Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.07.2014, 16:19   #1
Helena7
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Hallo zusammen,

vor kurzem hat sich bei meinem Laptop ein Werbevirus bemerkbar gemacht.
Kurze Info vorab: Ich bin ein Laie und bin sehr dankbar, wenn mir jemand geduldiges hilft.
Problembeschreibung:
Beim Neustart des Laptops erscheint ein Fenster, wo C:\Windows\System33\cmd.exe
eingeblendet wird und "Fehler: Der angegebene Registrierschlüssel bzw. Wert wurde nicht gefunden" und "bat=exe" konnte nicht gefunden werden. Stellen Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang.
Außerdem werde ich im Internet ständig auf andere Seiten umgeleitet und habe extrem viel Werbung. Die Werbung ist meist englischsprachig. Manchmal werden die Seiten milchig weiß und man kann gar nichts mehr sehen. Außerdem werden mir immer wieder irgendwelche Downloads angeboten und der Schrifttyp verändert sich ständig.
Meine Emailadresse kann ich gar nicht mehr über diesen Laptop abrufen.
Manchmal kann ich auch keine Programme mehr öffnen, etc.

Technische Infos:

Betriebssystem: Windows 8
Prozessor: Intel Pentium CPU B960, 2,2Ghz
Systemtyp: 64 Bit

Zuerst hatte ich McAfee drauf und das habe ich kürzlich durch Kaspersky 2013 ersetzt.
Kaspersky hat schon 7 Trojaner gefunden aber mittlerweile findet er nichts mehr, aber der PC spinnt immernoch.
Beide Programme wurden immer upgedatet.
Malwarebytes kann ich nicht installieren, es heißt immer, die Datei sei beschädigt.
Mit einem USB Stick hat es auch nicht funktioniert und Alternativprogramme gehen auch nicht.

Bei eurer Hilfebeschreibung wollte ich die Informationen sammeln aber wenn ich defogger oder Fabar's Recovery Scan Tool runterladen will, werde ich immer auf andere Seiten geleitet.

Was kann ich tun?

Vielen Dank im Voraus für eure Hilfe

Alt 31.07.2014, 17:47   #2
M-K-D-B
/// TB-Ausbilder
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 31.07.2014, 18:31   #3
Helena7
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Hallo Matthias,

zunächst vielen Dank für deine Hilfe!
Ich habe nun mehrmals versucht, Farbar`s Recovery Scan Tool über den USB--Stick zu starten, leider ohne Erfolg.
Jedes Mal erscheint folgender Hinweisiese App kann auf dem PC nicht ausgeführt werden. Wenden Sie sich an den Softwareherausgeber um eine geeignete Version für den PC zu finden.
Das habe ich mit beiden Versionen versucht:-(

Der Boot Manager lässt sich gar nicht erst öffnen..

Eine Windows CD konnte ich nicht finden.
__________________

Alt 01.08.2014, 08:20   #4
M-K-D-B
/// TB-Ausbilder
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Servus,



Schritt 1
Downloade dir bitte FixExec.exe auf deinen Desktop.
  • Doppelklicke auf die Datei, um sie auszuführen.
    Hinweis:
    Solltest du aus irgendeinem Grund nicht in der Lage sein, die Datei auszuführen, benenne die FixExec.exe in FixExec.com, FixExec.pif oder FixExec.scr um.
  • Wenn das Programm fertig ist, wird auf dem Desktop eine Logdatei mit Namen FixExec.txt erstellt.
  • Poste mir diese Logdatei mit deiner nächsten Antwort.





Schritt 2
Bitte lade dir rKill von Grinler auf deinen Desktop von einem der folgenden Links: RKill oder http://www.trojaner-board.de/85629-rkill-download.html
  • Starte nun das Programm durch einen Doppelklick.
  • Wenn sich jetzt kein schwarzes Fenster öffnet, dann versuche einen der anderen Downloadlinks.
  • Das Tool wird jetzt einige Minuten lang laufen und verschiedene Einstellungen prüfen und neu setzen.
  • Nach dem Ende der Abarbeitung öffnet sich automatisch die Logdatei rkill.txt.
  • Bitte poste sie in deinen Thread in CODE-Tags (Anleitung).





Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von Fixexec,
  • die Logdatei von RKill,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 01.08.2014, 10:25   #5
Helena7
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Hallo,
also hier zunächst die Datei von FixExec:
Code:
ATTFilter
FixExec by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about FixExec can be found at this link:
 hxxp://www.bleepingcomputer.com/download/windows/utilities/fixexec

Program started at: 08/01/2014 11:06:54 AM in x64 mode.
Windows Version: Windows 8

Checking for processes to terminate before fixing executable associations.
 * No processes found to kill.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.


Program finished at: 08/01/2014 11:07:18 AM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)
         
Nun die Datei von rKill:

Code:
ATTFilter
Rkill 2.6.7 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 hxxp://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/01/2014 11:12:15 AM in x64 mode.
Windows Version: Windows 8 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 08/01/2014 11:15:05 AM
Execution time: 0 hours(s), 2 minute(s), and 49 seconds(s)
         
Frst lässt sich immernoch nicht starten. Das Programm kann ich immer noch nicht verwenden..

Habe mal die eingeblendete Webadresse von einer der komischen Werbungen aufgeschrieben:
Https://rev2pub.adk2.net
Natürlich klicke ich das nicht an.
Außerdem zeigt Kaspersky nur noch einen weißen Bildschirm an
LG


Geändert von Helena7 (01.08.2014 um 11:01 Uhr)

Alt 01.08.2014, 11:01   #6
M-K-D-B
/// TB-Ausbilder
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Servus,


ok, lade dir mal bitte FRST von meinem Anhang auf deinen Desktop herunter, entpacke die .zip Datei und führe das Tool wie beschrieben aus.
__________________
--> Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar

Alt 01.08.2014, 11:55   #7
Helena7
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Hallo,

das mit der angehängten Datei hat super geklappt!
Hier ist der Frst Editor txt.:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Sabrina Mum Tami (administrator) on MAHAKALA on 01-08-2014 12:43:27
Running from C:\Users\Sabrina Mum Tami\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
() C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(app) C:\Program Files (x86)\Browser App\Browser App-bg.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [fst_de_88] => [X]
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Sabrina Mum Tami\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {263c4989-67fc-11e2-bf2f-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {4502d96c-475c-11e2-bee1-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {4502d990-475c-11e2-bee1-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {46807440-43c7-11e2-bed2-001e101f9420} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {6c6f5314-448b-11e2-bedb-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {6c6f5358-448b-11e2-bedb-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {90739d7b-46d8-11e2-bee0-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {a1e33736-4390-11e2-bed0-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {bf7b2a71-3d2c-11e2-beb7-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {bf7b2a99-3d2c-11e2-beb7-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {bf7b2ac5-3d2c-11e2-beb7-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {c9a2c5be-43c9-11e2-bed3-806e6f6e6963} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {e94fb487-422a-11e2-bece-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {eb21b911-3e0d-11e2-bebc-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {eb21b946-3e0d-11e2-bebc-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {eb21b96b-3e0d-11e2-bebc-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen für Microsoft Works-Kalender.lnk
ShortcutTarget: Erinnerungen für Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0.lnk
ShortcutTarget: PHOTOfunSTUDIO 6.0.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw53c8_XByp3WxENPqe9vPu8WpDPVFJek3NTKLmqUjECjpEYW9Wl5Uso8htzhdyuj_G_WMy4etKYfcKVw80b_PWIVqTht1THwuZJbY7TftuJPo7y9h6etAqh8qvI-ep6uYSIdhq-8-aH0mqr0v-H9EdXuz0Sl9Myag656RQ,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {81968A3C-C8C0-45D1-BFD4-D6DB6F96682E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {81968A3C-C8C0-45D1-BFD4-D6DB6F96682E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw53c8_XByp3WxENPqe9vPu8WpDPVFJek3NTKLmqUjECjpEYW9Wl5Uso8htzhdyuj_G_WMy4etKYfcKVw80b_PWIVqTht1THwuZJbY7TftuJPo7y9h6etAqh8qvI-ep6uYSIdhq-8-aH0mqr0v-H6erg880_o1sKYaxAMIw,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw53c8_XByp3WxENPqe9vPu8WpDPVFJek3NTKLmqUjECjpEYW9Wl5Uso8htzhdyuj_G_WMy4etKYfcKVw80b_PWIVqTht1THwuZJbY7TftuJPo7y9h6etAqh8qvI-ep6uYSIdhq-8-aH0mqr0v-H6erg880_o1sKYaxAMIw,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {81968A3C-C8C0-45D1-BFD4-D6DB6F96682E} URL = 
BHO: Browser App -> {11111111-1111-1111-1111-110611031146} -> C:\Program Files (x86)\Browser App\Browser App-bho64.dll (app)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Browser App -> {11111111-1111-1111-1111-110611031146} -> C:\Program Files (x86)\Browser App\Browser App-bho.dll (app)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Softonic Helper Object -> {E87806B5-E908-45FD-AF5E-957D83E58E68} -> C:\Program Files (x86)\Softonic\Softonic\1.8.16.10\bh\Softonic.dll (Softonic.com)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.16.10\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Sicherer Zahlungsverkehr - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-09]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Sabrina Mum Tami\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-03-29]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files (x86)\Softonic\Softonic\1.8.16.10\Softonic.crx [2013-03-03]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-06-17] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-25] (Dritek System INC.)
R2 SupraSavingsService64; C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2012-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ew_hwusbdev; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [117248 2012-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [121600 2012-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-05-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [616544 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-06-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-05-05] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-05-05] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178784 2013-06-06] (Kaspersky Lab ZAO)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-25] (Dritek System Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 12:43 - 2014-08-01 12:44 - 00024006 _____ () C:\Users\Sabrina Mum Tami\Desktop\FRST.txt
2014-08-01 12:42 - 2014-08-01 12:43 - 00000000 ____D () C:\FRST
2014-08-01 12:40 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-01 12:40 - 2014-08-01 12:41 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-01 12:38 - 2014-08-01 12:38 - 01444352 _____ () C:\Users\Sabrina Mum Tami\Desktop\7z922-x64.msi
2014-08-01 12:22 - 2014-08-01 12:22 - 01580420 _____ () C:\Users\Sabrina Mum Tami\Desktop\FRST64.zip
2014-08-01 11:59 - 2014-08-01 11:59 - 02094080 _____ (Farbar) C:\Users\Sabrina Mum Tami\Desktop\FRST64.exe
2014-08-01 11:19 - 2014-08-01 11:19 - 01083476 _____ () C:\Users\Sabrina Mum Tami\Desktop\FRST.com
2014-08-01 11:12 - 2014-08-01 11:15 - 00002186 _____ () C:\Users\Sabrina Mum Tami\Desktop\Rkill.txt
2014-08-01 11:11 - 2014-08-01 11:11 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Sabrina Mum Tami\Desktop\rkill.com
2014-08-01 11:05 - 2014-08-01 11:07 - 00001240 _____ () C:\Users\Sabrina Mum Tami\Desktop\FixExec.txt
2014-08-01 11:04 - 2014-08-01 11:04 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Sabrina Mum Tami\Desktop\FixExec.com
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Windows\pss
2014-07-31 17:28 - 2014-07-31 17:29 - 17279700 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (6).exe
2014-07-31 17:27 - 2014-07-31 17:29 - 17260816 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-07-30 20:04 - 2014-07-31 17:29 - 17288956 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-07-30 11:11 - 2014-07-30 11:11 - 17221636 _____ () C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-29 16:46 - 2014-07-29 16:46 - 17230324 _____ () C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-15 10:20 - 2014-07-15 10:21 - 00420288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 13:48 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 13:47 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 13:47 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 13:32 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 11:24 - 2014-07-10 11:27 - 17209996 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-09 18:46 - 2014-08-01 00:49 - 00002330 _____ () C:\Users\Sabrina Mum Tami\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-09 18:46 - 2014-07-09 18:46 - 00001325 _____ () C:\Users\Sabrina Mum Tami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-07-09 18:46 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 18:45 - 2014-07-09 18:45 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-09 18:45 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 18:45 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 18:44 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 18:44 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 18:44 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 18:44 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 18:44 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 18:44 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 18:44 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 18:44 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 18:42 - 2014-08-01 10:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-09 18:42 - 2014-07-09 18:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-09 18:42 - 2013-06-08 20:18 - 00616544 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-07-09 18:42 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-07-09 17:54 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 17:54 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 17:54 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 17:54 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 17:30 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 17:27 - 2014-07-09 17:27 - 00003364 _____ () C:\Windows\System32\Tasks\{D0F9DC7E-8E00-45C9-A792-528F83A68E0A}
2014-07-09 17:23 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 17:23 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 17:23 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 17:23 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 17:23 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 17:23 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 17:23 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 17:23 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 17:23 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 17:23 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 17:23 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-09 16:47 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 16:47 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 16:28 - 2014-07-09 16:28 - 17227000 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-05 19:06 - 2014-07-05 19:10 - 00000320 _____ () C:\Users\Sabrina Mum Tami\AppData\Roaming\aps.uninstall.scan.results
2014-07-05 19:06 - 2014-07-05 19:08 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-07-05 19:06 - 2014-07-05 19:08 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-07-05 19:06 - 2014-07-05 19:06 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-07-05 19:06 - 2014-07-05 19:06 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-07-05 19:06 - 2014-07-05 19:06 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-07-05 19:06 - 2014-07-05 19:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-07-05 19:05 - 2014-08-01 10:14 - 00001464 _____ () C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5_user.job
2014-07-05 19:05 - 2014-08-01 10:14 - 00001450 _____ () C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5.job
2014-07-05 19:05 - 2014-07-05 19:05 - 00004454 _____ () C:\Windows\System32\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5
2014-07-05 19:05 - 2014-07-05 19:05 - 00003274 _____ () C:\Windows\System32\Tasks\nudbip
2014-07-05 19:05 - 2014-07-05 19:05 - 00000268 _____ () C:\Users\Sabrina Mum Tami\AppData\Local\nudbip.bat
2014-07-05 19:05 - 2014-07-05 19:04 - 00591320 _____ (ClickMeIn Limited) C:\Users\Sabrina Mum Tami\AppData\Local\nsu8B42.tmp
2014-07-05 19:04 - 2014-08-01 10:14 - 00001376 _____ () C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-2.job
2014-07-05 19:04 - 2014-07-05 19:05 - 00004380 _____ () C:\Windows\System32\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-2
2014-07-05 19:04 - 2014-07-05 19:04 - 00002565 _____ () C:\Users\Sabrina Mum Tami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-05 19:04 - 2014-07-05 19:04 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-05 19:03 - 2014-08-01 10:14 - 00001590 _____ () C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-1.job
2014-07-05 19:03 - 2014-07-05 19:04 - 00004594 _____ () C:\Windows\System32\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-1
2014-07-05 19:03 - 2014-07-05 19:03 - 00003272 _____ () C:\Windows\System32\Tasks\hijkl
2014-07-05 19:03 - 2014-07-05 19:03 - 00000000 ____D () C:\Users\Sabrina Mum Tami\AppData\Local\com
2014-07-05 19:02 - 2014-07-05 19:02 - 00005232 _____ () C:\Windows\System32\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-4
2014-07-05 19:02 - 2014-07-05 19:02 - 00003276 _____ () C:\Windows\System32\Tasks\utcbaov
2014-07-05 19:01 - 2014-07-31 22:39 - 00000000 ____D () C:\Users\Sabrina Mum Tami\AppData\Roaming\VOPackage
2014-07-05 19:00 - 2014-08-01 10:14 - 00002228 _____ () C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-4.job
2014-07-05 19:00 - 2014-07-05 19:05 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-05 19:00 - 2014-07-05 19:05 - 00000000 ____D () C:\Program Files (x86)\Browser App
2014-07-05 19:00 - 2014-07-05 19:00 - 00000000 ____D () C:\Users\Sabrina Mum Tami\AppData\Local\globalUpdate
2014-07-05 18:58 - 2014-07-05 18:58 - 00003272 _____ () C:\Windows\System32\Tasks\prtve
2014-07-05 18:57 - 2014-07-05 19:05 - 00000000 ____D () C:\Users\Sabrina Mum Tami\AppData\Local\parent_07051657

