 - 0000337 _____ () C:\Users\user\AppData\Local\Perfmon.PerfmonCfg

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7xew8m.dll
C:\Users\user\AppData\Local\Temp\i4jdel0.exe
C:\Users\user\AppData\Local\Temp\ICReinstall_OfficialCnCTiberianSun_CB-DL-Manager.exe
C:\Users\user\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\user\AppData\Local\Temp\nsg8EE4.exe
C:\Users\user\AppData\Local\Temp\nsgD5E7.exe
C:\Users\user\AppData\Local\Temp\nsl9876.exe
C:\Users\user\AppData\Local\Temp\nslCC45.exe
C:\Users\user\AppData\Local\Temp\nsoA9E.exe
C:\Users\user\AppData\Local\Temp\optprosetup.exe
C:\Users\user\AppData\Local\Temp\paint.net.4.0.3.install.exe
C:\Users\user\AppData\Local\Temp\sdanircmdc.exe
C:\Users\user\AppData\Local\Temp\sdapskill.exe
C:\Users\user\AppData\Local\Temp\sdaspwn.exe
C:\Users\user\AppData\Local\Temp\setup.exe
C:\Users\user\AppData\Local\Temp\SHSetup.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\SPSetup.exe
C:\Users\user\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\user\AppData\Local\Temp\_is80CD.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-17 20:53

==================== End of log ============================
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by user (2015-07-30 23:03:05)
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3705937506-1407253618-1579061599-500 - Administrator - Disabled)
Guest (S-1-5-21-3705937506-1407253618-1579061599-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3705937506-1407253618-1579061599-1002 - Limited - Enabled)
user (S-1-5-21-3705937506-1407253618-1579061599-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Surf-Stick (HKLM-x32\...\{7438DA7D-782C-450F-BCDC-5FC54E6831B8}) (Version: 1.0.0.2 - ZTE Corporation)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.4 64-bit (HKLM\...\{558B5965-CC1B-4AF1-BA07-5D6832404050}) (Version: 5.4.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
CDisplayEx 1.10.18 (HKLM-x32\...\CDisplayEx_is1) (Version:  - cdisplayex.com)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Clonk Planet (HKLM-x32\...\Clonk Planet) (Version: 4.65 - RedWolf Design)
Cold Turkey version 0.9 (HKLM\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 0.9 - Felix Belzile)
Command & Conquer Tiberian Sun (HKLM-x32\...\{52F25D7D-DEE1-42E7-AB48-D0F014E1F795}_is1) (Version:  - Command & Conquer Communications Center)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.49.53 - Conexant)
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version:  - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.)
elroar (HKLM-x32\...\{576c2c91-0d04-4c34-5587-1ae85d92099a}) (Version: 1.0.0 - toralsup) <==== ATTENTION
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Half-Life 2: Demo (HKLM-x32\...\Steam App 219) (Version:  - Valve)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Battery Utility 2014 1.2 (HKLM-x32\...\{62D5A67D-E5CC-4D79-8998-DDFDB7750346}_is1) (Version: 1.2 - Lenovo Corp)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.03.13 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.00.0000 - SEGA)
Meltdown (HKLM-x32\...\{673B2230-6035-11DE-6784-5813CA2118BE}) (Version: 3 - Poda)
Metro 2033 Demo (HKLM-x32\...\{74027A70-698F-49B4-969D-AA64BE2A8D8B}_is1) (Version:  - THQ)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
More Results Hub (HKLM-x32\...\More Results Hub) (Version: 2.0.5684.19575 - More Results Hub) <==== ATTENTION
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 de)) (Version: 24.2.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
online-foto Bestellsoftware (HKLM-x32\...\online-foto Bestellsoftware) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
Painkiller Demo (HKLM-x32\...\Steam App 3210) (Version:  - People Can Fly)
Painkiller Hell & Damnation Demo (HKLM-x32\...\Steam App 223370) (Version:  - The Farm 51)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
QGIS Dufour 2.0.1 Dufour (HKLM\...\QGIS Dufour) (Version:  - QGIS Development Team)
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SereneScreen Marine Aquarium 2 (HKLM-x32\...\SereneScreen Marine Aquarium 2_is1) (Version: 2.0 - Prolific Publishing, Inc.)
SketchUp 2015 (HKLM\...\{A83795B9-570F-40FF-ACB4-710B568EBA22}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamTransport version: 1.1.6.1 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
War2Combat 3.05 (HKLM-x32\...\War2Combat_is1) (Version: 3.05 - il)
WAV To MP3 V2 (HKLM-x32\...\WAV To MP3_is1) (Version:  - hxxp://www.WAVMP3.net)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XSManager (HKLM-x32\...\XSManager) (Version: 3.2 - XSManager)
YANG (Yet Another Netplay Guider) (HKLM-x32\...\YANG) (Version:  - )
yEd Graph Editor 3.11.1 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.11.1 - yWorks GmbH)
ZDaemon (remove only) (HKLM-x32\...\ZDaemon) (Version:  - )
ZDServer (HKLM-x32\...\{C8197F5F-E0DC-44f1-8AF2-1AA5A84F695D}) (Version: 1.0.1.2 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\user\AppData\Roaming\elroar\pendis.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

