Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.07.2014, 17:45   #1
Lady Frigg
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



Wie im Titel schon erwähnt, öffnet Firefox derzeit ständig eigenmächtig Fenster/Tabs - auch wenn ich in dem Moment Firefox gar nicht nutzen möchte.
(zB wenn ich über ein Spieleclient online gehe)

Bevor wir loslegen, muss ich noch erwähnen, das ich kaum bis keine Ahnung habe und genaue Anleitungen brauche um Folgen zu können.

Wie ich an die ersten Logfiles komme, hab ich mich erstmal hier durchgelesen und hoffe habe alles richtig gemacht für meinen ersten Versuch dabei.
Solltet ich doch was vergessen haben - werd ich natürlich versuchen diese Nachzureichen^^

defogger_disable
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:44 on 19/07/2014 (Lola)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Lola (administrator) on STUBE on 19-07-2014 17:48:13
Running from C:\Users\Lola\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
() C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SearchSettings] => C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1404736 2014-06-16] (Spigot, Inc.)
HKLM-x32\...\Run: [fst_de_86] => [X]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit)
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [framei] => C:\Users\Lola\AppData\Local\ContextFree\framei.exe [567808 2014-07-01] ()
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [nvcmd] => C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [cntcmd] => C:\Users\Lola\AppData\Local\ContextFree\cntcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {025fd6ec-81f2-11e3-be73-f80f41a03396} - "E:\LGAutoRun.exe" 
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {2324f0b4-9ccd-11e3-be8b-f80f41a03396} - "E:\LGAutoRun.exe" 
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
BootExecute: RegistryDefragBootTime.exeautocheck autochk * 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE.dll (Spigot, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKLM - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKLM-x32 - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKCU - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {790DEE0B-14BB-4FEE-8805-7AC306401ACA} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO-x32: IObit Apps Toolbar -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> C:\Program Files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: FlowSurf -> {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} -> C:\Program Files (x86)\Flowsurf\FlowSurf.dll (FlowSurf Inc.)
Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE.dll (Spigot, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.repage.de/member/paladine
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @mail.ru/GameCenter - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll (LLC Mail.Ru)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lola\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ads Removal - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\adremoveext@adremoveext.net [2014-06-27]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\ascsurfingprotection@iobit.com [2014-06-07]
FF Extension: Fast Start - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\faststartff@gmail.com [2014-07-14]
FF Extension: Start Page - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} [2014-06-17]
FF Extension: Qute Classic - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}.xpi [2014-01-19]
FF Extension: Adblock Plus - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-18]
FF HKLM-x32\...\Firefox\Extensions: [jid1-tofUlNEIFlkUIA@jetpack] - C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack
FF Extension: FlowSurf - C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\extensions\faststartff@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027

Chrome: 
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: webssearches
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (gamecenter component npdetector.dll) - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll (LLC Mail.Ru)
CHR Extension: (Google Wallet) - C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-23]
CHR Extension: (FlowSurf) - C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Lola\AppData\Local\Slick Savings\coupons.crx [2014-07-14]

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-07] (IObit)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)
S2 HPSLPSVC; C:\Users\Lola\AppData\Local\Temp\7zS3EFF\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 17:48 - 2014-07-19 17:48 - 00022616 _____ () C:\Users\Lola\Desktop\FRST.txt
2014-07-19 17:47 - 2014-07-19 17:48 - 00000000 ____D () C:\FRST
2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log
2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable
2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt
2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe
2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe
2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe
2014-07-15 12:18 - 2014-07-15 12:18 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate
2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe
2014-07-14 21:38 - 2014-07-14 21:38 - 00000000 ____D () C:\Users\Lola\AppData\Local\ContextFree
2014-07-14 21:36 - 2014-07-15 12:21 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\InetStat
2014-07-14 21:36 - 2014-07-14 21:36 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-07-14 21:34 - 2014-07-15 09:38 - 00000002 _____ () C:\END
2014-07-14 21:34 - 2014-07-15 09:38 - 00000000 ____D () C:\Program Files (x86)\Flowsurf
2014-07-14 21:34 - 2014-07-14 21:34 - 00003082 _____ () C:\WINDOWS\System32\Tasks\fsupdate
2014-07-14 16:17 - 2014-07-14 16:17 - 00339680 _____ () C:\Users\Lola\Downloads\FlashPlayersetup__7343_i1040439988_il23.exe
2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-11 08:52 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-11 08:52 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 12:10 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 05:55 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 05:55 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 05:55 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 05:55 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 05:55 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 05:55 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 05:55 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 05:55 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 05:55 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 05:55 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 05:54 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 05:54 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 05:54 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 05:54 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 05:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 05:54 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 05:53 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 05:53 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 05:53 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 05:53 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 05:53 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 05:53 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 05:53 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 05:53 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 05:53 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 05:53 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 05:53 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 05:53 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 05:53 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 05:53 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 05:53 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 05:53 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 05:53 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 05:53 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 05:53 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 05:53 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 05:53 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 05:51 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 05:51 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 05:51 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 05:51 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 05:51 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 05:51 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 05:51 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 05:51 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 05:51 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 05:51 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 05:51 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 05:51 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 05:51 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 05:51 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 05:51 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 05:51 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 05:51 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 05:51 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 05:51 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 05:51 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-01 11:51 - 2014-07-01 11:51 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
2014-07-01 11:51 - 2014-07-01 11:51 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-06-21 18:02 - 2014-07-19 09:52 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 10:16 - 2014-06-19 10:16 - 00000024 _____ () C:\Users\Lola\AppData\Roaming\temp.ini

==================== One Month Modified Files and Folders =======

2014-07-19 17:48 - 2014-07-19 17:48 - 00022616 _____ () C:\Users\Lola\Desktop\FRST.txt
2014-07-19 17:48 - 2014-07-19 17:47 - 00000000 ____D () C:\FRST
2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log
2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable
2014-07-19 17:44 - 2014-01-28 00:00 - 00000000 ____D () C:\Users\Lola
2014-07-19 17:43 - 2014-06-09 18:15 - 01755225 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt
2014-07-19 17:36 - 2014-01-17 23:23 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2611022401-1185657083-2724232758-1001
2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe
2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe
2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe
2014-07-19 17:29 - 2014-06-07 17:49 - 00000000 ____D () C:\Users\Lola\Desktop\Deutschland Spielt
2014-07-19 17:26 - 2014-06-07 15:12 - 00002189 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-07-19 17:20 - 2014-06-07 15:12 - 00000252 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Lola.job
2014-07-19 17:16 - 2014-04-18 12:13 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-19 17:13 - 2014-02-20 22:37 - 00000288 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-19 17:07 - 2014-01-18 14:35 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-19 15:20 - 2014-05-17 15:23 - 00000412 _____ () C:\WINDOWS\Tasks\Wise Turbo Checker.job
2014-07-19 10:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-19 09:52 - 2014-06-21 18:02 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 09:52 - 2014-01-28 00:31 - 00000000 ___DO () C:\Users\Lola\SkyDrive
2014-07-19 03:13 - 2014-06-09 18:01 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87182F7E-78A1-441D-96FB-2954177723C7}
2014-07-15 12:23 - 2014-06-17 10:13 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\Slick Savings
2014-07-15 12:23 - 2014-06-17 10:13 - 00000000 ____D () C:\Users\Lola\AppData\Local\Slick Savings
2014-07-15 12:21 - 2014-07-14 21:36 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\InetStat
2014-07-15 12:18 - 2014-07-15 12:18 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate
2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe
2014-07-15 09:42 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-15 09:42 - 2013-11-14 09:11 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-15 09:42 - 2013-11-14 09:11 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-15 09:38 - 2014-07-14 21:34 - 00000002 _____ () C:\END
2014-07-15 09:38 - 2014-07-14 21:34 - 00000000 ____D () C:\Program Files (x86)\Flowsurf
2014-07-15 09:37 - 2014-06-07 16:11 - 00165659 _____ () C:\MyXML.xml
2014-07-15 09:37 - 2014-05-17 14:58 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\Wise Care 365
2014-07-15 09:37 - 2014-02-20 22:37 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-15 09:36 - 2014-06-09 05:51 - 73138176 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2014-07-15 09:36 - 2014-06-09 05:51 - 00409600 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2014-07-15 09:36 - 2014-06-09 05:51 - 00036864 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-07-15 09:36 - 2014-06-09 05:51 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-07-15 09:36 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-15 06:23 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-14 21:38 - 2014-07-14 21:38 - 00000000 ____D () C:\Users\Lola\AppData\Local\ContextFree
2014-07-14 21:36 - 2014-07-14 21:36 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-07-14 21:35 - 2014-01-28 00:25 - 00001688 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-14 21:35 - 2014-01-17 23:25 - 00001385 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-14 21:34 - 2014-07-14 21:34 - 00003082 _____ () C:\WINDOWS\System32\Tasks\fsupdate
2014-07-14 16:17 - 2014-07-14 16:17 - 00339680 _____ () C:\Users\Lola\Downloads\FlashPlayersetup__7343_i1040439988_il23.exe
2014-07-11 12:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-11 09:13 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-11 08:51 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 14:26 - 2014-03-13 12:34 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-09 12:15 - 2014-01-18 14:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 12:12 - 2014-01-18 14:18 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 12:12 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 12:09 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 11:54 - 2014-04-18 12:13 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-03 17:29 - 2014-03-12 15:10 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-07-01 11:51 - 2014-07-01 11:51 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
2014-07-01 11:51 - 2014-07-01 11:51 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-07-01 00:45 - 2014-07-09 05:51 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-28 09:48 - 2014-07-09 05:51 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 09:07 - 2014-07-09 05:51 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-28 00:50 - 2014-01-18 00:56 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\TS3Client
2014-06-26 22:55 - 2014-07-11 08:52 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2014-07-11 08:52 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 11:35 - 2014-01-18 00:48 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-21 18:02 - 2014-01-18 14:35 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 10:16 - 2014-06-19 10:16 - 00000024 _____ () C:\Users\Lola\AppData\Roaming\temp.ini
2014-06-19 10:15 - 2014-02-20 22:37 - 00000000 ____D () C:\ProgramData\IObit
2014-06-19 03:39 - 2014-07-09 05:54 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-19 02:48 - 2014-07-09 05:53 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-19 02:16 - 2014-07-09 05:54 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-19 02:09 - 2014-07-09 05:53 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-19 01:51 - 2014-07-09 05:54 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 05:53 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 05:53 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-19 01:46 - 2014-07-09 05:54 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-06-19 01:39 - 2014-07-09 05:53 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-19 01:33 - 2014-07-09 05:53 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 05:53 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-19 01:27 - 2014-07-09 05:53 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-19 01:12 - 2014-07-09 05:53 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-19 00:59 - 2014-07-09 05:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 05:53 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 05:53 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-19 00:57 - 2014-07-09 05:54 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-06-19 00:52 - 2014-07-09 05:53 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 05:54 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 05:53 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-19 00:45 - 2014-07-09 05:53 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 05:53 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 05:53 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 05:53 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 05:53 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 05:53 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 05:53 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

Files to move or delete:
====================
C:\ProgramData\uninstall265917.exe


Some content of TEMP:
====================
C:\Users\Freya\AppData\Local\Temp\avgnt.exe
C:\Users\Lola\AppData\Local\Temp\avgnt.exe
C:\Users\Lola\AppData\Local\Temp\{D983D7E1-6584-4398-A43B-2FB423F350E2}-36.0.1985.125_35.0.1916.153_chrome_updater.exe
C:\Users\Thomas\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 14:57