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 12:44 - 2014-08-01 12:43 - 00024006 _____ () C:\Users\Sabrina Mum Tami\Desktop\FRST.txt
2014-08-01 12:43 - 2014-08-01 12:42 - 00000000 ____D () C:\FRST
2014-08-01 12:42 - 2012-11-07 21:13 - 01558631 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 12:41 - 2014-08-01 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-01 12:41 - 2014-08-01 12:40 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-01 12:38 - 2014-08-01 12:38 - 01444352 _____ () C:\Users\Sabrina Mum Tami\Desktop\7z922-x64.msi
2014-08-01 12:38 - 2014-06-26 21:21 - 00000000 ____D () C:\Program Files\SupraSavings
2014-08-01 12:22 - 2014-08-01 12:22 - 01580420 _____ () C:\Users\Sabrina Mum Tami\Desktop\FRST64.zip
2014-08-01 12:22 - 2012-11-07 23:37 - 00000000 ____D () C:\Users\Sabrina Mum Tami\AppData\Local\CrashDumps
2014-08-01 12:03 - 2013-05-30 20:19 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 12:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-01 11:59 - 2014-08-01 11:59 - 02094080 _____ (Farbar) C:\Users\Sabrina Mum Tami\Desktop\FRST64.exe
2014-08-01 11:56 - 2013-01-07 07:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-01 11:19 - 2014-08-01 11:19 - 01083476 _____ () C:\Users\Sabrina Mum Tami\Desktop\FRST.com
2014-08-01 11:15 - 2014-08-01 11:12 - 00002186 _____ () C:\Users\Sabrina Mum Tami\Desktop\Rkill.txt
2014-08-01 11:11 - 2014-08-01 11:11 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Sabrina Mum Tami\Desktop\rkill.com
2014-08-01 11:07 - 2014-08-01 11:05 - 00001240 _____ () C:\Users\Sabrina Mum Tami\Desktop\FixExec.txt
2014-08-01 11:04 - 2014-08-01 11:04 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Sabrina Mum Tami\Desktop\FixExec.com
2014-08-01 10:49 - 2014-07-09 18:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-01 10:18 - 2012-08-26 08:30 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-08-01 10:18 - 2012-08-26 08:30 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-08-01 10:18 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 10:14 - 2014-07-05 19:05 - 00001464 _____ () C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5_user.job
2014-08-01 10:14 - 2014-07-05 19:05 - 00001450 _____ () C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5.job
2014-08-01 10:14 - 2014-07-05 19:04 - 00001376 _____ () C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-2.job
2014-08-01 10:14 - 2014-07-05 19:03 - 00001590 _____ () C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-1.job
2014-08-01 10:14 - 2014-07-05 19:00 - 00002228 _____ () C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-4.job
2014-08-01 10:14 - 2013-05-30 20:18 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 10:14 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 01:09 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-08-01 00:49 - 2014-07-09 18:46 - 00002330 _____ () C:\Users\Sabrina Mum Tami\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-31 23:47 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-31 22:39 - 2014-07-05 19:01 - 00000000 ____D () C:\Users\Sabrina Mum Tami\AppData\Roaming\VOPackage
2014-07-31 22:39 - 2014-05-18 16:08 - 00000000 ____D () C:\Program Files\003
2014-07-31 22:39 - 2012-08-03 09:35 - 00103330 _____ () C:\Windows\PFRO.log
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Windows\pss
2014-07-31 17:29 - 2014-07-31 17:28 - 17279700 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (6).exe
2014-07-31 17:29 - 2014-07-31 17:27 - 17260816 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-07-31 17:29 - 2014-07-30 20:04 - 17288956 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-07-30 20:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-30 16:04 - 2013-06-10 14:34 - 00000000 ____D () C:\ProgramData\Skype
2014-07-30 15:46 - 2013-12-21 20:31 - 00124928 ___SH () C:\Users\Sabrina Mum Tami\Downloads\Thumbs.db
2014-07-30 11:11 - 2014-07-30 11:11 - 17221636 _____ () C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-29 17:04 - 2012-11-07 21:20 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-988491291-3693754129-3637727364-1001
2014-07-29 16:46 - 2014-07-29 16:46 - 17230324 _____ () C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-29 16:25 - 2012-11-07 22:10 - 00000000 ____D () C:\Users\Sabrina Mum Tami\Desktop\Eigene Bilder
2014-07-29 15:29 - 2014-06-15 12:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 15:29 - 2013-01-06 15:55 - 00000000 ____D () C:\Users\Sabrina Mum Tami\AppData\Roaming\Mozilla
2014-07-27 00:15 - 2013-06-10 14:34 - 00000000 ____D () C:\Users\Sabrina Mum Tami\AppData\Roaming\Skype
2014-07-26 20:49 - 2012-11-07 19:29 - 00000000 ____D () C:\Users\Sabrina Mum Tami\AppData\Roaming\ForumVerlag
2014-07-15 10:21 - 2014-07-15 10:20 - 00420288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 03:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 03:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 16:47 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-10 12:51 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-10 11:27 - 2014-07-10 11:24 - 17209996 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-10 11:27 - 2012-11-07 22:10 - 00000000 ____D () C:\Users\Sabrina Mum Tami\Desktop\Tami
2014-07-10 09:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-10 09:16 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 21:56 - 2013-01-07 07:56 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 19:15 - 2014-01-06 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 19:11 - 2013-01-06 10:17 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 18:46 - 2014-07-09 18:46 - 00001325 _____ () C:\Users\Sabrina Mum Tami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-07-09 18:45 - 2014-07-09 18:45 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-09 18:42 - 2014-07-09 18:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-09 18:42 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-09 17:27 - 2014-07-09 17:27 - 00003364 _____ () C:\Windows\System32\Tasks\{D0F9DC7E-8E00-45C9-A792-528F83A68E0A}
2014-07-09 16:28 - 2014-07-09 16:28 - 17227000 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-09 16:00 - 2013-01-05 21:58 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-07-09 16:00 - 2013-01-05 21:57 - 00000000 ____D () C:\Program Files\McAfee
2014-07-09 16:00 - 2012-08-03 09:46 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-09 15:56 - 2014-01-04 19:32 - 00000000 ____D () C:\Users\Sabrina Mum Tami\Documents\McAfee-Tresore
2014-07-09 15:00 - 2012-07-26 09:21 - 00045464 _____ () C:\Windows\setupact.log
2014-07-07 09:19 - 2012-11-07 21:28 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-06 20:58 - 2012-11-07 21:49 - 00000000 ____D () C:\Users\Sabrina Mum Tami\Desktop\Eigene Dateien
2014-07-06 20:58 - 2012-08-03 09:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-06 16:24 - 2013-07-20 13:05 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-07-05 19:10 - 2014-07-05 19:06 - 00000320 _____ () C:\Users\Sabrina Mum Tami\AppData\Roaming\aps.uninstall.scan.results
2014-07-05 19:08 - 2014-07-05 19:06 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-07-05 19:08 - 2014-07-05 19:06 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-07-05 19:06 - 2014-07-05 19:06 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-07-05 19:06 - 2014-07-05 19:06 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-07-05 19:06 - 2014-07-05 19:06 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-07-05 19:06 - 2014-07-05 19:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-07-05 19:05 - 2014-07-05 19:05 - 00004454 _____ () C:\Windows\System32\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5
2014-07-05 19:05 - 2014-07-05 19:05 - 00003274 _____ () C:\Windows\System32\Tasks\nudbip
2014-07-05 19:05 - 2014-07-05 19:05 - 00000268 _____ () C:\Users\Sabrina Mum Tami\AppData\Local\nudbip.bat
2014-07-05 19:05 - 2014-07-05 19:04 - 00004380 _____ () C:\Windows\System32\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-2
2014-07-05 19:05 - 2014-07-05 19:00 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-05 19:05 - 2014-07-05 19:00 - 00000000 ____D () C:\Program Files (x86)\Browser App
2014-07-05 19:05 - 2014-07-05 18:57 - 00000000 ____D () C:\Users\Sabrina Mum Tami\AppData\Local\parent_07051657
2014-07-05 19:04 - 2014-07-05 19:05 - 00591320 _____ (ClickMeIn Limited) C:\Users\Sabrina Mum Tami\AppData\Local\nsu8B42.tmp
2014-07-05 19:04 - 2014-07-05 19:04 - 00002565 _____ () C:\Users\Sabrina Mum Tami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-05 19:04 - 2014-07-05 19:04 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-05 19:04 - 2014-07-05 19:03 - 00004594 _____ () C:\Windows\System32\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-1
2014-07-05 19:03 - 2014-07-05 19:03 - 00003272 _____ () C:\Windows\System32\Tasks\hijkl
2014-07-05 19:03 - 2014-07-05 19:03 - 00000000 ____D () C:\Users\Sabrina Mum Tami\AppData\Local\com
2014-07-05 19:02 - 2014-07-05 19:02 - 00005232 _____ () C:\Windows\System32\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-4
2014-07-05 19:02 - 2014-07-05 19:02 - 00003276 _____ () C:\Windows\System32\Tasks\utcbaov
2014-07-05 19:00 - 2014-07-05 19:00 - 00000000 ____D () C:\Users\Sabrina Mum Tami\AppData\Local\globalUpdate
2014-07-05 18:58 - 2014-07-05 18:58 - 00003272 _____ () C:\Windows\System32\Tasks\prtve
2014-07-04 14:43 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5840.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 11:07

