Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PC Optimizer Pro eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.02.2014, 17:43   #1
Lynette
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Hallo,

leider habe ich mir irgendwie den PC Optimizer Pro eingefangen . Er hat sich von alleine installiert und gestartet. Ich habe versucht, ihn über den CC - Cleaner zu löschen, das sah aber nicht sehr vertrauenswürdig aus. Nun möchte ich gerne sicher gehen, ob mein Laptop clean ist.
Betriebssystem ist Windows8 und Kaspersky auf dem neusten Stand, das hat aber weder gewarnt noch etwas gefunden bei der kompletten Untersuchung.

Ich habe Eure Anleitung ausgeführt mit folgenden Ergebnissen:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Jutta (administrator) on JUTTA on 02-02-2014 18:14:41
Running from C:\Users\Jutta\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Bandoo Media, inc) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DATAMNGR] - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe [1890744 2012-09-02] (Bandoo Media, inc)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Runonce: [extractnow] -  [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3859018946-3778628707-202508750-1002\...\Run: [Spotify] - C:\Users\Jutta\AppData\Roaming\Spotify\Spotify.exe [4736000 2013-10-07] (Spotify Ltd)
HKU\S-1-5-21-3859018946-3778628707-202508750-1002\...\Run: [Spotify Web Helper] - C:\Users\Jutta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-07] (Spotify Ltd)
HKU\S-1-5-21-3859018946-3778628707-202508750-1002\...\Run: [SkyDrive] - C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKU\S-1-5-21-3859018946-3778628707-202508750-1002\...\Run: [Power2GoExpress] - C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.)
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll [2300344 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll [1528760 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~2\wia6eb~1\datamngr\datamngr.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll [1723320 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs-x32: c:\progra~2\wia6eb~1\datamngr\iebho.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll [1185208 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3859018946-3778628707-202508750-1002\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-03]
CHR Extension: (Google-Suche) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-03]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-07-03]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-07-03]
CHR Extension: (Modul für das Blockieren gefährlicher Webseiten) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-07-03]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-07-03]
CHR Extension: (Google Mail) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-03]
CHR Extension: (Anti-Banner) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-07-03]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-02-02] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-29] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-12-29] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [623712 2013-12-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-29] (Kaspersky Lab ZAO)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-10-04] (ASUSTek Computer Inc.)
R3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1119232 2012-06-30] (Realtek Semiconductor Corporation                           )
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-12] (Microsoft Corporation)
S0 msahci; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-02 18:13 - 2014-02-02 18:13 - 00043252 _____ () C:\Users\Jutta\Documents\FRST.txt
2014-02-02 18:12 - 2014-02-02 18:14 - 00016145 _____ () C:\Users\Jutta\Documents\Addition.txt
2014-02-02 18:11 - 2014-02-02 18:14 - 00016145 _____ () C:\Users\Jutta\Downloads\Addition.txt
2014-02-02 18:10 - 2014-02-02 18:14 - 00026316 _____ () C:\Users\Jutta\Downloads\FRST.txt
2014-02-02 18:10 - 2014-02-02 18:14 - 00000000 ____D () C:\FRST
2014-02-02 18:08 - 2014-02-02 18:09 - 02080256 _____ (Farbar) C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 18:08 - 2014-02-02 18:08 - 00000472 _____ () C:\Users\Jutta\Downloads\defogger_disable.log
2014-02-02 18:08 - 2014-02-02 18:08 - 00000000 _____ () C:\Users\Jutta\defogger_reenable
2014-02-02 18:07 - 2014-02-02 18:07 - 00050477 _____ () C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 17:47 - 2014-02-02 17:47 - 00000000 ____D () C:\Users\Jutta\Documents\Add-in Express
2014-02-02 17:05 - 2014-02-02 17:05 - 00000000 ____D () C:\Users\Jutta\Documents\Optimizer Pro
2014-02-02 17:01 - 2014-02-02 17:02 - 00000000 ___RD () C:\Users\Jutta\Downloads\AFF540DC.Unpacker_v7353qx4kg3sa!App
2014-02-02 16:59 - 2014-02-02 17:17 - 00000000 ____D () C:\Users\Jutta\AppData\Roaming\awesomehp
2014-02-02 16:59 - 2014-02-02 17:16 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\ProgramData\WPM
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-02 16:58 - 2014-02-02 17:17 - 00000000 ____D () C:\Program Files (x86)\ExtractNow
2014-02-02 16:58 - 2014-02-02 16:58 - 00001033 _____ () C:\Users\Jutta\Desktop\ExtractNow.lnk
2014-02-02 16:58 - 2014-02-02 16:58 - 00000000 ____D () C:\Users\Jutta\AppData\Local\ExtractNow
2014-02-02 16:57 - 2014-02-02 16:57 - 02025752 _____ (Nathan Moinvaziri) C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 16:54 - 2014-02-02 16:54 - 00486926 _____ () C:\Users\Jutta\Downloads\doenerschlumpf_brakefins.zip
2014-02-02 16:17 - 2014-02-02 16:17 - 00001971 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-02-02 16:01 - 2014-02-02 16:44 - 00000000 ____D () C:\Users\Jutta\Documents\SelfMV
2014-02-02 15:54 - 2013-10-30 12:06 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2014-02-02 15:52 - 2014-02-02 15:53 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 15:43 - 2014-02-02 16:05 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-02-02 15:29 - 2014-02-02 16:21 - 00000000 ____D () C:\Users\Jutta\Documents\samsung
2014-02-02 15:29 - 2014-02-02 16:17 - 00000000 ____D () C:\Users\Jutta\AppData\Roaming\Samsung
2014-02-02 15:29 - 2014-02-02 15:55 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Samsung
2014-02-02 15:29 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-02 15:27 - 2013-10-30 12:13 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-02-02 15:26 - 2014-02-02 15:54 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-02 15:24 - 2014-02-02 16:17 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Downloaded Installations
2014-02-02 15:23 - 2014-02-02 15:23 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Jutta\Downloads\KiesSetup.exe
2014-01-27 09:19 - 2014-02-02 16:17 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-01-27 09:19 - 2014-01-27 09:19 - 00000000 ____D () C:\Windows\twain_64
2014-01-27 09:19 - 2013-10-04 06:31 - 00579072 _____ () C:\Windows\system32\SNWIAUI.dll
2014-01-27 09:19 - 2013-10-04 05:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2014-01-27 09:19 - 2013-10-04 05:53 - 00155136 _____ () C:\Windows\system32\SnImgFlt.dll
2014-01-27 09:19 - 2013-10-04 05:52 - 00068096 _____ () C:\Windows\system32\SnErHdlr.dll
2014-01-27 09:19 - 2013-09-02 03:57 - 00155696 _____ () C:\Windows\wiainst64.exe
2014-01-27 09:19 - 2013-06-01 06:13 - 01571160 ____N () C:\Windows\TotalUninstaller.exe
2014-01-27 09:19 - 2012-12-10 03:09 - 00120846 _____ () C:\Windows\system32\WIAEXSTR.loc
2014-01-27 09:19 - 2012-03-14 00:58 - 00166640 _____ (TWAIN Working Group) C:\Windows\system32\TWAINDSM.dll
2014-01-27 09:19 - 2012-03-14 00:58 - 00148728 _____ (TWAIN Working Group) C:\Windows\SysWOW64\TWAINDSM.dll
2014-01-27 09:19 - 2012-02-09 08:20 - 00355840 _____ (Samsung Electronics) C:\Windows\system32\snWIAMUI.dll
2014-01-27 09:17 - 2014-01-27 09:18 - 23580208 _____ () C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
2014-01-20 21:09 - 2014-01-20 21:10 - 00128000 ___SH () C:\Users\Jutta\Thumbs.db
2014-01-15 22:55 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 22:55 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 22:55 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 22:55 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-13 15:43 - 2014-01-13 15:43 - 00440136 _____ () C:\Users\Jutta\Documents\Gutschrift Wehner Groma.oxps
2014-01-09 17:23 - 2014-01-09 17:23 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-09 17:23 - 2014-01-09 17:23 - 00000000 ____D () C:\Windows\system32\NV
2014-01-09 16:22 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-09 16:22 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys

==================== One Month Modified Files and Folders =======

2014-02-02 18:14 - 2014-02-02 18:12 - 00016145 _____ () C:\Users\Jutta\Documents\Addition.txt
2014-02-02 18:14 - 2014-02-02 18:11 - 00016145 _____ () C:\Users\Jutta\Downloads\Addition.txt
2014-02-02 18:14 - 2014-02-02 18:10 - 00026316 _____ () C:\Users\Jutta\Downloads\FRST.txt
2014-02-02 18:14 - 2014-02-02 18:10 - 00000000 ____D () C:\FRST
2014-02-02 18:13 - 2014-02-02 18:13 - 00043252 _____ () C:\Users\Jutta\Documents\FRST.txt
2014-02-02 18:09 - 2014-02-02 18:08 - 02080256 _____ (Farbar) C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 18:08 - 2014-02-02 18:08 - 00000472 _____ () C:\Users\Jutta\Downloads\defogger_disable.log
2014-02-02 18:08 - 2014-02-02 18:08 - 00000000 _____ () C:\Users\Jutta\defogger_reenable
2014-02-02 18:08 - 2013-07-01 11:22 - 00000000 ____D () C:\Users\Jutta
2014-02-02 18:07 - 2014-02-02 18:07 - 00050477 _____ () C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 18:01 - 2013-07-01 12:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-02 18:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-02 17:47 - 2014-02-02 17:47 - 00000000 ____D () C:\Users\Jutta\Documents\Add-in Express
2014-02-02 17:25 - 2013-07-01 11:34 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3859018946-3778628707-202508750-1002
2014-02-02 17:18 - 2013-07-03 20:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-02 17:17 - 2014-02-02 16:59 - 00000000 ____D () C:\Users\Jutta\AppData\Roaming\awesomehp
2014-02-02 17:17 - 2014-02-02 16:58 - 00000000 ____D () C:\Program Files (x86)\ExtractNow
2014-02-02 17:17 - 2013-07-03 19:16 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-02 17:17 - 2013-07-01 11:26 - 00001440 _____ () C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-02 17:16 - 2014-02-02 16:59 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-02 17:05 - 2014-02-02 17:05 - 00000000 ____D () C:\Users\Jutta\Documents\Optimizer Pro
2014-02-02 17:05 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-02 17:04 - 2013-07-04 13:55 - 00005122 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JUTTA-Jutta Jutta
2014-02-02 17:02 - 2014-02-02 17:01 - 00000000 ___RD () C:\Users\Jutta\Downloads\AFF540DC.Unpacker_v7353qx4kg3sa!App
2014-02-02 17:00 - 2013-07-01 11:23 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Packages
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\ProgramData\WPM
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-02 16:58 - 2014-02-02 16:58 - 00001033 _____ () C:\Users\Jutta\Desktop\ExtractNow.lnk
2014-02-02 16:58 - 2014-02-02 16:58 - 00000000 ____D () C:\Users\Jutta\AppData\Local\ExtractNow
2014-02-02 16:57 - 2014-02-02 16:57 - 02025752 _____ (Nathan Moinvaziri) C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 16:54 - 2014-02-02 16:54 - 00486926 _____ () C:\Users\Jutta\Downloads\doenerschlumpf_brakefins.zip
2014-02-02 16:54 - 2013-07-04 15:32 - 00634368 ___SH () C:\Users\Jutta\Downloads\Thumbs.db
2014-02-02 16:47 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-02-02 16:47 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-02-02 16:47 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-02 16:44 - 2014-02-02 16:01 - 00000000 ____D () C:\Users\Jutta\Documents\SelfMV
2014-02-02 16:44 - 2013-07-01 14:38 - 00000000 ___RD () C:\Users\Jutta\SkyDrive
2014-02-02 16:43 - 2013-07-01 11:27 - 00000416 _____ () C:\Users\Jutta\AppData\Roaming\sp_data.sys
2014-02-02 16:41 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-02 16:40 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-02-02 16:21 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Jutta\Documents\samsung
2014-02-02 16:17 - 2014-02-02 16:17 - 00001971 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-02-02 16:17 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Jutta\AppData\Roaming\Samsung
2014-02-02 16:17 - 2014-02-02 15:24 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Downloaded Installations
2014-02-02 16:17 - 2014-01-27 09:19 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-02 16:17 - 2013-04-13 04:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-02 16:05 - 2014-02-02 15:43 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-02-02 15:55 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Samsung
2014-02-02 15:54 - 2014-02-02 15:26 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-02 15:53 - 2014-02-02 15:52 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 15:29 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-02 15:23 - 2014-02-02 15:23 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Jutta\Downloads\KiesSetup.exe
2014-01-30 14:03 - 2013-07-01 13:15 - 00000000 ____D () C:\Users\Public\CyberLink
2014-01-29 09:51 - 2013-07-04 15:35 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-01-27 20:44 - 2013-07-01 14:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-27 17:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-27 12:41 - 2013-07-03 19:16 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Adobe
2014-01-27 12:39 - 2013-07-03 20:56 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-27 09:19 - 2014-01-27 09:19 - 00000000 ____D () C:\Windows\twain_64
2014-01-27 09:18 - 2014-01-27 09:17 - 23580208 _____ () C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
2014-01-20 21:10 - 2014-01-20 21:09 - 00128000 ___SH () C:\Users\Jutta\Thumbs.db
2014-01-17 23:10 - 2013-08-17 00:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 23:08 - 2013-07-01 15:21 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 23:07 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-01-13 15:43 - 2014-01-13 15:43 - 00440136 _____ () C:\Users\Jutta\Documents\Gutschrift Wehner Groma.oxps
2014-01-09 17:23 - 2014-01-09 17:23 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-09 17:23 - 2014-01-09 17:23 - 00000000 ____D () C:\Windows\system32\NV
2014-01-09 16:27 - 2013-04-13 04:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-01-09 09:02 - 2013-11-19 14:49 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-19 14:49 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-04 12:47 - 2013-07-01 11:23 - 00000000 ____D () C:\Users\Jutta\AppData\Local\VirtualStore

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\Users\Jutta\3DM-Installer.exe
C:\Users\Jutta\D3DX9_42.dll
C:\Users\Jutta\eep8.exe
C:\Users\Jutta\Gleisobj.dll
C:\Users\Jutta\mfc100.dll
C:\Users\Jutta\Mfc71.dll
C:\Users\Jutta\msvcp100.dll
C:\Users\Jutta\Msvcp71.dll
C:\Users\Jutta\msvcr100.dll
C:\Users\Jutta\Msvcr71.dll
C:\Users\Jutta\msxml3.dll
C:\Users\Jutta\msxml3a.dll
C:\Users\Jutta\msxml3r.dll
C:\Users\Jutta\ode.dll
C:\Users\Jutta\opcode.dll
C:\Users\Jutta\SPRender.dll
C:\Users\Jutta\Sucode.dll
C:\Users\Jutta\sureCommon3.dll
C:\Users\Jutta\sureInd.dll
C:\Users\Jutta\sureParticles3.dll
C:\Users\Jutta\susl.dll
C:\Users\Jutta\sutrack+.dll
C:\Users\Jutta\Validator.dll


Some content of TEMP:
====================
C:\Users\Jutta\AppData\Local\Temp\bitool.dll
C:\Users\Jutta\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Jutta\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Jutta\AppData\Local\Temp\smt_awesomehp_new.exe
C:\Users\Jutta\AppData\Local\Temp\UpdateCheckerSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 21:07
         
Und:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Jutta at 2014-02-02 18:15:00
Running from C:\Users\Jutta\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

Abschleppwagen-Simulator 2010 Version 1.3 (x32 Version: 1.3 - astragon Software GmbH)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
ASUS Instant Connect (x32 Version: 1.2.8 - ASUS)
ASUS InstantOn (x32 Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (x32 Version: 3.1.13 - ASUS)
ASUS Live Update (x32 Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (Version: 2.1.2 - ASUS)
ASUS Smart Gesture (x32 Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.03.0005 - ASUS)
ASUS Tutor (x32 Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (x32 Version: 2.1.5 - ASUS)
ASUS Virtual Camera (x32 Version: 1.0.26 - ASUS)
ASUS WebStorage Sync Agent (x32 Version: 1.1.10.123 - ASUS Cloud Corporation)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (x32 Version: 1.0.0023 - ASUS)
CCleaner (Version: 4.05 - Piriform)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 7.0.0.3625 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.3625 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Eisenbahn.exe Professional 8.0 (x32 Version: 8.00.0000 - Trend)
Fairground 2 Version 1.0 (x32 Version:  - rondomedia Marketing & Vertriebs GmbH)
Flughafen-Feuerwehr-Simulator Version 1.0 (x32 Version:  - rondomedia Marketing & Vertriebs GmbH)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Mp3 Wma Converter V 2.2 (x32 Version: 2.2.0.0 - Koyote Soft)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
IePluginService12.27.0.3326 (x32 Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2884 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Landwirtschafts Simulator 2011 (x32 Version: 1.0 - GIANTS Software)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.0 (x86 de) (x32 Version: 24.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (x32 Version: 2.0 - ASUS)
NoLimits Coasters 1.56 (entfernen) (x32 Version:  - )
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3 (x32 Version:  - Atari)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (x32 Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Scan Driver (x32 Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SceneSwitch (x32 Version: 1.0.16 - ASUS)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Sonderfahrzeug-Simulator 2012 Version 1.0 (x32 Version: 1.0 - Astragon)
Spotify (HKCU Version: 0.9.4.178.g259772ba - Spotify AB)
SupTab (x32 Version: 1.1.1.0 - ) <==== ATTENTION
THW Simulator 2012 (x32 Version:  - )
tulox (x32 Version:  - )
VR-NetWorld (x32 Version:  - )
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Searchqu Toolbar (x32 Version: 4.1.0.3114 - Bandoo Media Inc) <==== ATTENTION
WinFlash (x32 Version: 2.41.1 - ASUS)
WPM17.8.0.3325 (x32 Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Restore Points  =========================

26-12-2013 22:09:46 Geplanter Prüfpunkt
02-01-2014 17:19:24 DirectX wurde installiert
13-01-2014 20:56:33 Geplanter Prüfpunkt
17-01-2014 22:05:32 Windows Update
02-02-2014 14:25:10 Installed Samsung Kies

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {491C78A9-8162-48C4-B69D-71471415546D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JUTTA-Jutta Jutta => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-15] (Microsoft Corporation)
Task: {64119EBC-2F99-4D3B-8D3D-D637811DCD4B} - System32\Tasks\Microsoft\Windows\RestartManager\{3E371F90-96F3-461f-B927-51987DA7D222} => C:\Windows\system32\rmclient.exe [2012-07-26] (Microsoft Corporation)
Task: {6DBC672D-06CB-4FA8-A423-143D4F6EC94E} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {8D798F60-DCA6-4A5D-9F86-77DD4F5BD9E5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {90F73258-6FAC-43C9-BA03-D98CEE0D3A14} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-10-04] (ASUS)
Task: {A3941073-3E51-4409-A002-8243A95D5D82} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B5F824B5-923B-4AAF-AE8F-63329900FF8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-27] (Adobe Systems Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DB6AF6C5-6894-4C47-B347-10A306808047} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {E8C27ACF-BE84-4A73-8343-7B16682AAE56} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-04-13 04:42 - 2013-12-19 21:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-04-13 04:43 - 2013-12-19 19:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-22 09:44 - 2011-06-22 09:44 - 00034304 _____ () C:\Windows\System32\sst2cl6.dll
2013-07-01 14:33 - 2013-08-23 14:45 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-07-01 14:33 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-07-01 14:33 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2012-10-04 14:58 - 2012-10-04 14:58 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-10-04 14:58 - 2012-10-04 14:58 - 00041856 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2014-01-27 09:19 - 2013-10-04 05:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2013-07-01 13:52 - 2013-07-01 13:53 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-04-13 04:42 - 2013-12-19 21:33 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-09-11 14:01 - 2012-09-11 14:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-05-24 21:19 - 2012-05-24 21:19 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-11-13 17:12 - 2013-11-13 17:12 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-01-15 22:59 - 2014-01-15 22:59 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2013-04-13 04:48 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-22 15:05 - 2013-12-22 15:05 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 3981.57 MB
Available physical RAM: 1803.45 MB
Total Pagefile: 4685.57 MB
Available Pagefile: 2405.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:111.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:258.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: F7791DB4)