==================== End Of Log ============================
         
Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014
Ran by Lola at 2014-07-19 17:50:16
Running from C:\Users\Lola\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Remote (HKLM-x32\...\Acer Remote1.0) (Version: 1.0 - Acer Inc.)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{6F33B065-4478-44EE-8E5F-A40BBD61619F}) (Version: 20.2.45.72438 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.2.45.72438 - Alcor Micro Corp.) Hidden
AMD Accelerated Video Transcoding (Version: 12.10.100.30322 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{E3AB2F4D-B540-437B-4E4F-3A3C344C3B2A}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2013.0322.413.5642 - Ihr Firmenname) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
Center@Mail.Ru - EU (HKCU\...\GameCenterMailRu-EU) (Version: 2.320 - LLC Mail.Ru)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2012 - Acer Incorporated)
ContextFree (HKCU\...\ContextFree) (Version:  - )
Dark Mysteries: Der Seelensammler Sammleredition (HKLM-x32\...\Dark Mysteries: Der Seelensammler Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Dark Strokes: Die Sünden der Väter Sammleredition (HKLM-x32\...\Dark Strokes: Die Sünden der Väter Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Der Fluch der Werwölfe Sammleredition (HKLM-x32\...\Der Fluch der Werwölfe Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Der Tempel des Lebens: Die Legende der Vier Elemente Sammleredition (HKLM-x32\...\Der Tempel des Lebens: Die Legende der Vier Elemente Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Die 4 Elemente (HKLM-x32\...\Die 4 Elemente) (Version: 0.0.0.0 - INTENIUM GmbH)
Die 4 Elemente II Sammleredition (HKLM-x32\...\Die 4 Elemente II Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.4 - IObit)
Elementals: Der Magische Schlüssel (HKLM-x32\...\Elementals: Der Magische Schlüssel) (Version: 1.0.0.0 - INTENIUM GmbH)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Haunted Past: Im Reich der Geister Sammleredition (HKLM-x32\...\Haunted Past: Im Reich der Geister Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Haus der 1000 Türen 2: Das Juwel des Zarathustra Sammleredition (HKLM-x32\...\Haus der 1000 Türen 2: Das Juwel des Zarathustra Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Haus der 1000 Türen Sammleredition (HKLM-x32\...\Haus der 1000 Türen Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3005 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Acer Incorporated)
IObit Apps Toolbar v9.4 (HKLM-x32\...\{5FACD482-8CE2-41D5-B05F-9EE67D21ECE7}) (Version: 9.4 - Spigot, Inc.) <==== ATTENTION
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Legend - Legacy Of The Dragons (HKCU\...\Legend - Legacy Of The Dragons (DE)) (Version: 1.9 - Mail.Ru Games GmbH)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.16.20140414 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Acer Incorporated)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.13.314.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6859 - Realtek Semiconductor Corp.)
Sacra Terra 2: Der Kuss des Todes Sammleredition (HKLM-x32\...\Sacra Terra 2: Der Kuss des Todes Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Sacra Terra: Nacht der Engel Sammleredition (HKLM-x32\...\Sacra Terra: Nacht der Engel Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.1 - IObit)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Voodoo Chroniken: Erstes Zeichen Sammleredition (HKLM-x32\...\Voodoo Chroniken: Erstes Zeichen Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Wise Care 365 2.99 (HKLM-x32\...\Wise Care 365_is1) (Version: 2.99 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

30-06-2014 10:21:00 Geplanter Prüfpunkt
08-07-2014 01:37:08 Geplanter Prüfpunkt
11-07-2014 07:11:54 Windows Modules Installer
18-07-2014 12:27:43 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03788E86-B7B8-4E63-B551-3C2AD247CFF7} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-03-10] (IObit)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0622BD4E-1624-4D7D-BBF1-12695E6745F6} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-02-27] (Acer Incorporated)
Task: {07771D45-0369-49C2-8A17-1F224FB67EC9} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2611022401-1185657083-2724232758-1001
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {29A36733-D1DF-43DB-9141-740D150877D1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2F947BC4-4262-4BBF-A78F-003E94166000} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {355BFE34-8469-49CC-8BFE-10C6BA036237} - \The weDownload Manager-enabler No Task File <==== ATTENTION
Task: {396993F1-06F6-4B62-8230-4524A7805DE7} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {41EB21E1-55BF-49E7-AACB-53FA3FC10FA2} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-05-09] (IObit)
Task: {420853CD-78F8-4573-9AF9-0D2A2D43AFFD} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4C23CDEF-B252-426C-879E-1AB0BDCEFD0D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {56CAB56C-29F8-49A4-9FBF-356CE766BA30} - System32\Tasks\fsupdate => C:\Program Files (x86)\Flowsurf\fsupd.exe [2014-04-15] ()
Task: {5BD0C2C6-2F41-4ECA-A795-35F9FFFF3BEE} - System32\Tasks\RunAsStdUser_GameCenterMailRu-EU => C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\gamecenter@mail.ru.exe [2014-06-11] ()
Task: {5FA885F4-7F52-4F6C-8135-60DAC70882C5} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {63D499B3-DCC5-4C9A-A5B7-B77097D5EF33} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION
Task: {659AB603-985B-4C8E-8316-91C7E40A4024} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-01-21] (WiseCleaner.COM)
Task: {667938BF-64DB-47F6-B61D-555C33829F76} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-03-07] (IObit)
Task: {679929BC-487F-4EEB-A1C2-86B1B45E9135} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-06-13] ()
Task: {694A34E4-F5AC-4818-85F4-10DEFB91478C} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION
Task: {694AEFB2-C1B3-40CE-B1D8-E67D97FA6348} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-05-09] (IObit)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {744877A2-28E3-435A-9CE9-F70A68FBA20D} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2014-06-06] (IObit)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7AFFDBD5-D60B-4A99-8B48-239CEA06206E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {82289AA5-EA75-4D97-B43B-D731687B4F30} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-06-07] (IObit)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C197F2F-7907-4B64-A1D3-20D2AA22695B} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION
Task: {8C85203C-0983-4E97-A28F-9134C25861C2} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {93BE7CD1-ECFD-4235-9350-09EF10809A57} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {9CB31A68-86B3-4E17-BF5C-57B535DF3F3B} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C1317186-1346-44AB-92EA-C5635A789E8C} - System32\Tasks\ASC7_SkipUac_Lola => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-28] (IObit)
Task: {C53E619E-1F73-4BD8-8D8E-F263A59F2C3D} - \The weDownload Manager-updater No Task File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E26439DF-BDA4-4A64-811C-3BC9826F45AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.)
Task: {E2C41E52-73D6-45BE-AA6A-84316EF4DA4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.)
Task: {E5766170-AD65-476C-9283-F466803F357C} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-03-10] (IObit)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EB85D3CB-FCE5-40BB-B285-CEB018C61702} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-05-06] (IObit)
Task: {FB46942C-D91E-4919-80C5-158CD0AE790F} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-02-22] ()
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Lola.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (whitelisted) =============

2014-05-23 12:28 - 2014-05-23 12:28 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-07-01 14:26 - 2014-07-01 14:26 - 00596480 _____ () C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe
2013-12-05 14:35 - 2013-02-20 23:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-06-07 15:12 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-07-15 12:17 - 2014-06-06 13:07 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2014-07-15 12:17 - 2014-06-06 13:07 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2014-07-15 12:17 - 2014-06-06 13:07 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2014-06-07 16:12 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2014-06-07 15:12 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl
2014-06-07 15:12 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl
2014-06-07 15:12 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2014-06-07 15:12 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2014-06-17 10:12 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2014-06-17 10:12 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2014-06-17 10:12 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2014-06-17 10:12 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2014-06-17 10:12 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2014-06-17 10:12 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-06-17 10:12 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2014-06-07 15:12 - 2013-12-02 19:06 - 01281312 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\Scan.dll
2014-07-15 12:17 - 2014-06-06 13:08 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Freya\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Lola\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Thomas\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: GameCenterMailRu-EU => "c:\users\lola\appdata\local\mail.ru\gamecenter-eu\gamecenter@mail.ru.exe" -autostart

==================== Faulty Device Manager Devices =============

Name: CIF Single Chip     
Description: CIF Single Chip     
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2014 05:31:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (07/19/2014 05:31:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (07/19/2014 05:31:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17039, Zeitstempel: 0x53156588
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000005280fd8
ID des fehlerhaften Prozesses: 0x1084
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (07/19/2014 05:26:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (07/19/2014 00:55:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (07/19/2014 10:03:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (07/19/2014 07:51:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (07/18/2014 03:36:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (07/18/2014 02:57:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (07/18/2014 09:42:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.


System errors:
=============
Error: (07/19/2014 09:54:55 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/19/2014 07:42:41 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/18/2014 10:17:43 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/18/2014 08:56:35 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/18/2014 02:25:57 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/18/2014 10:16:31 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/18/2014 00:21:32 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/17/2014 08:39:10 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/17/2014 04:56:48 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/17/2014 09:44:04 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (07/19/2014 05:31:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (07/19/2014 05:31:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (07/19/2014 05:31:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1703953156588unknown0.0.0.000000000c00000050000000005280fd8108401cfa3264d65d5cfC:\WINDOWS\Explorer.EXEunknownbaef9508-0f59-11e4-bebf-f80f41a03396

Error: (07/19/2014 05:26:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (07/19/2014 00:55:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (07/19/2014 10:03:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (07/19/2014 07:51:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (07/18/2014 03:36:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (07/18/2014 02:57:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (07/18/2014 09:42:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 7613.49 MB
Available physical RAM: 5615.26 MB
Total Pagefile: 8829.49 MB
Available Pagefile: 5843.15 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:455.25 GB) (Free:385.11 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.11 GB) (Free:454.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 651131BF)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Gmer
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-19 18:13:01
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000026 WDC_WD10EZEX-22RKKA0 rev.80.00A80 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Lola\AppData\Local\Temp\kgldypog.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                           fffff96000199600 15 bytes [00, F8, 09, 02, 80, 32, 72, ...]
.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                                                      fffff96000199610 11 bytes [00, BC, FB, FF, 00, 77, B2, ...]

---- User code sections - GMER 2.1 ----

.text    C:\WINDOWS\system32\atiesrxx.exe[988] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                              00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[988] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                              00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[988] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                 00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[988] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                 00007fff1dd21832 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[540] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                              00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[540] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                              00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[540] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                 00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[540] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                 00007fff1dd21832 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\system32\taskhostex.exe[1972] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                           00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\system32\taskhostex.exe[1972] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                           00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\system32\taskhostex.exe[1972] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                              00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\system32\taskhostex.exe[1972] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                              00007fff1dd21832 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\Explorer.EXE[2080] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                      00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\Explorer.EXE[2080] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                      00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\Explorer.EXE[2080] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                         00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F]
.text    C:\WINDOWS\Explorer.EXE[2080] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                         00007fff1dd21832 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe[2352] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                              00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe[2352] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                              00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe[2352] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                 00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe[2352] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                 00007fff1dd21832 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3380] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                              00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3380] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                              00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3380] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                 00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3380] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                 00007fff1dd21832 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[3916] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506              00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[3916] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514              00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[3916] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                 00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[3916] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                 00007fff1dd21832 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[1244] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                    00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[1244] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                    00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[1244] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                       00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[1244] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                       00007fff1dd21832 4 bytes [D2, 1D, FF, 7F]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [536:572]                                                                                                                   fffff96000897b90
Thread   C:\WINDOWS\system32\svchost.exe [272:2320]                                                                                                                00007fff0b336cb4
Thread   C:\WINDOWS\system32\svchost.exe [272:2632]                                                                                                                00007fff169f5340
Thread   C:\WINDOWS\system32\svchost.exe [1280:3144]                                                                                                               00007fff0e974608
Thread   C:\WINDOWS\system32\svchost.exe [1280:3148]                                                                                                               00007fff0eb31584
Thread   C:\WINDOWS\system32\svchost.exe [1280:3160]                                                                                                               00007fff0e8e1b40
Thread   C:\Windows\System32\SettingSyncHost.exe [2440:2448]                                                                                                       00007fff15fd4b30
---- Processes - GMER 2.1 ----

Process  C:\Users\Lola\AppData\Local\ContextFree\framei.exe (*** suspicious ***) @ C:\Users\Lola\AppData\Local\ContextFree\framei.exe [3524](2014-07-01 12:26:50)  0000000000400000
Process  C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe (*** suspicious ***) @ C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe [3568](2                       0000000000400000
Process  C:\Users\Lola\AppData\Local\ContextFree\cntcmd.exe (*** suspicious ***) @ C:\Users\Lola\AppData\Local\ContextFree\cntcmd.exe [3604](2014-07-01 12:26:52)  0000000000400000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                     unknown MBR code

---- EOF - GMER 2.1 ----
         
Antivir Fund
Code:
ATTFilter
Exportierte Ereignisse:

14.07.2014 21:36 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.ALJT.1' [adware] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner
         

Alt 19.07.2014, 18:21   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [framei] => C:\Users\Lola\AppData\Local\ContextFree\framei.exe [567808 2014-07-01] ()
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [nvcmd] => C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [cntcmd] => C:\Users\Lola\AppData\Local\ContextFree\cntcmd.exe [596480 2014-07-01] ()
C:\Users\Lola\AppData\Local\ContextFree\
Reboot:
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Der PC startet neu!