==================== End Of Log ============================
         
--- --- ---


und jetzt Addition txt.:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by Sabrina Mum Tami at 2014-08-01 12:45:32
Running from C:\Users\Sabrina Mum Tami\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
"Professionelle Entwicklungsberichte Nov 2011" (HKLM-x32\...\{58F076B2-160B-47F5-96FF-93AD12BF5A91}) (Version:  - )
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0053 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3006 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3112 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3103 - Acer Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0053 - NTI Corporation) Hidden
bhv Vokabeltrainer 3.0 (HKLM-x32\...\{3A1AF860-2EB4-40EB-9827-17575880D3CE}) (Version: 3.00.0000 - bhv)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Benutzerregistrierung (HKLM-x32\...\Canon MP550 series Benutzerregistrierung) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3107 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 11.6.4.001_WHQL (HKLM\...\Elantech) (Version: 11.6.4.001 - ELAN Microelectronic Corp.)
Fotosizer 1.36 (HKLM-x32\...\Fotosizer) (Version: 1.36 - Fotosizer.com)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3002 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3002 - Acer Incorporated)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Word 2002 (HKLM-x32\...\{911B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Works 2000 (HKLM-x32\...\{56364334-9530-11D2-BFFC-00C04FA329AA}) (Version: 1.0.0.0000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3102 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3102 - Acer)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 6.0 (HKLM-x32\...\{B62A8A6F-5E48-4336-BF13-1632D5921872}) (Version: 6.00.135 - Panasonic Corporation)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Softonic toolbar  on IE and Chrome (HKLM-x32\...\Softonic) (Version: 1.8.16.10 - Softonic) <==== ATTENTION
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-07-2014 14:46:10 Windows Update
23-07-2014 12:34:35 Geplanter Prüfpunkt
27-07-2014 09:36:49 Removed Java 7 Update 45
30-07-2014 14:03:01 Removed Skype™ 6.16
01-08-2014 10:39:36 Installed 7-Zip 9.22 (x64 edition)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0439D3F2-B833-414D-9A83-3D5071790C0A} - System32\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-4 => C:\Program Files (x86)\Browser App\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-4.exe [2014-07-05] (app)
Task: {17E4CA9F-25FD-494E-BB74-B84A209FCA12} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1C5A3785-A27C-4BDE-B2CA-43D01BA22478} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {2328AFA5-2034-4E50-8C03-434797C3A303} - System32\Tasks\prtve => C:\Users\Sabrina Mum Tami\AppData\Local\prtve.bat
Task: {232B5104-F6A7-4494-BA44-121828695FA9} - System32\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5 => C:\Program Files (x86)\Browser App\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5.exe [2014-07-05] (app)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {301568F0-A1D0-4C2F-A0BB-38A509665088} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {340F80DD-8486-47DE-ADD3-A13E8A743E4D} - System32\Tasks\hijkl => C:\Users\Sabrina Mum Tami\AppData\Local\hijkl.bat
Task: {3E0421B6-C537-4EBA-BDDD-5264D4EB9B9C} - System32\Tasks\nudbip => C:\Users\Sabrina Mum Tami\AppData\Local\nudbip.bat [2014-07-05] ()
Task: {5031E43D-8433-478B-ADEF-ED7A3609D51E} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] ()
Task: {62326D6D-B9EC-45F3-B4AA-DE599C576C87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {6A61A537-A9E4-47E1-B1F7-27D0320F8505} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {75179916-9183-4DB0-B955-9BE0739379B5} - System32\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-1 => C:\Program Files (x86)\Browser App\Browser App-codedownloader.exe [2014-07-05] (app)
Task: {7C3C82A6-F5FF-49E6-84A8-3BCCD8C3CEFD} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {80286B73-8144-4299-BC46-A09709E371E9} - System32\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5_user => C:\Program Files (x86)\Browser App\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5.exe [2014-07-05] (app)
Task: {87435879-8822-4EA7-BEE4-0333BF295B58} - System32\Tasks\utcbaov => C:\Users\Sabrina Mum Tami\AppData\Local\utcbaov.bat
Task: {87E0AA2D-F2AF-4013-A19A-0A4E5C59E836} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {98CEFDC9-4187-453C-A3B4-C49FB9152592} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {9A3316D9-C152-4276-96B2-AE974CC1E5EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {A38BD126-07B0-4F4F-B87F-091FF244C31D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BA7A6FF1-2232-4785-A618-D64000592A92} - System32\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-2 => C:\Program Files (x86)\Browser App\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-2.exe [2014-07-05] (app)
Task: {BB39D095-9CCF-4E30-A1B9-827DAB6E8E51} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DB52C38A-7BED-4C11-8C09-4DA13108FB1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F4AC4701-4A00-46EE-9E72-0AEA77C1B6F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {F83191E3-E913-4DC2-BE22-C614E7BF5FB0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-1.job => C:\Program Files (x86)\Browser App\Browser App-codedownloader.exe
Task: C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-2.job => C:\Program Files (x86)\Browser App\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-2.exe
Task: C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-4.job => C:\Program Files (x86)\Browser App\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-4.exe
Task: C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5.job => C:\Program Files (x86)\Browser App\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5.exe
Task: C:\Windows\Tasks\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5_user.job => C:\Program Files (x86)\Browser App\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-07 21:28 - 2009-02-10 18:01 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-06-25 19:58 - 2014-06-25 19:58 - 00172544 _____ () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe
2014-06-12 21:05 - 2014-06-12 21:05 - 00110080 _____ () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\nfapi.dll
2014-06-12 21:05 - 2014-06-12 21:05 - 00456192 _____ () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\ProtocolFilters.dll
2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-05-26 12:54 - 2014-05-26 12:55 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-09 11:12 - 2012-08-08 17:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2014-07-29 19:53 - 2014-07-29 19:53 - 00762880 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\12d70e7f1c8a10bd9324fc6409a408b8\Windows.UI.ni.dll
2014-07-29 19:53 - 2014-07-29 19:53 - 00228352 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\2b0c0a5b5885e69fe908c80de7ec5558\Windows.Data.ni.dll
2012-07-31 01:04 - 2012-07-31 01:04 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-25 22:47 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2007-05-11 04:08 - 2007-05-11 04:08 - 03076096 _____ () c:\program files (x86)\adobe\reader 8.0\reader\rdlang32.deu
2007-05-11 03:54 - 2007-05-11 03:54 - 00036864 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU
2007-05-11 03:53 - 2007-05-11 03:53 - 00974848 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.DEU
2007-05-11 03:50 - 2007-05-11 03:50 - 00077824 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.DEU
2007-05-11 03:50 - 2007-05-11 03:50 - 00811008 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.DEU
2007-05-11 03:51 - 2007-05-11 03:51 - 01224704 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU
2007-05-11 03:51 - 2007-05-11 03:51 - 00192512 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU
2007-05-11 03:51 - 2007-05-11 03:51 - 00221184 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU
2006-10-23 02:30 - 2006-10-23 02:30 - 00028672 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU
2007-05-11 03:52 - 2007-05-11 03:52 - 00098304 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\EScript.DEU
2007-05-11 03:52 - 2007-05-11 03:52 - 00006656 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU
2006-10-23 02:31 - 2006-10-23 02:31 - 00013312 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\HLS.DEU
2007-05-11 03:52 - 2007-05-11 03:52 - 00086016 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.DEU
2007-05-11 03:52 - 2007-05-11 03:52 - 00159744 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU
2006-10-23 02:32 - 2006-10-23 02:32 - 00011264 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\PDDom.DEU
2007-05-11 03:53 - 2007-05-11 03:53 - 00013312 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU
2006-10-23 02:33 - 2006-10-23 02:33 - 00008192 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU
2007-05-11 03:53 - 2007-05-11 03:53 - 00028672 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU
2007-05-11 03:54 - 2007-05-11 03:54 - 00053248 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU
2006-10-23 02:33 - 2006-10-23 02:33 - 00012288 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU
2007-05-11 03:54 - 2007-05-11 03:54 - 00026112 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\SendMail.DEU
2006-10-23 02:34 - 2006-10-23 02:34 - 00005120 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\Updater.DEU
2007-05-11 03:55 - 2007-05-11 03:55 - 00053248 _____ () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\plug_ins\weblink.DEU
2007-01-13 04:01 - 2007-01-13 04:01 - 00397312 ____R () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\cryptocme2.dll
2007-01-13 04:01 - 2007-01-13 04:01 - 00475136 ____R () C:\Program Files (x86)\Adobe\Reader 8.0\Reader\ccme_base.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "PHOTOfunSTUDIO 6.0.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Erinnerungen für Microsoft Works-Kalender.lnk"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AnyProtect Scanner"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2014 00:22:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17028, Zeitstempel: 0x53a20947
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16912, Zeitstempel: 0x53645e25
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00023e60
ID des fehlerhaften Prozesses: 0xe2c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:06:57 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:06:57 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:06:57 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:02:10 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:02:10 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:02:10 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.


System errors:
=============
Error: (08/01/2014 00:38:39 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.

Error: (08/01/2014 00:38:37 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.

Error: (08/01/2014 00:36:36 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.

Error: (08/01/2014 00:36:36 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.

Error: (08/01/2014 00:36:17 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 00:36:17 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 00:33:20 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 00:33:20 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 00:33:20 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 00:33:20 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.


Microsoft Office Sessions:
=========================
Error: (08/01/2014 00:22:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1702853a20947ntdll.dll6.2.9200.1691253645e25c000000500023e60e2c01cfad6cdc1eaabbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\ntdll.dllb4534b92-1965-11e4-853f-b888e35995e8

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (08/01/2014 00:06:57 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (08/01/2014 00:06:57 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (08/01/2014 00:06:57 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (08/01/2014 00:02:10 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (08/01/2014 00:02:10 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (08/01/2014 00:02:10 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4


==================== Memory info =========================== 

Percentage of memory in use: 33%
Total physical RAM: 8005.27 MB
Available physical RAM: 5292.08 MB
Total Pagefile: 9221.27 MB
Available Pagefile: 6593.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.19 GB) (Free:370.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 659D2CAA)

Partition: GPT Partition Type.

==================== End Of Log ============================
         



LG

Alt 01.08.2014, 12:48   #8
M-K-D-B
/// TB-Ausbilder
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 01.08.2014, 13:23   #9
Helena7
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Hallo,

hier ist die Logdatei von ADWCleaner:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 01/08/2014 um 14:15:41
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : 
# Gestartet von : C:\Users\Sabrina Mum Tami\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : netfilter64
Dienst Gelöscht : SupraSavingsService64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Browser App
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\IminentToolbar
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\Softonic
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\SupraSavings
Ordner Gelöscht : C:\Users\Sabrina Mum Tami\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Sabrina Mum Tami\AppData\LocalLow\IminentToolbar
Ordner Gelöscht : C:\Users\Sabrina Mum Tami\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Sabrina Mum Tami\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Sabrina Mum Tami\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Sabrina Mum Tami\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Sabrina Mum Tami\AppData\Roaming\aps.uninstall.scan.results

***** [ Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-1
Task Gelöscht : ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-2
Task Gelöscht : ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-4
Task Gelöscht : ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5
Task Gelöscht : ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5_user

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Sabrina Mum Tami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnyProtect Scanner]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0060346.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0060346.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0060346.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0060346.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611031146}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622032246}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655035546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666036646}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611031146}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611031146}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611031146}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611031146}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622032246}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655035546}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666036646}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611031146}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Browser App
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Supra Savings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ViewPassword
Schlüssel Gelöscht : HKLM\Software\Browser App
Schlüssel Gelöscht : HKLM\Software\FrEeSoFtOdAy
Schlüssel Gelöscht : HKLM\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\suprasavings
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Supra Savings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\suprasavings
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17028

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v

[ Datei : C:\Users\Sabrina Mum Tami\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14973 octets] - [01/08/2014 14:14:13]
AdwCleaner[S0].txt - [12790 octets] - [01/08/2014 14:15:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12851 octets] ##########
         
--- --- ---


Schritt 2 und 3 folgen gleich.

LG

Alt 01.08.2014, 13:55   #10
M-K-D-B
/// TB-Ausbilder
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Zitat:
Zitat von Helena7 Beitrag anzeigen
Schritt 2 und 3 folgen gleich.
Ok.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 01.08.2014, 14:31   #11
Helena7
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Hallöchen,
hier ist nun Schritt 2:
MBAM Logdatei:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.08.2014
Suchlauf-Zeit: 14:26:51
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.01.01
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: 

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 292850
Verstrichene Zeit: 23 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, In Quarantäne, [7ee7447dea9146f055dfffebed1543bd], 

Registrierungswerte: 1
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_de_88, In Quarantäne, [adb8e1e0d8a32610e2ee9d48d9297789], 

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.Softonic.A, C:\Users\Sabrina Mum Tami\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf, In Quarantäne, [95d0f1d01a6146f0a8074e65ea18e51b], 