28-06-2015 18:07:57 Windows Update
02-07-2015 18:07:18 Windows Update
06-07-2015 16:20:19 Windows Update
09-07-2015 23:44:53 Windows Update
13-07-2015 22:11:31 Windows Update
16-07-2015 19:43:22 Windows Update
21-07-2015 00:03:59 Windows Update
22-07-2015 19:25:26 Windows Update
25-07-2015 14:04:46 Installed Microsoft Visual C++ 2005 Redistributable
26-07-2015 11:24:59 Windows Update
29-07-2015 18:14:10 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-10-29 18:00 - 00005598 ____R C:\Windows\system32\Drivers\etc\hosts



































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {343FA0EC-472E-4898-A351-72A150107C9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {5D9C434B-D032-4F92-88FE-11A4AF10A95F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {A25576EC-6A2A-4DB2-A7EB-5E784629C973} - System32\Tasks\{7728094E-8498-4266-BA28-E921C2676EDE} => pcalua.exe -a "C:\Dominik\Programme\Virenschutz\RevoUninstaller\Revo Uninstaller\Revouninstaller.exe" -d "C:\Dominik\Programme\Virenschutz\RevoUninstaller\Revo Uninstaller"
Task: {B162D77B-0A94-4408-B4D7-634FC86C033F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3705937506-1407253618-1579061599-1000Core => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {C630EE30-91AF-4826-84E7-E9CD8A4E0098} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3705937506-1407253618-1579061599-1000UA => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {E2EB2F22-B9FF-4D3D-996D-5D06AD57806A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3705937506-1407253618-1579061599-1000Core.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3705937506-1407253618-1579061599-1000UA.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-12-28 23:48 - 2013-09-12 09:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-07-06 16:41 - 2015-07-25 23:23 - 00161792 _____ () C:\Users\user\AppData\Roaming\elroar\pendis.dll
2014-01-30 23:58 - 2013-12-08 02:04 - 00062976 _____ () C:\Program Files\Cold Turkey\CTService.exe
2014-01-30 23:58 - 2012-12-21 17:54 - 00006656 _____ () C:\Program Files\Cold Turkey\NetworkTime.dll
2014-01-30 23:58 - 2013-10-27 11:04 - 00557056 _____ () C:\Program Files\Cold Turkey\CTConfigServer.exe
2015-03-12 10:13 - 2013-05-06 15:45 - 00329848 ____N () C:\Program Files (x86)\XSManager\WTGService.exe
2015-03-11 22:04 - 2014-07-07 18:34 - 00427264 _____ () C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
2015-03-11 22:04 - 2014-07-07 18:34 - 00426752 _____ () C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe
2015-07-25 21:55 - 2015-07-30 19:10 - 01030928 _____ () C:\Program Files (x86)\Common Files\421f63af-3585-4410-b9ef-1ec5abd70f34\updater.exe
2015-07-25 21:53 - 2015-07-30 19:15 - 01096976 _____ () C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugincontainer.exe
2015-07-30 19:15 - 2015-07-30 19:15 - 00617232 _____ () C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\3\plugin.exe
2015-07-30 19:15 - 2015-07-30 19:15 - 01205008 _____ () C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\2\plugin.exe
2015-07-30 19:15 - 2015-07-30 19:15 - 00785680 _____ () C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\5\plugin.exe
2015-07-30 19:15 - 2015-07-30 19:15 - 00702224 _____ () C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\8\plugin.exe
2015-07-30 19:15 - 2015-07-30 19:15 - 00512784 _____ () C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\10\plugin.exe
2015-07-30 19:15 - 2015-07-30 19:15 - 00600336 _____ () C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\6\plugin.exe
2015-07-30 08:54 - 2015-07-30 08:54 - 00459536 _____ () C:\ProgramData\421f63af-3585-4410-b9ef-1ec5abd70f34\plugins\7\plugin.exe
2015-07-29 07:04 - 2015-07-29 07:04 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7xew8m.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2011-03-04 13:49 - 2011-03-04 13:49 - 00202752 _____ () C:\Dominik\Programme\ciscoclient\vpnapi.dll
2015-07-06 16:41 - 2015-07-25 23:22 - 00135168 _____ () C:\Users\user\AppData\Roaming\elroar\ningness.dll
2015-05-25 21:21 - 2015-05-25 21:21 - 03350640 _____ () C:\Dominik\Programme\Thunderbird\mozjs.dll
2015-05-25 21:21 - 2015-05-25 21:21 - 00158832 _____ () C:\Dominik\Programme\Thunderbird\NSLDAP32V60.dll
2015-05-25 21:21 - 2015-05-25 21:21 - 00023152 _____ () C:\Dominik\Programme\Thunderbird\NSLDAPPR32V60.dll