Schritt 2
  • Deaktiviere dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Lade die Quarantine.zip im Upload-Channel hoch.
  • Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
  • Klicke abschließend auf Hochladen.
  • Vielen Dank für deine Hilfe.
  • Aktiviere dein Anti-Viren-Programm wieder.

Schritt 3

Bitte deinstalliere folgende Programme:

IObit Apps Toolbar v9.4


Versuche es bei Windows 8 mit der Windowstaste + X über .

Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop.
  • Starte die Revouninstaller.exe
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
    Klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus:



Schritt 4
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 5



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.
__________________

__________________

Alt 19.07.2014, 20:20   #3
Lady Frigg
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



Hallo Jürgen und ja, mit so einer guten Beschreibung, da schaff ich es sogar eins nach dem anderen ab zu arbeiten^^

Hoffe ich hab nix vergessen

Schritt 1:
Fixlog
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014
Ran by Lola at 2014-07-19 20:41:45 Run:1
Running from C:\Users\Lola\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [framei] => C:\Users\Lola\AppData\Local\ContextFree\framei.exe [567808 2014-07-01] ()
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [nvcmd] => C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe [596480 2014-07-01] ()
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [cntcmd] => C:\Users\Lola\AppData\Local\ContextFree\cntcmd.exe [596480 2014-07-01] ()
C:\Users\Lola\AppData\Local\ContextFree\
Reboot:
         
*****************

HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\Software\Microsoft\Windows\CurrentVersion\Run\\framei => value deleted successfully.
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\Software\Microsoft\Windows\CurrentVersion\Run\\nvcmd => value deleted successfully.
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cntcmd => value deleted successfully.
C:\Users\Lola\AppData\Local\ContextFree => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====
         
Schritt 2:
Quarantine.zip hochgeladen - mit Link hier zum Thema + Lady Frigg

Schritt 3:
IObit Apps Toolbar v9.4 dürfte deinstalliert sein - zumindest finde ich davon nix mehr

Schritt 4:
AdwCleaner
Code:
ATTFilter
# AdwCleaner v3.216 - Bericht erstellt am 19/07/2014 um 21:00:20
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Lola - STUBE
# Gestartet von : C:\Users\Lola\Desktop\adwcleaner_3.216.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IObit\Driver Booster
Ordner Gelöscht : C:\Program Files (x86)\Flowsurf
Ordner Gelöscht : C:\Program Files (x86)\IObit\Driver Booster
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\Freya\AppData\Local\Mail.Ru
Ordner Gelöscht : C:\Users\Freya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru
Ordner Gelöscht : C:\Users\Lola\AppData\Local\Mail.Ru
Ordner Gelöscht : C:\Users\Lola\AppData\Local\Slick Savings
Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\IObit\Driver Booster
Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\quickclick
Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\Slick Savings
Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru
Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\faststartff@gmail.com
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com
Datei Gelöscht : C:\END
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
Datei Gelöscht : C:\Users\Lola\daemonprocess.txt
Datei Gelöscht : C:\Users\Thomas\daemonprocess.txt
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Driver Booster Scan
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Driver Booster Update
Datei Gelöscht : C:\WINDOWS\System32\Tasks\fsupdate

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Lola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Lola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Lola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Lola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Lola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\FrEeSoFtOdAy
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Freya\AppData\Roaming\Mozilla\Firefox\Profiles\1a52243f.default\prefs.js ]


[ Datei : C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\prefs.js ]


[ Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\Freya\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh

[ Datei : C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Homepage] : hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
Gelöscht [Extension] : gkcefkcdkepgkpbgncjchhbjgoanleod
Gelöscht [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp

[ Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [38968 octets] - [20/02/2014 21:14:15]
AdwCleaner[R1].txt - [1365 octets] - [20/02/2014 22:39:31]
AdwCleaner[R2].txt - [11505 octets] - [19/07/2014 20:59:26]
AdwCleaner[S0].txt - [35826 octets] - [20/02/2014 21:17:27]
AdwCleaner[S1].txt - [1428 octets] - [20/02/2014 22:41:15]
AdwCleaner[S2].txt - [8794 octets] - [19/07/2014 21:00:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [8854 octets] ##########
         
Schritt 5:
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Lola (administrator) on STUBE on 19-07-2014 21:08:49
Running from C:\Users\Lola\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [fst_de_86] => [X]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit)
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {025fd6ec-81f2-11e3-be73-f80f41a03396} - "E:\LGAutoRun.exe" 
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {2324f0b4-9ccd-11e3-be8b-f80f41a03396} - "E:\LGAutoRun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKCU - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {790DEE0B-14BB-4FEE-8805-7AC306401ACA} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.repage.de/member/paladine
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @mail.ru/GameCenter - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lola\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ads Removal - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\adremoveext@adremoveext.net [2014-06-27]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\ascsurfingprotection@iobit.com [2014-06-07]
FF Extension: Qute Classic - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}.xpi [2014-01-19]
FF Extension: Adblock Plus - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-18]
FF HKLM-x32\...\Firefox\Extensions: [jid1-tofUlNEIFlkUIA@jetpack] - C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: webssearches
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (gamecenter component npdetector.dll) - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File
CHR Extension: (Google Wallet) - C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-23]
CHR Extension: (FlowSurf) - C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn [2014-07-14]

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-07] (IObit)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)
S2 HPSLPSVC; C:\Users\Lola\AppData\Local\Temp\7zS3EFF\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 21:08 - 2014-07-19 21:08 - 00015514 _____ () C:\Users\Lola\Desktop\FRST.txt
2014-07-19 21:04 - 2014-07-19 21:04 - 00008970 _____ () C:\Users\Lola\Desktop\AdwCleaner[S2].txt
2014-07-19 21:00 - 2014-07-19 21:00 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 21:00 - 2014-07-19 21:00 - 00001009 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-19 20:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-19 20:55 - 2014-07-19 20:55 - 01354223 _____ () C:\Users\Lola\Desktop\adwcleaner_3.216.exe
2014-07-19 18:13 - 2014-07-19 18:13 - 00009520 _____ () C:\Users\Lola\Desktop\Gmer.txt
2014-07-19 18:03 - 2014-07-19 21:02 - 00006360 _____ () C:\WINDOWS\PFRO.log
2014-07-19 18:03 - 2014-07-19 18:03 - 00000000 _____ () C:\asc_rdflag
2014-07-19 17:47 - 2014-07-19 21:08 - 00000000 ____D () C:\FRST
2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log
2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable
2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt
2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe
2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe
2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe
2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate
2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe
2014-07-14 16:17 - 2014-07-14 16:17 - 00339680 _____ () C:\Users\Lola\Downloads\FlashPlayersetup__7343_i1040439988_il23.exe
2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-11 08:52 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-11 08:52 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 12:10 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 05:55 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 05:55 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 05:55 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 05:55 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 05:55 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 05:55 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 05:55 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 05:55 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 05:55 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 05:55 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 05:54 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 05:54 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 05:54 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 05:54 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 05:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 05:54 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 05:53 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 05:53 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 05:53 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 05:53 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 05:53 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 05:53 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 05:53 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 05:53 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 05:53 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 05:53 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 05:53 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 05:53 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 05:53 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 05:53 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 05:53 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 05:53 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 05:53 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 05:53 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 05:53 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 05:53 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 05:53 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 05:51 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 05:51 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 05:51 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 05:51 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 05:51 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 05:51 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 05:51 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 05:51 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 05:51 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 05:51 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 05:51 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 05:51 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 05:51 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 05:51 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 05:51 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 05:51 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 05:51 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 05:51 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 05:51 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 05:51 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-06-21 18:02 - 2014-07-19 21:03 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 10:16 - 2014-06-19 10:16 - 00000024 _____ () C:\Users\Lola\AppData\Roaming\temp.ini

==================== One Month Modified Files and Folders =======

2014-07-19 21:09 - 2014-07-19 21:08 - 00015514 _____ () C:\Users\Lola\Desktop\FRST.txt
2014-07-19 21:08 - 2014-07-19 17:47 - 00000000 ____D () C:\FRST
2014-07-19 21:08 - 2014-01-17 23:23 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2611022401-1185657083-2724232758-1001
2014-07-19 21:07 - 2014-01-18 14:35 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 21:07 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-19 21:07 - 2013-11-14 09:11 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-19 21:07 - 2013-11-14 09:11 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-19 21:04 - 2014-07-19 21:04 - 00008970 _____ () C:\Users\Lola\Desktop\AdwCleaner[S2].txt
2014-07-19 21:04 - 2014-06-09 18:15 - 01889916 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-19 21:04 - 2014-06-09 18:01 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87182F7E-78A1-441D-96FB-2954177723C7}
2014-07-19 21:03 - 2014-06-21 18:02 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 21:03 - 2014-05-17 14:58 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\Wise Care 365
2014-07-19 21:03 - 2014-01-28 00:31 - 00000000 __RDO () C:\Users\Lola\SkyDrive
2014-07-19 21:02 - 2014-07-19 18:03 - 00006360 _____ () C:\WINDOWS\PFRO.log
2014-07-19 21:02 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-19 21:01 - 2014-02-20 21:13 - 00000000 ____D () C:\AdwCleaner
2014-07-19 21:01 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-19 21:00 - 2014-07-19 21:00 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 21:00 - 2014-07-19 21:00 - 00001009 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-19 21:00 - 2014-02-09 22:56 - 00000000 ____D () C:\Users\Thomas
2014-07-19 21:00 - 2014-01-28 00:00 - 00000000 ____D () C:\Users\Lola
2014-07-19 21:00 - 2014-01-18 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-19 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-19 20:55 - 2014-07-19 20:55 - 01354223 _____ () C:\Users\Lola\Desktop\adwcleaner_3.216.exe
2014-07-19 20:54 - 2014-02-20 22:37 - 00000288 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-19 20:16 - 2014-04-18 12:13 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-19 18:13 - 2014-07-19 18:13 - 00009520 _____ () C:\Users\Lola\Desktop\Gmer.txt
2014-07-19 18:03 - 2014-07-19 18:03 - 00000000 _____ () C:\asc_rdflag
2014-07-19 18:03 - 2014-06-09 05:51 - 73416704 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2014-07-19 18:03 - 2014-06-09 05:51 - 00409600 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2014-07-19 18:03 - 2014-06-09 05:51 - 00036864 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-07-19 18:03 - 2014-06-09 05:51 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-07-19 18:01 - 2014-06-07 15:12 - 00000252 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Lola.job
2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log
2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable
2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt
2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe
2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe
2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe
2014-07-19 17:29 - 2014-06-07 17:49 - 00000000 ____D () C:\Users\Lola\Desktop\Deutschland Spielt
2014-07-19 17:26 - 2014-06-07 15:12 - 00002189 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-07-19 15:20 - 2014-05-17 15:23 - 00000412 _____ () C:\WINDOWS\Tasks\Wise Turbo Checker.job
2014-07-19 10:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate
2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe
2014-07-15 09:37 - 2014-06-07 16:11 - 00165659 _____ () C:\MyXML.xml
2014-07-15 09:37 - 2014-02-20 22:37 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-14 16:17 - 2014-07-14 16:17 - 00339680 _____ () C:\Users\Lola\Downloads\FlashPlayersetup__7343_i1040439988_il23.exe
2014-07-11 12:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-11 09:13 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-11 08:51 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 14:26 - 2014-03-13 12:34 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-09 12:15 - 2014-01-18 14:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 12:12 - 2014-01-18 14:18 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 12:12 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 12:09 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 11:54 - 2014-04-18 12:13 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-03 17:29 - 2014-03-12 15:10 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-07-01 00:45 - 2014-07-09 05:51 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-28 09:48 - 2014-07-09 05:51 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 09:07 - 2014-07-09 05:51 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-28 00:50 - 2014-01-18 00:56 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\TS3Client
2014-06-26 22:55 - 2014-07-11 08:52 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2014-07-11 08:52 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 11:35 - 2014-01-18 00:48 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-21 18:02 - 2014-01-18 14:35 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 10:16 - 2014-06-19 10:16 - 00000024 _____ () C:\Users\Lola\AppData\Roaming\temp.ini
2014-06-19 10:15 - 2014-02-20 22:37 - 00000000 ____D () C:\ProgramData\IObit
2014-06-19 03:39 - 2014-07-09 05:54 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-19 02:48 - 2014-07-09 05:53 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-19 02:16 - 2014-07-09 05:54 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-19 02:09 - 2014-07-09 05:53 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-19 01:51 - 2014-07-09 05:54 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 05:53 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 05:53 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-19 01:46 - 2014-07-09 05:54 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-06-19 01:39 - 2014-07-09 05:53 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-19 01:33 - 2014-07-09 05:53 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 05:53 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-19 01:27 - 2014-07-09 05:53 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-19 01:12 - 2014-07-09 05:53 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-19 00:59 - 2014-07-09 05:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 05:53 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 05:53 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-19 00:57 - 2014-07-09 05:54 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-06-19 00:52 - 2014-07-09 05:53 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 05:54 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 05:53 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-19 00:45 - 2014-07-09 05:53 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 05:53 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 05:53 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 05:53 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 05:53 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 05:53 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 05:53 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