Partition: GPT Partition Type
         
Und:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-02 18:34:18
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003d Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Jutta\AppData\Local\Temp\uxloypow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW                                                                                                                                          000007f85486257c 8 bytes JMP 000007f9523103b0
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW                                                                                                                                        000007f854866b10 9 bytes JMP 000007f952310308
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW                                                                                                                                 000007f8548e5658 7 bytes JMP 000007f952310260
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                                                                                                                                 000007f8548e5778 7 bytes JMP 000007f9523102d0
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW                                                                                                                                         000007f854901564 7 bytes JMP 000007f952310340
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                                                                                                   000007f8549140e4 7 bytes JMP 000007f952310298
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                                                                                                                 000007f854914178 8 bytes JMP 000007f952310228
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                                                                                                                          000007f85491479c 8 bytes JMP 000007f952310378
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                      000007f8523528a0 7 bytes JMP 000007f9523100d8
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                           000007f8523528e8 5 bytes JMP 000007f952310180
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                        000007f85236f590 6 bytes JMP 000007f952310148
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                    000007f85236f8ac 5 bytes JMP 000007f952310110
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\USER32.dll!CreateWindowExW                                                                                                                                           000007f853d3c5b0 7 bytes JMP 000007f952310490
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                                                                                                000007f853d431f0 9 bytes JMP 000007f9523103e8
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW                                                                                                                                       000007f853d433e0 5 bytes JMP 000007f952310458
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                                                                                                                       000007f853d47160 5 bytes JMP 000007f952310420
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                     000007f854181070 8 bytes JMP 000007f9523101f0
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                   000007f8541a0c10 8 bytes JMP 000007f9523101b8
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                                                                                                          000007f84f456d10 5 bytes JMP 000007f94f440110
.text    C:\Windows\system32\dwm.exe[392] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                                                                                                           000007f84f45d060 5 bytes JMP 000007f94f4400d8
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                         000007f851a71532 4 bytes [A7, 51, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                         000007f851a7153a 4 bytes [A7, 51, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                       000007f851a7165a 4 bytes [A7, 51, F8, 07]
.text    C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                                                                                                   000007f851a71532 4 bytes [A7, 51, F8, 07]
.text    C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                                                                                                   000007f851a7153a 4 bytes [A7, 51, F8, 07]
.text    C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                                                                                                 000007f851a7165a 4 bytes [A7, 51, F8, 07]
.text    C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                         000007f853c1177a 4 bytes [C1, 53, F8, 07]
.text    C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                         000007f853c11782 4 bytes [C1, 53, F8, 07]
.text    C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1460] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                    000007f853c1177a 4 bytes [C1, 53, F8, 07]
.text    C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1460] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                    000007f853c11782 4 bytes [C1, 53, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3988] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                           000007f851a71532 4 bytes [A7, 51, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3988] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                           000007f851a7153a 4 bytes [A7, 51, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3988] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                         000007f851a7165a 4 bytes [A7, 51, F8, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3608] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                                  000007f851a71532 4 bytes [A7, 51, F8, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3608] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                                  000007f851a7153a 4 bytes [A7, 51, F8, 07]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3608] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                                000007f851a7165a 4 bytes [A7, 51, F8, 07]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                                                           000007f8553a104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39                                                                           000007f8553a1087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                                                            000007f8553a10dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 128                                                                           000007f8553a1110 48 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                                                     000007f8553a1174 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!memcmp + 199                                                                                           000007f8553a1257 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strcat + 144                                                                                           000007f8553a1300 16 bytes {JMP 0xffffffffffffff8c}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                                                           000007f8553a13d7 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                                                           000007f8553a1578 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                                                          000007f8553a1725 32 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 181                                                                                          000007f8553a1805 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                                                          000007f8553a1982 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52                                                                    000007f8553a1a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601                                                                             000007f8553a1dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99                                                                                 000007f8553a1e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118                                                                      000007f8553a2096 48 bytes {JMP 0xffffffffffffffc0}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                                                     000007f8553a25b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                                                          000007f8553a261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 160                                                                                          000007f8553a26f0 16 bytes {JMP RAX}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 236                                                                                          000007f8553a289c 32 bytes {JMP 0xffffffffffffffb9}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                 000007f8553a2cb0 8 bytes {JMP QWORD [RIP-0x402]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                               000007f8553a2e30 8 bytes {JMP QWORD [RIP-0x51b]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                     000007f8553a2e60 8 bytes {JMP QWORD [RIP-0x5ca]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                   000007f8553a2f80 8 bytes {JMP QWORD [RIP-0x6da]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                       000007f8553a3030 8 bytes {JMP QWORD [RIP-0x792]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                       000007f8553a36f1 8 bytes {JMP QWORD [RIP-0xca0]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                     000007f8553a39d1 8 bytes {JMP QWORD [RIP-0x1018]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                     000007f8553a4251 8 bytes {JMP QWORD [RIP-0x18a0]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                                                                00000000770c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 3                                                                                  00000000770c15fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                                                     00000000770c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                                                 00000000770c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                             00000000770c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                                                             00000000770c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                       00000000770c1923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                       00000000770c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                            00000000770c196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                         00000000770c1977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[6064] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                                                                                   000007f8490b1b32 4 bytes [0B, 49, F8, 07]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[6064] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                                                                                   000007f8490b1b3a 4 bytes [0B, 49, F8, 07]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                                                                                                  000007f8553a104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39                                                                                                                  000007f8553a1087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                                                                                                   000007f8553a10dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 128                                                                                                                  000007f8553a1110 48 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                                                                                            000007f8553a1174 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!memcmp + 199                                                                                                                                  000007f8553a1257 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strcat + 144                                                                                                                                  000007f8553a1300 16 bytes {JMP 0xffffffffffffff8c}
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                                                                                                  000007f8553a13d7 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                                                                                                  000007f8553a1578 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                                                                                                 000007f8553a1725 32 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 181                                                                                                                                 000007f8553a1805 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                                                                                                 000007f8553a1982 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52                                                                                                           000007f8553a1a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601                                                                                                                    000007f8553a1dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99                                                                                                                        000007f8553a1e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118                                                                                                             000007f8553a2096 48 bytes {JMP 0xffffffffffffffc0}
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                                                                                            000007f8553a25b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                                                                                                 000007f8553a261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 160                                                                                                                                 000007f8553a26f0 16 bytes {JMP RAX}
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 236                                                                                                                                 000007f8553a289c 32 bytes {JMP 0xffffffffffffffb9}
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                        000007f8553a2cb0 8 bytes {JMP QWORD [RIP-0x402]}
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                      000007f8553a2e30 8 bytes {JMP QWORD [RIP-0x51b]}
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                            000007f8553a2e60 8 bytes {JMP QWORD [RIP-0x5ca]}
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                          000007f8553a2f80 8 bytes {JMP QWORD [RIP-0x6da]}
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                              000007f8553a3030 8 bytes {JMP QWORD [RIP-0x792]}
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                              000007f8553a36f1 8 bytes {JMP QWORD [RIP-0xca0]}
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                            000007f8553a39d1 8 bytes {JMP QWORD [RIP-0x1018]}
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                            000007f8553a4251 8 bytes {JMP QWORD [RIP-0x18a0]}
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                                                                                                       00000000770c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 3                                                                                                                         00000000770c15fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                                                                                            00000000770c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                                                                                        00000000770c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                    00000000770c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                                    00000000770c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                                                              00000000770c1923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                              00000000770c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                                                   00000000770c196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                                                                00000000770c1977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [672:696]                                                                                                                                                                                   fffff960008085e8
---- Processes - GMER 2.1 ----

Process  C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1752] (WPM Service/Cherished Technololgy LIMITED)(2                                                                 0000000001340000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5500]       0000000061610000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5500]       000000005abf0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5500]  00000000602b0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824]                                                        0000000061610000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824]                                                   0000000059ed0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824]                                                     0000000059db0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824]                                                        000000005abf0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824]                                                   00000000602b0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824]                                                    000000005a930000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1031\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824]                                               000000005a850000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824]                                                      000000005a7b0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824]                                                   000000005a7a0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824]                                                     000000005a740000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                     unknown MBR code

---- EOF - GMER 2.1 ----
         
Vielen Dank schon mal fürs Drüberschauen!

Liebe Grüße
Lynette

Alt 02.02.2014, 20:23   #2
Argus
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Hallo Lynette wilkommen auf

Download Adware-Removal-Tool zum Desktop
Schließe alle offenen Programme und Browser.
Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Klicke Repair
Schliesse das Fenster und den Internet link.

Downloade Dir bitte Zoek.exe by smeenk zum Desktop

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.