2015-07-29 22:15 - 2015-07-29 12:53 - 00032016 _____ () C:\Users\user\AppData\Local\Temp\{81C59211-777D-4911-8548-736195B019B6}.xpi
2015-07-30 19:15 - 2015-07-30 08:54 - 00032016 _____ () C:\Users\user\AppData\Local\Temp\{A2E823FB-4226-478F-B06D-600866D43C60}.xpi
2015-07-30 19:17 - 2015-07-30 08:54 - 00032016 _____ () C:\Users\user\AppData\Local\Temp\{A6DA7989-1C3C-4010-A6D4-912A91E6D358}.xpi
2013-09-20 23:50 - 2013-09-20 23:50 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2013-09-17 14:54 - 2013-09-17 14:54 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2015-02-19 12:29 - 2015-02-19 12:29 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{96354EAF-B4C6-409D-BB4A-F44976AEDDF7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9521B3B1-64C2-484C-9E5E-477B3E068843}C:\program files (x86)\gsc world publishing\s.t.a.l.k.e.r. ìóëüòèïëååð\bin\xr_3da.exe] => (Block) C:\program files (x86)\gsc world publishing\s.t.a.l.k.e.r. ìóëüòèïëååð\bin\xr_3da.exe
FirewallRules: [UDP Query User{0186AE12-FED2-4ED2-81DA-D482E8E0D00F}C:\program files (x86)\gsc world publishing\s.t.a.l.k.e.r. ìóëüòèïëååð\bin\xr_3da.exe] => (Block) C:\program files (x86)\gsc world publishing\s.t.a.l.k.e.r. ìóëüòèïëååð\bin\xr_3da.exe
FirewallRules: [TCP Query User{462A49B6-9A3B-40B1-98A5-472C77761E66}C:\programme\yed\yed.exe] => (Allow) C:\programme\yed\yed.exe
FirewallRules: [UDP Query User{00F14B30-F1C7-409F-A696-96549D995D2C}C:\programme\yed\yed.exe] => (Allow) C:\programme\yed\yed.exe
FirewallRules: [{B49643CE-673C-441F-8CB1-037D0FACB36D}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F3AF97AD-A720-4061-948E-9176F6DD282D}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{9C16A566-EEEA-482A-869A-160142998928}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B3116B0B-9865-4CEF-AB6B-9593D7EF7F0B}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{98720FB8-E084-429A-853C-049B411263BD}C:\dominik\sonstiges\spiele\commandandconquer\game.exe] => (Allow) C:\dominik\sonstiges\spiele\commandandconquer\game.exe
FirewallRules: [UDP Query User{E8C44E1B-599C-41B8-A4CC-DC80A19532CA}C:\dominik\sonstiges\spiele\commandandconquer\game.exe] => (Allow) C:\dominik\sonstiges\spiele\commandandconquer\game.exe
FirewallRules: [TCP Query User{B5FC9B5B-67D2-40A8-8FF3-8E6B754F727F}C:\dominik\sonstiges\spiele\tiberian sun\tiberian sun.exe] => (Block) C:\dominik\sonstiges\spiele\tiberian sun\tiberian sun.exe
FirewallRules: [UDP Query User{AD592A74-B612-43BB-9B1B-818AEF8034F3}C:\dominik\sonstiges\spiele\tiberian sun\tiberian sun.exe] => (Block) C:\dominik\sonstiges\spiele\tiberian sun\tiberian sun.exe
FirewallRules: [TCP Query User{254C91A3-9EE1-4BBE-A86E-85263691D0DC}C:\dominik\sonstiges\spiele\dukennukem3d\duke matcher - windows client\duke matcher 1.0\duke matcher\dukematcher.exe] => (Allow) C:\dominik\sonstiges\spiele\dukennukem3d\duke matcher - windows client\duke matcher 1.0\duke matcher\dukematcher.exe
FirewallRules: [UDP Query User{40E81D0A-B19A-47CA-AF53-5295099F9506}C:\dominik\sonstiges\spiele\dukennukem3d\duke matcher - windows client\duke matcher 1.0\duke matcher\dukematcher.exe] => (Allow) C:\dominik\sonstiges\spiele\dukennukem3d\duke matcher - windows client\duke matcher 1.0\duke matcher\dukematcher.exe
FirewallRules: [TCP Query User{D1121D48-5DA4-47F3-89FD-F26CBF52FFA0}C:\dominik\sonstiges\spiele\dukennukem3d\duke matcher - windows client\yang\yang.exe] => (Allow) C:\dominik\sonstiges\spiele\dukennukem3d\duke matcher - windows client\yang\yang.exe
FirewallRules: [UDP Query User{210E18D4-D37A-4F69-AA08-CAAE9E92634F}C:\dominik\sonstiges\spiele\dukennukem3d\duke matcher - windows client\yang\yang.exe] => (Allow) C:\dominik\sonstiges\spiele\dukennukem3d\duke matcher - windows client\yang\yang.exe
FirewallRules: [TCP Query User{8C6478E0-8A42-459A-876C-900383A1315D}C:\dominik\sonstiges\spiele\war2combat\warcraft ii bne.exe] => (Block) C:\dominik\sonstiges\spiele\war2combat\warcraft ii bne.exe
FirewallRules: [UDP Query User{75E7DD15-3E99-4B2C-8352-EC4212AEC9D9}C:\dominik\sonstiges\spiele\war2combat\warcraft ii bne.exe] => (Block) C:\dominik\sonstiges\spiele\war2combat\warcraft ii bne.exe
FirewallRules: [TCP Query User{C29D7DAE-6848-4B7A-87AB-81D0513F5793}C:\dominik\sonstiges\spiele\tiberian sun\tiberian sun.exe] => (Block) C:\dominik\sonstiges\spiele\tiberian sun\tiberian sun.exe
FirewallRules: [UDP Query User{157FD495-46FE-468F-A1C0-8F24A69740C7}C:\dominik\sonstiges\spiele\tiberian sun\tiberian sun.exe] => (Block) C:\dominik\sonstiges\spiele\tiberian sun\tiberian sun.exe