Files to move or delete:
====================
C:\ProgramData\uninstall265917.exe


Some content of TEMP:
====================
C:\Users\Freya\AppData\Local\Temp\avgnt.exe
C:\Users\Lola\AppData\Local\Temp\avgnt.exe
C:\Users\Lola\AppData\Local\Temp\Quarantine.exe
C:\Users\Lola\AppData\Local\Temp\{D983D7E1-6584-4398-A43B-2FB423F350E2}-36.0.1985.125_35.0.1916.153_chrome_updater.exe
C:\Users\Thomas\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 14:57

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 19.07.2014, 20:29   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



Prima machst Du das...

Schritt 1

Malwarebytes Antimalware
  • Download-Link
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 20.07.2014, 00:07   #5
Lady Frigg
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



*puh* das artet ja richtig in Arbeit aus aber hab mich tapfer durchgekämpft^^

Dazu kann ich berichten - nach den ersten Anweisungen gab es keine selbstständige Tabs von Firefox mehr.

Schritt 1:
MBAM
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.07.2014
Suchlauf-Zeit: 21:43:59
Logdatei: Protokoll.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.19.07
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Lola

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 412924
Verstrichene Zeit: 28 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 16
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6CA2A4DE-483E-456B-8634-6445460D7097}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C321541F-B22D-4593-AC1A-9634812A4E40}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A8018C54-B702-4D52-9ACC-8CA78911E633}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C6A846C5-D67F-48B4-8552-C22354E56966}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A8018C54-B702-4D52-9ACC-8CA78911E633}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C6A846C5-D67F-48B4-8552-C22354E56966}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C321541F-B22D-4593-AC1A-9634812A4E40}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], 
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6CA2A4DE-483E-456B-8634-6445460D7097}, Löschen bei Neustart, [445d960a1f5c63d32a8fb4a555ad8b75], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6CA2A4DE-483E-456B-8634-6445460D7097}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Löschen bei Neustart, [a100910f572469cdd9fdbc9a1be7f907], 
PUP.Optional.weDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\The weDownload Manager, Löschen bei Neustart, [4958940c6b103cfa9f8703db28daba46], 
PUP.Optional.FlowSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF, Löschen bei Neustart, [9a078f11ec8ff83e7e6c70aacf35768a], 
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF, Löschen bei Neustart, [b8e927799fdc64d28862a67415ef936d], 
PUP.Optional.Qone8, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Löschen bei Neustart, [28799d03c5b639fd876e34d732d26799], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Löschen bei Neustart, [6c358f11ea91ef47a3fe0c08b94b5ea2], 
PUP.Optional.weDownload.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\The weDownload Manager, Löschen bei Neustart, [079af3ad611a61d5ac7af0ee966cac54], 

Registrierungswerte: 5
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_de_86, In Quarantäne, [5051920ea3d8e84eb629a630877be020], 
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|jid1-tofUlNEIFlkUIA@jetpack, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack, In Quarantäne, [524f9e02ed8e6fc70ce67863fc068c74]
PUP.Optional.FlowSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF|chrid, oglkiljdmflopemijdadoiepkhcaodjn, Löschen bei Neustart, [9a078f11ec8ff83e7e6c70aacf35768a]
PUP.Optional.FlowSurf.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF|chrid, oglkiljdmflopemijdadoiepkhcaodjn, Löschen bei Neustart, [b8e927799fdc64d28862a67415ef936d]
PUP.Optional.FastStart.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Löschen bei Neustart, [633edec2bdbecc6a7a28586dc63cf808]

Registrierungsdaten: 2
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[e7babfe1f8833501a5c3b9f012f29967]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027),Löschen bei Neustart,[ccd55e42a6d5360055e59609f31106fa]

Ordner: 12
PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode, In Quarantäne, [3f62633d611aa591547ea9fcb151c040], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\OGLKILJDMFLOPEMIJDADOIEPKHCAODJN, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\OGLKILJDMFLOPEMIJDADOIEPKHCAODJN\1.5.28_0, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\OGLKILJDMFLOPEMIJDADOIEPKHCAODJN\1.5.28_0\icons, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\OGLKILJDMFLOPEMIJDADOIEPKHCAODJN\1.5.28_0\includes, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\OGLKILJDMFLOPEMIJDADOIEPKHCAODJN\1.5.28_0\kango, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\OGLKILJDMFLOPEMIJDADOIEPKHCAODJN\1.5.28_0\kango-ui, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.Spigot.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\GPIIFGMGNFDIBLGPAEPBMFDKCHEICGOF, In Quarantäne, [7a27b8e8512a62d4fdb64274966cd32d], 
PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0, In Quarantäne, [465bd1cfb6c5d95dc3e17a3dba4855ab], 
PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0, In Quarantäne, [c3deabf57a01c76ff7ad4d6ad230e31d], 
PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], 
PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode, In Quarantäne, [b2ef8a1603782511d7ce7b3c19e9f50b], 