Dateien: 3
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, In Quarantäne, [85e07a47b8c3b77f2868ca733dc36a96], 
PUP.Optional.SupraSavings.A, C:\temp\t.msi, In Quarantäne, [2a3b9f228bf00f27bd2a900e45bf768a], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI7D74.tmp, In Quarantäne, [76ef70511b604ee8c3743af4ba46dc24], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
und nun Schritt drei:
FRST.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by ****  (administrator) on **** on 01-08-2014 15:00:26
Running from C:\Users\****\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Sabrina Mum Tami\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {263c4989-67fc-11e2-bf2f-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {4502d96c-475c-11e2-bee1-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {4502d990-475c-11e2-bee1-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {46807440-43c7-11e2-bed2-001e101f9420} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {6c6f5314-448b-11e2-bedb-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {6c6f5358-448b-11e2-bedb-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {90739d7b-46d8-11e2-bee0-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {a1e33736-4390-11e2-bed0-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {bf7b2a71-3d2c-11e2-beb7-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {bf7b2a99-3d2c-11e2-beb7-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {bf7b2ac5-3d2c-11e2-beb7-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {c9a2c5be-43c9-11e2-bed3-806e6f6e6963} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {e94fb487-422a-11e2-bece-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {eb21b911-3e0d-11e2-bebc-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {eb21b946-3e0d-11e2-bebc-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {eb21b96b-3e0d-11e2-bebc-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen für Microsoft Works-Kalender.lnk
ShortcutTarget: Erinnerungen für Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0.lnk
ShortcutTarget: PHOTOfunSTUDIO 6.0.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {81968A3C-C8C0-45D1-BFD4-D6DB6F96682E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {81968A3C-C8C0-45D1-BFD4-D6DB6F96682E} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Sicherer Zahlungsverkehr - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-09]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-06-17] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-25] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2012-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ew_hwusbdev; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [117248 2012-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [121600 2012-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-05-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [616544 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-06-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-05-05] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-05-05] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178784 2013-06-06] (Kaspersky Lab ZAO)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-25] (Dritek System Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 14:55 - 2014-08-01 14:59 - 00001860 _____ () C:\Users\****\Desktop\mbam.txt
2014-08-01 14:26 - 2014-08-01 14:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 14:26 - 2014-08-01 14:26 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 14:25 - 2014-08-01 14:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 14:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 14:25 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 14:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 14:24 - 2014-08-01 14:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 14:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 14:14 - 2014-08-01 14:15 - 00000000 ____D () C:\AdwCleaner
2014-08-01 14:12 - 2014-08-01 14:12 - 01361309 _____ () C:\Users\****\Desktop\adwcleaner_3.302.exe
2014-08-01 12:45 - 2014-08-01 12:46 - 00037741 _____ () C:\Users\****\Desktop\Addition.txt
2014-08-01 12:43 - 2014-08-01 15:00 - 00020350 _____ () C:\Users\****\Desktop\FRST.txt
2014-08-01 12:42 - 2014-08-01 15:00 - 00000000 ____D () C:\FRST
2014-08-01 12:40 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-01 12:40 - 2014-08-01 12:41 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-01 12:38 - 2014-08-01 12:38 - 01444352 _____ () C:\Users\****\Desktop\7z922-x64.msi
2014-08-01 12:22 - 2014-08-01 12:22 - 01580420 _____ () C:\Users\****\Desktop\FRST64.zip
2014-08-01 11:59 - 2014-08-01 11:59 - 02094080 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2014-08-01 11:19 - 2014-08-01 11:19 - 01083476 _____ () C:\Users\****\Desktop\FRST.com
2014-08-01 11:12 - 2014-08-01 11:15 - 00002186 _____ () C:\Users\****\Desktop\Rkill.txt
2014-08-01 11:11 - 2014-08-01 11:11 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\****\Desktop\rkill.com
2014-08-01 11:05 - 2014-08-01 11:07 - 00001240 _____ () C:\Users\****\Desktop\FixExec.txt
2014-08-01 11:04 - 2014-08-01 11:04 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\****\Desktop\FixExec.com
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Windows\pss
2014-07-31 17:28 - 2014-07-31 17:29 - 17279700 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (6).exe
2014-07-31 17:27 - 2014-07-31 17:29 - 17260816 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-07-30 20:04 - 2014-07-31 17:29 - 17288956 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-07-30 11:11 - 2014-07-30 11:11 - 17221636 _____ () C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-29 16:46 - 2014-07-29 16:46 - 17230324 _____ () C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-15 10:20 - 2014-07-15 10:21 - 00420288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 13:48 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 13:47 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 13:47 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 13:32 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 11:24 - 2014-07-10 11:27 - 17209996 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-09 18:46 - 2014-08-01 00:49 - 00002330 _____ () C:\Users\****\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-09 18:46 - 2014-07-09 18:46 - 00001325 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-07-09 18:46 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 18:45 - 2014-07-09 18:45 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-09 18:45 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 18:45 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 18:44 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 18:44 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 18:44 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 18:44 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 18:44 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 18:44 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 18:44 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 18:44 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 18:42 - 2014-08-01 14:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-09 18:42 - 2014-07-09 18:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-09 18:42 - 2013-06-08 20:18 - 00616544 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-07-09 18:42 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-07-09 17:54 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 17:54 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 17:54 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 17:54 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 17:30 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 17:27 - 2014-07-09 17:27 - 00003364 _____ () C:\Windows\System32\Tasks\{D0F9DC7E-8E00-45C9-A792-528F83A68E0A}
2014-07-09 17:23 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 17:23 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 17:23 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 17:23 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 17:23 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 17:23 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 17:23 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 17:23 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 17:23 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 17:23 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 17:23 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-09 16:47 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 16:47 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 16:28 - 2014-07-09 16:28 - 17227000 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-05 19:05 - 2014-07-05 19:05 - 00003274 _____ () C:\Windows\System32\Tasks\nudbip
2014-07-05 19:05 - 2014-07-05 19:05 - 00000268 _____ () C:\Users\****\AppData\Local\nudbip.bat
2014-07-05 19:05 - 2014-07-05 19:04 - 00591320 _____ (ClickMeIn Limited) C:\Users\****\AppData\Local\nsu8B42.tmp
2014-07-05 19:04 - 2014-08-01 14:15 - 00001100 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-05 19:03 - 2014-07-05 19:03 - 00003272 _____ () C:\Windows\System32\Tasks\hijkl
2014-07-05 19:03 - 2014-07-05 19:03 - 00000000 ____D () C:\Users\****\AppData\Local\com
2014-07-05 19:02 - 2014-07-05 19:02 - 00003276 _____ () C:\Windows\System32\Tasks\utcbaov
2014-07-05 18:58 - 2014-07-05 18:58 - 00003272 _____ () C:\Windows\System32\Tasks\prtve
2014-07-05 18:57 - 2014-07-05 19:05 - 00000000 ____D () C:\Users\****\AppData\Local\parent_07051657

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 15:00 - 2014-08-01 12:43 - 00020350 _____ () C:\Users\****\Desktop\FRST.txt
2014-08-01 15:00 - 2014-08-01 12:42 - 00000000 ____D () C:\FRST
2014-08-01 15:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-01 14:59 - 2014-08-01 14:55 - 00001860 _____ () C:\Users\****\Desktop\mbam.txt
2014-08-01 14:58 - 2014-07-09 18:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-01 14:57 - 2012-08-26 08:30 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-08-01 14:57 - 2012-08-26 08:30 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-08-01 14:57 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 14:56 - 2013-01-07 07:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-01 14:53 - 2014-08-01 14:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 14:53 - 2013-05-30 20:18 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 14:52 - 2012-08-03 09:35 - 00104678 _____ () C:\Windows\PFRO.log
2014-08-01 14:52 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 14:51 - 2014-05-18 16:17 - 00000000 ____D () C:\temp
2014-08-01 14:26 - 2014-08-01 14:26 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 14:26 - 2014-08-01 14:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 14:24 - 2014-08-01 14:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 14:17 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-08-01 14:15 - 2014-08-01 14:14 - 00000000 ____D () C:\AdwCleaner
2014-08-01 14:15 - 2014-07-05 19:04 - 00001100 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-01 14:12 - 2014-08-01 14:12 - 01361309 _____ () C:\Users\****\Desktop\adwcleaner_3.302.exe
2014-08-01 14:03 - 2013-05-30 20:19 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 12:52 - 2012-11-07 21:13 - 01559989 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 12:46 - 2014-08-01 12:45 - 00037741 _____ () C:\Users\****\Desktop\Addition.txt
2014-08-01 12:41 - 2014-08-01 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-01 12:41 - 2014-08-01 12:40 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-01 12:38 - 2014-08-01 12:38 - 01444352 _____ () C:\Users\****\Desktop\7z922-x64.msi
2014-08-01 12:22 - 2014-08-01 12:22 - 01580420 _____ () C:\Users\****\Desktop\FRST64.zip
2014-08-01 12:22 - 2012-11-07 23:37 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2014-08-01 11:59 - 2014-08-01 11:59 - 02094080 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2014-08-01 11:19 - 2014-08-01 11:19 - 01083476 _____ () C:\Users\****\Desktop\FRST.com
2014-08-01 11:15 - 2014-08-01 11:12 - 00002186 _____ () C:\Users\****\Desktop\Rkill.txt
2014-08-01 11:11 - 2014-08-01 11:11 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\****\Desktop\rkill.com
2014-08-01 11:07 - 2014-08-01 11:05 - 00001240 _____ () C:\Users\****\Desktop\FixExec.txt
2014-08-01 11:04 - 2014-08-01 11:04 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\****\Desktop\FixExec.com
2014-08-01 00:49 - 2014-07-09 18:46 - 00002330 _____ () C:\Users\****\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-31 23:47 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Windows\pss
2014-07-31 17:29 - 2014-07-31 17:28 - 17279700 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (6).exe
2014-07-31 17:29 - 2014-07-31 17:27 - 17260816 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-07-31 17:29 - 2014-07-30 20:04 - 17288956 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-07-30 20:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-30 16:04 - 2013-06-10 14:34 - 00000000 ____D () C:\ProgramData\Skype
2014-07-30 15:46 - 2013-12-21 20:31 - 00124928 ___SH () C:\Users\****\Downloads\Thumbs.db
2014-07-30 11:11 - 2014-07-30 11:11 - 17221636 _____ () C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-29 17:04 - 2012-11-07 21:20 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-988491291-3693754129-3637727364-1001
2014-07-29 16:46 - 2014-07-29 16:46 - 17230324 _____ () C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-29 16:25 - 2012-11-07 22:10 - 00000000 ____D () C:\Users\****\Desktop\Eigene Bilder
2014-07-29 15:29 - 2014-06-15 12:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 15:29 - 2013-01-06 15:55 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mozilla
2014-07-27 00:15 - 2013-06-10 14:34 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-07-26 20:49 - 2012-11-07 19:29 - 00000000 ____D () C:\Users\****\AppData\Roaming\ForumVerlag
2014-07-15 10:21 - 2014-07-15 10:20 - 00420288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 03:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 03:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 16:47 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-10 12:51 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-10 11:27 - 2014-07-10 11:24 - 17209996 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-10 11:27 - 2012-11-07 22:10 - 00000000 ____D () C:\Users\****\Desktop\****
2014-07-10 09:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-10 09:16 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 21:56 - 2013-01-07 07:56 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 19:15 - 2014-01-06 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 19:11 - 2013-01-06 10:17 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 18:46 - 2014-07-09 18:46 - 00001325 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-07-09 18:45 - 2014-07-09 18:45 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-09 18:42 - 2014-07-09 18:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-09 18:42 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-09 17:27 - 2014-07-09 17:27 - 00003364 _____ () C:\Windows\System32\Tasks\{D0F9DC7E-8E00-45C9-A792-528F83A68E0A}
2014-07-09 16:28 - 2014-07-09 16:28 - 17227000 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-09 16:00 - 2013-01-05 21:58 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-07-09 16:00 - 2013-01-05 21:57 - 00000000 ____D () C:\Program Files\McAfee
2014-07-09 16:00 - 2012-08-03 09:46 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-09 15:56 - 2014-01-04 19:32 - 00000000 ____D () C:\Users\****\Documents\McAfee-Tresore
2014-07-09 15:00 - 2012-07-26 09:21 - 00045464 _____ () C:\Windows\setupact.log
2014-07-07 09:19 - 2012-11-07 21:28 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-06 20:58 - 2012-11-07 21:49 - 00000000 ____D () C:\Users\****\Desktop\Eigene Dateien
2014-07-06 20:58 - 2012-08-03 09:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-06 16:24 - 2013-07-20 13:05 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-07-05 19:05 - 2014-07-05 19:05 - 00003274 _____ () C:\Windows\System32\Tasks\nudbip
2014-07-05 19:05 - 2014-07-05 19:05 - 00000268 _____ () C:\Users\****\AppData\Local\nudbip.bat
2014-07-05 19:05 - 2014-07-05 18:57 - 00000000 ____D () C:\Users\****\AppData\Local\parent_07051657
2014-07-05 19:04 - 2014-07-05 19:05 - 00591320 _____ (ClickMeIn Limited) C:\Users\****\AppData\Local\nsu8B42.tmp
2014-07-05 19:03 - 2014-07-05 19:03 - 00003272 _____ () C:\Windows\System32\Tasks\hijkl
2014-07-05 19:03 - 2014-07-05 19:03 - 00000000 ____D () C:\Users\****\AppData\Local\com
2014-07-05 19:02 - 2014-07-05 19:02 - 00003276 _____ () C:\Windows\System32\Tasks\utcbaov
2014-07-05 18:58 - 2014-07-05 18:58 - 00003272 _____ () C:\Windows\System32\Tasks\prtve
2014-07-04 14:43 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5840.dll


Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 11:07

==================== End Of Log ============================
         
--- --- ---


Addition txt.:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by **** at 2014-08-01 15:02:59
Running from C:\Users\****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
"Professionelle Entwicklungsberichte Nov 2011" (HKLM-x32\...\{58F076B2-160B-47F5-96FF-93AD12BF5A91}) (Version:  - )
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0053 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3006 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3112 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3103 - Acer Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0053 - NTI Corporation) Hidden
bhv Vokabeltrainer 3.0 (HKLM-x32\...\{3A1AF860-2EB4-40EB-9827-17575880D3CE}) (Version: 3.00.0000 - bhv)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Benutzerregistrierung (HKLM-x32\...\Canon MP550 series Benutzerregistrierung) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3107 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 11.6.4.001_WHQL (HKLM\...\Elantech) (Version: 11.6.4.001 - ELAN Microelectronic Corp.)
Fotosizer 1.36 (HKLM-x32\...\Fotosizer) (Version: 1.36 - Fotosizer.com)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3002 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3002 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Word 2002 (HKLM-x32\...\{911B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Works 2000 (HKLM-x32\...\{56364334-9530-11D2-BFFC-00C04FA329AA}) (Version: 1.0.0.0000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3102 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3102 - Acer)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 6.0 (HKLM-x32\...\{B62A8A6F-5E48-4336-BF13-1632D5921872}) (Version: 6.00.135 - Panasonic Corporation)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-07-2014 14:46:10 Windows Update
23-07-2014 12:34:35 Geplanter Prüfpunkt
27-07-2014 09:36:49 Removed Java 7 Update 45
30-07-2014 14:03:01 Removed Skype™ 6.16
01-08-2014 10:39:36 Installed 7-Zip 9.22 (x64 edition)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17E4CA9F-25FD-494E-BB74-B84A209FCA12} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2328AFA5-2034-4E50-8C03-434797C3A303} - System32\Tasks\prtve => C:\Users\Sabrina Mum Tami\AppData\Local\prtve.bat
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {301568F0-A1D0-4C2F-A0BB-38A509665088} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {340F80DD-8486-47DE-ADD3-A13E8A743E4D} - System32\Tasks\hijkl => C:\Users\Sabrina Mum Tami\AppData\Local\hijkl.bat
Task: {3E0421B6-C537-4EBA-BDDD-5264D4EB9B9C} - System32\Tasks\nudbip => C:\Users\Sabrina Mum Tami\AppData\Local\nudbip.bat [2014-07-05] ()
Task: {5031E43D-8433-478B-ADEF-ED7A3609D51E} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] ()
Task: {62326D6D-B9EC-45F3-B4AA-DE599C576C87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {6A61A537-A9E4-47E1-B1F7-27D0320F8505} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {7C3C82A6-F5FF-49E6-84A8-3BCCD8C3CEFD} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {87435879-8822-4EA7-BEE4-0333BF295B58} - System32\Tasks\utcbaov => C:\Users\Sabrina Mum Tami\AppData\Local\utcbaov.bat
Task: {98CEFDC9-4187-453C-A3B4-C49FB9152592} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {9A3316D9-C152-4276-96B2-AE974CC1E5EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {A38BD126-07B0-4F4F-B87F-091FF244C31D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DB52C38A-7BED-4C11-8C09-4DA13108FB1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F4AC4701-4A00-46EE-9E72-0AEA77C1B6F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {F83191E3-E913-4DC2-BE22-C614E7BF5FB0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-07 21:28 - 2009-02-10 18:01 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-05-26 12:54 - 2014-05-26 12:55 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-09 11:12 - 2012-08-08 17:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2012-07-31 01:04 - 2012-07-31 01:04 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-25 22:47 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "PHOTOfunSTUDIO 6.0.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Erinnerungen für Microsoft Works-Kalender.lnk"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AnyProtect Scanner"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 01:04:05 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 01:04:05 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 01:04:05 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:22:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17028, Zeitstempel: 0x53a20947
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16912, Zeitstempel: 0x53645e25
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00023e60
ID des fehlerhaften Prozesses: 0xe2c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.


System errors:
=============
Error: (08/01/2014 02:27:10 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Mahakala)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-988491291-3693754129-3637727364-1001-0-ntuser.dat

Error: (08/01/2014 02:26:52 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Mahakala)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-988491291-3693754129-3637727364-1001-0-ntuser.dat

Error: (08/01/2014 02:06:18 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 01:58:27 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 01:58:27 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.

Error: (08/01/2014 01:57:57 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 01:57:15 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 01:57:02 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 01:56:43 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 01:53:58 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.


Microsoft Office Sessions:
=========================
Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (08/01/2014 01:04:05 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (08/01/2014 01:04:05 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (08/01/2014 01:04:05 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (08/01/2014 00:22:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1702853a20947ntdll.dll6.2.9200.1691253645e25c000000500023e60e2c01cfad6cdc1eaabbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\ntdll.dllb4534b92-1965-11e4-853f-b888e35995e8

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4


==================== Memory info =========================== 

Percentage of memory in use: 22%
Total physical RAM: 8005.27 MB
Available physical RAM: 6173.57 MB
Total Pagefile: 9221.27 MB
Available Pagefile: 7521.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.19 GB) (Free:368.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 659D2CAA)

Partition: GPT Partition Type.

==================== End Of Log ============================
         


LG

Alt 01.08.2014, 15:06   #12
Helena7
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Hallöchen,
hier ist nun Schritt 2:
MBAM Logdatei:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.08.2014
Suchlauf-Zeit: 14:26:51
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.01.01
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: 

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 292850
Verstrichene Zeit: 23 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, In Quarantäne, [7ee7447dea9146f055dfffebed1543bd], 

Registrierungswerte: 1
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_de_88, In Quarantäne, [adb8e1e0d8a32610e2ee9d48d9297789], 

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.Softonic.A, C:\Users\Sabrina Mum Tami\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf, In Quarantäne, [95d0f1d01a6146f0a8074e65ea18e51b], 

Dateien: 3
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, In Quarantäne, [85e07a47b8c3b77f2868ca733dc36a96], 
PUP.Optional.SupraSavings.A, C:\temp\t.msi, In Quarantäne, [2a3b9f228bf00f27bd2a900e45bf768a], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSI7D74.tmp, In Quarantäne, [76ef70511b604ee8c3743af4ba46dc24], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
und nun Schritt drei:
FRST.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by ****  (administrator) on **** on 01-08-2014 15:00:26
Running from C:\Users\****\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Sabrina Mum Tami\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {263c4989-67fc-11e2-bf2f-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {4502d96c-475c-11e2-bee1-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {4502d990-475c-11e2-bee1-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {46807440-43c7-11e2-bed2-001e101f9420} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {6c6f5314-448b-11e2-bedb-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {6c6f5358-448b-11e2-bedb-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {90739d7b-46d8-11e2-bee0-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {a1e33736-4390-11e2-bed0-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {bf7b2a71-3d2c-11e2-beb7-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {bf7b2a99-3d2c-11e2-beb7-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {bf7b2ac5-3d2c-11e2-beb7-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {c9a2c5be-43c9-11e2-bed3-806e6f6e6963} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {e94fb487-422a-11e2-bece-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {eb21b911-3e0d-11e2-bebc-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {eb21b946-3e0d-11e2-bebc-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {eb21b96b-3e0d-11e2-bebc-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen für Microsoft Works-Kalender.lnk
ShortcutTarget: Erinnerungen für Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0.lnk
ShortcutTarget: PHOTOfunSTUDIO 6.0.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {81968A3C-C8C0-45D1-BFD4-D6DB6F96682E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {81968A3C-C8C0-45D1-BFD4-D6DB6F96682E} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Sicherer Zahlungsverkehr - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-09]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-06-17] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-25] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2012-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ew_hwusbdev; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [117248 2012-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [121600 2012-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-05-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [616544 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-06-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-05-05] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-05-05] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178784 2013-06-06] (Kaspersky Lab ZAO)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-25] (Dritek System Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 14:55 - 2014-08-01 14:59 - 00001860 _____ () C:\Users\****\Desktop\mbam.txt
2014-08-01 14:26 - 2014-08-01 14:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 14:26 - 2014-08-01 14:26 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 14:25 - 2014-08-01 14:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 14:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 14:25 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 14:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 14:24 - 2014-08-01 14:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 14:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 14:14 - 2014-08-01 14:15 - 00000000 ____D () C:\AdwCleaner
2014-08-01 14:12 - 2014-08-01 14:12 - 01361309 _____ () C:\Users\****\Desktop\adwcleaner_3.302.exe
2014-08-01 12:45 - 2014-08-01 12:46 - 00037741 _____ () C:\Users\****\Desktop\Addition.txt
2014-08-01 12:43 - 2014-08-01 15:00 - 00020350 _____ () C:\Users\****\Desktop\FRST.txt
2014-08-01 12:42 - 2014-08-01 15:00 - 00000000 ____D () C:\FRST
2014-08-01 12:40 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-01 12:40 - 2014-08-01 12:41 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-01 12:38 - 2014-08-01 12:38 - 01444352 _____ () C:\Users\****\Desktop\7z922-x64.msi
2014-08-01 12:22 - 2014-08-01 12:22 - 01580420 _____ () C:\Users\****\Desktop\FRST64.zip
2014-08-01 11:59 - 2014-08-01 11:59 - 02094080 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2014-08-01 11:19 - 2014-08-01 11:19 - 01083476 _____ () C:\Users\****\Desktop\FRST.com
2014-08-01 11:12 - 2014-08-01 11:15 - 00002186 _____ () C:\Users\****\Desktop\Rkill.txt
2014-08-01 11:11 - 2014-08-01 11:11 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\****\Desktop\rkill.com
2014-08-01 11:05 - 2014-08-01 11:07 - 00001240 _____ () C:\Users\****\Desktop\FixExec.txt
2014-08-01 11:04 - 2014-08-01 11:04 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\****\Desktop\FixExec.com
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Windows\pss
2014-07-31 17:28 - 2014-07-31 17:29 - 17279700 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (6).exe
2014-07-31 17:27 - 2014-07-31 17:29 - 17260816 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-07-30 20:04 - 2014-07-31 17:29 - 17288956 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-07-30 11:11 - 2014-07-30 11:11 - 17221636 _____ () C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-29 16:46 - 2014-07-29 16:46 - 17230324 _____ () C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-15 10:20 - 2014-07-15 10:21 - 00420288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 13:48 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 13:47 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 13:47 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 13:32 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 11:24 - 2014-07-10 11:27 - 17209996 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-09 18:46 - 2014-08-01 00:49 - 00002330 _____ () C:\Users\****\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-09 18:46 - 2014-07-09 18:46 - 00001325 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-07-09 18:46 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 18:45 - 2014-07-09 18:45 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-09 18:45 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 18:45 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 18:44 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 18:44 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 18:44 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 18:44 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 18:44 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 18:44 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 18:44 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 18:44 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 18:42 - 2014-08-01 14:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-09 18:42 - 2014-07-09 18:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-09 18:42 - 2013-06-08 20:18 - 00616544 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-07-09 18:42 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-07-09 17:54 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 17:54 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 17:54 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 17:54 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 17:30 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 17:27 - 2014-07-09 17:27 - 00003364 _____ () C:\Windows\System32\Tasks\{D0F9DC7E-8E00-45C9-A792-528F83A68E0A}
2014-07-09 17:23 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 17:23 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 17:23 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 17:23 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 17:23 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 17:23 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 17:23 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 17:23 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 17:23 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 17:23 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 17:23 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-09 16:47 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 16:47 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 16:28 - 2014-07-09 16:28 - 17227000 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-05 19:05 - 2014-07-05 19:05 - 00003274 _____ () C:\Windows\System32\Tasks\nudbip
2014-07-05 19:05 - 2014-07-05 19:05 - 00000268 _____ () C:\Users\****\AppData\Local\nudbip.bat
2014-07-05 19:05 - 2014-07-05 19:04 - 00591320 _____ (ClickMeIn Limited) C:\Users\****\AppData\Local\nsu8B42.tmp
2014-07-05 19:04 - 2014-08-01 14:15 - 00001100 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-05 19:03 - 2014-07-05 19:03 - 00003272 _____ () C:\Windows\System32\Tasks\hijkl
2014-07-05 19:03 - 2014-07-05 19:03 - 00000000 ____D () C:\Users\****\AppData\Local\com
2014-07-05 19:02 - 2014-07-05 19:02 - 00003276 _____ () C:\Windows\System32\Tasks\utcbaov
2014-07-05 18:58 - 2014-07-05 18:58 - 00003272 _____ () C:\Windows\System32\Tasks\prtve
2014-07-05 18:57 - 2014-07-05 19:05 - 00000000 ____D () C:\Users\****\AppData\Local\parent_07051657