FirewallRules: [{F1524149-1CCF-40A9-9845-C4C23F26104A}] => (Allow) C:\Dominik\sonstiges\spiele\steam\Steam.exe
FirewallRules: [{DA1297BC-F638-4726-B4E8-D4449DE4ED91}] => (Allow) C:\Dominik\sonstiges\spiele\steam\Steam.exe
FirewallRules: [{CB6F7F79-40DA-483C-85F7-67FB9FD7E5FF}] => (Allow) C:\Dominik\sonstiges\spiele\steam\bin\steamwebhelper.exe
FirewallRules: [{B3C18334-6D0B-4674-B3D2-BB63370F0CD0}] => (Allow) C:\Dominik\sonstiges\spiele\steam\bin\steamwebhelper.exe
FirewallRules: [{F2266684-5CBF-4D69-8EC6-34957747C67E}] => (Allow) C:\Dominik\sonstiges\spiele\steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{378C492B-7394-46AF-A582-BB659D6D0B65}] => (Allow) C:\Dominik\sonstiges\spiele\steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{9ADBDC08-51C6-4E6F-8B0E-1E2E917EE54D}] => (Allow) C:\Dominik\sonstiges\spiele\steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{04231C4A-E445-4D5D-8C7B-4FE4D25D7703}] => (Allow) C:\Dominik\sonstiges\spiele\steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{62B22E62-4C1B-451E-A4E3-EEDEA3DEED74}] => (Allow) C:\Dominik\sonstiges\spiele\steam\SteamApps\common\Painkiller Hell & Damnation Demo\Binaries\Win32\PKHDGame-Win32-Shipping.exe
FirewallRules: [{3E2C22D8-AAC5-4ED1-93DE-C2750F577CE5}] => (Allow) C:\Dominik\sonstiges\spiele\steam\SteamApps\common\Painkiller Hell & Damnation Demo\Binaries\Win32\PKHDGame-Win32-Shipping.exe
FirewallRules: [{0E4D3E4D-AAFD-40AA-9538-48886017B085}] => (Allow) C:\Dominik\sonstiges\spiele\steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{6D53EF41-9530-4E1E-B9C6-163F1C47C677}] => (Allow) C:\Dominik\sonstiges\spiele\steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{FC32617B-A2B1-4FFA-AD55-834297D9EA7F}] => (Allow) C:\Dominik\sonstiges\spiele\steam\SteamApps\common\Painkiller Demo\Bin\PainGame.exe
FirewallRules: [{833E9490-E8F4-4353-A889-D61125DAC61C}] => (Allow) C:\Dominik\sonstiges\spiele\steam\SteamApps\common\Painkiller Demo\Bin\PainGame.exe
FirewallRules: [{A7C85A09-6500-4071-A861-0E467B36FDA8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{63D0D9E9-D6D6-4498-8287-5BF133F2CB49}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4F92E3F2-D8B0-40EB-BFAB-ED124C808E3D}] => (Allow) C:\Dominik\sonstiges\spiele\Meltdown.exe
FirewallRules: [{70686225-14CA-4B71-BC37-291DC3463A53}] => (Allow) C:\Dominik\sonstiges\spiele\Meltdown.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2015 07:05:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2015 09:37:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17909, time stamp: 0x55844c24
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b3e0
Exception code: 0xc0000374
Fault offset: 0x000cea0b
Faulting process id: 0x1584
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (07/27/2015 09:10:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2015 11:11:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 10:32:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 07:23:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2015 01:30:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2015 10:10:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2015 10:02:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2015 05:52:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/30/2015 09:48:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (07/30/2015 09:48:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (07/30/2015 09:44:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (07/30/2015 09:42:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/30/2015 09:42:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/30/2015 09:40:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (07/30/2015 09:40:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (07/30/2015 09:40:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (07/30/2015 09:40:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (07/30/2015 09:40:34 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office:
=========================
Error: (07/29/2015 07:05:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2015 09:37:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1790955844c24ntdll.dll6.1.7601.187985507b3e0c0000374000cea0b158401d0c8f222b5dd45C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll1da2e6a6-3560-11e5-aeeb-ec55f9de5f26