Dateien: 67
PUP.Optional.WPM.A, C:\Users\Lola\AppData\Local\Temp\303331578\303331578.zipDir\tmp\wpm_v20.0.0.502.exe, In Quarantäne, [168b217f53282c0a63e9177a90710ff1], 
PUP.Optional.Amonetize, C:\Users\Lola\Downloads\FlashPlayersetup__7343_i1040439988_il23.exe, In Quarantäne, [554cedb3ff7c8da925f92773dc257789], 
PUP.Optional.BundleInstaller.A, C:\Users\Lola\Downloads\openoffice setup.exe, In Quarantäne, [fca57c246615c4725136ef5144bdb050], 
PUP.Optional.BundleInstaller.A, C:\Users\Thomas\Downloads\Setup.exe, In Quarantäne, [950c4c546b1060d65c7dc2b260a413ed], 
PUP.Optional.WebSearchs.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_ISTART.WEBSSEARCHES.COM_0.LOCALSTORAGE, In Quarantäne, [8a17f3adb4c7ee485ce514ae996928d8], 
PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0.localstorage, In Quarantäne, [435eb2eeec8f56e06a9fac207b87e719], 
PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0.localstorage, In Quarantäne, [633e49579fdcc96d9871ab21b74bdf21], 
PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0.localstorage-journal, In Quarantäne, [9908b5ebd3a82e0867a28e3e20e2857b], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\background.html, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\extension_info.json, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\extension_info.json.bak, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\flowsurf-drop.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\flowsurf.css, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\jquery-1.7.2.min.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\main.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\main.js.bak, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\manifest.json, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\readme.txt, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\button.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon100.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon128.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon16.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon256.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon32.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon48.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon64.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\content_init.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\content_kango.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\invoke_async_module.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\message_target_module.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\userscript_client.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\backgroundscript_engine.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\browser.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\console.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\i18n.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\initialize.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\io.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\kango.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\lang.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\messaging.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\storage.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\userscript_engine.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\xhr.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\browser_button.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\kango_api.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\options.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\remote_popup_host.html, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\ui.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], 
PUP.Optional.Spigot.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpiifgmgnfdiblgpaepbmfdkcheicgof\000003.log, In Quarantäne, [7a27b8e8512a62d4fdb64274966cd32d], 
PUP.Optional.Spigot.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpiifgmgnfdiblgpaepbmfdkcheicgof\CURRENT, In Quarantäne, [7a27b8e8512a62d4fdb64274966cd32d], 
PUP.Optional.Spigot.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpiifgmgnfdiblgpaepbmfdkcheicgof\LOCK, In Quarantäne, [7a27b8e8512a62d4fdb64274966cd32d], 
PUP.Optional.Spigot.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpiifgmgnfdiblgpaepbmfdkcheicgof\LOG, In Quarantäne, [7a27b8e8512a62d4fdb64274966cd32d], 
PUP.Optional.Spigot.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpiifgmgnfdiblgpaepbmfdkcheicgof\MANIFEST-000002, In Quarantäne, [7a27b8e8512a62d4fdb64274966cd32d], 
PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0\1, In Quarantäne, [465bd1cfb6c5d95dc3e17a3dba4855ab], 
PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0\1, In Quarantäne, [c3deabf57a01c76ff7ad4d6ad230e31d], 
PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\000005.ldb, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], 
PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\000006.log, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], 
PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\CURRENT, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], 
PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\LOCK, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], 
PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\LOG, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], 
PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\LOG.old, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], 
PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\MANIFEST-000004, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], 
PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\000003.log, In Quarantäne, [b2ef8a1603782511d7ce7b3c19e9f50b], 
PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\CURRENT, In Quarantäne, [b2ef8a1603782511d7ce7b3c19e9f50b], 
PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\LOCK, In Quarantäne, [b2ef8a1603782511d7ce7b3c19e9f50b], 
PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\LOG, In Quarantäne, [b2ef8a1603782511d7ce7b3c19e9f50b], 
PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\MANIFEST-000002, In Quarantäne, [b2ef8a1603782511d7ce7b3c19e9f50b], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Schritt 2:
ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=30419cf1aa7f75448c4ab68baa063358
# engine=19256
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-19 08:40:35
# local_time=2014-07-19 10:40:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 9580 12481171 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4766334 14128756 0 0
# scanned=91
# found=0
# cleaned=0
# scan_time=20
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=30419cf1aa7f75448c4ab68baa063358
# engine=19256
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-19 10:21:15
# local_time=2014-07-20 12:21:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 15620 12487211 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4772374 14134796 0 0
# scanned=225237
# found=100
# cleaned=0
# scan_time=5966
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir"
sh=5B316DFC64B10EF482340274CA23463B41FA06D7 ft=1 fh=65889e0c5d5dba37 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\CltMngSvc.exe.vir"
sh=3C4070BE9BE256CA88CD3B993CFBE4DEF47E67E1 ft=1 fh=83a1f0e292f9ec84 vn="Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\CltMngSvc.exe_1390855317907.vir"
sh=8D431618E9030709F4F92F93482A042D2D0B70FA ft=1 fh=f9c5079134e88344 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPTool.dll.vir"
sh=DF96804C0D2D07D7543728DF582C86ACD3BEF3CF ft=1 fh=8676e6337a543f91 vn="Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1390855309140.vir"
sh=DF96804C0D2D07D7543728DF582C86ACD3BEF3CF ft=1 fh=8676e6337a543f91 vn="Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1390855309390.vir"
sh=C8F8049916B0E5C1953670DB20F04E87791681F2 ft=1 fh=5f5f86e71335fd15 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1391012880405.vir"
sh=C8F8049916B0E5C1953670DB20F04E87791681F2 ft=1 fh=5f5f86e71335fd15 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1391012881015.vir"
sh=05C0A99ACE45CEFB680DF0D3D87C138A307D346A ft=1 fh=2e9dc85ff81fe5c7 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1391443718514.vir"
sh=5FF1DB4E5E08B0718AF684AB591F51C4289B9145 ft=1 fh=59283cd49474610a vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\uninstall.exe.vir"
sh=33E077621D027F3A6C83972DBD1B0C7F899C1B4E ft=1 fh=3081b00e12e38191 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\cltmng.exe.vir"
sh=F697E03ADDEBA7FFAEB6F58DF392181B7124603D ft=1 fh=63d6f81f206b87ab vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPTool64.exe.vir"
sh=CF86EC53BF89452D78E9232D0A650ED0D6DDFBF8 ft=1 fh=f9b15bfcf851b7f7 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32.dll.vir"
sh=D472287B4D2DE014565DAA5FE33CE7A8D8467BEF ft=1 fh=be2a50d35d915b95 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=A90FEB7960611E1959F335750997B5D1F96705CF ft=1 fh=cb70b3974a3698d7 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64.dll.vir"
sh=3E71F188279BEBB9F9197E61CCB7D29619A56207 ft=1 fh=03c4fc387191019c vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=6F1A5ECDFB7EEC7C358BEFB0FB3D77CD7F21310D ft=1 fh=63510bae0f8b92a7 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\UI\bin\cltmngui.exe.vir"
sh=1DBF1556C82A78CA45882E66DD83C0A977BF8D23 ft=1 fh=328989ef9803066c vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=C5883F4245AE2C0515FB1D04A08FD82885B06398 ft=1 fh=8d649859311d4519 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=EA186A56E0445AF8E5F382F56F42F91682CFED3B ft=1 fh=875c743a5b727b00 vn="Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=9E90A050EB0BB1CEAB5633BCE404E5D5BC307647 ft=1 fh=2563181150dc44ea vn="Win32/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=16CF5D6E11C0F55548A67B8B5D04FA3460C76A2D ft=1 fh=7418003a088e68c3 vn="Win64/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=C03584BE4ED7835858158D1C38D6B08317E2FC82 ft=1 fh=a96a1125b953bd6a vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=67642DACDC22ED45AF7947E4F47B1B8463E4162C ft=1 fh=b08cc40f36e9035a vn="Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=9042385F0336C5429FCD45FC347CC29A9BC06BB0 ft=1 fh=a7a426d7c77c80fb vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=9A4653CEB22C589149D70AF965E4C1586F6CA52A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\49074.crx.vir"
sh=3678253E7BCECF44D37889E6E706BCAF51847CCB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\49074.xpi.vir"
sh=54B26BB83094675DB6A0AC2FAFA7C91FC8942F4E ft=1 fh=3a4703d3f9f9f5f4 vn="Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-bg.exe.vir"
sh=388F890CAEB292E51E95F1B708E310BC5A371BC4 ft=1 fh=c71c00111a7e76d1 vn="Win32/Toolbar.CrossRider.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho.dll.vir"
sh=90416AFC1C2546408118F8A2EE861437FD0675D7 ft=1 fh=e973c85d0c631798 vn="Variante von Win64/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll.vir"
sh=8A35852528873F841CFB43295889BDC024C7A28F ft=1 fh=3d74ec29744d8344 vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-buttonutil.exe.vir"
sh=C9F775295CC651D4E6EA9AB1194D7DEF88A9C705 ft=1 fh=c71c00113096d58d vn="möglicherweise Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-buttonutil64.dll.vir"
sh=FDBCF2A8097E80DD8C0E4A47167CA51D311427F9 ft=1 fh=3d74ec299e67ffa8 vn="Variante von Win64/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-buttonutil64.exe.vir"
sh=A619A66DFB30811DD65994FBE427DDD26DE5EDA2 ft=1 fh=1a8d23ed7c65c977 vn="Win32/Toolbar.CrossRider.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe.vir"
sh=3CF294A4B897845053A30E8E6C7AF418ECD05017 ft=1 fh=e3207db2f2123b3d vn="Win32/Toolbar.CrossRider.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe.vir"
sh=2ED35EA232A7A5B52E5A986C6BB2909B8CA52415 ft=1 fh=17f8ae824c93a525 vn="Variante von Win32/Toolbar.CrossRider.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-enabler.exe.vir"
sh=780902952FC4DB3D6A5321273C4BD849A8635633 ft=1 fh=b452135b3dee8c92 vn="Variante von Win32/Toolbar.CrossRider.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe.vir"
sh=CC2AC68A6B7D5ECF5D055985CF27A99A80D6C6B5 ft=1 fh=5baeea4b593d9080 vn="Variante von Win32/Toolbar.CrossRider.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-updater.exe.vir"
sh=C62FF895E33B51FB1E304FF9A7D6E64D2DD736F5 ft=1 fh=2e18a956c41cfa90 vn="Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\utils.exe.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\genienext\nengine.dll.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\102_dealply_m.js.vir"
sh=C8DB5E57774018F7ECA9B897993D81B6A6B37F7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=8BFBBD749FDAA46297DA7F28A30E29C55FD72880 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\105_corticas_m.js.vir"
sh=AE2D5CE395EE9CD2595F77F616E574F4794B1152 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=7C81F4B98C95A247009293CC3CBE66218ED8ADD0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=9F07ACC96BC246F25975479E9382CDF88E7D8711 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\191_ciuvo_m.js.vir"
sh=F913C9EE03B4CCE8680961DBF505FA17BAC140F0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir"
sh=28F70DF1D28964084CCA8382AE4ADA97EF0C4C0A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=5238A49C440E541BF241BC5EA247BAC9321C096D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=D6CFE89E51D1CF5C0043E538BC26C4477CE3EF3E ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\102_dealply_m.js.vir"
sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=04253E738106628805978963C1648F429CD2A08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\105_corticas_m.js.vir"
sh=9832E303AF1F020C6DD37DB8D8E7A0FF40979142 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=84CA9AA694BCAE4779C18F493E7083124A3126C5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=D9DF0722882055C5C11AFD602D505B2E7EA9AFC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=39D85F60370A7E5065A9BDC9D83216476D768A60 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\191_ciuvo_m.js.vir"
sh=755E6F27D557EE62A1733A6D7446929692C0E2D5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir"
sh=1C11431100002928B21CADA701E3D80CDBEFB6A2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=3BB30FB241BF8D2B709364A69F5128CA9BEF9ED2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\217_similar_products_m.js.vir"
sh=115081E9037F5D63F69BC5CA19ECC1ACC8F61896 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\223_imonomy_m.js.vir"
sh=7BC84C8A88F318467C124FA76E67F600EB90FCAC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\224_beacon_pops_m.js.vir"
sh=2DC335A206411AD5B2CB8E8AB2B1333596493CB9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\226_set_campaign_id_m.js.vir"
sh=46F27C818E66AF2651C8AEAAC8249451A90182BE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js.vir"
sh=ADA1ABB410D5E0C6AD102F5BA8AEB6A255C1E9A6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js.vir"
sh=99ED957925C94680B2842F0C146CF7F28A86CCD0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\newnext.me\nengine.dll.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\102_dealply_m.js.vir"
sh=C8DB5E57774018F7ECA9B897993D81B6A6B37F7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=8BFBBD749FDAA46297DA7F28A30E29C55FD72880 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\105_corticas_m.js.vir"
sh=AE2D5CE395EE9CD2595F77F616E574F4794B1152 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=7C81F4B98C95A247009293CC3CBE66218ED8ADD0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=9F07ACC96BC246F25975479E9382CDF88E7D8711 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\191_ciuvo_m.js.vir"
sh=F913C9EE03B4CCE8680961DBF505FA17BAC140F0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir"
sh=28F70DF1D28964084CCA8382AE4ADA97EF0C4C0A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=5238A49C440E541BF241BC5EA247BAC9321C096D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=F913C9EE03B4CCE8680961DBF505FA17BAC140F0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir"
sh=28F70DF1D28964084CCA8382AE4ADA97EF0C4C0A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir"
sh=76546544E4F61C8A5C86A53DC07C4F6B1A39B904 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\217_similar_products_m.js.vir"
sh=7BC84C8A88F318467C124FA76E67F600EB90FCAC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\224_beacon_pops_m.js.vir"
sh=3F1A2FD85413FF4A3A4FF8BE0DFB3956E96B0212 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=535AF651EA5F3D5DE0E0A0C7A83FB82D217C1414 ft=1 fh=839880581fe9fccf vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lola\AppData\Local\Temp\awhA552.tmp"
sh=BBD7A2AC1E027E7ED0CFA567CF06E86D22B2A665 ft=1 fh=55978f7f5077c75a vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lola\Downloads\IObit-Malware-Figher-Setup.exe"
sh=B4E711E7C5EB528585859AB5CBC76A88239757B5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\8\BC\6D1ADd01"
sh=85F7A6DCC9459A0B1E5BB8CD1138F0E4075C90A2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\D\DF\46B67d01"
         


Alt 20.07.2014, 02:20   #6
Lady Frigg
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



Schritt 3:
FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Lola (administrator) on STUBE on 20-07-2014 00:53:57
Running from C:\Users\Lola\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit)
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {025fd6ec-81f2-11e3-be73-f80f41a03396} - "E:\LGAutoRun.exe" 
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {2324f0b4-9ccd-11e3-be8b-f80f41a03396} - "E:\LGAutoRun.exe" 
HKU\S-1-5-21-2611022401-1185657083-2724232758-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe -update plugin 
HKU\S-1-5-21-2611022401-1185657083-2724232758-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [GameCenterMailRu-EU] => "C:\Users\Freya\AppData\Local\Mail.Ru\GameCenter-EU\GameCenter@Mail.Ru.exe" -autostart 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKCU - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {790DEE0B-14BB-4FEE-8805-7AC306401ACA} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.repage.de/member/paladine
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @mail.ru/GameCenter - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lola\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ads Removal - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\adremoveext@adremoveext.net [2014-06-27]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\ascsurfingprotection@iobit.com [2014-06-07]
FF Extension: Qute Classic - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}.xpi [2014-01-19]
FF Extension: Adblock Plus - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-18]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: webssearches
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (gamecenter component npdetector.dll) - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File
CHR Extension: (Google Wallet) - C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-23]