Nun klicke auf "Run script" und im nächsten Fenster klicke OK.
Und sei geduldig bis das Skript durchläuft.(bis zu eine halbe Stunde)
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
Bitte poste mir das ZOEK-Log in Code-Tags
__________________


Alt 02.02.2014, 20:57   #3
Lynette
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Hallo Argus,

vielen vielen Dank für die schnelle Antwort.
Ich habe Deine Anweisungen durchgeführt und das ist das Ergebnis:

Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by Jutta on 02.02.2014 at 21:35:21,10.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Jutta\Downloads\zoek.exe [Scan all users]   [Quick Scan] [Auto Clean]

==== System Restore Info ======================

02.02.2014 21:37:03 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample__2143.zip ======================
 
Copied file C:\Users\Jutta\3DM-Installer.exe to sample\3DM-Installer.exe
Copied file C:\Users\Jutta\eep8.exe to sample\eep8.exe
sample\3DM-Installer.exe renamed to 6FD63DA30D6FBB1E3CF91E37CEB657E3
sample\eep8.exe renamed to 143BAFC75C5B85769C18C81DED2E428F

C:\Users\Public\Desktop\sample__2143.zip created successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wpm deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default

---- FireFox user.js and prefs.js backups ---- 

user__2143_.backup
prefs__2143_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Mozilla Firefox\searchplugins\Search_Results.xml deleted
C:\PROGRA~2\PC Speed Maximizer deleted
C:\PROGRA~2\Optimizer Pro deleted
C:\PROGRA~2\SupTab deleted
C:\Users\Jutta\AppData\Roaming\DigitalSites deleted
C:\Users\Jutta\AppData\Roaming\FoxTab deleted
C:\Users\Jutta\D3DX9_42.dll deleted
C:\Users\Jutta\Gleisobj.dll deleted
C:\Users\Jutta\mfc100.dll deleted
C:\Users\Jutta\Mfc71.dll deleted
C:\Users\Jutta\msvcp100.dll deleted
C:\Users\Jutta\Msvcp71.dll deleted
C:\Users\Jutta\msvcr100.dll deleted
C:\Users\Jutta\Msvcr71.dll deleted
C:\Users\Jutta\msxml3.dll deleted
C:\Users\Jutta\msxml3a.dll deleted
C:\Users\Jutta\msxml3r.dll deleted
C:\Users\Jutta\ode.dll deleted
C:\Users\Jutta\opcode.dll deleted
C:\Users\Jutta\SPRender.dll deleted
C:\Users\Jutta\Sucode.dll deleted
C:\Users\Jutta\sureCommon3.dll deleted
C:\Users\Jutta\sureInd.dll deleted
C:\Users\Jutta\sureParticles3.dll deleted
C:\Users\Jutta\susl.dll deleted
C:\Users\Jutta\sutrack+.dll deleted
C:\Users\Jutta\Validator.dll deleted
C:\ProgramData\SetStretch.VBS deleted
C:\ProgramData\boost_interprocess deleted
C:\ProgramData\WPM deleted
C:\Users\Jutta\AppData\LocalLow\searchqutoolbar deleted
C:\Users\Jutta\AppData\LocalLow\DataMngr deleted
C:\windows\SysNative\tasks\Digital Sites deleted
C:\Windows\tasks\Digital Sites.job deleted
C:\Windows\tasks\FoxTab.job deleted
C:\windows\SysNative\tasks\FoxTab deleted
C:\Users\Jutta\Documents\Optimizer Pro deleted
C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\searchplugins\Search_Results.xml deleted
C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\foxydeal.sqlite deleted
C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\searchqutoolbar deleted
C:\Users\Jutta\3DM-Installer.exe deleted
C:\Users\Jutta\eep8.exe deleted
"C:\ProgramData\IePluginService\PluginService.exe" deleted
"C:\ProgramData\IePluginService" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-02-02 17:26:34	BAEEBB5AF4E53B2EEC013631A70F2DC4	496345971	----a-w-	C:\Windows\MEMORY.DMP
2014-01-27 08:19:46	434B5E262EF6D0520D6DD4C3C78E47C4	155696	----a-w-	C:\Windows\wiainst64.exe
2014-01-27 08:19:01	A359924461317E87EB5DC85FEAF10C53	1571160	------w-	C:\Windows\TotalUninstaller.exe
2014-01-27 08:19:01	1C27CEECA7EAECC2A74C3D9D9DF68CA6	26694	------w-	C:\Windows\uninstall.ico
====== C:\Users\Jutta\AppData\Local\Temp ====
2014-02-02 15:59:52	EBCC8C1AA76FC2F61CCDE7E172AD51EB	1037208	----a-w-	C:\Users\Jutta\AppData\Local\Temp\LiveSupport_setup.exe
2014-02-02 15:59:40	EF7D1863F4980AB0C8BDA142FEE67F92	200072	----a-w-	C:\Users\Jutta\AppData\Local\Temp\UpdateCheckerSetup.exe
2014-02-02 15:59:37	EEB382B229D9F88DB261893BA339AE31	6640888	----a-w-	C:\Users\Jutta\AppData\Local\Temp\{1E416967-D883-4A04-88E2-6BC5BF4B328E}\setup.exe
2014-02-02 15:58:57	098DF3D1E5BC12D8D158315FAF0BAAC5	6779920	----a-w-	C:\Users\Jutta\AppData\Local\Temp\OptimizerPro.exe
2014-02-02 15:58:50	333DBEE2C6F16A84A3ED61BBCF6F138A	882672	----a-w-	C:\Users\Jutta\AppData\Local\Temp\smt_awesomehp_new.exe
2014-02-02 15:58:00	C0157AD57D34D1D608ADEA523B228266	59904	----a-w-	C:\Users\Jutta\AppData\Local\Temp\bitool.dll
====== C:\Windows\SysWOW64 =====
2014-02-02 14:54:21	37655385D1CF8560A52027B8008FAE0E	821824	----a-w-	C:\Windows\SysWOW64\dgderapi.dll
2014-02-02 14:27:13	A64711C9CF690718EADA750370EC5EB2	4659712	----a-w-	C:\Windows\SysWOW64\Redemption.dll
2014-01-27 08:19:01	7D86DB1C92BCA149B76446607CF4F560	148728	----a-w-	C:\Windows\SysWOW64\TWAINDSM.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-01-27 08:19:01	D76D53BF84A0266C2CACAD2F5CC17CF4	68096	----a-w-	C:\Windows\Sysnative\SnErHdlr.dll
2014-01-27 08:19:01	A1DF91B94880E86EB56442238B1DD4F0	355840	----a-w-	C:\Windows\Sysnative\snWIAMUI.dll
2014-01-27 08:19:01	786E43779828BFAEED211C66A5A2A50B	166640	----a-w-	C:\Windows\Sysnative\TWAINDSM.dll
2014-01-27 08:19:01	77A5C083801B37BFA729235DFE868BC4	120846	----a-w-	C:\Windows\Sysnative\WIAEXSTR.loc
2014-01-27 08:19:01	6856749CA241FA3DD283B740D0BE14B1	579072	----a-w-	C:\Windows\Sysnative\SNWIAUI.dll
2014-01-27 08:19:01	5FFD7C9224CC1EDE494B38E18764C4B8	155136	----a-w-	C:\Windows\Sysnative\SnImgFlt.dll
2014-01-27 08:19:01	51D746152800FC7FB4AAE4A6DA34E8C5	734720	----a-w-	C:\Windows\Sysnative\SnMinDrv.dll
====== C:\Windows\Sysnative\drivers =====
2014-01-09 15:22:52	2E334C10BFAB37BDF2A66F6E0D36C061	32544	----a-w-	C:\Windows\Sysnative\drivers\nvpciflt.sys
2014-01-09 15:22:51	0218E1CE8F7B5D404980192B9112D03A	12645664	----a-w-	C:\Windows\Sysnative\drivers\nvlddmkm.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-02-02 17:21:22	--------	d-----w-	C:\PROGRA~2\Foxtab
2014-02-02 15:58:42	--------	d-----w-	C:\PROGRA~2\ExtractNow
2014-01-27 08:19:00	--------	d-----w-	C:\PROGRA~2\Samsung
======= C: =====
====== C:\Users\Jutta\AppData\Roaming ======
2014-02-02 17:21:32	--------	d-----w-	C:\Users\Jutta\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-02-02 17:21:22	AB17A11AE065D6C96926FC77BDF7A8C5	43	----a-w-	C:\Users\Jutta\AppData\Roaming\WB.CFG
2014-02-02 15:59:16	--------	d-----w-	C:\Users\Jutta\AppData\Roaming\awesomehp
2014-02-02 15:58:42	--------	d-----w-	C:\Users\Jutta\AppData\Local\ExtractNow
2014-02-02 14:29:12	--------	d-----w-	C:\Users\Jutta\AppData\Local\Samsung
2014-02-02 14:29:10	--------	d-----w-	C:\Users\Jutta\AppData\Roaming\Samsung
2014-02-02 14:24:36	--------	d-----w-	C:\Users\Jutta\AppData\Local\Downloaded Installations
====== C:\Users\Jutta ======
2014-02-02 20:29:20	D2B83B77504C8E59766898A192F4AD56	1190704	----a-w-	C:\Users\Jutta\Downloads\Adware-Removal-Tool-v3.6.exe
2014-02-02 17:24:34	9A8336796A7C71E9F33DE848B8320ED3	380416	----a-w-	C:\Users\Jutta\Downloads\Gmer-19357.exe
2014-02-02 17:20:33	776F2EF3D454F30598154DCBA0C1CF72	670752	----a-w-	C:\Users\Jutta\Downloads\ZipOpenerSetup.exe
2014-02-02 17:16:29	9A8336796A7C71E9F33DE848B8320ED3	380416	----a-w-	C:\Users\Jutta\Downloads\lz8lw6pf.exe
2014-02-02 17:08:49	BB0DDF9D86BDCEA86CF778AC8D0D9DA7	2080256	----a-w-	C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 17:08:14	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Jutta\defogger_reenable
2014-02-02 17:07:46	9146F21288AB749C4C729343F5F285A1	50477	----a-w-	C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 15:59:33	--------	d-----w-	C:\ProgramData\IePluginService
2014-02-02 15:57:48	7056ED797114FA95925960C9C2D07ABE	2025752	----a-w-	C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 14:54:31	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-02-02 14:52:09	D87CB18503A3F8E00D2B1A79D4B40814	70015304	----a-w-	C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 14:26:21	--------	d-----w-	C:\ProgramData\Samsung
2014-02-02 14:23:05	D87CB18503A3F8E00D2B1A79D4B40814	70015304	----a-w-	C:\Users\Jutta\Downloads\KiesSetup.exe
2014-01-27 08:19:47	--------	d-----r-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2014-01-27 08:17:52	469F9C407723247C382B4CF0887A4476	23580208	----a-w-	C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
2014-01-20 20:09:54	5B4E8F5AEA41FDAB79B7CE733A08150F	128000	--sha-w-	C:\Users\Jutta\Thumbs.db