Error: (07/27/2015 09:10:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2015 11:11:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 10:32:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 07:23:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2015 01:30:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2015 10:10:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2015 10:02:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2015 05:52:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity:
===================================
  Date: 2015-07-30 18:47:11.924
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-30 18:44:47.469
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-29 23:09:46.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-29 21:26:20.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-29 21:22:10.421
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-29 21:11:50.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-29 21:06:43.205
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-29 21:06:09.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-29 20:54:25.660
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-29 20:53:14.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz
Percentage of memory in use: 58%
Total physical RAM: 8051.67 MB
Available physical RAM: 3357.37 MB
Total Virtual: 16101.54 MB
Available Virtual: 11153.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:381.42 GB) (Free:68.24 GB) NTFS
Drive g: (HP850) (Removable) (Total:0.95 GB) (Free:0.07 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DE2F4001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=381.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=84.2 GB) - (Type=05)

========================================================
Disk: 1 (Size: 968.5 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================
--- --- ---

schrauber 31.07.2015 12:30
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    elroar

    More Results Hub


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Dominik H. 11.08.2015 21:46
Habe erst jetzt die Zeit gefunden, die gewünschten Schritte auszuführen.

Aktuell funktioniert die Googlesuche wieder wie gewünscht. Auch meine Startseiten in Firefox sind wieder einstellbar.
Allerdings taucht weiterhin die Yahoo Suche auf, wenn ich einen neuen Tab öffne.
Folgende URL wird dann angezeigt

de.search.yahoo.com/?fr=hp-ddc-bd-tab&type=bl-bfr-sm rhb-30__alt__ddc_dsssyctab_bd_com