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 15:00 - 2014-08-01 12:43 - 00020350 _____ () C:\Users\****\Desktop\FRST.txt
2014-08-01 15:00 - 2014-08-01 12:42 - 00000000 ____D () C:\FRST
2014-08-01 15:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-01 14:59 - 2014-08-01 14:55 - 00001860 _____ () C:\Users\****\Desktop\mbam.txt
2014-08-01 14:58 - 2014-07-09 18:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-01 14:57 - 2012-08-26 08:30 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-08-01 14:57 - 2012-08-26 08:30 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-08-01 14:57 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 14:56 - 2013-01-07 07:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-01 14:53 - 2014-08-01 14:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 14:53 - 2013-05-30 20:18 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 14:52 - 2012-08-03 09:35 - 00104678 _____ () C:\Windows\PFRO.log
2014-08-01 14:52 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 14:51 - 2014-05-18 16:17 - 00000000 ____D () C:\temp
2014-08-01 14:26 - 2014-08-01 14:26 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 14:26 - 2014-08-01 14:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 14:24 - 2014-08-01 14:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\****\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 14:17 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-08-01 14:15 - 2014-08-01 14:14 - 00000000 ____D () C:\AdwCleaner
2014-08-01 14:15 - 2014-07-05 19:04 - 00001100 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-01 14:12 - 2014-08-01 14:12 - 01361309 _____ () C:\Users\****\Desktop\adwcleaner_3.302.exe
2014-08-01 14:03 - 2013-05-30 20:19 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 12:52 - 2012-11-07 21:13 - 01559989 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 12:46 - 2014-08-01 12:45 - 00037741 _____ () C:\Users\****\Desktop\Addition.txt
2014-08-01 12:41 - 2014-08-01 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-01 12:41 - 2014-08-01 12:40 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-01 12:38 - 2014-08-01 12:38 - 01444352 _____ () C:\Users\****\Desktop\7z922-x64.msi
2014-08-01 12:22 - 2014-08-01 12:22 - 01580420 _____ () C:\Users\****\Desktop\FRST64.zip
2014-08-01 12:22 - 2012-11-07 23:37 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2014-08-01 11:59 - 2014-08-01 11:59 - 02094080 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2014-08-01 11:19 - 2014-08-01 11:19 - 01083476 _____ () C:\Users\****\Desktop\FRST.com
2014-08-01 11:15 - 2014-08-01 11:12 - 00002186 _____ () C:\Users\****\Desktop\Rkill.txt
2014-08-01 11:11 - 2014-08-01 11:11 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\****\Desktop\rkill.com
2014-08-01 11:07 - 2014-08-01 11:05 - 00001240 _____ () C:\Users\****\Desktop\FixExec.txt
2014-08-01 11:04 - 2014-08-01 11:04 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\****\Desktop\FixExec.com
2014-08-01 00:49 - 2014-07-09 18:46 - 00002330 _____ () C:\Users\****\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-31 23:47 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Windows\pss
2014-07-31 17:29 - 2014-07-31 17:28 - 17279700 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (6).exe
2014-07-31 17:29 - 2014-07-31 17:27 - 17260816 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-07-31 17:29 - 2014-07-30 20:04 - 17288956 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-07-30 20:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-30 16:04 - 2013-06-10 14:34 - 00000000 ____D () C:\ProgramData\Skype
2014-07-30 15:46 - 2013-12-21 20:31 - 00124928 ___SH () C:\Users\****\Downloads\Thumbs.db
2014-07-30 11:11 - 2014-07-30 11:11 - 17221636 _____ () C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-29 17:04 - 2012-11-07 21:20 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-988491291-3693754129-3637727364-1001
2014-07-29 16:46 - 2014-07-29 16:46 - 17230324 _____ () C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-29 16:25 - 2012-11-07 22:10 - 00000000 ____D () C:\Users\****\Desktop\Eigene Bilder
2014-07-29 15:29 - 2014-06-15 12:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 15:29 - 2013-01-06 15:55 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mozilla
2014-07-27 00:15 - 2013-06-10 14:34 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-07-26 20:49 - 2012-11-07 19:29 - 00000000 ____D () C:\Users\****\AppData\Roaming\ForumVerlag
2014-07-15 10:21 - 2014-07-15 10:20 - 00420288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 03:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 03:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 16:47 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-10 12:51 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-10 11:27 - 2014-07-10 11:24 - 17209996 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-10 11:27 - 2012-11-07 22:10 - 00000000 ____D () C:\Users\****\Desktop\****
2014-07-10 09:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-10 09:16 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 21:56 - 2013-01-07 07:56 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 19:15 - 2014-01-06 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 19:11 - 2013-01-06 10:17 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 18:46 - 2014-07-09 18:46 - 00001325 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-07-09 18:45 - 2014-07-09 18:45 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-09 18:42 - 2014-07-09 18:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-09 18:42 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-09 17:27 - 2014-07-09 17:27 - 00003364 _____ () C:\Windows\System32\Tasks\{D0F9DC7E-8E00-45C9-A792-528F83A68E0A}
2014-07-09 16:28 - 2014-07-09 16:28 - 17227000 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-09 16:00 - 2013-01-05 21:58 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-07-09 16:00 - 2013-01-05 21:57 - 00000000 ____D () C:\Program Files\McAfee
2014-07-09 16:00 - 2012-08-03 09:46 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-09 15:56 - 2014-01-04 19:32 - 00000000 ____D () C:\Users\****\Documents\McAfee-Tresore
2014-07-09 15:00 - 2012-07-26 09:21 - 00045464 _____ () C:\Windows\setupact.log
2014-07-07 09:19 - 2012-11-07 21:28 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-06 20:58 - 2012-11-07 21:49 - 00000000 ____D () C:\Users\****\Desktop\Eigene Dateien
2014-07-06 20:58 - 2012-08-03 09:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-06 16:24 - 2013-07-20 13:05 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-07-05 19:05 - 2014-07-05 19:05 - 00003274 _____ () C:\Windows\System32\Tasks\nudbip
2014-07-05 19:05 - 2014-07-05 19:05 - 00000268 _____ () C:\Users\****\AppData\Local\nudbip.bat
2014-07-05 19:05 - 2014-07-05 18:57 - 00000000 ____D () C:\Users\****\AppData\Local\parent_07051657
2014-07-05 19:04 - 2014-07-05 19:05 - 00591320 _____ (ClickMeIn Limited) C:\Users\****\AppData\Local\nsu8B42.tmp
2014-07-05 19:03 - 2014-07-05 19:03 - 00003272 _____ () C:\Windows\System32\Tasks\hijkl
2014-07-05 19:03 - 2014-07-05 19:03 - 00000000 ____D () C:\Users\****\AppData\Local\com
2014-07-05 19:02 - 2014-07-05 19:02 - 00003276 _____ () C:\Windows\System32\Tasks\utcbaov
2014-07-05 18:58 - 2014-07-05 18:58 - 00003272 _____ () C:\Windows\System32\Tasks\prtve
2014-07-04 14:43 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5840.dll


Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 11:07

==================== End Of Log ============================
         
--- --- ---


Addition txt.:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by **** at 2014-08-01 15:02:59
Running from C:\Users\****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
"Professionelle Entwicklungsberichte Nov 2011" (HKLM-x32\...\{58F076B2-160B-47F5-96FF-93AD12BF5A91}) (Version:  - )
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0053 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3006 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3112 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3103 - Acer Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0053 - NTI Corporation) Hidden
bhv Vokabeltrainer 3.0 (HKLM-x32\...\{3A1AF860-2EB4-40EB-9827-17575880D3CE}) (Version: 3.00.0000 - bhv)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Benutzerregistrierung (HKLM-x32\...\Canon MP550 series Benutzerregistrierung) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3107 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 11.6.4.001_WHQL (HKLM\...\Elantech) (Version: 11.6.4.001 - ELAN Microelectronic Corp.)
Fotosizer 1.36 (HKLM-x32\...\Fotosizer) (Version: 1.36 - Fotosizer.com)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3002 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3002 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Word 2002 (HKLM-x32\...\{911B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Works 2000 (HKLM-x32\...\{56364334-9530-11D2-BFFC-00C04FA329AA}) (Version: 1.0.0.0000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3102 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3102 - Acer)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 6.0 (HKLM-x32\...\{B62A8A6F-5E48-4336-BF13-1632D5921872}) (Version: 6.00.135 - Panasonic Corporation)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-07-2014 14:46:10 Windows Update
23-07-2014 12:34:35 Geplanter Prüfpunkt
27-07-2014 09:36:49 Removed Java 7 Update 45
30-07-2014 14:03:01 Removed Skype™ 6.16
01-08-2014 10:39:36 Installed 7-Zip 9.22 (x64 edition)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17E4CA9F-25FD-494E-BB74-B84A209FCA12} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2328AFA5-2034-4E50-8C03-434797C3A303} - System32\Tasks\prtve => C:\Users\Sabrina Mum Tami\AppData\Local\prtve.bat
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {301568F0-A1D0-4C2F-A0BB-38A509665088} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {340F80DD-8486-47DE-ADD3-A13E8A743E4D} - System32\Tasks\hijkl => C:\Users\Sabrina Mum Tami\AppData\Local\hijkl.bat
Task: {3E0421B6-C537-4EBA-BDDD-5264D4EB9B9C} - System32\Tasks\nudbip => C:\Users\Sabrina Mum Tami\AppData\Local\nudbip.bat [2014-07-05] ()
Task: {5031E43D-8433-478B-ADEF-ED7A3609D51E} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] ()
Task: {62326D6D-B9EC-45F3-B4AA-DE599C576C87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {6A61A537-A9E4-47E1-B1F7-27D0320F8505} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {7C3C82A6-F5FF-49E6-84A8-3BCCD8C3CEFD} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {87435879-8822-4EA7-BEE4-0333BF295B58} - System32\Tasks\utcbaov => C:\Users\Sabrina Mum Tami\AppData\Local\utcbaov.bat
Task: {98CEFDC9-4187-453C-A3B4-C49FB9152592} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {9A3316D9-C152-4276-96B2-AE974CC1E5EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {A38BD126-07B0-4F4F-B87F-091FF244C31D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DB52C38A-7BED-4C11-8C09-4DA13108FB1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F4AC4701-4A00-46EE-9E72-0AEA77C1B6F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {F83191E3-E913-4DC2-BE22-C614E7BF5FB0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-07 21:28 - 2009-02-10 18:01 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-05-26 12:54 - 2014-05-26 12:55 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-09 11:12 - 2012-08-08 17:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2012-07-31 01:04 - 2012-07-31 01:04 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-25 22:47 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "PHOTOfunSTUDIO 6.0.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Erinnerungen für Microsoft Works-Kalender.lnk"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AnyProtect Scanner"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 01:04:05 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 01:04:05 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 01:04:05 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:22:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17028, Zeitstempel: 0x53a20947
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16912, Zeitstempel: 0x53645e25
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00023e60
ID des fehlerhaften Prozesses: 0xe2c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.


System errors:
=============
Error: (08/01/2014 02:27:10 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Mahakala)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-988491291-3693754129-3637727364-1001-0-ntuser.dat

Error: (08/01/2014 02:26:52 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Mahakala)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-988491291-3693754129-3637727364-1001-0-ntuser.dat

Error: (08/01/2014 02:06:18 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 01:58:27 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 01:58:27 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.

Error: (08/01/2014 01:57:57 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 01:57:15 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 01:57:02 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 01:56:43 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.

Error: (08/01/2014 01:53:58 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.


Microsoft Office Sessions:
=========================
Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (08/01/2014 01:04:05 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (08/01/2014 01:04:05 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (08/01/2014 01:04:05 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (08/01/2014 00:22:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1702853a20947ntdll.dll6.2.9200.1691253645e25c000000500023e60e2c01cfad6cdc1eaabbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\ntdll.dllb4534b92-1965-11e4-853f-b888e35995e8

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (08/01/2014 00:14:53 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4


==================== Memory info =========================== 

Percentage of memory in use: 22%
Total physical RAM: 8005.27 MB
Available physical RAM: 6173.57 MB
Total Pagefile: 9221.27 MB
Available Pagefile: 7521.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.19 GB) (Free:368.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 659D2CAA)

Partition: GPT Partition Type.

==================== End Of Log ============================
         


LG

Alt 01.08.2014, 20:16   #13
M-K-D-B
/// TB-Ausbilder
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
C:\temp
SearchScopes: HKCU - {81968A3C-C8C0-45D1-BFD4-D6DB6F96682E} URL = 
C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
Task: {87435879-8822-4EA7-BEE4-0333BF295B58} - System32\Tasks\utcbaov => C:\Users\Sabrina Mum Tami\AppData\Local\utcbaov.bat
C:\Users\Sabrina Mum Tami\AppData\Local\utcbaov.bat
Task: {340F80DD-8486-47DE-ADD3-A13E8A743E4D} - System32\Tasks\hijkl => C:\Users\Sabrina Mum Tami\AppData\Local\hijkl.bat
C:\Users\Sabrina Mum Tami\AppData\Local\hijkl.bat
Task: {3E0421B6-C537-4EBA-BDDD-5264D4EB9B9C} - System32\Tasks\nudbip => C:\Users\Sabrina Mum Tami\AppData\Local\nudbip.bat [2014-07-05] ()
C:\Users\Sabrina Mum Tami\AppData\Local\nudbip.bat
Task: {2328AFA5-2034-4E50-8C03-434797C3A303} - System32\Tasks\prtve => C:\Users\Sabrina Mum Tami\AppData\Local\prtve.bat
C:\Users\Sabrina Mum Tami\AppData\Local\prtve.bat
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
  • Deaktiviere dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Lade die Quarantine.zip im Upload-Channel hoch.
  • Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
  • Klicke abschließend auf Hochladen.
  • Vielen Dank für deine Hilfe.
  • Aktiviere dein Anti-Viren-Programm wieder.





Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • eine Rückmeldung, ob der Upload geklappt hat,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 02.08.2014, 19:49   #14
Helena7
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Hallo,

hier ist erst mal die Logdatei:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 02
Ran by **** at 2014-08-02 17:02:24 Run:1
Running from C:\Users\****\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\temp
SearchScopes: HKCU - {81968A3C-C8C0-45D1-BFD4-D6DB6F96682E} URL = 
C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
Task: {87435879-8822-4EA7-BEE4-0333BF295B58} - System32\Tasks\utcbaov => C:\Users\****\AppData\Local\utcbaov.bat
C:\Users\****\AppData\Local\utcbaov.bat
Task: {340F80DD-8486-47DE-ADD3-A13E8A743E4D} - System32\Tasks\hijkl => C:\Users\****\AppData\Local\hijkl.bat
C:\Users\****\AppData\Local\hijkl.bat
Task: {3E0421B6-C537-4EBA-BDDD-5264D4EB9B9C} - System32\Tasks\nudbip => C:\Users\****\AppData\Local\nudbip.bat [2014-07-05] ()
C:\Users\****\AppData\Local\nudbip.bat
Task: {2328AFA5-2034-4E50-8C03-434797C3A303} - System32\Tasks\prtve => C:\Users\****\AppData\Local\prtve.bat
C:\Users\****\AppData\Local\prtve.bat
Reboot:
end

*****************

C:\temp => Moved successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{81968A3C-C8C0-45D1-BFD4-D6DB6F96682E}" => Key deleted successfully.
"HKCR\CLSID\{81968A3C-C8C0-45D1-BFD4-D6DB6F96682E}" => Key not found.
C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{87435879-8822-4EA7-BEE4-0333BF295B58}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87435879-8822-4EA7-BEE4-0333BF295B58}" => Key deleted successfully.
C:\Windows\System32\Tasks\utcbaov => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\utcbaov" => Key deleted successfully.
"C:\Users\****\AppData\Local\utcbaov.bat" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{340F80DD-8486-47DE-ADD3-A13E8A743E4D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{340F80DD-8486-47DE-ADD3-A13E8A743E4D}" => Key deleted successfully.
C:\Windows\System32\Tasks\hijkl => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hijkl" => Key deleted successfully.
"C:\Users\****\AppData\Local\hijkl.bat" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E0421B6-C537-4EBA-BDDD-5264D4EB9B9C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E0421B6-C537-4EBA-BDDD-5264D4EB9B9C}" => Key deleted successfully.
C:\Windows\System32\Tasks\nudbip => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nudbip" => Key deleted successfully.
C:\Users\****\AppData\Local\nudbip.bat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2328AFA5-2034-4E50-8C03-434797C3A303}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2328AFA5-2034-4E50-8C03-434797C3A303}" => Key deleted successfully.
C:\Windows\System32\Tasks\prtve => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\prtve" => Key deleted successfully.
"C:\Users\****\AppData\Local\prtve.bat" => File/Directory not found.


The system needed a reboot. 

==== End of Fixlog ====
         
Mit den anderen Schritten fange ich jetzt an.

Viele Grüße!

Schritt 2 hat geklappt.
Die Datei hieß bei mir allerdings C.zip.

Schritt 3:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=72a86d4344cce74f9492978aaa595dca
# engine=19470
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-02 05:56:06
# local_time=2014-08-02 07:56:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 10359 38480188 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5890565 20910460 0 0
# scanned=212863
# found=22
# cleaned=0
# scan_time=7873
sh=F40C28E9C909A1AF43673D0CBA8D7FD51EAE3CEB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browser App\60346.xpi.vir"
sh=ECBDB78FDCB2EA869BC8E81C1AB5DC8333FEE8DB ft=1 fh=1d9cdd4847df77c5 vn="Variante von Win32/Toolbar.CrossRider.AL evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browser App\Browser App-bg.exe.vir"
sh=56D5BF7F8EE4146E3B1D8BFDC47420E154CEC792 ft=1 fh=44be08d9fa9b8ca2 vn="Variante von Win32/Toolbar.CrossRider.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browser App\Browser App-bho.dll.vir"
sh=E50F67A5716FFA0BA828C3461D5ADCE5561B0EE5 ft=1 fh=b3476202e9bae31f vn="Variante von Win64/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browser App\Browser App-bho64.dll.vir"
sh=03D77FF44DE5DEA318C47F068F9561674D8F4F38 ft=1 fh=c6b5a7e3f9e0af40 vn="Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browser App\Browser App-codedownloader.exe.vir"
sh=DFCAF4AB9B85AD17455D0EACC74D64486B08F2B6 ft=1 fh=eb1edb0f76c9c01e vn="Variante von Win32/Toolbar.CrossRider.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browser App\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-2.exe.vir"
sh=6E9BD3DB047044828F7D0629AE77AC4E3F7596B3 ft=1 fh=6d11165ccfea87f8 vn="Variante von Win32/Toolbar.CrossRider.AK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browser App\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-4.exe.vir"
sh=5FEA1B5F044D5DC17B155CB7489678B750A26B56 ft=1 fh=db6a7c68f8fb0230 vn="Variante von Win32/Toolbar.CrossRider.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browser App\ef05a80e-b2ff-41e3-a6df-d7629cff6aa9-5.exe.vir"
sh=A832EECE23249EF901A539F80E8CFEA07330D6F8 ft=1 fh=d91bac54d740a3f2 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\escortShld.dll.vir"
sh=1DBEEF4253BD421D184B1476E8553747BA49674B ft=1 fh=cc57499cb4380fe3 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\SoftonicApp.dll.vir"
sh=6C013D58BA49BD8ED16B94FBE1567BBA94F5E73F ft=1 fh=8f9822127f2d329a vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\SoftonicEng.dll.vir"
sh=C5FE22EF6BDB83D15C2CDE4CEB20ACD3F8541197 ft=1 fh=140d8818505da610 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\Softonicsrv.exe.vir"
sh=7B2BCBFB4E9FD682B744188E18A81EAEAAD8A933 ft=1 fh=7ed330e377578006 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\SoftonicTlbr.dll.vir"
sh=DDE4FB796A2EC80DEF5E8C8C55B7B7E1591F4D11 ft=1 fh=d633d6825bb08fed vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\uninstall.exe.vir"
sh=E43D8467A283DCF9666AE4E082402DB7ACA1BB19 ft=1 fh=63305e974b4e8134 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Softonic\Softonic\1.8.16.10\bh\Softonic.dll.vir"
sh=DCA32625A1D46D802F28FDEB1480491AF1941B73 ft=1 fh=d36ab4e38e414eb2 vn="Win32/VOPackage.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina Mum Tami\AppData\Roaming\VOPackage\runasu.exe.vir"
sh=71BC0A2DD3C5D0F02BFAB3CCF00FC25D08EA8E3A ft=0 fh=0000000000000000 vn="Variante von Win64/Adware.Adpeak.F Anwendung" ac=I fn="C:\FRST\Quarantine\C.zip"
sh=ED3AE0C892B53C95BD9BDE74AEE8396D41B3AF87 ft=1 fh=be30934dd2f4fafd vn="Variante von Win64/Adware.Adpeak.F Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe"
sh=2235EE1442B40030D643621FC6E98D4A4B1545B6 ft=1 fh=4dc5fe43d5fa8a11 vn="Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina Mum Tami\Downloads\flash-downloader (1).exe"
sh=2235EE1442B40030D643621FC6E98D4A4B1545B6 ft=1 fh=4dc5fe43d5fa8a11 vn="Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina Mum Tami\Downloads\flash-downloader.exe"
sh=44341AC3075A630346D44C97F22FE3B8DB90A2C8 ft=1 fh=03026ae03c5e9bfc vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=A54655F77E8C7AE4BCBF942A4C67876B943E3539 ft=1 fh=c5ec491b392aaff5 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows\Temp\19A6D51C-2D35-44DB-B412-0B01BF8D2D62n.exe"
         
Schritt 4:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.85  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
Windows Defender              
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	14.0.0.145  
 Adobe Reader 8 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
Schritt 5


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by **** (administrator) on **** on 02-08-2014 20:29:00
Running from C:\Users\****\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Sabrina Mum Tami\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {263c4989-67fc-11e2-bf2f-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {4502d96c-475c-11e2-bee1-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {4502d990-475c-11e2-bee1-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {46807440-43c7-11e2-bed2-001e101f9420} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {6c6f5314-448b-11e2-bedb-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {6c6f5358-448b-11e2-bedb-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {90739d7b-46d8-11e2-bee0-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {a1e33736-4390-11e2-bed0-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {bf7b2a71-3d2c-11e2-beb7-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {bf7b2a99-3d2c-11e2-beb7-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {bf7b2ac5-3d2c-11e2-beb7-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {c9a2c5be-43c9-11e2-bed3-806e6f6e6963} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {e94fb487-422a-11e2-bece-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {eb21b911-3e0d-11e2-bebc-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {eb21b946-3e0d-11e2-bebc-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-988491291-3693754129-3637727364-1001\...\MountPoints2: {eb21b96b-3e0d-11e2-bebc-844bf5339709} - "E:\.\Setup.exe" AUTORUN=1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen für Microsoft Works-Kalender.lnk
ShortcutTarget: Erinnerungen für Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0.lnk
ShortcutTarget: PHOTOfunSTUDIO 6.0.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {81968A3C-C8C0-45D1-BFD4-D6DB6F96682E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-09]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-08-01] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
R3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-25] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2012-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 ew_hwusbdev; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [117248 2012-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [121600 2012-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-08-01] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-08-01] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-08-01] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-08-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-08-01] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-08-01] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-08-01] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-08-01] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-08-01] (Kaspersky Lab ZAO)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-25] (Dritek System Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 16:01 - 2014-08-02 20:29 - 00000000 ____D () C:\Users\****\Desktop
2014-08-01 14:26 - 2014-08-01 18:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 14:25 - 2014-08-01 14:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 14:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 14:25 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 14:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 14:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 14:14 - 2014-08-01 14:15 - 00000000 ____D () C:\AdwCleaner
2014-08-01 12:42 - 2014-08-02 20:29 - 00000000 ____D () C:\FRST
2014-08-01 12:40 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-01 12:40 - 2014-08-01 12:41 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Windows\pss
2014-07-31 17:28 - 2014-07-31 17:29 - 17279700 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (6).exe
2014-07-31 17:27 - 2014-07-31 17:29 - 17260816 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-07-30 20:04 - 2014-07-31 17:29 - 17288956 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-07-30 11:11 - 2014-07-30 11:11 - 17221636 _____ () C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-29 16:46 - 2014-07-29 16:46 - 17230324 _____ () C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-15 10:20 - 2014-07-15 10:21 - 00420288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 13:48 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 13:47 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 13:47 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 13:32 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 11:24 - 2014-07-10 11:27 - 17209996 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-09 18:46 - 2014-08-01 00:49 - 00002330 _____ () C:\Users\****\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-09 18:46 - 2014-07-09 18:46 - 00001325 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-07-09 18:46 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 18:45 - 2014-07-09 18:45 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-09 18:45 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 18:45 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 18:44 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 18:44 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 18:44 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 18:44 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 18:44 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 18:44 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 18:44 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 18:44 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 18:44 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 18:44 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 18:44 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 18:44 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 18:42 - 2014-08-02 19:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-09 18:42 - 2014-08-01 15:24 - 00625760 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-07-09 18:42 - 2014-08-01 15:24 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-07-09 18:42 - 2014-07-09 18:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-09 17:54 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 17:54 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 17:54 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 17:54 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 17:30 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 17:27 - 2014-07-09 17:27 - 00003364 _____ () C:\Windows\System32\Tasks\{D0F9DC7E-8E00-45C9-A792-528F83A68E0A}
2014-07-09 17:23 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 17:23 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 17:23 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 17:23 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 17:23 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 17:23 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 17:23 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 17:23 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 17:23 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 17:23 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 17:23 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-09 16:47 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 16:47 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 16:28 - 2014-07-09 16:28 - 17227000 _____ (Malwarebytes Corporation ) C:\Users\Sabrina Mum Tami\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-05 19:05 - 2014-07-05 19:04 - 00591320 _____ (ClickMeIn Limited) C:\Users\Sabrina Mum Tami\AppData\Local\nsu8B42.tmp
2014-07-05 19:04 - 2014-08-01 14:15 - 00001100 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-05 19:03 - 2014-07-05 19:03 - 00000000 ____D () C:\Users\****\AppData\Local\com
2014-07-05 18:57 - 2014-07-05 19:05 - 00000000 ____D () C:\Users\****\AppData\Local\parent_07051657