====== C: exe-files ==
2014-02-02 20:29:20	D2B83B77504C8E59766898A192F4AD56	1190704	----a-w-	C:\Users\Jutta\Downloads\Adware-Removal-Tool-v3.6.exe
2014-02-02 17:24:34	9A8336796A7C71E9F33DE848B8320ED3	380416	----a-w-	C:\Users\Jutta\Downloads\Gmer-19357.exe
2014-02-02 17:21:32	8C7FB9078A63B7E5E899E7A2DBB0DB53	1114624	----a-w-	C:\Users\Jutta\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe
2014-02-02 17:21:24	55DBA9F8D394DC3B628BB27D46A1B2BE	647680	----a-w-	C:\Program Files (x86)\Foxtab\1.8.12.0\uninstall.exe
2014-02-02 17:20:33	776F2EF3D454F30598154DCBA0C1CF72	670752	----a-w-	C:\Users\Jutta\Downloads\ZipOpenerSetup.exe
2014-02-02 17:16:29	9A8336796A7C71E9F33DE848B8320ED3	380416	----a-w-	C:\Users\Jutta\Downloads\lz8lw6pf.exe
2014-02-02 17:09:42	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Jutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQVOI9MF\FRST64[1].exe
2014-02-02 17:08:49	BB0DDF9D86BDCEA86CF778AC8D0D9DA7	2080256	----a-w-	C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 17:07:46	9146F21288AB749C4C729343F5F285A1	50477	----a-w-	C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 15:59:52	EBCC8C1AA76FC2F61CCDE7E172AD51EB	1037208	----a-w-	C:\Users\Jutta\AppData\Local\Temp\LiveSupport_setup.exe
2014-02-02 15:59:40	EF7D1863F4980AB0C8BDA142FEE67F92	200072	----a-w-	C:\Users\Jutta\AppData\Local\Temp\UpdateCheckerSetup.exe
2014-02-02 15:59:37	EEB382B229D9F88DB261893BA339AE31	6640888	----a-w-	C:\Users\Jutta\AppData\Local\Temp\{1E416967-D883-4A04-88E2-6BC5BF4B328E}\setup.exe
2014-02-02 15:59:16	2EEE15B1927EADFF45013E94B0CB0D94	131640	----a-w-	C:\Users\Jutta\AppData\Roaming\awesomehp\awesomehp.exe
2014-02-02 15:58:57	098DF3D1E5BC12D8D158315FAF0BAAC5	6779920	----a-w-	C:\Users\Jutta\AppData\Local\Temp\OptimizerPro.exe
2014-02-02 15:58:50	333DBEE2C6F16A84A3ED61BBCF6F138A	882672	----a-w-	C:\Users\Jutta\AppData\Local\Temp\smt_awesomehp_new.exe
2014-02-02 15:57:48	7056ED797114FA95925960C9C2D07ABE	2025752	----a-w-	C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 15:17:36	FA0A96170B46640A8C209E3970E60D60	1193984	----a-w-	C:\Program Files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe
2014-02-02 14:55:12	23285008C849E88C36DBF71447F1B73F	1515288	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe
2014-02-02 14:54:19	C46B351F1F6F83FBB3B0F6E73341CDCF	987744	----a-w-	C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe
2014-02-02 14:52:09	D87CB18503A3F8E00D2B1A79D4B40814	70015304	----a-w-	C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 14:23:05	D87CB18503A3F8E00D2B1A79D4B40814	70015304	----a-w-	C:\Users\Jutta\Downloads\KiesSetup.exe
2014-02-01 14:29:06	C2F12B0F6B1BCE79CC2ACD749E80F74C	3199520	----a-w-	C:\Users\Jutta\AppData\Local\NVIDIA\NvBackend\Packages\0000578e\DAO.17749621.exe
2014-01-29 17:25:17	95538B9357EE263A75A3349550974262	364288	----a-w-	C:\Users\Jutta\AppData\Local\NVIDIA\NvBackend\Packages\0000577a\updatus.17734322_RUNASUSER.exe
2014-01-29 17:24:57	F1F92AD02D1B24779EDB2B9D99EB7450	3193160	----a-w-	C:\Users\Jutta\AppData\Local\NVIDIA\NvBackend\Packages\00005773\dao.17731592.exe
2014-01-27 08:19:46	434B5E262EF6D0520D6DD4C3C78E47C4	155696	----a-w-	C:\Windows\wiainst64.exe
2014-01-27 08:19:03	4EAF9C855BB31464CD5C62F613EEA937	237104	----a-w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
2014-01-27 08:19:03	4EAF9C855BB31464CD5C62F613EEA937	237104	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\Common\ScanCDLM\ICCUpdater.exe
2014-01-27 08:19:03	3663347C2BD4595E527B4B5500A22DB9	220720	----a-w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
2014-01-27 08:19:03	3663347C2BD4595E527B4B5500A22DB9	220720	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\Common\ScanCDLM\ScanCDLM.exe
2014-01-27 08:19:01	A359924461317E87EB5DC85FEAF10C53	1571160	------w-	C:\Windows\TotalUninstaller.exe
2014-01-27 08:19:00	A359924461317E87EB5DC85FEAF10C53	1571160	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Data\totalUninstaller.exe
2014-01-27 08:19:00	94C8FEA50F87167956CDFE65D5A1F668	126512	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Data\wiainst.exe
2014-01-27 08:19:00	8B646BF51290F85A9F6E9CECB2514998	1292632	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Setup.exe
2014-01-27 08:19:00	434B5E262EF6D0520D6DD4C3C78E47C4	155696	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Data\wiainst64.exe
2014-01-27 08:17:52	469F9C407723247C382B4CF0887A4476	23580208	----a-w-	C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
=== C: other files ==
2014-02-02 20:43:04	C7CF79B63B24689E8E1C89428680D531	4527482	----a-w-	C:\Users\Public\Desktop\sample__2143.zip
2014-02-02 15:59:19	77622F55199528236129C848432AE102	1439487	----a-w-	C:\Users\Jutta\AppData\Local\Temp\fullpackage_temp1391356732\tmp\package2.zip
2014-02-02 15:58:55	5B09FBE7AD2BDCF40A1882AD654D8A9D	1524895	----a-w-	C:\Users\Jutta\AppData\Local\Temp\fullpackage_temp1391356732\package1.zip
2014-02-02 15:55:31	ED5B2D7F42D36C7566D970C791049A48	486926	----a-w-	C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Style\Themed\doenerschlumpf_brakefins.zip
2014-02-02 15:54:21	ED5B2D7F42D36C7566D970C791049A48	486926	----a-w-	C:\Users\Jutta\Downloads\doenerschlumpf_brakefins.zip
2014-02-02 15:46:27	FD5A6D8D629108FF84B6D2D15647A659	68888	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudrmnet.sys
2014-02-02 15:46:27	F568EA5F0DE16F945E8578C377243E8E	50968	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudnd5.sys
2014-02-02 15:46:27	F4BE1C58B05BEA30A9A60D4398EB0058	182680	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudobex.sys
2014-02-02 15:46:27	E428DFFA96FAD07D8CA3C9082563A225	103576	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudbus.sys
2014-02-02 15:46:27	DBA556BA23FA76E1C89BA3AB4843AE5D	33176	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudeadb.sys
2014-02-02 15:46:27	D720E872772D004E304FCE0CE54E1F8A	84248	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudbus.sys
2014-02-02 15:46:27	CF77B95E2D28AC4CD794E91E0F78777B	80664	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudrmnetmp.sys
2014-02-02 15:46:27	CE883E32A3DC090B957823F0D46B3EB1	204568	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssuddmgr.sys
2014-02-02 15:46:27	BE1160978D7517F0BB940960CE71B737	39192	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudeadb.sys
2014-02-02 15:46:27	AAF6F247F1DC370C593B4430974EAD9C	204568	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudmdm.sys
2014-02-02 15:46:27	A1CC726323FB41FFD29F436A77237E41	182680	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudmdm.sys
2014-02-02 15:46:27	9BFC65F8A17D8B21CF67BE4142DFEF44	92952	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudrmnetmp.sys
2014-02-02 15:46:27	9A8D59146B6FC187140179D0F05EB07E	204568	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudobex.sys
2014-02-02 15:46:27	6507F48723F8469F783F2EE9D7DCC2DD	182680	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudserd.sys
2014-02-02 15:46:27	60356DA57A9F7722C4F8A633EB4FA38A	60184	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudrmnet.sys
2014-02-02 15:46:27	539B830D9B1634928EFD24FBBDBB6D29	182680	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssuddmgr.sys
2014-02-02 15:46:27	3648963C50EF859A1DC4426EBDEBF69B	45336	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudnd5.sys
2014-02-02 15:46:27	3248B5CC4AA7942EE7BC26F1EB00210B	204568	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudserd.sys
2014-02-02 15:05:10	AAF6F247F1DC370C593B4430974EAD9C	204568	----a-w-	C:\Windows\LastGood.Tmp\system32\DRIVERS\ssudmdm.sys
2014-02-02 14:43:39	E428DFFA96FAD07D8CA3C9082563A225	103576	----a-w-	C:\Windows\LastGood.Tmp\system32\DRIVERS\ssudbus.sys
2014-01-27 08:19:04	5F77725EC309DE1242D8EFC8E9259A9F	5120	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\i386\SSPORT.sys
2014-01-27 08:19:01	0211AB46B73A2623B86C1CFCB30579AB	11576	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\amd64\SSPORT.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3859018946-3778628707-202508750-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="C:\Users\Jutta\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Jutta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"SkyDrive"="C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Power2GoExpress"="C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
"ASUSWebStorage"="C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DATAMNGR"="C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE"
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="C:\Users\Jutta\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Jutta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"SkyDrive"="C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Power2GoExpress"="C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~2\\wia6eb~1\\datamngr\\datamngr.dll c:\\progra~2\\wia6eb~1\\datamngr\\iebho.dll c:\\windows\\syswow64\\nvinit.dll "