Combofixdaten sind wie folgt:
Code:
ComboFix 15-08-08.01 - user 11.08.2015  22:29:55.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.1.1033.18.8052.5996 [GMT 2:00]
Running from: c:\users\user\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\374311380
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdepldelkjiaidnlfgbffbnbljjddfh
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdepldelkjiaidnlfgbffbnbljjddfh\170\background.html
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdepldelkjiaidnlfgbffbnbljjddfh\170\BzddpMEivZ.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdepldelkjiaidnlfgbffbnbljjddfh\170\content.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdepldelkjiaidnlfgbffbnbljjddfh\170\FTZmfbB.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdepldelkjiaidnlfgbffbnbljjddfh\170\lsdb.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdepldelkjiaidnlfgbffbnbljjddfh\170\manifest.json
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdepldelkjiaidnlfgbffbnbljjddfh\170\s3q.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimnlpkklbehlibkphacaolndffafifk
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimnlpkklbehlibkphacaolndffafifk\189\background.html
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimnlpkklbehlibkphacaolndffafifk\189\content.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimnlpkklbehlibkphacaolndffafifk\189\egnSnOLS6H.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimnlpkklbehlibkphacaolndffafifk\189\Jsl6dYbMc.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimnlpkklbehlibkphacaolndffafifk\189\lsdb.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimnlpkklbehlibkphacaolndffafifk\189\manifest.json
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimnlpkklbehlibkphacaolndffafifk\189\mi.js
.
.
(((((((((((((((((((((((((  Files Created from 2015-07-11 to 2015-08-11  )))))))))))))))))))))))))))))))
.
.
2015-08-11 20:35 . 2015-08-11 20:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-08-11 18:32 . 2015-07-02 16:07        1190000        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3342DD79-DF4D-4196-8B21-64B02A676395}\gapaengine.dll
2015-08-11 18:31 . 2015-07-15 01:12        12222168        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12BF18EB-39C1-4B8D-92A1-BA73B5B57310}\mpengine.dll
2015-08-10 17:09 . 2015-07-15 01:12        12222168        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-09 16:39 . 2015-08-09 16:39        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2015-08-09 16:39 . 2015-08-09 16:39        --------        d-----r-        c:\program files (x86)\Skype
2015-08-06 15:44 . 2015-07-02 16:07        1190000        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BD18452-FDE4-4C88-B46D-3D930A8B24BF}\gapaengine.dll
2015-07-25 21:09 . 2015-07-25 21:33        --------        d-----w-        c:\users\user\.mediathek3
2015-07-25 12:04 . 2015-07-25 12:18        --------        d-----w-        c:\users\user\AppData\Roaming\Meltdown
2015-07-21 17:44 . 2015-07-15 03:19        41984        ----a-w-        c:\windows\system32\lpk.dll
2015-07-21 17:44 . 2015-07-15 03:19        14336        ----a-w-        c:\windows\system32\dciman32.dll
2015-07-21 17:44 . 2015-07-15 03:19        46080        ----a-w-        c:\windows\system32\atmlib.dll
2015-07-21 17:44 . 2015-07-15 02:55        10240        ----a-w-        c:\windows\SysWow64\dciman32.dll
2015-07-21 17:44 . 2015-07-15 02:55        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2015-07-21 17:44 . 2015-07-15 01:59        372224        ----a-w-        c:\windows\system32\atmfd.dll
2015-07-21 17:44 . 2015-07-15 01:52        299008        ----a-w-        c:\windows\SysWow64\atmfd.dll
2015-07-21 17:44 . 2015-07-15 03:19        100864        ----a-w-        c:\windows\system32\fontsub.dll
2015-07-21 17:44 . 2015-07-15 02:55        70656        ----a-w-        c:\windows\SysWow64\fontsub.dll
2015-07-21 17:44 . 2015-07-15 02:54        25600        ----a-w-        c:\windows\SysWow64\lpk.dll
2015-07-15 16:45 . 2015-06-19 18:24        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2015-07-15 16:42 . 2015-07-04 18:07        2087424        ----a-w-        c:\windows\system32\ole32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-05 10:08 . 2010-11-21 03:27        300704        ------w-        c:\windows\system32\MpSigStub.exe
2015-07-03 06:43 . 2013-12-08 01:11        130333168        ----a-w-        c:\windows\system32\MRT.exe
2015-07-02 16:07 . 2014-01-23 15:40        1190000        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-07-16 14:56        297128        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44        189464        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"="c:\users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-20 134512]
"BingSvc"="c:\users\user\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2015-04-07 144008]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-07-28 53655680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 39179912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ZDServ;ZDServ;c:\programdata\ZDSupport\ZDServ\ZDServ.exe;c:\programdata\ZDSupport\ZDServ\ZDServ.exe [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnsusbser.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 CTService;CTService;c:\program files\Cold Turkey\CTService.exe;c:\program files\Cold Turkey\CTService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys;c:\windows\SYSNATIVE\DRIVERS\risdsne64.sys [x]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe;c:\program files (x86)\XSManager\WTGService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-11 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3705937506-1407253618-1579061599-1000Core.job
- c:\users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20 09:07]
.
2015-08-11 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3705937506-1407253618-1579061599-1000UA.job
- c:\users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20 09:07]
.
2015-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16 07:01]
.
2015-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16 07:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-05-27 15:49        357376        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:50        226328        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:50        226328        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:50        226328        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:50        226328        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:50        226328        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:50        226328        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:50        226328        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:50        226328        ----a-w-        c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sm-rhb-30__alt__ddc_dsssyc_bd_com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\
FF - prefs.js: browser.search.selectedEngine - Yahoo Search!
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bfr-sm-rhb-30__alt__ddc_dss_bd_com&p={searchTerms}
FF - user.js: app.update.enabled - false
FF - user.js: app.update.auto - false
FF - user.js: app.update.silent - false
FF - user.js: app.update.staging.enabled - false
user_pref(extensions.autoDisableScopes,14);
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-3309-7404-0599-8908 - c:\programme\yEd\uninstall.exe
AddRemove-Audacity_is1 - c:\programme\Audacity\unins000.exe
AddRemove-Clonk Planet - c:\windows\system32\GKSUI18.EXE
AddRemove-Dia - c:\programme\diagramme\dia-0.97.2-uninstall.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\programme\Virenschutz\Malwarebites\unins000.exe
AddRemove-Mozilla Thunderbird 24.2.0 (x86 de) - c:\programme\Thunderbird\uninstall\helper.exe
AddRemove-{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1 - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hxod2v34.default-1408804336995\extensions\cliqz@cliqz.com\unins000.exe
AddRemove-{E3723A04-A894-4036-A78E-282E18F43C0A}_is1 - c:\programme\Tinypic\unins000.exe
AddRemove-Mozilla Thunderbird 24.3.0 (x86 de) - c:\programme\Thunderbird\uninstall\helper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-11  22:42:11
ComboFix-quarantined-files.txt  2015-08-11 20:42
.
Pre-Run: 78.601.035.776 bytes free
Post-Run: 87.096.221.696 bytes free
.
- - End Of File - - E12C7D93BE418ED8C023503E7B42BE90
8E734BD7AA1D4F7E9AF58DF495F6CF9E
Danke weiterhin!!