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-07] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)
S2 HPSLPSVC; C:\Users\Lola\AppData\Local\Temp\7zS3EFF\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 00:53 - 2014-07-20 00:54 - 00016408 _____ () C:\Users\Lola\Desktop\FRST.txt
2014-07-20 00:51 - 2014-07-20 00:52 - 00042299 _____ () C:\Users\Lola\Desktop\Addition.txt
2014-07-19 22:35 - 2014-07-19 22:35 - 02347384 _____ (ESET) C:\Users\Lola\Desktop\esetsmartinstaller_deu.exe
2014-07-19 22:16 - 2014-07-19 22:27 - 00022051 _____ () C:\Users\Lola\Desktop\Protokoll.txt
2014-07-19 21:40 - 2014-07-19 23:10 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-19 21:40 - 2014-07-19 21:40 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-19 21:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-19 21:40 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-19 21:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-19 21:32 - 2014-07-19 21:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lola\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-19 21:04 - 2014-07-19 21:04 - 00008970 _____ () C:\Users\Lola\Desktop\AdwCleaner[S2].txt
2014-07-19 21:00 - 2014-07-19 21:00 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 21:00 - 2014-07-19 21:00 - 00001009 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-19 20:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-19 20:55 - 2014-07-19 20:55 - 01354223 _____ () C:\Users\Lola\Desktop\adwcleaner_3.216.exe
2014-07-19 18:13 - 2014-07-19 18:13 - 00009520 _____ () C:\Users\Lola\Desktop\Gmer.txt
2014-07-19 18:03 - 2014-07-19 22:20 - 00037326 _____ () C:\WINDOWS\PFRO.log
2014-07-19 18:03 - 2014-07-19 18:03 - 00000000 _____ () C:\asc_rdflag
2014-07-19 17:47 - 2014-07-20 00:54 - 00000000 ____D () C:\FRST
2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log
2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable
2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt
2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe
2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe
2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe
2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate
2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe
2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-11 08:52 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-11 08:52 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 12:10 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 05:55 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 05:55 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 05:55 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 05:55 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 05:55 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 05:55 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 05:55 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 05:55 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 05:55 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 05:55 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 05:54 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 05:54 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 05:54 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 05:54 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 05:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 05:54 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 05:53 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 05:53 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 05:53 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 05:53 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 05:53 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 05:53 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 05:53 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 05:53 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 05:53 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 05:53 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 05:53 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 05:53 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 05:53 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 05:53 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 05:53 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 05:53 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 05:53 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 05:53 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 05:53 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 05:53 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 05:53 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 05:51 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 05:51 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 05:51 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 05:51 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 05:51 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 05:51 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 05:51 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 05:51 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 05:51 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 05:51 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 05:51 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 05:51 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 05:51 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 05:51 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 05:51 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 05:51 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 05:51 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 05:51 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 05:51 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 05:51 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-06-21 18:02 - 2014-07-19 22:23 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== One Month Modified Files and Folders =======

2014-07-20 00:54 - 2014-07-20 00:53 - 00016408 _____ () C:\Users\Lola\Desktop\FRST.txt
2014-07-20 00:54 - 2014-07-19 17:47 - 00000000 ____D () C:\FRST
2014-07-20 00:53 - 2014-02-20 22:37 - 00000288 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-20 00:52 - 2014-07-20 00:51 - 00042299 _____ () C:\Users\Lola\Desktop\Addition.txt
2014-07-20 00:21 - 2014-01-17 23:23 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2611022401-1185657083-2724232758-1001
2014-07-20 00:18 - 2014-06-09 18:15 - 01941869 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-20 00:16 - 2014-04-18 12:13 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-20 00:08 - 2014-01-18 14:35 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 00:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-19 23:10 - 2014-07-19 21:40 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-19 22:35 - 2014-07-19 22:35 - 02347384 _____ (ESET) C:\Users\Lola\Desktop\esetsmartinstaller_deu.exe
2014-07-19 22:27 - 2014-07-19 22:16 - 00022051 _____ () C:\Users\Lola\Desktop\Protokoll.txt
2014-07-19 22:26 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-19 22:26 - 2013-11-14 09:11 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-19 22:26 - 2013-11-14 09:11 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-19 22:25 - 2014-01-28 00:31 - 00000000 __RDO () C:\Users\Lola\SkyDrive
2014-07-19 22:24 - 2014-05-17 14:58 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\Wise Care 365
2014-07-19 22:23 - 2014-06-21 18:02 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 22:20 - 2014-07-19 18:03 - 00037326 _____ () C:\WINDOWS\PFRO.log
2014-07-19 22:20 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-19 22:20 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-19 22:05 - 2014-06-09 18:01 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87182F7E-78A1-441D-96FB-2954177723C7}
2014-07-19 21:40 - 2014-07-19 21:40 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-19 21:34 - 2014-07-19 21:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lola\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-19 21:04 - 2014-07-19 21:04 - 00008970 _____ () C:\Users\Lola\Desktop\AdwCleaner[S2].txt
2014-07-19 21:01 - 2014-02-20 21:13 - 00000000 ____D () C:\AdwCleaner
2014-07-19 21:00 - 2014-07-19 21:00 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 21:00 - 2014-07-19 21:00 - 00001009 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-19 21:00 - 2014-02-09 22:56 - 00000000 ____D () C:\Users\Thomas
2014-07-19 21:00 - 2014-01-28 00:00 - 00000000 ____D () C:\Users\Lola
2014-07-19 21:00 - 2014-01-18 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-19 20:55 - 2014-07-19 20:55 - 01354223 _____ () C:\Users\Lola\Desktop\adwcleaner_3.216.exe
2014-07-19 18:13 - 2014-07-19 18:13 - 00009520 _____ () C:\Users\Lola\Desktop\Gmer.txt
2014-07-19 18:03 - 2014-07-19 18:03 - 00000000 _____ () C:\asc_rdflag
2014-07-19 18:03 - 2014-06-09 05:51 - 73416704 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2014-07-19 18:03 - 2014-06-09 05:51 - 00409600 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2014-07-19 18:03 - 2014-06-09 05:51 - 00036864 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-07-19 18:03 - 2014-06-09 05:51 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-07-19 18:01 - 2014-06-07 15:12 - 00000252 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Lola.job
2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log
2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable
2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt
2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe
2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe
2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe
2014-07-19 17:29 - 2014-06-07 17:49 - 00000000 ____D () C:\Users\Lola\Desktop\Deutschland Spielt
2014-07-19 17:26 - 2014-06-07 15:12 - 00002189 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-07-19 15:20 - 2014-05-17 15:23 - 00000412 _____ () C:\WINDOWS\Tasks\Wise Turbo Checker.job
2014-07-19 10:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate
2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe
2014-07-15 09:37 - 2014-06-07 16:11 - 00165659 _____ () C:\MyXML.xml
2014-07-15 09:37 - 2014-02-20 22:37 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-11 12:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-11 09:13 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-11 08:51 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 14:26 - 2014-03-13 12:34 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-09 12:15 - 2014-01-18 14:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 12:12 - 2014-01-18 14:18 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 12:12 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 12:09 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 11:54 - 2014-04-18 12:13 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-03 17:29 - 2014-03-12 15:10 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-07-01 00:45 - 2014-07-09 05:51 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-28 09:48 - 2014-07-09 05:51 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 09:07 - 2014-07-09 05:51 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-28 00:50 - 2014-01-18 00:56 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\TS3Client
2014-06-26 22:55 - 2014-07-11 08:52 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2014-07-11 08:52 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 11:35 - 2014-01-18 00:48 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-21 18:02 - 2014-01-18 14:35 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

Files to move or delete:
====================
C:\ProgramData\uninstall265917.exe


Some content of TEMP:
====================
C:\Users\Freya\AppData\Local\Temp\avgnt.exe
C:\Users\Lola\AppData\Local\Temp\avgnt.exe
C:\Users\Lola\AppData\Local\Temp\Quarantine.exe
C:\Users\Lola\AppData\Local\Temp\{D983D7E1-6584-4398-A43B-2FB423F350E2}-36.0.1985.125_35.0.1916.153_chrome_updater.exe
C:\Users\Thomas\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 14:57

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014
Ran by Lola at 2014-07-20 00:55:18
Running from C:\Users\Lola\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Remote (HKLM-x32\...\Acer Remote1.0) (Version: 1.0 - Acer Inc.)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{6F33B065-4478-44EE-8E5F-A40BBD61619F}) (Version: 20.2.45.72438 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.2.45.72438 - Alcor Micro Corp.) Hidden
AMD Accelerated Video Transcoding (Version: 12.10.100.30322 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{E3AB2F4D-B540-437B-4E4F-3A3C344C3B2A}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2013.0322.413.5642 - Ihr Firmenname) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
Center@Mail.Ru - EU (HKCU\...\GameCenterMailRu-EU) (Version: 2.320 - LLC Mail.Ru)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2012 - Acer Incorporated)
ContextFree (HKCU\...\ContextFree) (Version:  - )
Dark Mysteries: Der Seelensammler Sammleredition (HKLM-x32\...\Dark Mysteries: Der Seelensammler Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Dark Strokes: Die Sünden der Väter Sammleredition (HKLM-x32\...\Dark Strokes: Die Sünden der Väter Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Der Fluch der Werwölfe Sammleredition (HKLM-x32\...\Der Fluch der Werwölfe Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Der Tempel des Lebens: Die Legende der Vier Elemente Sammleredition (HKLM-x32\...\Der Tempel des Lebens: Die Legende der Vier Elemente Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Die 4 Elemente (HKLM-x32\...\Die 4 Elemente) (Version: 0.0.0.0 - INTENIUM GmbH)
Die 4 Elemente II Sammleredition (HKLM-x32\...\Die 4 Elemente II Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.4 - IObit)
Elementals: Der Magische Schlüssel (HKLM-x32\...\Elementals: Der Magische Schlüssel) (Version: 1.0.0.0 - INTENIUM GmbH)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Haunted Past: Im Reich der Geister Sammleredition (HKLM-x32\...\Haunted Past: Im Reich der Geister Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Haus der 1000 Türen 2: Das Juwel des Zarathustra Sammleredition (HKLM-x32\...\Haus der 1000 Türen 2: Das Juwel des Zarathustra Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Haus der 1000 Türen Sammleredition (HKLM-x32\...\Haus der 1000 Türen Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3005 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Acer Incorporated)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Legend - Legacy Of The Dragons (HKCU\...\Legend - Legacy Of The Dragons (DE)) (Version: 1.9 - Mail.Ru Games GmbH)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.16.20140414 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.13.314.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6859 - Realtek Semiconductor Corp.)
Sacra Terra 2: Der Kuss des Todes Sammleredition (HKLM-x32\...\Sacra Terra 2: Der Kuss des Todes Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Sacra Terra: Nacht der Engel Sammleredition (HKLM-x32\...\Sacra Terra: Nacht der Engel Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.1 - IObit)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Voodoo Chroniken: Erstes Zeichen Sammleredition (HKLM-x32\...\Voodoo Chroniken: Erstes Zeichen Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH)
Wise Care 365 2.99 (HKLM-x32\...\Wise Care 365_is1) (Version: 2.99 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

30-06-2014 10:21:00 Geplanter Prüfpunkt
08-07-2014 01:37:08 Geplanter Prüfpunkt
11-07-2014 07:11:54 Windows Modules Installer
18-07-2014 12:27:43 Geplanter Prüfpunkt
19-07-2014 18:53:37 Removed IObit Apps Toolbar v9.4.