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"ACMON"="C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\WIA6EB~1\\Datamngr\\x64\\datamngr.dll C:\\PROGRA~2\\WIA6EB~1\\Datamngr\\x64\\IEBHO.dll C:\\Windows\\system32\\nvinitx.dll "

==== Startup Folders ======================


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [27.01.2014 12:39]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASUS InstantOn Config" [C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe]
"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe]
"C:\Windows\SysNative\tasks\ASUS Touchpad Launcher (x64)" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe]
"C:\Windows\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [29.12.2013 12:03]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- Foxtab Speed Dial - %ProfilePath%\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default
2557FBC582910A71CDEB0F22886D118D	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll -	Shockwave Flash
F891089A6AB9E12FEDEBCC5EC0F40D66	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll -	Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03	- C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -	Microsoft Office 2013


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[17.10.2013 15:49]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[17.10.2013 15:50]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[17.10.2013 15:50]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[29.12.2013 12:01]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[17.10.2013 15:49]

YouTube - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Safe Money - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Virtual Keyboard - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
Gmail - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Start Page Redirect Cache"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Start Page Redirect Cache"="hxxp://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google  Url="hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3859018946-3778628707-202508750-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_USERS\S-1-5-21-3859018946-3778628707-202508750-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_USERS\S-1-5-21-3859018946-3778628707-202508750-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_USERS\S-1-5-21-3859018946-3778628707-202508750-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WPM deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Jutta\AppData\Local\Mozilla\Firefox\Profiles\xzh6j33k.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=98 folders=39 23415624 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Jutta\AppData\Local\Temp  will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jutta\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\IePluginService"  not found

==== EOF on 02.02.2014 at 21:53:44,02 ======================
         
Liebe Grüße
Lynette
__________________

Alt 02.02.2014, 21:27   #4
Argus
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Download SFTGC by Pierre13 zum Desktop
Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Klicke GO
Poste mir den Inhalt von SFTGC.txt auf dein Desktop

Poste noch ein frisches log von FRST

Kannst du mir bitte Sample__2143.zip (Desktop)Uploaden mit hilfe von http://www.file-upload.net/?why=2
Und mir ein PN/PM schicken mit den Downloadlink?

Geändert von Argus (02.02.2014 um 21:44 Uhr)

Alt 02.02.2014, 22:24   #5
Lynette
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Hallo Argus,

hier die Ergebnisse.

Es kam die Anweisung, die Dateien zu packen und als Anhang zu schicken.

Außerdem ist auf meinem Desktop wieder ein neues Programm aufgetaucht - Open it. Ich weiß nicht ob das was zu bedeuten hat...

Liebe Grüße
Lynette


Alt 02.02.2014, 22:31   #6
Argus
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
    "DATAMNGR"=-;r
    IePluginService12.27.0.3326;u
    SupTab;u
    Windows Searchqu Toolbar;u
    C:\PROGRA~2\Foxtab;fs
    C:\Users\Jutta\AppData\Roaming\awesomehp;fs
    Foxtab Speed Dial;firefoxlook;
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r64
    "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll";r64
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
    "AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll";r
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Alt 02.02.2014, 22:49   #7
Lynette
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Hier das Ergebnis:

Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by Jutta on 02.02.2014 at 23:35:42,65.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Jutta\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2014-02-02-205344.log	31233 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"DATAMNGR"=- 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll" 

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" 

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Foxtab deleted
C:\Users\Jutta\AppData\Roaming\awesomehp deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [29.12.2013 12:03]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- Foxtab Speed Dial - %ProfilePath%\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
- RightSurf - %ProfilePath%\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default
2557FBC582910A71CDEB0F22886D118D	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll -	Shockwave Flash
F891089A6AB9E12FEDEBCC5EC0F40D66	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll -	Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03	- C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -	Microsoft Office 2013


==== Deleted Firefox Extensions ======================

C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab} deleted

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SupTab deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar deleted successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=233 folders=70 26126288 bytes)

==== EOF on 02.02.2014 at 23:39:09,20 ======================
         
Vor dem Ausschalten kam noch eine Warnung von Kaspersky, ich habe den Screenshot mal angehängt.

Gruß,
Lynette
Angehängte Grafiken
Dateityp: png Kaspersky.PNG (18,1 KB, 178x aufgerufen)

Alt 02.02.2014, 23:05   #8
smeenk
/// Malwareteam / Visitor
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Ich übernehme es von Argus

Anscheinend ist wieder etwas neues aufgetaucht.
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    util rightsurf;s
    quickscan;
    update rightsurf;s
    rightsurf;u
    IePluginService;s
    {33BB0A4E-99AF-4226-BDF6-49120163DE86};c
    {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410};c
    Windows Searchqu Toolbar;u
    C:\PROGRA~2\rightsurf;fs
    rightsurf;firefoxlook;
    iedefaults;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Alt 02.02.2014, 23:37   #9
Lynette
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Hallo Smeenk,

vielen Dank für die Übernahme
Hier die Ergebnisse:

Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Jutta on 03.02.2014 at  0:12:50,26.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jutta\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2014-02-02-205344.log	31233 bytes
C:\zoek-results2014-02-02-223909.log	3105 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginService deleted successfully

==== Deleting Files \ Folders ======================

C:\PROGRA~2\rightsurf deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-02-02 22:26:27	0764915EFB21368607CF1AABE4D1015D	126	----a-w-	C:\Windows\wininit.ini
2014-02-02 17:26:34	BAEEBB5AF4E53B2EEC013631A70F2DC4	496345971	----a-w-	C:\Windows\MEMORY.DMP
2014-01-27 08:19:46	434B5E262EF6D0520D6DD4C3C78E47C4	155696	----a-w-	C:\Windows\wiainst64.exe
2014-01-27 08:19:01	A359924461317E87EB5DC85FEAF10C53	1571160	------w-	C:\Windows\TotalUninstaller.exe
2014-01-27 08:19:01	1C27CEECA7EAECC2A74C3D9D9DF68CA6	26694	------w-	C:\Windows\uninstall.ico
====== C:\Users\Jutta\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2014-02-02 14:54:21	37655385D1CF8560A52027B8008FAE0E	821824	----a-w-	C:\Windows\SysWOW64\dgderapi.dll
2014-02-02 14:27:13	A64711C9CF690718EADA750370EC5EB2	4659712	----a-w-	C:\Windows\SysWOW64\Redemption.dll
2014-01-27 08:19:01	7D86DB1C92BCA149B76446607CF4F560	148728	----a-w-	C:\Windows\SysWOW64\TWAINDSM.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-01-27 08:19:01	D76D53BF84A0266C2CACAD2F5CC17CF4	68096	----a-w-	C:\Windows\Sysnative\SnErHdlr.dll
2014-01-27 08:19:01	A1DF91B94880E86EB56442238B1DD4F0	355840	----a-w-	C:\Windows\Sysnative\snWIAMUI.dll
2014-01-27 08:19:01	786E43779828BFAEED211C66A5A2A50B	166640	----a-w-	C:\Windows\Sysnative\TWAINDSM.dll
2014-01-27 08:19:01	77A5C083801B37BFA729235DFE868BC4	120846	----a-w-	C:\Windows\Sysnative\WIAEXSTR.loc
2014-01-27 08:19:01	6856749CA241FA3DD283B740D0BE14B1	579072	----a-w-	C:\Windows\Sysnative\SNWIAUI.dll
2014-01-27 08:19:01	5FFD7C9224CC1EDE494B38E18764C4B8	155136	----a-w-	C:\Windows\Sysnative\SnImgFlt.dll
2014-01-27 08:19:01	51D746152800FC7FB4AAE4A6DA34E8C5	734720	----a-w-	C:\Windows\Sysnative\SnMinDrv.dll
====== C:\Windows\Sysnative\drivers =====
2014-01-09 15:22:52	2E334C10BFAB37BDF2A66F6E0D36C061	32544	----a-w-	C:\Windows\Sysnative\drivers\nvpciflt.sys
2014-01-09 15:22:51	0218E1CE8F7B5D404980192B9112D03A	12645664	----a-w-	C:\Windows\Sysnative\drivers\nvlddmkm.sys
====== C:\Windows\Tasks ======
2014-02-02 22:10:37	EEE1CB4FF860DDD021BB7965113EE86D	2642	----a-w-	C:\Windows\Sysnative\Tasks\Digital Sites
2014-02-02 22:10:37	C4B4CF295BB1FA149D35BA3BF0C507AF	304	----a-w-	C:\Windows\Tasks\Digital Sites.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-02-02 22:10:41	--------	d-----w-	C:\PROGRA~2\OpenIt
2014-02-02 22:08:14	--------	d-----w-	C:\PROGRA~2\7-Zip
2014-02-02 15:58:42	--------	d-----w-	C:\PROGRA~2\ExtractNow
2014-01-27 08:19:00	--------	d-----w-	C:\PROGRA~2\Samsung
======= C: =====
====== C:\Users\Jutta\AppData\Roaming ======
2014-02-02 22:10:36	--------	d-----w-	C:\Users\Jutta\AppData\Roaming\DigitalSites
2014-02-02 20:50:06	--------	d-----w-	C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-02-02 20:50:06	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-02-02 20:50:06	--------	d-----w-	C:\Users\Jutta\AppData\Local\Temp
2014-02-02 20:50:06	--------	d-----w-	C:\Users\Default\AppData\Local\Temp
2014-02-02 20:50:06	--------	d-----w-	C:\Users\Default User\AppData\Local\Temp
2014-02-02 17:21:32	--------	d-----w-	C:\Users\Jutta\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-02-02 17:21:22	AB17A11AE065D6C96926FC77BDF7A8C5	43	----a-w-	C:\Users\Jutta\AppData\Roaming\WB.CFG
2014-02-02 15:58:42	--------	d-----w-	C:\Users\Jutta\AppData\Local\ExtractNow
2014-02-02 14:29:12	--------	d-----w-	C:\Users\Jutta\AppData\Local\Samsung
2014-02-02 14:29:10	--------	d-----w-	C:\Users\Jutta\AppData\Roaming\Samsung
2014-02-02 14:24:36	--------	d-----w-	C:\Users\Jutta\AppData\Local\Downloaded Installations
====== C:\Users\Jutta ======
2014-02-02 22:10:44	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
2014-02-02 22:08:15	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-02-02 22:07:52	B3FDF6E7B0AECD48CA7E4921773FB606	1110476	----a-w-	C:\Users\Jutta\Downloads\7z920.exe
2014-02-02 21:48:57	23559EB760D28016AEA2D77890EEDCD5	1052688	----a-w-	C:\Users\Jutta\Downloads\SFTGC.exe
2014-02-02 20:29:20	D2B83B77504C8E59766898A192F4AD56	1190704	----a-w-	C:\Users\Jutta\Downloads\Adware-Removal-Tool-v3.6.exe
2014-02-02 17:24:34	9A8336796A7C71E9F33DE848B8320ED3	380416	----a-w-	C:\Users\Jutta\Downloads\Gmer-19357.exe
2014-02-02 17:20:33	776F2EF3D454F30598154DCBA0C1CF72	670752	----a-w-	C:\Users\Jutta\Downloads\ZipOpenerSetup.exe
2014-02-02 17:16:29	9A8336796A7C71E9F33DE848B8320ED3	380416	----a-w-	C:\Users\Jutta\Downloads\lz8lw6pf.exe
2014-02-02 17:08:49	BB0DDF9D86BDCEA86CF778AC8D0D9DA7	2080256	----a-w-	C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 17:08:14	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Jutta\defogger_reenable
2014-02-02 17:07:46	9146F21288AB749C4C729343F5F285A1	50477	----a-w-	C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 15:57:48	7056ED797114FA95925960C9C2D07ABE	2025752	----a-w-	C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 14:54:31	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-02-02 14:52:09	D87CB18503A3F8E00D2B1A79D4B40814	70015304	----a-w-	C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 14:26:21	--------	d-----w-	C:\ProgramData\Samsung
2014-02-02 14:23:05	D87CB18503A3F8E00D2B1A79D4B40814	70015304	----a-w-	C:\Users\Jutta\Downloads\KiesSetup.exe
2014-01-27 08:19:47	--------	d-----r-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2014-01-27 08:17:52	469F9C407723247C382B4CF0887A4476	23580208	----a-w-	C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
2014-01-20 20:09:54	5B4E8F5AEA41FDAB79B7CE733A08150F	128000	--sha-w-	C:\Users\Jutta\Thumbs.db