Grüße
Dominik

schrauber 12.08.2015 11:37
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Dominik H. 13.08.2015 18:05
Leider taucht Yahoo weiterhin auf, wenn ein neuer Tab gestartet wird. :heulen:
Hier die Daten:

Malwarebytes:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 13.08.2015
Suchlaufzeit: 18:29
Protokolldatei: malware.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.08.13.05
Rootkit-Datenbank: v2015.08.06.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: user

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 365158
Abgelaufene Zeit: 13 Min., 55 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 12
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [f8616c9c35561c1a570601953ac8d62a],
PUP.Optional.MoreResultsHub.A, HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A8345A32-3B31-410A-BFBF-F2FDB81BA019}, In Quarantäne, [adacfd0b731855e17e5298f8867c37c9],
PUP.Optional.MoreResultsHub.A, HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A8345A32-3B31-410A-BFBF-F2FDB81BA019}, In Quarantäne, [adacfd0b731855e17e5298f8867c37c9],
PUP.Optional.BDYahoo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [eb6e897f2c5fc86ead5f4668c63e8e72],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [26331fe9cbc0b18552b21096b84c2ad6],
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}, In Quarantäne, [3227ea1e5e2d4ee849904463a06434cc],
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, In Quarantäne, [75e445c35833dc5affdb6542ab59c739],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [5207de2ae1aa69cd90743a6cfb09d030],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, In Quarantäne, [04555dab74172a0c85536d3aa55f3ec2],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, In Quarantäne, [69f0d335bad1e6509f395156838132ce],
PUP.Optional.BDYahoo.A, HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [4019ef1917746ec8a06b06a88b7907f9],
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\SOFTWARE\OPTIMIZER PRO, In Quarantäne, [4118d03884078fa7b601297c8d77dc24],

Registrierungswerte: 8
PUP.Optional.BDYahoo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sm-rhb-30__alt__ddc_dss_bd_com&p={searchTerms}, In Quarantäne, [eb6e897f2c5fc86ead5f4668c63e8e72]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [26331fe9cbc0b18552b21096b84c2ad6]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [5207de2ae1aa69cd90743a6cfb09d030]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M7F092E0D-6A76-417A-AB83-06E7737A94DE&SearchSource=58&CUI=&UM=6&UP=SPD92F3851-3728-4B6F-A727-7F5255D9E2C7&q={searchTerms}&SSPV=, In Quarantäne, [5cfd0efa6922152166431a8253b116ea]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantäne, [f168f117ef9c61d5d8016db147bc1ee2]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi search, In Quarantäne, [b1a8ee1ae0ab092dc0e96a3209fb4bb5]
PUP.Optional.BDYahoo.A, HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sm-rhb-30__alt__ddc_dss_bd_com&p={searchTerms}, In Quarantäne, [4019ef1917746ec8a06b06a88b7907f9]
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\SOFTWARE\OPTIMIZER PRO|AdsBuyNowURL, hxxp://www.safeshopgate.com/r?s=121001227&g=90561C13-D3A0-A44D-2A89-EB8079783DBB, In Quarantäne, [4118d03884078fa7b601297c8d77dc24]

Registrierungsdaten: 2
PUP.Optional.BDYahoo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sm-rhb-30__alt__ddc_dsssyc_bd_com, Gut: (www.google.com), Schlecht: (hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sm-rhb-30__alt__ddc_dsssyc_bd_com),Ersetzt,[cc8d719785066dc962944e03b94c3ac6]
PUP.Optional.BDYahoo.A, HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sm-rhb-30__alt__ddc_dsssyc_bd_com, Gut: (www.google.com), Schlecht: (hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sm-rhb-30__alt__ddc_dsssyc_bd_com),Ersetzt,[cc8d25e3880356e08f65d47d020349b7]

Ordner: 7
PUP.Optional.OptimizerPro.A, C:\Users\user\Documents\Optimizer Pro, In Quarantäne, [d287b5532566122445701a8bf90bb54b],
PUP.Optional.MultiPlug.F, C:\ProgramData\6708d192f77ba67d, In Quarantäne, [f861ed1bb4d7e84ea401a30c64a0dd23],
PUP.Optional.OpenCandy, C:\Users\user\AppData\Roaming\OpenCandy, In Quarantäne, [e2774cbcf7942c0a8189b330847ee11f],
PUP.Optional.OpenCandy, C:\Users\user\AppData\Roaming\OpenCandy\389C5056004E425482D74ED6B9852AD7, In Quarantäne, [e2774cbcf7942c0a8189b330847ee11f],
PUP.Optional.OpenCandy, C:\Users\user\AppData\Roaming\OpenCandy\EFBC1A4CC9AF4CE6B7650E062B13DD11, In Quarantäne, [e2774cbcf7942c0a8189b330847ee11f],
PUP.Optional.CoolSaleCoupon.A, C:\ProgramData\CoolSaLeCoupOn, In Quarantäne, [5108ef19c9c2eb4b653e8674c53d768a],
PUP.Optional.CoolSaleCoupon.A, C:\Program Files (x86)\CoolSaLeCoupOn, In Quarantäne, [3b1eca3ef09b3303b9eb7783719110f0],