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03788E86-B7B8-4E63-B551-3C2AD247CFF7} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-03-10] (IObit)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0622BD4E-1624-4D7D-BBF1-12695E6745F6} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-02-27] (Acer Incorporated)
Task: {07771D45-0369-49C2-8A17-1F224FB67EC9} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2611022401-1185657083-2724232758-1001
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {29A36733-D1DF-43DB-9141-740D150877D1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2F947BC4-4262-4BBF-A78F-003E94166000} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {34973AB3-E070-426D-AB6A-55D1E2CF258D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {355BFE34-8469-49CC-8BFE-10C6BA036237} - \The weDownload Manager-enabler No Task File <==== ATTENTION
Task: {396993F1-06F6-4B62-8230-4524A7805DE7} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {41EB21E1-55BF-49E7-AACB-53FA3FC10FA2} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {420853CD-78F8-4573-9AF9-0D2A2D43AFFD} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {56CAB56C-29F8-49A4-9FBF-356CE766BA30} - \fsupdate No Task File <==== ATTENTION
Task: {5BD0C2C6-2F41-4ECA-A795-35F9FFFF3BEE} - System32\Tasks\RunAsStdUser_GameCenterMailRu-EU => C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\gamecenter@mail.ru.exe
Task: {5FA885F4-7F52-4F6C-8135-60DAC70882C5} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {63D499B3-DCC5-4C9A-A5B7-B77097D5EF33} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION
Task: {659AB603-985B-4C8E-8316-91C7E40A4024} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-01-21] (WiseCleaner.COM)
Task: {667938BF-64DB-47F6-B61D-555C33829F76} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {679929BC-487F-4EEB-A1C2-86B1B45E9135} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-06-13] ()
Task: {694A34E4-F5AC-4818-85F4-10DEFB91478C} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION
Task: {694AEFB2-C1B3-40CE-B1D8-E67D97FA6348} - \Driver Booster Update No Task File <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {744877A2-28E3-435A-9CE9-F70A68FBA20D} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2014-06-06] (IObit)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7AFFDBD5-D60B-4A99-8B48-239CEA06206E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {82289AA5-EA75-4D97-B43B-D731687B4F30} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-06-07] (IObit)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C197F2F-7907-4B64-A1D3-20D2AA22695B} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION
Task: {8C85203C-0983-4E97-A28F-9134C25861C2} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {93BE7CD1-ECFD-4235-9350-09EF10809A57} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {9CB31A68-86B3-4E17-BF5C-57B535DF3F3B} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C1317186-1346-44AB-92EA-C5635A789E8C} - System32\Tasks\ASC7_SkipUac_Lola => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-28] (IObit)
Task: {C53E619E-1F73-4BD8-8D8E-F263A59F2C3D} - \The weDownload Manager-updater No Task File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E26439DF-BDA4-4A64-811C-3BC9826F45AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.)
Task: {E2C41E52-73D6-45BE-AA6A-84316EF4DA4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.)
Task: {E5766170-AD65-476C-9283-F466803F357C} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-03-10] (IObit)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EB85D3CB-FCE5-40BB-B285-CEB018C61702} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-05-06] (IObit)
Task: {FB46942C-D91E-4919-80C5-158CD0AE790F} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-02-22] ()
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Lola.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (whitelisted) =============

2013-12-05 14:35 - 2013-02-20 23:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-05-23 12:28 - 2014-05-23 12:28 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-06-07 15:12 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-07-15 12:17 - 2014-06-06 13:07 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2014-07-15 12:17 - 2014-06-06 13:07 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2014-07-15 12:17 - 2014-06-06 13:07 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2014-06-07 16:12 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2014-06-07 15:12 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl
2014-06-07 15:12 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl
2014-06-07 15:12 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2014-06-07 15:12 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2014-07-15 12:17 - 2014-06-06 13:08 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Freya\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Lola\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Thomas\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: GameCenterMailRu-EU => "c:\users\lola\appdata\local\mail.ru\gamecenter-eu\gamecenter@mail.ru.exe" -autostart
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKCU\...\StartupApproved\Run: => "Advanced SystemCare 7"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2014 00:47:56 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/19/2014 10:40:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/19/2014 10:40:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/19/2014 10:36:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/19/2014 10:36:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/19/2014 10:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/19/2014 10:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/19/2014 10:35:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/19/2014 09:40:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (07/19/2014 09:10:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.


System errors:
=============
Error: (07/19/2014 10:23:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/19/2014 09:04:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/19/2014 09:00:20 PM) (Source: DCOM) (EventID: 10010) (User: STUBE)
Description: Microsoft.WindowsLive.Mail.AppXchpnq3xrg3grbgjnhp88jn3v9r1xskxr.mca

Error: (07/19/2014 08:45:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/19/2014 06:06:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (07/19/2014 06:03:45 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (07/19/2014 09:54:55 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/19/2014 07:42:41 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/18/2014 10:17:43 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/18/2014 08:56:35 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (07/20/2014 00:47:56 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/19/2014 10:40:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe

Error: (07/19/2014 10:40:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe

Error: (07/19/2014 10:36:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe

Error: (07/19/2014 10:36:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe

Error: (07/19/2014 10:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe

Error: (07/19/2014 10:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe

Error: (07/19/2014 10:35:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe

Error: (07/19/2014 09:40:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe

Error: (07/19/2014 09:10:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 7613.49 MB
Available physical RAM: 5527.77 MB
Total Pagefile: 8829.49 MB
Available Pagefile: 5722.1 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:455.25 GB) (Free:380.16 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.11 GB) (Free:454.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 651131BF)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Bei einem späteren Suchlauf von Anti-Malware kam dann dieser Fund (startete i-wie von alleine)

MBAM
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.07.2014
Suchlauf-Zeit: 02:46:35
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.19.09
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Lola

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 404835
Verstrichene Zeit: 29 Min, 34 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.Qone8, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [abba2978770424122df90a02de268878], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 1
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027),Ersetzt,[6302c4dd3f3c8aace39cccd3848016ea]

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Alt 20.07.2014, 15:13   #7
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



Hi,
also ich würde mit Revo zumindest auch noch den IObit Malwarefighter deinstallieren...

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin HKCU: @mail.ru/GameCenter - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File
CHR Plugin: (gamecenter component npdetector.dll) - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File
C:\ProgramData\uninstall265917.exe
C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\8\BC\6D1ADd01
C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\D\DF\46B67d01
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Schritt 2



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 20.07.2014, 15:31   #8
Lady Frigg
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



Gesagt getan.

IObit Malwarefighter deinstalliert

Und hier nun die Logs

Fixlog
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014
Ran by Lola at 2014-07-20 16:24:42 Run:2
Running from C:\Users\Lola\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin HKCU: @mail.ru/GameCenter - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File
CHR Plugin: (gamecenter component npdetector.dll) - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File
C:\ProgramData\uninstall265917.exe
C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\8\BC\6D1ADd01
C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\D\DF\46B67d01
         
*****************

ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File) not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}' => Key deleted successfully.
'HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\Software\MozillaPlugins\@mail.ru/GameCenter' => Key deleted successfully.
C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll not found.
C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll not found.
C:\ProgramData\uninstall265917.exe => Moved successfully.
C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\8\BC\6D1ADd01 => Moved successfully.
C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\D\DF\46B67d01 => Moved successfully.

==== End of Fixlog ====
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Lola (administrator) on STUBE on 20-07-2014 16:26:22
Running from C:\Users\Lola\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {025fd6ec-81f2-11e3-be73-f80f41a03396} - "E:\LGAutoRun.exe" 
HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {2324f0b4-9ccd-11e3-be8b-f80f41a03396} - "E:\LGAutoRun.exe" 
HKU\S-1-5-21-2611022401-1185657083-2724232758-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe -update plugin 
HKU\S-1-5-21-2611022401-1185657083-2724232758-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [GameCenterMailRu-EU] => "C:\Users\Freya\AppData\Local\Mail.Ru\GameCenter-EU\GameCenter@Mail.Ru.exe" -autostart 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms}
SearchScopes: HKCU - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {790DEE0B-14BB-4FEE-8805-7AC306401ACA} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.repage.de/member/paladine
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lola\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ads Removal - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\adremoveext@adremoveext.net [2014-06-27]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\ascsurfingprotection@iobit.com [2014-06-07]
FF Extension: Qute Classic - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}.xpi [2014-01-19]
FF Extension: Adblock Plus - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-18]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: webssearches
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (gamecenter component npdetector.dll) - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File
CHR Extension: (Google Wallet) - C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-23]

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-07] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)
S2 HPSLPSVC; C:\Users\Lola\AppData\Local\Temp\7zS3EFF\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 16:26 - 2014-07-20 16:26 - 00015722 _____ () C:\Users\Lola\Desktop\FRST.txt
2014-07-20 16:19 - 2014-07-20 16:19 - 00000000 ____D () C:\Users\Lola\Desktop\revouninstaller-portable
2014-07-20 16:18 - 2014-07-20 16:18 - 03007700 _____ () C:\Users\Lola\Downloads\revouninstaller.zip
2014-07-20 00:55 - 2014-07-20 00:55 - 00042350 _____ () C:\Users\Lola\Desktop\Addition.txt
2014-07-19 22:35 - 2014-07-19 22:35 - 02347384 _____ (ESET) C:\Users\Lola\Desktop\esetsmartinstaller_deu.exe
2014-07-19 22:16 - 2014-07-19 22:27 - 00022051 _____ () C:\Users\Lola\Desktop\Protokoll.txt
2014-07-19 21:40 - 2014-07-20 15:43 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-19 21:40 - 2014-07-19 21:40 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-19 21:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-19 21:40 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-19 21:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-19 21:32 - 2014-07-19 21:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lola\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-19 21:04 - 2014-07-19 21:04 - 00008970 _____ () C:\Users\Lola\Desktop\AdwCleaner[S2].txt
2014-07-19 21:00 - 2014-07-19 21:00 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 21:00 - 2014-07-19 21:00 - 00001009 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-19 20:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-19 20:55 - 2014-07-19 20:55 - 01354223 _____ () C:\Users\Lola\Desktop\adwcleaner_3.216.exe
2014-07-19 18:13 - 2014-07-19 18:13 - 00009520 _____ () C:\Users\Lola\Desktop\Gmer.txt
2014-07-19 18:03 - 2014-07-19 22:20 - 00037326 _____ () C:\WINDOWS\PFRO.log
2014-07-19 18:03 - 2014-07-19 18:03 - 00000000 _____ () C:\asc_rdflag
2014-07-19 17:47 - 2014-07-20 16:26 - 00000000 ____D () C:\FRST
2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log
2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable
2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt
2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe
2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe
2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe
2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate
2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe
2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-11 08:52 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-11 08:52 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 12:10 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 05:55 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 05:55 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 05:55 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 05:55 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 05:55 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 05:55 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 05:55 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 05:55 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 05:55 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 05:55 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 05:54 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 05:54 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 05:54 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 05:54 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 05:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 05:54 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 05:53 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 05:53 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 05:53 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 05:53 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 05:53 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 05:53 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 05:53 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 05:53 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 05:53 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 05:53 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 05:53 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 05:53 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 05:53 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 05:53 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 05:53 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 05:53 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 05:53 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 05:53 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 05:53 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 05:53 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 05:53 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 05:51 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 05:51 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 05:51 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 05:51 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 05:51 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 05:51 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 05:51 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 05:51 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 05:51 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 05:51 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 05:51 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 05:51 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 05:51 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 05:51 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 05:51 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 05:51 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 05:51 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 05:51 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 05:51 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 05:51 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-06-21 18:02 - 2014-07-19 22:23 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== One Month Modified Files and Folders =======