====== C: exe-files ==
2014-02-02 22:10:52	2B450C618B761E76E2C3D752E0B77E88	2172872	----a-w-	C:\Users\Jutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD9ASVQU\Setup[1].exe
2014-02-02 22:10:44	2FCAFA4BE1FB14E180E14D57342657F4	33556	----a-w-	C:\Program Files (x86)\OpenIt\Open It!\uninstall.exe
2014-02-02 22:08:15	78E662D435A8E1F5B9CED236FD331856	58641	----a-w-	C:\Program Files (x86)\7-Zip\Uninstall.exe
2014-02-02 22:07:52	B3FDF6E7B0AECD48CA7E4921773FB606	1110476	----a-w-	C:\Users\Jutta\Downloads\7z920.exe
2014-02-02 21:54:04	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Jutta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\06IOIW9Y\FRST64[1].exe
2014-02-02 21:48:57	23559EB760D28016AEA2D77890EEDCD5	1052688	----a-w-	C:\Users\Jutta\Downloads\SFTGC.exe
2014-02-02 20:29:20	D2B83B77504C8E59766898A192F4AD56	1190704	----a-w-	C:\Users\Jutta\Downloads\Adware-Removal-Tool-v3.6.exe
2014-02-02 17:24:34	9A8336796A7C71E9F33DE848B8320ED3	380416	----a-w-	C:\Users\Jutta\Downloads\Gmer-19357.exe
2014-02-02 17:21:32	8C7FB9078A63B7E5E899E7A2DBB0DB53	1114624	----a-w-	C:\Users\Jutta\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe
2014-02-02 17:20:33	776F2EF3D454F30598154DCBA0C1CF72	670752	----a-w-	C:\Users\Jutta\Downloads\ZipOpenerSetup.exe
2014-02-02 17:16:29	9A8336796A7C71E9F33DE848B8320ED3	380416	----a-w-	C:\Users\Jutta\Downloads\lz8lw6pf.exe
2014-02-02 17:08:49	BB0DDF9D86BDCEA86CF778AC8D0D9DA7	2080256	----a-w-	C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 17:07:46	9146F21288AB749C4C729343F5F285A1	50477	----a-w-	C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 15:57:48	7056ED797114FA95925960C9C2D07ABE	2025752	----a-w-	C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 15:17:36	FA0A96170B46640A8C209E3970E60D60	1193984	----a-w-	C:\Program Files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe
2014-02-02 14:55:12	23285008C849E88C36DBF71447F1B73F	1515288	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe
2014-02-02 14:54:19	C46B351F1F6F83FBB3B0F6E73341CDCF	987744	----a-w-	C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe
2014-02-02 14:52:09	D87CB18503A3F8E00D2B1A79D4B40814	70015304	----a-w-	C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 14:23:05	D87CB18503A3F8E00D2B1A79D4B40814	70015304	----a-w-	C:\Users\Jutta\Downloads\KiesSetup.exe
2014-02-01 14:29:06	C2F12B0F6B1BCE79CC2ACD749E80F74C	3199520	----a-w-	C:\Users\Jutta\AppData\Local\NVIDIA\NvBackend\Packages\0000578e\DAO.17749621.exe
2014-01-29 17:25:17	95538B9357EE263A75A3349550974262	364288	----a-w-	C:\Users\Jutta\AppData\Local\NVIDIA\NvBackend\Packages\0000577a\updatus.17734322_RUNASUSER.exe
2014-01-29 17:24:57	F1F92AD02D1B24779EDB2B9D99EB7450	3193160	----a-w-	C:\Users\Jutta\AppData\Local\NVIDIA\NvBackend\Packages\00005773\dao.17731592.exe
2014-01-27 08:19:46	434B5E262EF6D0520D6DD4C3C78E47C4	155696	----a-w-	C:\Windows\wiainst64.exe
2014-01-27 08:19:03	4EAF9C855BB31464CD5C62F613EEA937	237104	----a-w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
2014-01-27 08:19:03	4EAF9C855BB31464CD5C62F613EEA937	237104	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\Common\ScanCDLM\ICCUpdater.exe
2014-01-27 08:19:03	3663347C2BD4595E527B4B5500A22DB9	220720	----a-w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
2014-01-27 08:19:03	3663347C2BD4595E527B4B5500A22DB9	220720	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\Common\ScanCDLM\ScanCDLM.exe
2014-01-27 08:19:01	A359924461317E87EB5DC85FEAF10C53	1571160	------w-	C:\Windows\TotalUninstaller.exe
2014-01-27 08:19:00	A359924461317E87EB5DC85FEAF10C53	1571160	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Data\totalUninstaller.exe
2014-01-27 08:19:00	94C8FEA50F87167956CDFE65D5A1F668	126512	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Data\wiainst.exe
2014-01-27 08:19:00	8B646BF51290F85A9F6E9CECB2514998	1292632	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Setup.exe
2014-01-27 08:19:00	434B5E262EF6D0520D6DD4C3C78E47C4	155696	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Data\wiainst64.exe
2014-01-27 08:17:52	469F9C407723247C382B4CF0887A4476	23580208	----a-w-	C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
=== C: other files ==
2014-02-02 20:43:04	C7CF79B63B24689E8E1C89428680D531	4527482	----a-w-	C:\Users\Public\Desktop\sample__2143.zip
2014-02-02 15:55:31	ED5B2D7F42D36C7566D970C791049A48	486926	----a-w-	C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Style\Themed\doenerschlumpf_brakefins.zip
2014-02-02 15:54:21	ED5B2D7F42D36C7566D970C791049A48	486926	----a-w-	C:\Users\Jutta\Downloads\doenerschlumpf_brakefins.zip
2014-02-02 15:46:27	FD5A6D8D629108FF84B6D2D15647A659	68888	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudrmnet.sys
2014-02-02 15:46:27	F568EA5F0DE16F945E8578C377243E8E	50968	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudnd5.sys
2014-02-02 15:46:27	F4BE1C58B05BEA30A9A60D4398EB0058	182680	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudobex.sys
2014-02-02 15:46:27	E428DFFA96FAD07D8CA3C9082563A225	103576	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudbus.sys
2014-02-02 15:46:27	DBA556BA23FA76E1C89BA3AB4843AE5D	33176	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudeadb.sys
2014-02-02 15:46:27	D720E872772D004E304FCE0CE54E1F8A	84248	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudbus.sys
2014-02-02 15:46:27	CF77B95E2D28AC4CD794E91E0F78777B	80664	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudrmnetmp.sys
2014-02-02 15:46:27	CE883E32A3DC090B957823F0D46B3EB1	204568	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssuddmgr.sys
2014-02-02 15:46:27	BE1160978D7517F0BB940960CE71B737	39192	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudeadb.sys
2014-02-02 15:46:27	AAF6F247F1DC370C593B4430974EAD9C	204568	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudmdm.sys
2014-02-02 15:46:27	A1CC726323FB41FFD29F436A77237E41	182680	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudmdm.sys
2014-02-02 15:46:27	9BFC65F8A17D8B21CF67BE4142DFEF44	92952	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudrmnetmp.sys
2014-02-02 15:46:27	9A8D59146B6FC187140179D0F05EB07E	204568	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudobex.sys
2014-02-02 15:46:27	6507F48723F8469F783F2EE9D7DCC2DD	182680	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudserd.sys
2014-02-02 15:46:27	60356DA57A9F7722C4F8A633EB4FA38A	60184	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudrmnet.sys
2014-02-02 15:46:27	539B830D9B1634928EFD24FBBDBB6D29	182680	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssuddmgr.sys
2014-02-02 15:46:27	3648963C50EF859A1DC4426EBDEBF69B	45336	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudnd5.sys
2014-02-02 15:46:27	3248B5CC4AA7942EE7BC26F1EB00210B	204568	----a-w-	C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudserd.sys
2014-02-02 15:05:10	AAF6F247F1DC370C593B4430974EAD9C	204568	----a-w-	C:\Windows\LastGood.Tmp\system32\DRIVERS\ssudmdm.sys
2014-02-02 14:43:39	E428DFFA96FAD07D8CA3C9082563A225	103576	----a-w-	C:\Windows\LastGood.Tmp\system32\DRIVERS\ssudbus.sys
2014-02-01 03:23:24	9D68A041CE834BD4E0FF32CEF0006A98	9074	----a-w-	C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi
2014-01-27 08:19:04	5F77725EC309DE1242D8EFC8E9259A9F	5120	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\i386\SSPORT.sys
2014-01-27 08:19:01	0211AB46B73A2623B86C1CFCB30579AB	11576	------w-	C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\SEInstall\Scanner\amd64\SSPORT.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3859018946-3778628707-202508750-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="C:\Users\Jutta\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Jutta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"SkyDrive"="C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Power2GoExpress"="C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
"ASUSWebStorage"="C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="C:\Users\Jutta\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Jutta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"SkyDrive"="C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Power2GoExpress"="C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"ACMON"="C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll"