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 20:29 - 2014-08-01 16:01 - 00000000 ____D () C:\Users\****\Desktop\AntiV
2014-08-02 20:29 - 2014-08-01 12:42 - 00000000 ____D () C:\FRST
2014-08-02 20:03 - 2013-05-30 20:19 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 19:56 - 2013-01-07 07:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-02 19:27 - 2014-07-09 18:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-02 19:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-02 18:47 - 2012-11-07 21:13 - 01665049 _____ () C:\Windows\WindowsUpdate.log
2014-08-02 18:37 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-02 18:03 - 2013-05-30 20:18 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 17:09 - 2012-08-26 08:30 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-08-02 17:09 - 2012-08-26 08:30 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-08-02 17:09 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-02 17:03 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 17:02 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-08-01 18:03 - 2014-08-01 14:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 16:27 - 2012-08-03 09:35 - 00105028 _____ () C:\Windows\PFRO.log
2014-08-01 15:24 - 2014-07-09 18:42 - 00625760 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-01 15:24 - 2014-07-09 18:42 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-01 15:24 - 2013-06-10 12:27 - 00030304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-08-01 15:24 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-08-01 15:24 - 2013-05-07 17:56 - 00065120 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwfp.sys
2014-08-01 15:24 - 2013-05-06 09:22 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-08-01 15:24 - 2013-05-05 22:42 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2014-08-01 15:24 - 2013-05-05 22:42 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-08-01 15:24 - 2012-07-27 18:38 - 00029792 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klelam.sys
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 14:26 - 2014-08-01 14:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 14:25 - 2014-08-01 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 14:15 - 2014-08-01 14:14 - 00000000 ____D () C:\AdwCleaner
2014-08-01 14:15 - 2014-07-05 19:04 - 00001100 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-01 12:41 - 2014-08-01 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-01 12:41 - 2014-08-01 12:40 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-01 12:22 - 2012-11-07 23:37 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2014-08-01 00:49 - 2014-07-09 18:46 - 00002330 _____ () C:\Users\****\Desktop\Sicherer Zahlungsverkehr.lnk
2014-07-31 23:47 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Windows\pss
2014-07-31 17:29 - 2014-07-31 17:28 - 17279700 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (6).exe
2014-07-31 17:29 - 2014-07-31 17:27 - 17260816 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (5).exe
2014-07-31 17:29 - 2014-07-30 20:04 - 17288956 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (4).exe
2014-07-30 20:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-30 16:04 - 2013-06-10 14:34 - 00000000 ____D () C:\ProgramData\Skype
2014-07-30 15:46 - 2013-12-21 20:31 - 00124928 ___SH () C:\Users\****\Downloads\Thumbs.db
2014-07-30 11:11 - 2014-07-30 11:11 - 17221636 _____ () C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-29 17:04 - 2012-11-07 21:20 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-988491291-3693754129-3637727364-1001
2014-07-29 16:46 - 2014-07-29 16:46 - 17230324 _____ () C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-29 16:25 - 2012-11-07 22:10 - 00000000 ____D () C:\Users\****\Desktop\Eigene Bilder
2014-07-29 15:29 - 2014-06-15 12:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 15:29 - 2013-01-06 15:55 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mozilla
2014-07-27 00:15 - 2013-06-10 14:34 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-07-26 20:49 - 2012-11-07 19:29 - 00000000 ____D () C:\Users\****\AppData\Roaming\ForumVerlag
2014-07-15 10:21 - 2014-07-15 10:20 - 00420288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 03:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 03:13 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 16:47 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-10 12:51 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-10 11:27 - 2014-07-10 11:24 - 17209996 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-10 11:27 - 2012-11-07 22:10 - 00000000 ____D () C:\Users\****\Desktop\****
2014-07-10 09:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-10 09:16 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 21:56 - 2013-01-07 07:56 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 19:15 - 2014-01-06 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 19:11 - 2013-01-06 10:17 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 18:46 - 2014-07-09 18:46 - 00001325 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-07-09 18:45 - 2014-07-09 18:45 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-09 18:42 - 2014-07-09 18:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-09 18:42 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-09 17:27 - 2014-07-09 17:27 - 00003364 _____ () C:\Windows\System32\Tasks\{D0F9DC7E-8E00-45C9-A792-528F83A68E0A}
2014-07-09 16:28 - 2014-07-09 16:28 - 17227000 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-09 16:00 - 2013-01-05 21:58 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-07-09 16:00 - 2013-01-05 21:57 - 00000000 ____D () C:\Program Files\McAfee
2014-07-09 16:00 - 2012-08-03 09:46 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-09 15:56 - 2014-01-04 19:32 - 00000000 ____D () C:\Users\****\Documents\McAfee-Tresore
2014-07-09 15:00 - 2012-07-26 09:21 - 00045464 _____ () C:\Windows\setupact.log
2014-07-07 09:19 - 2012-11-07 21:28 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-06 20:58 - 2012-11-07 21:49 - 00000000 ____D () C:\Users\****\Desktop\Eigene Dateien
2014-07-06 20:58 - 2012-08-03 09:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-06 16:24 - 2013-07-20 13:05 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-07-05 19:05 - 2014-07-05 18:57 - 00000000 ____D () C:\Users\****\AppData\Local\parent_07051657
2014-07-05 19:04 - 2014-07-05 19:05 - 00591320 _____ (ClickMeIn Limited) C:\Users\****\AppData\Local\nsu8B42.tmp
2014-07-05 19:03 - 2014-07-05 19:03 - 00000000 ____D () C:\Users\****\AppData\Local\com

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5840.dll


Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 11:07

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 02
Ran by **** at 2014-08-02 20:30:51
Running from C:\Users\****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
"Professionelle Entwicklungsberichte Nov 2011" (HKLM-x32\...\{58F076B2-160B-47F5-96FF-93AD12BF5A91}) (Version:  - )
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0053 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3006 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3112 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3103 - Acer Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0053 - NTI Corporation) Hidden
bhv Vokabeltrainer 3.0 (HKLM-x32\...\{3A1AF860-2EB4-40EB-9827-17575880D3CE}) (Version: 3.00.0000 - bhv)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Benutzerregistrierung (HKLM-x32\...\Canon MP550 series Benutzerregistrierung) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3107 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3107 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 11.6.4.001_WHQL (HKLM\...\Elantech) (Version: 11.6.4.001 - ELAN Microelectronic Corp.)
Fotosizer 1.36 (HKLM-x32\...\Fotosizer) (Version: 1.36 - Fotosizer.com)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3002 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3002 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Word 2002 (HKLM-x32\...\{911B0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Works 2000 (HKLM-x32\...\{56364334-9530-11D2-BFFC-00C04FA329AA}) (Version: 1.0.0.0000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3102 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3102 - Acer)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 6.0 (HKLM-x32\...\{B62A8A6F-5E48-4336-BF13-1632D5921872}) (Version: 6.00.135 - Panasonic Corporation)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

23-07-2014 12:34:35 Geplanter Prüfpunkt
27-07-2014 09:36:49 Removed Java 7 Update 45
30-07-2014 14:03:01 Removed Skype™ 6.16
01-08-2014 10:39:36 Installed 7-Zip 9.22 (x64 edition)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17E4CA9F-25FD-494E-BB74-B84A209FCA12} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {301568F0-A1D0-4C2F-A0BB-38A509665088} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4578E1F3-07CE-4507-811D-A4CE8B04E3E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {5031E43D-8433-478B-ADEF-ED7A3609D51E} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] ()
Task: {62326D6D-B9EC-45F3-B4AA-DE599C576C87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {6A61A537-A9E4-47E1-B1F7-27D0320F8505} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {7C3C82A6-F5FF-49E6-84A8-3BCCD8C3CEFD} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {98CEFDC9-4187-453C-A3B4-C49FB9152592} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {A38BD126-07B0-4F4F-B87F-091FF244C31D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DB52C38A-7BED-4C11-8C09-4DA13108FB1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F4AC4701-4A00-46EE-9E72-0AEA77C1B6F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {F83191E3-E913-4DC2-BE22-C614E7BF5FB0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-07 21:28 - 2009-02-10 18:01 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-05-26 12:54 - 2014-05-26 12:55 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-09 11:12 - 2012-08-08 17:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-07-29 19:53 - 2014-07-29 19:53 - 00762880 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\12d70e7f1c8a10bd9324fc6409a408b8\Windows.UI.ni.dll
2014-07-29 19:53 - 2014-07-29 19:53 - 00228352 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\2b0c0a5b5885e69fe908c80de7ec5558\Windows.Data.ni.dll
2012-07-31 01:04 - 2012-07-31 01:04 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-25 22:47 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "PHOTOfunSTUDIO 6.0.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Erinnerungen für Microsoft Works-Kalender.lnk"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AnyProtect Scanner"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2014 08:08:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/02/2014 05:32:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/02/2014 05:32:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/02/2014 05:32:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/02/2014 05:31:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/02/2014 11:22:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ****)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/02/2014 11:22:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ****)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/01/2014 06:57:28 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (2536) Versuch, Datei "C:\Users\****\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (08/01/2014 04:28:31 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (2384) Versuch, Datei "C:\Users\****\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.


System errors:
=============
Error: (08/02/2014 01:50:48 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.

Error: (08/02/2014 01:09:57 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Acer" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x600000002fc97. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".

Error: (08/02/2014 00:55:41 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.

Error: (08/02/2014 00:55:39 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.

Error: (08/02/2014 00:55:39 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.

Error: (08/02/2014 00:55:34 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.

Error: (08/02/2014 00:55:34 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.

Error: (08/02/2014 00:24:59 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 47.

Error: (08/01/2014 06:03:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ****)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-988491291-3693754129-3637727364-1001-0-ntuser.dat

Error: (08/01/2014 06:03:05 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ****)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \S-1-5-21-988491291-3693754129-3637727364-1001-0-ntuser.dat


Microsoft Office Sessions:
=========================
Error: (08/02/2014 08:08:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (08/02/2014 05:32:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Sabrina Mum Tami\Desktop\esetsmartinstaller_deu.exe

Error: (08/02/2014 05:32:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Sabrina Mum Tami\Desktop\esetsmartinstaller_deu.exe

Error: (08/02/2014 05:32:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Sabrina Mum Tami\Desktop\esetsmartinstaller_deu.exe

Error: (08/02/2014 05:31:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Sabrina Mum Tami\Desktop\esetsmartinstaller_deu.exe

Error: (08/02/2014 11:22:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ****)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023174

Error: (08/02/2014 11:22:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ****)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023174

Error: (08/01/2014 06:57:28 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex2536C:\Users\****\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (08/01/2014 04:28:31 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex2384C:\Users\****\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (08/01/2014 01:05:54 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4


==================== Memory info =========================== 

Percentage of memory in use: 22%
Total physical RAM: 8005.27 MB
Available physical RAM: 6206.48 MB
Total Pagefile: 9221.27 MB
Available Pagefile: 7375.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.19 GB) (Free:359.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 659D2CAA)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Viele Grüße!

Alt 03.08.2014, 09:33   #15
M-K-D-B
/// TB-Ausbilder
 
Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Standard

Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar



Die Sternchen ***** vor dem Fix durch den richtigen Benutzernamen ersetzen!




Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
HKLM-x32\...\Run: [LManager] => [X]
C:\Users\****\Downloads\mbam-setup-2.0.2.1012*.exe
C:\Users\Public\AlexaNSISPlugin.5840.dll
C:\Users\Sabrina Mum Tami\Downloads\flash-downloader*.exe
C:\Windows\Temp\19A6D51C-2D35-44DB-B412-0B01BF8D2D62n.exe
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.









Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:
  • Adobe Reader 8
Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:
  • Adobe Reader (Entferne vor dem Download den Haken bei McAfee Security Scan)
Starte deinen Rechner nach der Installation neu auf.





Schritt 2
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar
https://rev2pub.adk2.net, js/toolbar.crossrider.b, pup.optional.adpeak.a, pup.optional.firstseentoday.a, pup.optional.smartbar, pup.optional.softonic.a, pup.optional.suprasavings.a, werbevirus, win32/installshare.a, win32/toolbar.crossrider.af, win32/toolbar.crossrider.ah, win32/toolbar.crossrider.aj, win32/toolbar.crossrider.ak, win32/toolbar.crossrider.al, win32/toolbar.escort.a, win32/toolbar.funmoods, win32/toolbar.linkury.g, win32/toolbar.montiera.a, win32/toolbar.montiera.b, win32/toolbar.montiera.f, win32/vopackage.l, win64/adware.adpeak.f, win64/toolbar.crossrider.f



Ähnliche Themen: Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar


  1. Windows 8: Bluescreen, Antivirenprogramm lässt sich nicht aktualisieren, verschiedene PUP-Funde
    Log-Analyse und Auswertung - 26.05.2015 (21)
  2. Virenprogram nicht installierbar!
    Plagegeister aller Art und deren Bekämpfung - 13.12.2014 (11)
  3. Firefox unerwünschte Werbung trotz Virenscanner und Malwarebytes, Windows 7
    Log-Analyse und Auswertung - 04.11.2014 (29)
  4. Windows 7 - Werbevirus
    Log-Analyse und Auswertung - 02.09.2014 (19)
  5. AdWare (via Traffic Junky) lässt sich trotz Malwarebytes und AdwCleaner nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.08.2014 (13)
  6. Malwarebytes findet Befall von Koobface und OpenCandy-AWL kann Dateien nicht löschen
    Log-Analyse und Auswertung - 16.04.2014 (8)
  7. Windows nicht installierbar, PC-Boot Probleme
    Netzwerk und Hardware - 21.02.2014 (2)
  8. awesomehp läßt sich trotz malwarebytes und adware nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (26)
  9. Virenschutz kann nicht unter Win7 aktiviert werden, trotz Aktiver Malwarebytes AntiMalware und Bitdefender Total Security2013!!!!!
    Plagegeister aller Art und deren Bekämpfung - 24.12.2013 (15)
  10. Windows 7 (64bit) - hyperaktive timeserver.exe - Malwarebytes kann Befall nicht dauerhaft entfernen
    Log-Analyse und Auswertung - 15.08.2013 (5)
  11. Necurs.A, Windows Update funktioniert nicht Antivirenprogramm deaktivieren sich
    Log-Analyse und Auswertung - 20.12.2012 (23)
  12. Trojaner lassen sich trotz Malwarebytes nicht löschen, was soll ich tun ?
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (22)
  13. Windows XP Service Pack 3 nicht installierbar (acpi.sys) - Rootkit-Befall?
    Log-Analyse und Auswertung - 15.02.2012 (43)
  14. Werbevirus und Windows 7 Sicherheitscenter deaktiviert!
    Plagegeister aller Art und deren Bekämpfung - 28.07.2011 (19)
  15. Umleitung auf Phishing-Seite, Antivirenprogramm(e) plötzlich deaktiviert, neue nicht installierbar
    Plagegeister aller Art und deren Bekämpfung - 09.07.2011 (64)
  16. MBR löschen? Windows nicht installierbar!
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (4)
  17. ME Recovery nicht installierbar
    Alles rund um Windows - 13.01.2005 (8)

Zum Thema Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar - Hallo zusammen, vor kurzem hat sich bei meinem Laptop ein Werbevirus bemerkbar gemacht. Kurze Info vorab: Ich bin ein Laie und bin sehr dankbar, wenn mir jemand geduldiges hilft. Problembeschreibung: - Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar...
Archiv
Du betrachtest: Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.