Dateien: 18
PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Roaming\OpenCandy\EFBC1A4CC9AF4CE6B7650E062B13DD11\sp-downloader.exe, In Quarantäne, [2237af59018ae056f36a220705fc639d],
PUP.Optional.DownloadGuide.A, C:\Users\user\Downloads\OfficialCnCTiberianSun_CB-DL-Manager.exe, In Quarantäne, [c49550b866250333c5075a4f52af44bc],
PUP.Optional.Downloader, C:\Users\user\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe, In Quarantäne, [bb9e5dab4a410f27cb364008dc24ec14],
PUP.Optional.OptimizerPro.A, C:\Users\user\Documents\Optimizer Pro\CookiesException.txt, In Quarantäne, [d287b5532566122445701a8bf90bb54b],
PUP.Optional.MultiPlug.F, C:\ProgramData\6708d192f77ba67d\{0C516764-8CFC-C2FE-7BB0-A50A646E4DCD}.20140823154351, In Quarantäne, [f861ed1bb4d7e84ea401a30c64a0dd23],
PUP.Optional.MultiPlug.F, C:\ProgramData\6708d192f77ba67d\34e2e82387c90a766dc80c7d1f986c8c.ini, In Quarantäne, [f861ed1bb4d7e84ea401a30c64a0dd23],
PUP.Optional.MultiPlug.F, C:\ProgramData\6708d192f77ba67d\391d8035b5bee6216dc80c7d1f986c8c.ini, In Quarantäne, [f861ed1bb4d7e84ea401a30c64a0dd23],
PUP.Optional.MultiPlug.F, C:\ProgramData\6708d192f77ba67d\b6a46afacac9d2f26dc80c7d1f986c8c.ini, In Quarantäne, [f861ed1bb4d7e84ea401a30c64a0dd23],
PUP.Optional.MultiPlug.F, C:\ProgramData\6708d192f77ba67d\c6fe71eb0df193216dc80c7d1f986c8c.ini, In Quarantäne, [f861ed1bb4d7e84ea401a30c64a0dd23],
PUP.Optional.OpenCandy, C:\Users\user\AppData\Roaming\OpenCandy\389C5056004E425482D74ED6B9852AD7\OptimizerPro.exe, In Quarantäne, [e2774cbcf7942c0a8189b330847ee11f],
PUP.Optional.BDYahoo.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd-tab&type=bl-bfr-sm-rhb-30__alt__ddc_dsssyctab_bd_com");), Ersetzt,[3f1a6e9af497a78f3335e5a68f7648b8]
PUP.Optional.BDYahoo.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bfr-sm-rhb-30__alt__ddc_dss_bd_com&p={searchTerms}");), Ersetzt,[5bfe12f62b60cd690c5d1f6cdd281ee2]
PUP.Optional.BDYahoo.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\searchplugins\yahoo-search.xml, In Quarantäne, [dc7d4eba7714092d8ec36b1dea1bb947],
PUP.Optional.BDYahoo.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\searchplugins\yahoo.xml, In Quarantäne, [ea6fbc4c07847abcd423c1c574915ba5],
PUP.Optional.BDYahoo.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\g2mr5o1m.default-1413196550790\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd-tab&type=bl-bfr-sm-rhb-30__alt__ddc_dsssyctab_bd_com");), Ersetzt,[51080cfcb4d71c1af96ff99220e5b848]
PUP.Optional.BDYahoo.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\g2mr5o1m.default-1413196550790\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bfr-sm-rhb-30__alt__ddc_dss_bd_com&p={searchTerms}");), Ersetzt,[c59460a89deeac8ac0a95e2d27deb14f]
PUP.Optional.BDYahoo.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\g2mr5o1m.default-1413196550790\prefs.js, Gut: (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Schlecht: (browser.startup.homepage", "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl), Ersetzt,[44157e8a5f2ce6502d926d1fe124639d]
PUP.Optional.BDYahoo.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\g2mr5o1m.default-1413196550790\searchplugins\yahoo.xml, In Quarantäne, [0e4b25e35635ca6c985f1571a75e1fe1],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
AdwCleaner:
Code:
# AdwCleaner v4.208 - Logfile created 13/08/2015 at 18:50:05
# Updated 09/07/2015 by Xplode
# Database : 2015-08-12.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen
Folder Deleted : C:\Program Files (x86)\SereneScreen
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\foxydeal.sqlite
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2dz2xpoy.default-1414599074507\user.js
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\g2mr5o1m.default-1413196550790\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\SereneScreen
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6CC4BF79-7708-4ECB-8F2B-A11264A67989}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\SereneScreen

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v38.0.5 (x86 de)


-\\ Google Chrome v

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3461 bytes] - [13/08/2015 18:49:23]
AdwCleaner[S0].txt - [3188 bytes] - [13/08/2015 18:50:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3247  bytes] ##########
Junkware
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 7 Professional x64
Ran by user on 13.08.2015 at 18:54:51,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\2dz2xpoy.default-1414599074507\minidumps [9 files]



~~~ Chrome


[C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.08.2015 at 18:59:27,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Grüße
Dominik

schrauber 14.08.2015 08:51

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19