==== Startup Folders ======================


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [27.01.2014 12:39]
C:\Windows\tasks\Digital Sites.job --a-------- [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASUS InstantOn Config" [C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe]
"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe]
"C:\Windows\SysNative\tasks\ASUS Touchpad Launcher (x64)" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe]
"C:\Windows\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"]
"C:\Windows\SysNative\tasks\Digital Sites" [C:\Users\Jutta\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [29.12.2013 12:03]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- RightSurf - %ProfilePath%\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default
2557FBC582910A71CDEB0F22886D118D	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll -	Shockwave Flash
F891089A6AB9E12FEDEBCC5EC0F40D66	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll -	Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03	- C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -	Microsoft Office 2013


==== Deleted Firefox Extensions ======================

C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[17.10.2013 15:49]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[17.10.2013 15:50]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[17.10.2013 15:50]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[29.12.2013 12:01]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[17.10.2013 15:49]

YouTube - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Safe Money - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Virtual Keyboard - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
Gmail - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google  Url="hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RightSurf deleted successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=239 folders=71 28106062 bytes)

==== EOF on 03.02.2014 at  0:21:13,41 ======================
         
Und:
Code:
ATTFilter
# AdwCleaner v3.018 - Bericht erstellt am 03/02/2014 um 00:27:15
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Jutta - JUTTA
# Gestartet von : C:\Users\Jutta\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Program Files (x86)\Windows Searchqu Toolbar
Ordner Gelöscht : C:\Users\Jutta\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk
Datei Gelöscht : C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DataMngr

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\Profiles\xzh6j33k.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5866 octets] - [03/02/2014 00:24:31]
AdwCleaner[S0].txt - [5456 octets] - [03/02/2014 00:27:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5516 octets] ##########
         
Vielen Dank und gute Nacht,
Lynette

Alt 02.02.2014, 23:48   #10
smeenk
/// Malwareteam / Visitor
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Wünsch Dir auch eine gute Nacht
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    C:\Windows\tasks\Digital Sites.job;f
    "C:\Windows\SysNative\tasks\Digital Sites;f
    C:\Users\Jutta\AppData\Roaming\Digital*Sites;f
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Merkst du momentan noch Probleme?

Alt 03.02.2014, 07:58   #11
Lynette
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Guten Morgen,

hier das neueste Ergebnis:

Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by Jutta on 03.02.2014 at  8:44:16,76.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Jutta\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2014-02-02-205344.log	31233 bytes
C:\zoek-results2014-02-02-223909.log	3105 bytes
C:\zoek-results2014-02-02-232113.log	23295 bytes

==== Deleting Files \ Folders ======================

"C:\Windows\tasks\Digital Sites.job" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites\UpdateProc\config.dat" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites\UpdateProc\prod.dat" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites" deleted
"C:\Users\Jutta\AppData\Roaming\DigitalSites\UpdateProc" deleted

==== C:\zoek_backup content ======================

C:\zoek_backup (files=239 folders=71 28106339 bytes)

==== EOF on 03.02.2014 at  8:46:20,24 ======================
         
Probleme tauchen nicht auf, ich hatte auch keine in dem Sinne. Hatte gestern eben nur plötzlich diesen doofen PC Optimizer am Laufen, was mir spanisch vorkam und dann gleich versucht zu löschen. Nachdem das nicht ging habe ich durch Googeln zu Euch gefunden. Anscheinend rechtzeitig, bevor der Laptop Probleme machen konnte...

Alt 03.02.2014, 10:18   #12
smeenk
/// Malwareteam / Visitor
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Meiner Meinung nach sind wir Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Grüße
Smeenk

Alt 03.02.2014, 16:02   #13
Lynette
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Hallo,

ich hoffe dass es das tatsächlich war, denn Malwarebytes hat noch was gefunden und entfernt. Dies war das Ergebnis:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.03.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Jutta :: JUTTA [Administrator]

Schutz: Aktiviert

03.02.2014 16:17:06
mbam-log-2014-02-03 (16-17-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208631
Laufzeit: 5 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\Software\RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\RightSurf (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Jutta\AppData\Local\Temp\is357113909\4652562_stp\RightSurfSetup.exe (PUP.Optional.RightSurf.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jutta\Downloads\SAMSUNG CLX-3185FW user guide provided through bedienungsanleitung-pdf.com.exe (PUP.Optional.LiveSoftAction.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jutta\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Liebe Grüße
Lynett

Alt 03.02.2014, 18:19   #14
smeenk
/// Malwareteam / Visitor
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Hallo Lynette

Aus Meiner sicht waren das nur Überreste und keine aktive infektionen.
Wenn es weiterhin Problemlos läuft solltest du nicht beunruhigt sein.

Smeenk

Alt 03.02.2014, 18:47   #15
Lynette
 
PC Optimizer Pro eingefangen - Standard

PC Optimizer Pro eingefangen



Dann vielen tausend Dank Euch beiden! Bin sehr erleichtert!

Macht´s weiterhin so gut,
liebe Grüße
Lynette

Antwort

Themen zu PC Optimizer Pro eingefangen
browser, converter, cpu, desktop, ebanking, entfernen, error, firefox, flash player, homepage, iexplore.exe, kaspersky, klelam.sys, koyote, mozilla, mp3, ntdll.dll, realtek, registry, rundll, samsung kies, scan, security, services.exe, software, spotify web helper, suptab, svchost.exe, tastatur, updates, windows, windowsapps, wma



Ähnliche Themen: PC Optimizer Pro eingefangen


  1. Virus von Optimizer
    Log-Analyse und Auswertung - 23.01.2015 (1)
  2. Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 01.01.2015 (10)
  3. Snap Do, Winzip Registry Optimizer und so Zeug eingefangen, deinstalliert, doch PC weiterhin langsam
    Plagegeister aller Art und deren Bekämpfung - 23.05.2014 (27)
  4. Optimizer Pro :-(
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (8)
  5. Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 23.04.2014 (19)
  6. Win 8 - Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 20.03.2014 (11)
  7. Optimizer Pro eingefangen / lässt sich nicht deinstallieren oder entfernen
    Log-Analyse und Auswertung - 07.03.2014 (9)
  8. Win 7: Optimizer Pro eingefangen
    Log-Analyse und Auswertung - 24.01.2014 (3)
  9. PC Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (9)
  10. optimizer pro
    Plagegeister aller Art und deren Bekämpfung - 04.01.2014 (11)
  11. Optimizer Pro
    Log-Analyse und Auswertung - 12.12.2013 (5)
  12. Win 8 64bit: Optimizer Pro v3.1
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (11)
  13. PC Optimizer Pro
    Plagegeister aller Art und deren Bekämpfung - 24.09.2013 (13)
  14. Optimizer Pro v3.1 und SpyHunter4
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (19)
  15. Malware My Disk ,Memory Optimizer,HDD Optimizer auf welchem Weg ins System?
    Plagegeister aller Art und deren Bekämpfung - 25.01.2011 (12)
  16. "Memory Optimizer" Malware eingefangen und hoffentlich entfernt (?)
    Plagegeister aller Art und deren Bekämpfung - 21.01.2011 (18)
  17. internet optimizer
    Plagegeister aller Art und deren Bekämpfung - 09.12.2004 (8)

Zum Thema PC Optimizer Pro eingefangen - Hallo, leider habe ich mir irgendwie den PC Optimizer Pro eingefangen . Er hat sich von alleine installiert und gestartet. Ich habe versucht, ihn über den CC - Cleaner zu - PC Optimizer Pro eingefangen...
Archiv
Du betrachtest: PC Optimizer Pro eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.