2014-07-20 16:26 - 2014-07-20 16:26 - 00015722 _____ () C:\Users\Lola\Desktop\FRST.txt
2014-07-20 16:26 - 2014-07-19 17:47 - 00000000 ____D () C:\FRST
2014-07-20 16:26 - 2014-01-17 23:23 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2611022401-1185657083-2724232758-1001
2014-07-20 16:22 - 2014-02-20 22:37 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-20 16:19 - 2014-07-20 16:19 - 00000000 ____D () C:\Users\Lola\Desktop\revouninstaller-portable
2014-07-20 16:18 - 2014-07-20 16:18 - 03007700 _____ () C:\Users\Lola\Downloads\revouninstaller.zip
2014-07-20 16:16 - 2014-04-18 12:13 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-20 16:07 - 2014-01-18 14:35 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-20 15:43 - 2014-07-19 21:40 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 11:32 - 2014-06-09 18:15 - 02084151 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-20 11:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-20 00:55 - 2014-07-20 00:55 - 00042350 _____ () C:\Users\Lola\Desktop\Addition.txt
2014-07-20 00:53 - 2014-02-20 22:37 - 00000288 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-19 22:35 - 2014-07-19 22:35 - 02347384 _____ (ESET) C:\Users\Lola\Desktop\esetsmartinstaller_deu.exe
2014-07-19 22:27 - 2014-07-19 22:16 - 00022051 _____ () C:\Users\Lola\Desktop\Protokoll.txt
2014-07-19 22:26 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-19 22:26 - 2013-11-14 09:11 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-19 22:26 - 2013-11-14 09:11 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-19 22:25 - 2014-01-28 00:31 - 00000000 ___DO () C:\Users\Lola\SkyDrive
2014-07-19 22:24 - 2014-05-17 14:58 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\Wise Care 365
2014-07-19 22:23 - 2014-06-21 18:02 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 22:20 - 2014-07-19 18:03 - 00037326 _____ () C:\WINDOWS\PFRO.log
2014-07-19 22:20 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-19 22:20 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-19 22:05 - 2014-06-09 18:01 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87182F7E-78A1-441D-96FB-2954177723C7}
2014-07-19 21:40 - 2014-07-19 21:40 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-19 21:34 - 2014-07-19 21:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lola\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-19 21:04 - 2014-07-19 21:04 - 00008970 _____ () C:\Users\Lola\Desktop\AdwCleaner[S2].txt
2014-07-19 21:01 - 2014-02-20 21:13 - 00000000 ____D () C:\AdwCleaner
2014-07-19 21:00 - 2014-07-19 21:00 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 21:00 - 2014-07-19 21:00 - 00001009 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-19 21:00 - 2014-02-09 22:56 - 00000000 ____D () C:\Users\Thomas
2014-07-19 21:00 - 2014-01-28 00:00 - 00000000 ____D () C:\Users\Lola
2014-07-19 21:00 - 2014-01-18 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-19 20:55 - 2014-07-19 20:55 - 01354223 _____ () C:\Users\Lola\Desktop\adwcleaner_3.216.exe
2014-07-19 18:13 - 2014-07-19 18:13 - 00009520 _____ () C:\Users\Lola\Desktop\Gmer.txt
2014-07-19 18:03 - 2014-07-19 18:03 - 00000000 _____ () C:\asc_rdflag
2014-07-19 18:03 - 2014-06-09 05:51 - 73416704 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2014-07-19 18:03 - 2014-06-09 05:51 - 00409600 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2014-07-19 18:03 - 2014-06-09 05:51 - 00036864 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-07-19 18:03 - 2014-06-09 05:51 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-07-19 18:01 - 2014-06-07 15:12 - 00000252 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Lola.job
2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log
2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable
2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt
2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe
2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe
2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe
2014-07-19 17:29 - 2014-06-07 17:49 - 00000000 ____D () C:\Users\Lola\Desktop\Deutschland Spielt
2014-07-19 17:26 - 2014-06-07 15:12 - 00002189 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-07-19 15:20 - 2014-05-17 15:23 - 00000412 _____ () C:\WINDOWS\Tasks\Wise Turbo Checker.job
2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate
2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe
2014-07-15 09:37 - 2014-06-07 16:11 - 00165659 _____ () C:\MyXML.xml
2014-07-15 09:37 - 2014-02-20 22:37 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-11 12:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-11 09:13 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-11 08:51 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 14:26 - 2014-03-13 12:34 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-09 12:15 - 2014-01-18 14:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 12:12 - 2014-01-18 14:18 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 12:12 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 12:09 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 11:54 - 2014-04-18 12:13 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-03 17:29 - 2014-03-12 15:10 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-07-01 00:45 - 2014-07-09 05:51 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-28 09:48 - 2014-07-09 05:51 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 09:07 - 2014-07-09 05:51 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-28 00:50 - 2014-01-18 00:56 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\TS3Client
2014-06-26 22:55 - 2014-07-11 08:52 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2014-07-11 08:52 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 11:35 - 2014-01-18 00:48 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-21 18:02 - 2014-01-18 14:35 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

Some content of TEMP:
====================
C:\Users\Freya\AppData\Local\Temp\avgnt.exe
C:\Users\Lola\AppData\Local\Temp\avgnt.exe
C:\Users\Lola\AppData\Local\Temp\Quarantine.exe
C:\Users\Lola\AppData\Local\Temp\{D983D7E1-6584-4398-A43B-2FB423F350E2}-36.0.1985.125_35.0.1916.153_chrome_updater.exe
C:\Users\Thomas\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 14:57

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 20.07.2014, 16:22   #9
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



Frage?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 20.07.2014, 16:59   #10
Lady Frigg
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



Das Problem mit dem eigenständigem öffnen von Tabs oder Fenstern ist nicht mehr aufgetaucht.

Aus meiner Sicht läuft hier alles wieder Rund

Da ich aber zuwenig Ahnung hab, hoffe ich das du mir dieses noch bestätigst

Sollte dir noch was aufgefallen sein, was hier evtl. völlig unnötig drauf ist, wär ich dankbar, wenn du mich drauf hinweisst

Oder was meintest du grad mit "Frage?"

Geändert von Lady Frigg (20.07.2014 um 17:15 Uhr)

Alt 20.07.2014, 17:38   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



Zitat:
Zitat von Lady Frigg Beitrag anzeigen
Das Problem mit dem eigenständigem öffnen von Tabs oder Fenstern ist nicht mehr aufgetaucht.

Oder was meintest du grad mit "Frage?"
jup, kann man so lassen...

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Datenträgerbereinigung Windows 8 / 8.1
  • Drücke die Windowstaste + Q
  • Gebe im Suchfeld Datenträgerbereinigung ein
  • Wähle die Option: Speicherplatz durch Löschen nicht erforderlicher Dateien freigeben und wähle Dein Festplattenlaufwerk aus
  • Prüfe ob bei Temporäre Dateien die checkbox gesetzt ist
  • Bestätige mit OK
  • Bestätige dass Du die Dateien unwiderruflich löschen möchtest.


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.



Alle Logs gepostet? Ja! Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.




>>clean<<
Wir haben es geschafft!
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Wie kann ich mich in Zukunft besser schützen?

Tipps, Dos & Don'ts

Updates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.



Firewall, Antivirus & Co.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. (Updatefunktion aktivieren!)
    Meine Empfehlungen:
    Kaspersky Antivirus
    Emsisoft Anti-Malware
    avast Free Antivirus
  • Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

    Optional:
  • NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.


Cracks, Downloads & Co.


Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.
Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
  • Auch virustotal.com ist Dein Freund! Lade dubiose oder unbekannte Dateien hoch, bevor Du diese startest oder installierst.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe daher mit Vorsicht und klicke mit Verstand.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von Dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo Deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst Du von einem Deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und Du solltest nicht denselben Fehler machen.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
  • Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 20.07.2014, 18:03   #12
Lady Frigg
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



Hier erstmal den letzten Log, bevor ich mit DelFix beigehe

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014
Ran by Lola at 2014-07-20 18:49:08 Run:3
Running from C:\Users\Lola\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
         
*****************

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk" => Could not move.
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File) not found.

==== End of Fixlog ====
         
Alles erledigt, was du mir aufgetragen hast - und du hattest von Anfang an recht: gemeinsam gings, und das sogar einfacher als ich gedacht hab

Geändert von Lady Frigg (20.07.2014 um 18:19 Uhr)

Alt 20.07.2014, 18:22   #13
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



OK,
versuch das noch manuell zu löschen
Code:
ATTFilter
$McRebootA5E6DEAA56$.lnk
         
indem Du
Code:
ATTFilter
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
         
in die Explorerleiste reinkopierst...



Wenn nicht, ist auch nicht schlimm...
Angehängte Grafiken
Dateityp: png startup.PNG (17,2 KB, 266x aufgerufen)
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 20.07.2014, 18:27   #14
Lady Frigg
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



Nee, lässt sich i-wie nicht löschen..

Alt 20.07.2014, 18:34   #15
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Standard

Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird



Das mal drüberziehen und schauen ob es weg ist...

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird
adware/agent.aljt.1, android/mobserv.a, branding, fast start, pup.optional.amonetize, pup.optional.bundleinstaller.a, pup.optional.crossrider.a, pup.optional.faststart.a, pup.optional.firstseentoday.a, pup.optional.flowsurf.a, pup.optional.qone8, pup.optional.searchprotect.a, pup.optional.spigot.a, pup.optional.websearchs.a, pup.optional.webssearches.a, pup.optional.wedownload.a, pup.optional.wpm.a, win32/conduit.searchprotect.h, win32/conduit.searchprotect.i, win32/conduit.searchprotect.q, win32/elex.ar, win32/mobogenie.a, win32/nextlive.a, win32/thinknice.b, win32/thinknice.d, win64/conduit.searchprotect.a, win64/thinknice.a



Ähnliche Themen: Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird


  1. Windows 7 : Firefox öffnet eigenständig tabs mit Werbung.
    Plagegeister aller Art und deren Bekämpfung - 16.03.2015 (15)
  2. Chrome und Firefox öffnen ständig Werbeseiten,Malwarebytes funktionioniert nicht mehr,auch nicht mit Chameleon
    Log-Analyse und Auswertung - 18.09.2014 (12)
  3. Google Chrome öffnet selbstständig Tabs und Fenster, auch wenn Browser geschlossen
    Plagegeister aller Art und deren Bekämpfung - 02.09.2014 (19)
  4. Firefox öffnet automatisch Tabs und Werbeseiten.
    Plagegeister aller Art und deren Bekämpfung - 07.04.2014 (7)
  5. Windows 8.1 Firefox: Problem mit Werbeseiten, Werbung beim Öffnen eines neuen Tabs
    Log-Analyse und Auswertung - 24.02.2014 (9)
  6. Firefox öffnet sowohl neue Tabs als auch Werbe-Videos selbstständig!
    Log-Analyse und Auswertung - 09.02.2014 (49)
  7. Firefox öffnet eigenständig ein Tab(http://e.ligatus.com/LigatusFallback.gif?ids=34088)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (1)
  8. Firefox öffnet eigenständig neuen Tab mit folgender Adresse: http://e.ligatus.com/LigatusFallback.gif?ids=34088
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (16)
  9. Firefox öffnet eigenständig Tabs mit dem Link http://www.xn--34-jfa70azaif3a3ko249a.com/
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (2)
  10. Firefox öffnet eigenständig neuen Tab mit http://e.ligatus.com/LigatusFallback.gif?ids=34088
    Plagegeister aller Art und deren Bekämpfung - 29.03.2013 (1)
  11. Firefox öffnet Tab zu Kreditwerbung oder FIrefox startet auch selbsbt mit der Krditwerbung
    Log-Analyse und Auswertung - 18.01.2012 (1)
  12. Firefox öffnet eigenständig mehrere Fenster mit vielen Taps (keine Werbung)
    Log-Analyse und Auswertung - 26.08.2011 (12)
  13. Nach Hiloti.gen: Firefox öffnet eigenständig Tabs u. Windows automat. Updates schlagen fehl
    Plagegeister aller Art und deren Bekämpfung - 24.08.2010 (15)
  14. Firefox öffnet automatisch neue Tabs (Werbung) NIS meldet sich auch
    Log-Analyse und Auswertung - 30.04.2010 (9)
  15. FIREFOX öffnet immer Firefox Hilfe Tabs
    Mülltonne - 22.12.2008 (0)
  16. Firefox öffnet eigenständig, services.exe hat verursacht hohe Auslastung
    Log-Analyse und Auswertung - 16.10.2007 (1)
  17. Benötigt man BHO's wenn man Firefox verwendet
    Log-Analyse und Auswertung - 17.01.2006 (3)

Zum Thema Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird - Wie im Titel schon erwähnt, öffnet Firefox derzeit ständig eigenmächtig Fenster/Tabs - auch wenn ich in dem Moment Firefox gar nicht nutzen möchte. (zB wenn ich über ein Spieleclient online - Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird...
Archiv
Du betrachtest: Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.